Just a quick positive feedback on that case.
I already noticed, that the massive spam avalanche suddenly dropped
some when past week-end.
Today I got feedback from gen.xyz that they had already suspended 20 of
those domains prior to my complaint because of other complaints and
that with the evide
I've seen this IP range you are talking about in cerber/ransomware
variants doing scans on 6892/udp
On 10/13/2016 02:37 PM, Benoit Panizzon wrote:
> Hi Stefan
>
>> the question is what's behind those domains? i didn't have the time to
>> analyze it, yet.
>
> I had a bit a deeper look into it.
>
Hi Stefan
> the question is what's behind those domains? i didn't have the time to
> analyze it, yet.
I had a bit a deeper look into it.
The Emails them self come from various IP Addresses. It's obviously a
botnet.
Almost all those xyz domains resolve to an IP within a /24 from AS41122.
So I s
* to correct this:
200k uniq subdomains
based on a few hundreds of domains
On 10/13/2016 01:41 PM, Stefan Haunß wrote:
> seeing the same here.
>
> .xyz domains went from almost zero to more than 200k uniq domains per
> day. therefore no more ransomware right now...
>
> the question is what's beh
On Oct 13, 2016 07:46, "Stefan Haunß" wrote:
>
> the question is what's behind those domains? i didn't have the time to
> analyze it, yet.
>
Super cheap, and further discounted first-year, registration fees.
-Jim P.
___
mailop mailing list
mailop@mailo
seeing the same here.
.xyz domains went from almost zero to more than 200k uniq domains per
day. therefore no more ransomware right now...
the question is what's behind those domains? i didn't have the time to
analyze it, yet.
Cheers,
Stefan
On 10/13/2016 01:12 PM, Benoit Panizzon wrote:
> Hell
Hello
Since about one week I notice higher load on my spamtraps.
http://blacklist.woody.ch/rbltop.php
Aeh, yes, nearly exclusively .xyz domains hitting my spamtraps at the
moment.
Anyone else noticing this? Worth notifying the registrar? Has anyone a
good contact to nic.xyz?
-Benoît Panizzon-
