Avast corporate IP SPAMMER

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
palinka
Senior user
Senior user
Posts: 1962
Joined: 2017-09-12 17:57

Avast corporate IP SPAMMER

Post by palinka » 2020-01-13 03:38

Funny... Experimenting with click-to-see-PTR in my firewall ban project and I ran across a very curious ban:

Timestamp: 20/01/12 05:14.42
IP: 5.62.47.69
HELO: ADMIN
PTR: r-69-47-62-5.ff.avast.com

Banned for invalid HELO, but dang... looks like a corporate machine at AVAST was compromised by VIRUS?????? :lol:

User avatar
RvdH
Senior user
Senior user
Posts: 1084
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Avast corporate IP SPAMMER

Post by RvdH » 2020-01-13 11:54

Or maybe it is just a isolated test box in their corporate network to monitor, study and learn malware/virus behavior
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

palinka
Senior user
Senior user
Posts: 1962
Joined: 2017-09-12 17:57

Re: Avast corporate IP SPAMMER

Post by palinka » 2020-01-13 14:43

Possibly, but I just looked in my log db and found 7 instances of HELO = "ADMIN" from all around the world.

Eh... I give it 50/50 chance it was a spambot. :mrgreen:

Post Reply