couttsj Posted July 24, 2012 Share Posted July 24, 2012 5. 126.96.36.199 on port 41896|08:59:59 5. EHLO 4xp.com 5. MAIL FROM:<sarahk[at]4xp.com> 5. QUIT 5. Closed.|09:00:00 This one has me very puzzled. It started early yesterday morning with single attempts, and has progressed to 5 simultaneous attempts every 30 minutes. But that is not the puzzling part. It appears that 4xp.com is a legitimate forex trading site. Yesterday it was located in the UK and hosted by mydyndns.org. Today it is located in the US [188.8.131.52] and is hosted by dsredirection.com. However, the IP address being used in the spam attempts [184.108.40.206] showed a reverse lookup of mail.4xp.com yesterday, but today it fails a reverse lookup. Whois.ripe.net reports: inetnum: 220.127.116.11 - 18.104.22.168 netname: FOREX-PLACE-LTD country: IL (Isreal) It would apprear that Forex Place got hijacked, and they are desperately trying to separate themselves from the spammer. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.