On Thu, 14 Jul 2016 10:37:32 -0400 Alvin Starr <alvin@netvel.net> wrote: <snip snip>
Tue, 12 Jul 2016 19:59:59 -0400 Yahoo! Inc. 8 Tue, 12 Jul 2016 15:22:56 -0400 CheatCodes.com 13 Wed, 13 Jul 2016 19:59:59 -0400 google.com 785 Wed, 13 Jul 2016 14:49:03 -0400 CheatCodes.com 3 So about cheatcodes.com. hmm, looks like this could be a fake reverse zone for a private ip on your home pvt network? If you look at my headers I have a pvt range setup with a inaddr to cow.co.za :) - my DMARC would report "cow.co.za" on the sec gw 192.168. - otherwise you could have malware, either way - you should have fun figuring it out :) DMARC reports the sending IP. and in my case the sending ip is my firewall. That is what got me going.
in the report it's just a name - it can be anything - even "hello world" like mine is cow... i just had a thought... cheatcodes.com - do you have a teenager / gamer in the house :) oh, and btw - how are you blocking the outgoing ports? in theory you/malware/teenager/? would be opening example port 34912 (r high) --> 25 (or whatever)
I know it cannot be my laptop because that runs Linux and we all know that is impervious to hacks. OOPS. My android phones also run Linux(of sorts)... Possibly its time to re-evaluate this belief.
i would still choose a hardened *nix/bsd over anything else any day