Hi Stefan > the question is what's behind those domains? i didn't have the time to > analyze it, yet.
I had a bit a deeper look into it. The Emails them self come from various IP Addresses. It's obviously a botnet. Almost all those xyz domains resolve to an IP within a /24 from AS41122. So I suppose this is a rogue Hoster as a quick search with google had quite some hits. AS41122 has just two upstream peers. So maybe if some more drop them a hint, they could issue a severe warning, or even de-peer AS41122. -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
Description: Digitale Signatur von OpenPGP
_______________________________________________ mailop mailing list firstname.lastname@example.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop