I keep seeing generic word payload domains that have generic words followed by short codes:
manual3a.com infowebdd4.com saless1d.com seaccc1.com saleon1.com greatdf45.com greatinfo33f.com greatbizss3.com biz34er5.com clearsale12.com bigsalesxz.com The interesting part, is that their Internic.net accounts are all the same, in this case an entire service (paycenter.com.cn) devoted to spam: Registrar: XIN NET CORP. Whois Server: whois.paycenter.com.cn Referral URL: http://www.paycenter.com.cn Name Server: NS0.DNSREALTIME.COM Name Server: NS1.DNSREALTIME.COM For all the domain names, there are only a few name servers and even fewer whois servers (one): Searching for A record for www.saless1d.com at ns0.dnsrealtime.com.: Reports www.saless1d.com. [took 267 ms] Searching for A record for bigsalesxz.com at ns1.dns1st.com.: Reports bigsalesxz.com. [took 288 ms] How about a test for name server address (ns0.dnsrealtime.com) or better yet, the Whois server (whois.paycenter.com.cn)? Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
