Monthly Archives: July 2014

When rwhois says ‘private customer’

An especially virulent affiliate marketing campaign was noted today, from a /23 on Stealthy Networks. While it is nice that they have an rwhois server, it doesn’t help the community when registered as ‘Private Customer’. Is it the same as … Continue reading

Posted in Informative, Uncategorized | Tagged , , | Leave a comment

EHLO command received: ylmf-pc

An interesting Bot style attack, if you see this in your logs. Normally originating from DUL/Dynamic addressing ranges, this is a high impact attack, which simply connects to a mail server, issues a HELO/EHLO of ylmf-pc, and then exits the … Continue reading

Posted in Informative | Tagged , , | Leave a comment

Latest Bot Spam Making the rounds

A risk free antiobesity drug.. yeah right.. Normally this shouldn’t affect most people, as it is coming from compromised devices and not email servers, and it looks to be going out to a database of hacked or stolen email addresses … Continue reading

Posted in Uncategorized | Tagged , , , | Leave a comment

Is your ‘rwhois’ server running?

It’s always amazing when looking at large providers who have a referral to an ‘rwhois’ server at ARIN, when that server is not functioning. Makes it hard to identify who operates the server where the spam is originating. For example.. … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment