While we all see occasional false information used by spammers to get hosting IP Space, in an age where IPv4 addresses are scarce you always wonder when large swathes of brand new IP space are used for spamming.
And in this case, this is something we have seen over the last few months, but we see the same operator getting more and more IP(s), which is the surprising part.
They call themselves “Wireless Network Solutions Ltd.” and as of four days ago, it seems they received another 6 Class C’s, and within four days they started abusing the internet quite quickly with spam.
Today, two of those Class C’s fired up, triggering alerts all across North America.
188.8.131.52 : essexsilverlinewest.owenbathrooms.com
184.108.40.206 : hcmcorp-com.websterbathrooms.com
220.127.116.11 : hhgregg.wolfmodernbath.com
18.104.22.168 : inspire-productions.macdonaldcopdfacts.com
22.214.171.124 : dwyerproductions.leblanccopdfacts.com
126.96.36.199 : crewof4.lestercopdsource.com
188.8.131.52 : newkirkpainting.josephcopdsource.com
184.108.40.206 : daltoncarpetone.bowmancomsystems.com
220.127.116.11 : plasm.marshcomsystems.com
18.104.22.168 : cartridgehq.boonebusinessnet.com
22.214.171.124 : bon2-net.maddenbusinessnet.com
126.96.36.199 : mingomedia.craiggetaways.com
188.8.131.52 : maggieumc.mooneyvacations.com
184.108.40.206 : cynthiayoung.sweeneyvacations.com
220.127.116.11 : mlewisdental.webstergetaways.com
This is the same pattern they used in the last block of IP(s) they got, throw away domain names, used to spam at a very high rate.
(A couple of other Class C’s fired up as well)
The obvious question, what kind of a company is this? Doesn’t sound like a wireless company..
18.104.22.168 : footbridgemedia.summerspainhelp.com
22.214.171.124 : nycwebstudio.frenchpainhelp.com
126.96.36.199 : micnguyen.clinepainhelp.com
188.8.131.52 : centralcoastis.delgadopainmanagement.com
184.108.40.206 : gginb.heathcruiselines.com
220.127.116.11 : gildeallc.rubiocruiselines.com
18.104.22.168 : grasslandgranite.mosleytravelpartners.com
22.214.171.124 : barr-02.bryantravelpartners.com
126.96.36.199 : littleturtleknits.davenportbizdegrees.com
188.8.131.52 : mlcplus.burchmbadegrees.com
184.108.40.206 : vldedgsrv1.barberbillingeducation.com
220.127.116.11 : goldiegroup.bartonbillingeducation.com
18.104.22.168 : justplainannies.averybillingeducation.com
22.214.171.124 : magicmini.murillomedcoding.com
126.96.36.199 : dougekos.georgemedcoding.com
188.8.131.52 : multicolors.reportsecurcheckinform.com
184.108.40.206 : momulti.yearadditionreportsinform.com
220.127.116.11 : allsc-net.itemlistinformchecks.com
18.104.22.168 : apsops.checkreturnreportexam.com
22.214.171.124 : lytal.pettyonlinelearning.com
126.96.36.199 : kirkconstruction.armstrongdegreechoice.com
188.8.131.52 : ideastudiosinc.durhamdegreechoice.com
184.108.40.206 : jaegerinteractive.mcclureonlinelearning.com
220.127.116.11 : garanww.hollandonlinelearning.com
18.104.22.168 : dancinwithpam.hermantravelupgrades.com
22.214.171.124 : betasproxy.hodgenetworksolutions.com
And on and on and on..