Trying to identify hosts

shawn wilson ag4ve.us at gmail.com
Mon Oct 27 15:57:15 UTC 2014


We get lots of probes from subdomains of southwestdoor.com and
secureserver.net 's SOA and I'm curious who these guys are?

The only web page I could find was southwestdoor redirects to
http://www.arcadiacustoms.com and then to http://arcadia-custom.com/
(a hardware company is causing unwanted network traffic - not unless
they're owned)

Traceroute for southwestdoor.com goes through secureserver.net and
they have lots of references (in dns) to themselves, jomax.net and
domaincontrol.com.

Can someone give me a better picture of how this all fits together on
a company level - as in how do these guys make money and why are they
probing our network? I understand scans from ISPs and colos, but I
can't directly identify these guys as either.



More information about the NANOG mailing list