Trying to identify hosts
shawn wilson
ag4ve.us at gmail.com
Mon Oct 27 15:57:15 UTC 2014
We get lots of probes from subdomains of southwestdoor.com and
secureserver.net 's SOA and I'm curious who these guys are?
The only web page I could find was southwestdoor redirects to
http://www.arcadiacustoms.com and then to http://arcadia-custom.com/
(a hardware company is causing unwanted network traffic - not unless
they're owned)
Traceroute for southwestdoor.com goes through secureserver.net and
they have lots of references (in dns) to themselves, jomax.net and
domaincontrol.com.
Can someone give me a better picture of how this all fits together on
a company level - as in how do these guys make money and why are they
probing our network? I understand scans from ISPs and colos, but I
can't directly identify these guys as either.
More information about the NANOG
mailing list