The Spam Auditor Blog: The information nexus for the anti-spam community.

Trends in Networks: Spam #5

Posted on September 11, 2020 by Thomas

Weekly dump of Digital Ocean abuse using Freenom (and .xyz) domains.

Sep5
134.122.112.139	x1	kota.paypak.xyz
138.68.110.2	x3	srv0.mails19.ga
138.68.87.194	x4	srv0.mails19.ml
138.68.96.83	x1	srv0.mails19.cf
159.65.232.195	x2	bundi.paypax.xyz
161.35.14.115	x2	srv0.mails18.cf
46.101.163.120	x2	srv0.mails18.gq
64.225.10.63	x1	srv0.mails19.tk

Sep6
134.122.125.156	x2	srv0.mails19.gq
159.203.184.57	x3	srv0.mails21.ml
165.227.82.182	x5	srv0.mails20.cf

Sep7
104.131.24.179	x7	rdns0.gresaa.xyz
104.131.7.250	x7	rdns0.gossds.xyz
128.199.87.192	x12	tex0.508.dsionvr.ml
128.199.95.35	x42	tex0.512.dsionvr.ml
134.209.178.207	x2	tex0.504.dsionvr.ml
138.68.103.214	x7	tex0.503.dsionvr.ml
139.59.11.254	x1	tex0.rinoemin.ga
157.245.74.176	x3	tex0.dsionvr.ga
159.65.235.97	x5	tex0.511.dsionvr.ml
159.89.227.49	x10	tex0.rinoemin.gq
161.35.125.253	x1	rdns0.huilf.xyz
161.35.236.140	x1	tex0.rinoemin.ml
167.172.57.209	x22	tex0.514.dsionvr.ml
192.81.213.173	x1	vidimantra.xyz
207.154.192.21	x6	tex0.509.dsionvr.ml
207.154.192.22	x9	tex0.515.dsionvr.ml
207.154.204.179	x4	tex0.dsionvr.gq
64.225.59.87	x1	mail.sendanemail.xyz

Sep8
104.131.46.221	x1	vidgrowth.xyz
104.131.66.29	x8	analyzation-00001.xyz
128.199.108.222	x1	djj0.706.gubio.ml
128.199.16.244	x29	djj0.fdioneur.ga
128.199.24.40	x6	djj0.713.gubio.ml
128.199.24.66	x5	djj0.708.gubio.ml
138.68.90.24	x1	savebbuddy.ml
139.59.159.218	x1	djj0.705.gubio.ml
157.245.217.143	x1	box.jolhg.xyz
157.245.82.200	x1	srv0.mails22.ml
159.203.189.184	x2	srv0.mails22.ga
159.89.51.109	x2	srv0.mails23.tk
161.35.15.45	x3	srv0.mails22.gq
161.35.155.90	x3	box.husdly.xyz
164.90.202.204	x6	djj0.715.gubio.ml
165.22.28.147	x2	djj0.712.gubio.ml
167.172.149.176	x3	srv0.mails22.cf
167.71.50.42	x6	djj0.rinoemin.cf
167.71.58.167	x3	djj0.707.gubio.ml
178.128.234.133	x13	djj0.711.gubio.ml
64.227.100.176	x5	jsrbs.xyz

Sep9
104.131.66.29	x1	analyzation-00001.xyz
138.68.66.188	x2	mail.gomes.ga
161.35.16.141	x1	srv0.mails23.cf
161.35.204.106	x3	srv0.mails23.gq
165.22.21.153	x2	srv0.mails23.gq
192.241.187.197	x1	mail.twoseven.xyz

Sep10
104.131.105.42	x1	meeting.feeldnchin.xyz
104.248.126.205	x2	xvx0.fwxstay.cf
104.248.126.68	x1	xvx0.fwxstay.gq
104.248.90.183	x1	pace.tahrcn.xyz
128.199.27.192	x13	xvx0.drinsie.ml
134.122.31.62	x1	name.qingluandh.xyz
134.209.193.73	x1	pace.bigcatqaq.xyz
138.68.226.49	x1	box.zoekingtrade.xyz
139.59.91.168	x1	greenmailing.xyz
157.245.85.144	x1	name.onedrivexav.xyz
159.89.155.27	x1	save.geekml.xyz
159.89.155.28	x1	save.rulesec.xyz
161.35.15.2	x6	srv0.mails25.cf
161.35.205.226	x4	srv0.mails24.ml
161.35.65.196	x4	srv0.mails25.ml
164.90.190.0	x1	goal.baztel.xyz
164.90.190.127	x2	goal.ankaygrup.xyz
164.90.190.131	x2	goal.instarct.xyz
164.90.190.241	x1	goal.rodenim.xyz
165.22.69.46	x11	srv0.mails24.tk
167.172.240.76	x1	meeting.riacontreras.xyz
167.71.32.233	x4	srv0.mails25.ga
167.71.57.42	x1	srv0.mails24.ga
167.71.88.177	x3	meeting.prayktlift.xyz
174.138.43.136	x1	rdns0.lotords.xyz
188.166.228.92	x1	welcome.beeshrimp.xyz
188.166.241.8	x1	welcome.footkea.xyz
188.166.249.130	x1	welcome.namictu.xyz
206.189.41.17	x1	welcome.pilihdulu.xyz
45.55.51.49	x1	meeting.ruffclark.xyz

Sep11
134.122.113.121	x1	srv0.mails26.ga
134.122.117.15	x1	srv0.mails26.gq
139.59.210.136	x2	mail.vhsaus.tk
161.35.61.32	x7	srv0.mails26.ml
164.90.223.10	x4	srv0.mails27.ml
165.22.74.145	x1	srv0.mails28.tk
167.172.162.59	x2	srv0.mails27.tk
167.99.150.159	x4	srv0.mails26.tk
206.189.189.43	x4	bizcloud-send0.servar.xyz
68.183.118.102	x2	srv0.mails25.gq

This entry was posted in Informative and tagged digital ocean, domain, freenom, freenom tld, Snowshoe spam, spam, spammer, tld, top level domain. Bookmark the permalink.

Leave a Reply Cancel reply

You must be logged in to post a comment.