27 Oct
2014
27 Oct
'14
11:57 a.m.
We get lots of probes from subdomains of southwestdoor.com and secureserver.net 's SOA and I'm curious who these guys are? The only web page I could find was southwestdoor redirects to http://www.arcadiacustoms.com and then to http://arcadia-custom.com/ (a hardware company is causing unwanted network traffic - not unless they're owned) Traceroute for southwestdoor.com goes through secureserver.net and they have lots of references (in dns) to themselves, jomax.net and domaincontrol.com. Can someone give me a better picture of how this all fits together on a company level - as in how do these guys make money and why are they probing our network? I understand scans from ISPs and colos, but I can't directly identify these guys as either.