Beware The FUDsters…

This is another “not a carping comment” being classified in that category. (IF I do too much more of this I’ll need a new category ;-)

This is another comment from an “unknown” who has fraudulent credentials. In this one, it is a deliberate FUD. Fear, Uncertainty, Doubt. The term FUD was coined back in the day of IBM Mainframes being The Deal and some alternatives, such as Amdahl, starting to take some of their market share. IBM ran around spreading as much FUD as possible about the competition. Phrases like “Nobody ever got fired for buying IBM” implying you could be fired if you didn’t.

So this comment is busy doing a lot of FUDding. I’ll analyse it a little like I did the prior Mongo one. And yes, I am wondering if I have come to the attention of a Disinformation FUD-Op.

Two this close together is a bit unusual.

First off, the header:

MikeB
Bmikeb@optisnet.com.au
49.183.54.xxx
Flagged as spam by chiefio

I’ve xxx’d out the last digits of the IP address of the commenter just to give a little privacy to them.

So note the email address. “optisnet” is a misspelling by one character of a valid provider. “Optusnet”. It could just be a typo, but looks more like a deliberate choice of one vertical vs. 2 on the “u” so to a casual look it seems familiar and valid. But if fails the “valid mail?” check. I even swapped the i for u and reran the mail check. No joy. Bogus email address.

Then did the usual “where is the poster posting from?”

root@XU4uDevuan3:/usr/local/bin# whois 49.183.54.xxx
% [whois.apnic.net]
[...]
% Information related to '49.176.0.0 - 49.191.255.255'
[...]
inetnum:        49.176.0.0 - 49.191.255.255
netname:        OPTUSINTERNET-AU
descr:          Optus Internet Pty Ltd
descr:          Building A, 2nd Floor
descr:          1 Lyonpark Road
country:        AU
org:            ORG-OIPL5-AP
admin-c:        OI3-AP
tech-c:         OI3-AP
abuse-c:        AO400-AP
status:         ALLOCATED PORTABLE
remarks:        ----------------------------------------------------
[...]
remarks:        --------------------------------------------------------
mnt-by:         APNIC-HM
mnt-lower:      MAINT-AU-OPTUSINTERNET
mnt-routes:     MAINT-AU-OPTUSINTERNET
mnt-irt:        IRT-OPTUSINTERNET-AU
last-modified:  2021-01-15T01:45:07Z
source:         APNIC

irt:            IRT-OPTUSINTERNET-AU
address:        1 Lyonpark Rd.
address:        Macquarie Park, NSW 2113
e-mail:         abuse@optusnet.com.au
abuse-mailbox:  abuse@optusnet.com.au
admin-c:        OI3-AP
tech-c:         OI3-AP
auth:           # Filtered
remarks:        abuse@optusnet.com.au was validated on 2021-04-27
mnt-by:         MAINT-AU-OPTUSINTERNET
last-modified:  2021-05-10T03:52:23Z
source:         APNIC

organisation:   ORG-OIPL5-AP
org-name:       Optus Internet Pty Ltd
country:        AU
address:        Building F, 3rd Floor
address:        1 Lyonpark Road
[...]
mnt-ref:        APNIC-HM
mnt-by:         APNIC-HM
last-modified:  2018-05-08T12:57:14Z
source:         APNIC

role:           ABUSE OPTUSINTERNETAU
address:        1 Lyonpark Rd.
address:        Macquarie Park, NSW 2113
country:        ZZ
phone:          +000000000
e-mail:         abuse@optusnet.com.au
admin-c:        OI3-AP
tech-c:         OI3-AP
nic-hdl:        AO400-AP
remarks:        Generated from irt object IRT-OPTUSINTERNET-AU
abuse-mailbox:  abuse@optusnet.com.au
mnt-by:         APNIC-ABUSE
last-modified:  2021-05-10T03:52:24Z
source:         APNIC

role:           Optus Internet
address:        1 Lyonpark Rd.
address:        Macquarie Park, NSW 2113
country:        AU
[...]
mnt-by:         MAINT-AU-OPTUSINTERNET
remarks:        send spam/abuse reports to abuse@optus.net.au
remarks:        please use http://wq.apnic.net/apnic-bin/whois.pl
remarks:        to identify networks before sending reports and
remarks:        always include full headers/logs.
last-modified:  2012-09-25T01:42:42Z
source:         APNIC

% Information related to '49.183.0.0/17AS4804'

route:          49.183.0.0/17
origin:         AS4804
descr:          Optus Internet Pty Ltd
                Building F, 3rd Floor
                1 Lyonpark Road
mnt-by:         MAINT-AU-OPTUSINTERNET
last-modified:  2021-06-17T21:14:41Z
source:         APNIC

So they ARE from Australia, or at least bouncing off a server there. But they can’t spell. (Both in the posting and the email address).

Skipping over the Hard Fail with opti…. and jumping to the corrected address, using:
https://verifalia.com/validate-email

It goes well for a while, then falls off the rails a little:

Validation report
Syntax validation
The address is syntactically valid.

Address (without comments and folding white spaces) Bmikeb@optusnet.com.au
Local part Bmikeb
Domain part optusnet.com.au
ASCII domain part
The domain part is not internationalized, no conversion to ASCII is necessary.
Role account validation
The e-mail address is not a well-known role account.
Syntax validation, ISP-specific
According to the syntactic rules of the target mail exchanger (optusnet.com.au), the address is syntactically valid.
Disposable email address (DEA) validation
The address is not provided by a known disposable e-mail address (DEA) provider.
Free email provider check
This email address is bound to a known free email provider (optusnet.com.au).
DNS records validation
The domain of the email address has valid DNS records.
Honeypot detection
The email address under test does not seem to hide a honeypot.
Disposable email address (DEA) validation, second pass
The mail exchanger responsible for the e-mail address is not a known disposable e-mail address (DEA) provider.
SMTP server validation
The mail exchanger of the email address domain can be contacted successfully.
Mailbox validation
A timeout occured while verifying the existence of the mailbox.

So the mail box is not valid. I suppose I could try “fixing” the email address by things like taking the B off the front to match the “screen name” etc.; but that risks just making an invalid email address into a valid one for somebody else.

So at this point, it could just be a person who’s a bit paranoid about their identity and being “cute”. But does the comment support that idea, or does it read like something nasty, hurtful to others, or deceptive full of FUD?

Here’s the comment and my meta-comments:

Ivermectin tubes of paste are usually intended as one tube per anamal. As such, the concentration of imectin may not be uniform. Beware you can overdose or not ant at all by using just some of it.

This is just not true. The stuff in the tubes is mixed up in very large vats and shoved into tubes (mostly on automated machinery I think). Were it not uniform in the vat, the variation between tubes would be unacceptable too. The tubes give several doses, by weight, and have a ring on them to adjust the amount given. The whole tube is not given at once unless the animal if huge.

I note in passing that “anamal” and “imectin” are gross misspellings. Then “not ant at all” is, I think, supposed to be “not any…” so also botched. Either a sloppy or poorly educated person, or a “foreign agent” who didn’t do that well in their “how to look like an Australian when bouncing off their ISPs” class…

Th pour on is usually used for cattle and has some nasty other things to get it through the hide so not good for people

This one is another untruth. Lie or just stupid? Hard to tell. I have the MSDS for Cattle Pour-On. The solvent is rubbing alcohol. Ivermectin diffuses through the skin on its own, nothing needed to “get it through the hide”. I’ve also been using it for over a year now with ZERO side effects. Nothing. Nada. Zip. Zilch. No nasty anything. (Just do not drink it as rubbing alcohol is not good for the digestion and metabolism… that’s why it is for rubbing on the outside of you.)

The best one I found was sheep drench – Osmectin. You need to check no other additives cos they will bite you (Murphy’s law?)

OK, makes a “recommendation” I’ve never heard of before. Let’s look it up:

https://duckduckgo.com/?q=%22Osmectin%22&norw=1&t=chromentp&ia=web

What turns up is a load of unrelated pages in several foreign languages. Now that’s a pretty good red flag. While I’ve deleted some detail from each result, this is ALL the results on the top page of the search. “The best fit” pages.

WO2012088648A1 – Deuterated acid salts of oseltamivir …
Search domain […]
Disclosed are the deuterated acid salts of oseltamivir, namely, ethyl (3R,4R,5S)-4-acetamido-5-amino-3-(1-ethylpropoxy)-1-cyclohexene-1-carboxylate, hydrates thereof and their preparation methods. More specifically, oseltamivir phosphate-d3, hydrates thereof and their preparation methods are disclosed. Also disclosed are the polymorph A of oseltamivir phosphate-d3, pharmaceutical compositions …

Cholusat Sur Canal 36 – EL SOL DE LAS NOTICIAS 25-08-2021 …
[…].com/Canal36Honduras/videos/el-sol-de-las-noticias-25-08-2021/528945821509722/
Cholusat Sur Canal 36 is live now. EL SOL DE LAS NOTICIAS 25-08-2021. Cholusat Sur Canal 36 is live now.

Releases · BitBonk / coinbase · GitLab
[…]
Golang SDK for coinbase

Флок такой милый правда☃️ как бахилы
[…]tiktok.[…]/@polina_bonk/video/6994080032251579649
Пользователь 🤝чибупицца😈 (@polina_bonk) создал короткое видео в TikTok (тикток) с песней оригинальный звук. | Флок такой милый правда☃️ как бахилы
[…]

Envíos a Pucallpa, Perú desde Rutherford College, North …
[…]envios-a-pucallpa-peru/desde/rutherford-college/north-carolina
Beneficios de tu cuenta. Incluye un casillero gratis. Ahorra tiempo en tus envíos. Rastrea tu paquete en cualquier dispositivo. Disfruta de promociones en servicios y tarifas.

Buy 3 BHK Flat/Apartment in Sobha Windsor Vijayanagara …
[…].com/propertyDetails/3-BHK-1817-Sq-ft-Multistorey-Apartment-FOR-Sale-Vijayanagara-in-Bangalore&id=4d423536313839323535
Property Sale Price – 1.40 Cr Rate/Sq-ft Rs 7705.0 1817 Sq-ft – Sobha Windsor is an ongoing state of the art project being developed in Whitefield

第153章_异种之母_霹雳书坊 – pilibook.com

Search domain […]tastebudsboutique.comhttps://www.tastebudsboutique.com/540ohn3156
315-540-6*** 651-275-4723 Regular Landline Calling Technique 334-768-3275 Regular Landline Calling Technique 415-214-7490 Cellular (Dedicated) Calling Technique 803-578-1854 Regular Landline Calling Technique 559-506-4322 Paging (Dedicated) Calling Technique 857-318-3895 Regular Landline Calling Technique 516-831-3763 Cellular Calling Technique 615-704-2913 Regular Landline Calling Technique …

cerca risultati per ‘flussimetro pce em 883 ‘ | PCE …
[…]pce-instruments.xxx/italiano/?action=Query&-query.&query.stichwort=flussimetro+pce+em+883+&query.mode=OR&_start=1521
cerca risultati per ‘flussimetro pce em 883 ‘. Informations, support and knowledge about measuring instruments. If you are interested in measuring instruments ask our engineers.

So at the very minimum, a recommendation so obscure that the search engine is resorting to quasi-random stuff from all over the planet, or more likely a complete fraud of a recommendation.

It’s at this point that I lose interest and send it off to SPAM land… But decided later to fish it out and make an example of it ;-)

So that’s how you “vet” a new poster with a questionable posting and how an Experienced Systems Admin evaluates things.

I get some crap like this about once a week, lately a bit faster, but it comes and goes. Many sites just let any comment through, thus encouraging them to send more. I tend to “vet” new people, then monitor their style and content over time to detect folks who “got past the gate” but were posing.

My guess is that this comment is a deliberate Dis-Info Campaign being run from a 3rd Country to attempt to stop effective treatments by promoting FUD and a bogus alternative. That is, “Lies For Effect”. I could be wrong, it is just a guess. But my “guesser” is pretty good. A lower possibility, but also possible, is just someone who’s not that bright, and inexperienced, spreading garbage they heard somewhere else, and they can’t spell or type well enough to get their email address right. (In which case I’m not so sure I want them posting comments here anyway…)

So hopefully this example shows you how to easily “vet” things you find on-line or in your mailbox.

Subscribe to feed