Trends in Networks: Spam #11

Posted on October 30, 2020 by Thomas

Here are the past week’s Freenom TLD and .xyz domains detecting spamming on the Digital Ocean network.

Oct22
104.131.60.188	x3	xnx0.517.vexxo.ml
104.248.2.30	x6	xnx0.527.vexxo.ml
128.199.152.3	x1	xnx0.509.vexxo.ml
128.199.23.11	x2	xnx0.513.vexxo.ml
128.199.23.23	x27	xnx0.516.vexxo.ml
128.199.26.255	x2	xnx0.511.vexxo.ml
134.122.59.13	x8	xnx0.508.vexxo.ml
134.209.44.46	x2	rdns0.hyterm.xyz
138.197.129.51	x1	softto.gq
138.68.0.187	x2	xnx0.523.vexxo.ml
157.230.179.125	x1	srv0.mails50.ml
157.230.189.211	x7	srv0.mails51.tk
157.230.191.144	x3	xnx0.521.vexxo.ml
157.230.191.160	x8	xnx0.525.vexxo.ml
157.230.85.109	x4	xnx0.524.vexxo.ml
157.230.93.148	x8	xnx0.526.vexxo.ml
157.230.93.37	x6	xnx0.522.vexxo.ml
159.203.38.48	x1	rihntvls.tk
159.203.46.94	x1	softdo.ml
159.65.114.83	x1	xnx0.515.vexxo.ml
159.65.234.25	x9	xnx0.514.vexxo.ml
159.65.99.217	x2	mail0.churchair.xyz
159.89.108.142	x2	xnx0.503.vexxo.ml
159.89.122.255	x1	softto.cf
159.89.127.233	x1	softto.ml
161.35.235.127	x4	xnx0.mevvia.gq
165.227.39.131	x1	softdo.gq
165.227.39.169	x2	softto.tk
167.99.170.182	x4	xnx0.520.vexxo.ml
178.62.52.226	x35	xnx0.530.vexxo.ml
178.62.56.68	x4	xnx0.529.vexxo.ml
198.199.85.97	x2	srv0.mails51.ml
206.189.127.34	x7	xnx0.528.vexxo.ml
68.183.200.230	x1	softdo.cf
68.183.207.218	x2	softwater.tk

Oct23
134.209.38.93	x3	rdns0.kerasdf.xyz
157.245.235.134	x1	lagranja.ml
178.62.14.242	x4	wxw0.vexxo.gq
178.62.199.131	x4	kgnfrt.xyz
188.166.56.233	x1	rdns0.operats.xyz
188.166.73.106	x6	okdkk.xyz
204.48.24.154	x1	srv0.mails50.ga
207.154.250.121	x1	lloydbank.xyz

Oct24
138.197.155.7	x3	softrroad.ga
142.93.156.228	x2	softroad.ga
159.203.37.204	x1	softrroad.cf
159.89.117.100	x1	softroad.gq
165.22.233.8	x1	softrroad.gq
165.227.43.155	x4	softrroad.tk
68.183.195.43	x1	softround.ml
68.183.203.118	x1	softround.ga
68.183.205.89	x1	softround.tk

Oct25
161.35.165.13	x5	server.nlblog.cf
188.166.56.233	x1	rdns0.operats.xyz

Oct26
143.110.148.186	x13	rdns0.palacee.xyz
143.110.148.94	x2	rdns0.greapr.xyz
157.230.220.73	x2	rdns0.dersass.xyz
161.35.165.13	x7	server.nlblog.cf
161.35.237.76	x3	rdns0.fresdac.xyz
161.35.3.73	x1	rdns0.pollsdat.xyz
167.172.214.26	x1	server.amazononlineservices.xyz
64.227.104.115	x1	rdns0.netdwes.xyz

Oct27
157.230.211.7	x26	rdns0.combasd.xyz

Oct28
143.110.148.94	x2	rdns0.greapr.xyz
157.230.220.73	x2	rdns0.dersass.xyz
165.22.225.8	x1	rojsoft.ga
188.166.235.2	x1	softround.cf
64.227.31.69	x3	clipmanreview.xyz

Oct29
104.131.177.234	x2	juicymarketingco.xyz
134.122.55.112	x3	otrikfdfd.xyz
134.122.63.244	x2	ythdnnsf.xyz
138.68.97.190	x1	triconnect.xyz
157.230.222.143	x1	spintraffic.xyz
157.230.224.80	x2	rdns0.harteds.xyz
159.203.43.26	x1	rojsoft.tk
164.90.156.215	x20	vgv0.fnido.cf
178.128.93.20	x1	vgv0.mixxi.gq
178.62.248.38	x12	oiykyjjdfd.xyz
188.166.108.119	x4	olgfkgkf.xyz
188.166.235.2	x1	softround.cf
192.241.153.61	x1	rdns0.pollyamd.xyz
68.183.196.135	x2	rjsoft.ml

Oct30
128.199.212.119	x9	box.midship.xyz
134.122.45.223	x3	softdo.cf
143.110.148.94	x1	rdns0.greapr.xyz
165.22.239.23	x1	softdo.ml

The snowshoe marketing from ‘old’ domains is still going strong. They’re reusing domains on new IPs to make the most of them. The reverse DNS records are being updated, but since the same domains are spamming on different IPs, it doesn’t appear Digital Ocean is putting in the effort to stop them. It could just be a ‘fly by night’ attack, as Digital Ocean may provide the ability to update the PTR/reverse DNS record to the customer. We’re detecting tens of thousands a day, just imagine how much it is sending to the rest of the world…

Oct26
104.248.11.228	x26	mail.radiosolnascente.com
134.209.31.125	x32	mail.colorado9holes.com
134.209.82.243	x2	mail.my779.com
134.209.93.222	x4	mail.vqsecurity.com
138.68.66.50	x10	mail.artindependentfair.com
142.93.13.89	x40	mail.night-club-sound-system.com
142.93.8.140	x23	mail.night-club-sound-systems.com
157.230.180.110	x29	mail.palisadesplumber.com
157.230.180.60	x27	mail.kevenbrochu.com
157.230.216.48	x26	mail.lounge-sound-system.com
157.245.35.41	x9	mail.see-dinos.com
157.245.46.179	x7	mail.mandaluyongdentist.com
157.245.93.204	x9	mail.denimdash5k.com
159.203.8.96	x8	mail.boredomtree.com
159.65.99.159	x9	mail.ealingmassage.com
159.89.12.133	x1	mail.sandiegopianoteacher.com
161.35.15.159	x37	mail.valenzueladentist.com
161.35.226.174	x37	mail.ratcheteerwrench.com
165.227.137.250	x1	mail.gxtsolutions.com
165.227.192.149	x24	mail.bar-sound-systems.com
165.227.36.20	x9	mail.marikinadentist.com
165.227.93.204	x24	mail.killer-recipes.com
167.172.226.199	x23	mail.diyskincarekits.com
167.172.228.153	x27	mail.costumeonlinestore.com
167.71.141.242	x33	mail.miriamchia.com
167.99.248.98	x27	mail.masteryijingtimespace.com
167.99.255.152	x29	mail.eaglerockplumbing.com
167.99.255.42	x40	mail.clayclaimsshanese.com
178.62.85.170	x23	mail.muntinlupadentist.com
206.189.70.249	x31	mail.calviciepedia.com
46.101.145.107	x5	mail.guardiantaskforce.com
46.101.224.164	x6	mail.domesdvr.com
46.101.247.154	x5	mail.carcharohome.com
67.205.166.145	x9	mail.radiantartphotography.com

Oct 27
134.122.121.253	x84	mail.domesdvr.com
134.122.123.6	x113	mail.ratcheteerwrench.com
134.209.163.218	x79	mail.boredomtree.com
134.209.19.156	x90	mail.lounge-sound-system.com
134.209.42.24	x90	mail.costumeonlinestore.com
134.209.82.243	x14	mail.my779.com
134.209.93.222	x11	mail.vqsecurity.com
138.197.218.81	x10	mail.colorado9holes.com
138.197.222.158	x3	mail.soundclothes.com
138.68.233.22	x18	mail.clayclaimsshanese.com
138.68.52.55	x7	mail.denimdash5k.com
142.93.135.113	x61	mail.night-club-sound-system.com
142.93.138.223	x95	mail.eaglerockplumbing.com
157.245.244.0	x7	mail.gxtsolutions.com
157.245.255.8	x7	mail.kevenbrochu.com
159.203.61.88	x11	mail.calviciepedia.com
159.65.113.204	x7	mail.mandaluyongdentist.com
159.89.12.133	x15	mail.sandiegopianoteacher.com
161.35.33.203	x84	mail.guardiantaskforce.com
161.35.36.196	x122	mail.diyskincarekits.com
161.35.46.205	x121	mail.radiosolnascente.com
165.22.113.26	x118	mail.see-dinos.com
165.22.36.74	x94	mail.marikinadentist.com
165.227.163.6	x15	mail.radiantartphotography.com
167.99.141.153	x17	mail.palisadesplumber.com
167.99.248.98	x16	mail.masteryijingtimespace.com
178.62.105.155	x84	mail.night-club-sound-systems.com
178.62.29.178	x88	mail.miriamchia.com
178.62.85.170	x10	mail.muntinlupadentist.com
188.166.18.60	x72	mail.bar-sound-systems.com
64.225.65.72	x110	mail.canogaparkplumber.com
64.227.98.190	x59	mail.killer-recipes.com
67.205.144.134	x12	mail.valenzueladentist.com
68.183.54.57	x63	mail.artindependentfair.com

Oct28
104.248.2.194	x19	mail.calviciepedia.com
128.199.51.35	x3	mail.england-brand.com
134.122.107.230	x28	mail.omnisaur.com
134.122.97.223	x27	mail.vambra.com
134.209.199.130	x26	mail.muntinlupadentist.com
134.209.205.8	x22	mail.studiomalmaison.com
134.209.41.173	x36	mail.familyjeffries.com
134.209.42.24	x3	mail.costumeonlinestore.com
134.209.93.252	x25	mail.miriamchia.com
134.209.94.223	x22	mail.valenzueladentist.com
138.197.130.6	x3	mail.vibrakilltape.com
138.197.141.145	x2	mail.see-dinos.com
139.59.138.151	x3	mail.pasttwilight.com
139.59.152.118	x19	mail.motassimthupsee.com
139.59.213.26	x5	mail.diyskincarekits.com
157.230.214.18	x28	mail.vantagepointegroup.com
157.245.120.129	x25	mail.netdnetwork.com
157.245.122.116	x18	mail.sandiegopianoteacher.com
157.245.33.241	x5	mail.eaglerockplumbing.com
157.245.43.175	x2	mail.hsultimate.com
159.203.12.31	x3	mail.domesdvr.com
159.203.28.132	x5	mail.happilyeverginder.com
159.203.5.96	x2	mail.fortdavistexas.com
159.89.106.55	x23	mail.soundclothes.com
159.89.127.168	x1	mail.vqsecurity.com
159.89.26.55	x37	mail.centrelibertedetre.com
161.35.0.139	x45	mail.talentpoolcapability.com
161.35.103.109	x26	mail.kevenbrochu.com
161.35.105.189	x21	mail.occasioncampingcar.com
161.35.224.117	x24	mail.patentcircuit.com
165.22.127.41	x23	mail.radiosolnascente.com
165.22.224.232	x24	mail.boredomtree.com
165.22.36.74	x5	mail.marikinadentist.com
165.22.46.94	x42	mail.artindependentfair.com
165.227.130.78	x26	mail.friday2monday.com
167.172.134.28	x29	mail.glasstilemurals.com
167.172.49.145	x26	mail.killer-recipes.com
167.71.166.132	x25	mail.westhillsplumber.com
167.71.4.48	x61	mail.clodeadby.com
167.71.69.209	x37	mail.lowinterestdebtconsolidation.com
167.71.74.164	x25	mail.youtuberwgts.com
167.99.13.233	x46	mail.goldmicawards.com
167.99.130.206	x53	mail.night-club-sound-systems.com
167.99.131.2	x54	mail.denimdash5k.com
167.99.133.215	x25	mail.guardiantaskforce.com
167.99.178.71	x23	mail.ealingmassage.com
167.99.194.115	x18	mail.goldmicaward.com
167.99.204.185	x19	mail.lounge-sound-system.com
167.99.241.113	x29	mail.infofem.com
167.99.248.98	x3	mail.masteryijingtimespace.com
167.99.249.12	x37	mail.radiantartphotography.com
167.99.89.53	x23	mail.infomodas.com
178.62.126.142	x6	mail.palisadesplumber.com
178.62.6.96	x20	mail.texasgentlemenclubs.com
178.62.66.138	x4	mail.milesideas.com
188.166.18.51	x29	mail.voiceofbollywood.com
188.166.97.33	x2	mail.dennislss.com
192.81.208.17	x3	mail.my779.com
206.189.113.248	x41	mail.hydraincome.com
206.189.196.10	x26	mail.gxtsolutions.com
206.189.196.77	x22	mail.a2zinsulation.com
207.154.233.133	x24	mail.ratcheteerwrench.com
209.97.147.193	x50	mail.whatisyourpromise.com
64.227.107.191	x23	mail.bar-sound-systems.com
64.227.109.189	x5	mail.canogaparkplumber.com
64.227.110.210	x25	mail.morocco4travellers.com
64.227.34.45	x26	mail.magnoliacaffe.com
64.227.8.5	x22	mail.colorado9holes.com
67.205.138.46	x4	mail.domainsfusion.com
68.183.199.116	x53	mail.truviabakery.com
68.183.36.73	x23	mail.night-club-sound-system.com
68.183.37.181	x51	mail.go2babystore.com

Oct29
104.131.20.232	x4	mail.voiceofbollywood.com
104.131.56.188	x8	mail.infomodas.com
104.131.64.161	x5	mail.dennislss.com
104.248.165.122	x25	mail.omnisaur.com
134.122.34.171	x57	mail.truviabakery.com
134.122.34.235	x33	mail.a2zinsulation.com
134.122.54.234	x38	mail.calviciepedia.com
134.122.62.1	x29	mail.occasioncampingcar.com
134.209.205.8	x1	mail.studiomalmaison.com
134.209.28.205	x52	mail.night-club-sound-system.com
134.209.42.24	x4	mail.costumeonlinestore.com
138.197.146.194	x3	mail.canogaparkplumber.com
138.197.171.122	x5	mail.patentcircuit.com
138.68.75.211	x7	mail.wireless-os.com
142.93.239.60	x49	mail.goldmicaward.com
142.93.43.44	x1	mail.lounge-sound-system.com
142.93.53.185	x41	mail.motassimthupsee.com
142.93.67.184	x6	mail.talentpoolcapability.com
142.93.71.225	x1	mail.see-dinos.com
157.245.120.129	x3	mail.netdnetwork.com
157.245.133.39	x7	mail.killer-recipes.com
157.245.220.58	x25	mail.glasstilemurals.com
159.203.4.110	x4	mail.night-club-sound-systems.com
159.89.115.108	x26	mail.pasttwilight.com
159.89.132.50	x4	mail.garotosmag.com
159.89.137.118	x2	mail.artindependentfair.com
159.89.225.235	x3	mail.milesideas.com
159.89.8.76	x49	mail.radiosolnascente.com
161.35.9.171	x31	mail.gxtsolutions.com
165.22.36.74	x8	mail.marikinadentist.com
165.227.130.103	x41	mail.colorado9holes.com
165.227.130.78	x4	mail.friday2monday.com
165.227.46.205	x6	mail.ratcheteerwrench.com
165.227.54.167	x34	mail.domesdvr.com
167.172.35.200	x42	mail.soundclothes.com
167.71.178.124	x30	mail.dependableautoinsurance.com
167.71.188.63	x32	mail.westhillsplumber.com
167.99.191.6	x3	mail.england-brand.com
167.99.248.98	x2	mail.masteryijingtimespace.com
167.99.249.12	x2	mail.radiantartphotography.com
174.138.41.4	x47	mail.familyjeffries.com
178.62.0.25	x7	mail.bodycarekits.com
178.62.214.106	x6	mail.fortdavistexas.com
178.62.50.145	x46	mail.ealingmassage.com
178.62.6.96	x1	mail.texasgentlemenclubs.com
178.62.93.152	x7	mail.diyskincarekits.com
188.166.103.94	x4	mail.vambra.com
188.166.106.214	x4	mail.carcharohome.com
198.199.84.89	x4	mail.goldmicawards.com
198.211.104.12	x4	mail.sandiegopianoteacher.com
204.48.24.156	x38	mail.guardiantaskforce.com
206.189.113.248	x3	mail.hydraincome.com
206.189.216.77	x26	mail.morocco4travellers.com
206.189.220.224	x33	mail.eaglerockplumbing.com
207.154.195.216	x36	mail.denimdash5k.com
207.154.224.7	x53	mail.whatisyourpromise.com
207.154.237.28	x30	mail.miriamchia.com
209.97.133.19	x33	mail.infofem.com
46.101.204.100	x36	mail.boredomtree.com
46.101.220.236	x47	mail.palisadesplumber.com
46.101.98.58	x2	mail.muntinlupadentist.com
64.227.107.191	x7	mail.bar-sound-systems.com
64.227.110.234	x33	mail.vibrakilltape.com
64.227.111.247	x42	mail.vantagepointegroup.com
64.227.31.166	x43	mail.valenzueladentist.com
68.183.34.148	x31	mail.vqsecurity.com
68.183.37.181	x8	mail.go2babystore.com
68.183.63.60	x45	mail.lowinterestdebtconsolidation.com

Oct30
104.131.162.156	x5	mail.dennislss.com
128.199.34.208	x4	mail.dependableautoinsurance.com
134.122.45.206	x42	mail.vambra.com
134.122.45.233	x45	mail.voiceofbollywood.com
134.122.45.62	x45	mail.magnoliacaffe.com
134.209.173.250	x27	mail.denimdash5k.com
134.209.179.117	x19	mail.mandaluyongdentist.com
134.209.26.15	x46	mail.see-dinos.com
134.209.41.9	x50	mail.night-club-sound-systems.com
138.197.137.67	x4	mail.ealingmassage.com
138.197.185.152	x5	mail.nauticalcharting.com
138.197.202.243	x6	mail.killer-recipes.com
138.68.10.77	x2	mail.radiosolnascente.com
138.68.40.85	x4	mail.gxtsolutions.com
138.68.79.165	x2	mail.canogaparkplumber.com
142.93.136.45	x48	mail.youtuberwgts.com
142.93.148.31	x44	mail.sandiegopianoteacher.com
142.93.187.128	x19	mail.boredomtree.com
142.93.226.38	x31	mail.happilyeverginder.com
142.93.44.3	x7	mail.texasgentlemenclubs.com
157.230.230.210	x49	mail.vibrakilltape.com
157.230.233.66	x48	mail.motassimthupsee.com
157.245.114.169	x53	mail.hsultimate.com
157.245.120.201	x29	mail.morocco4travellers.com
157.245.252.43	x4	mail.omnisaur.com
159.203.26.225	x5	mail.carcharohome.com
159.89.127.213	x1	mail.lounge-sound-system.com
159.89.155.155	x2	mail.bodycarekits.com
159.89.17.9	x50	mail.calviciepedia.com
161.35.57.52	x19	mail.westhillsplumber.com
161.35.90.229	x43	mail.valenzueladentist.com
161.35.92.110	x42	mail.muntinlupadentist.com
162.243.170.106	x1	mail.palisadesplumber.com
165.22.119.182	x42	mail.go2babystore.com
165.22.37.251	x18	mail.lowinterestdebtconsolidation.com
165.227.25.100	x6	mail.truviabakery.com
167.172.60.133	x35	mail.whatisyourpromise.com
167.172.63.41	x44	mail.kevenbrochu.com
167.71.128.49	x20	mail.ninjachibiworld.com
167.71.177.14	x46	mail.domesdvr.com
167.71.70.38	x51	mail.ratcheteerwrench.com
167.71.87.164	x37	mail.centrelibertedetre.com
167.99.107.183	x2	mail.infomodas.com
167.99.190.84	x38	mail.england-brand.com
167.99.242.223	x43	mail.radiantartphotography.com
167.99.243.240	x39	mail.night-club-sound-system.com
178.62.210.78	x8	mail.soundclothes.com
178.62.82.96	x26	mail.masteryijingtimespace.com
178.62.96.15	x16	mail.goldmicawards.com
188.166.163.204	x7	mail.vantagepointegroup.com
188.166.95.31	x1	mail.familyjeffries.com
192.34.59.4	x2	mail.fortdavistexas.com
192.81.216.215	x2	mail.marikinadentist.com
206.189.214.125	x44	mail.patentcircuit.com
206.189.56.194	x53	mail.costumeonlinestore.com
206.189.56.243	x45	mail.netdnetwork.com
206.189.58.32	x24	mail.goldmicaward.com
206.189.60.188	x8	mail.talentpoolcapability.com
207.154.199.81	x53	mail.wireless-os.com
207.154.210.53	x27	mail.occasioncampingcar.com
209.97.154.23	x14	mail.vqsecurity.com
46.101.140.213	x26	mail.clayclaimsshanese.com
46.101.206.127	x28	mail.bollywoodvoice.com
46.101.98.239	x2	mail.a2zinsulation.com
64.225.69.72	x17	mail.my779.com
64.227.104.254	x26	mail.friday2monday.com
64.227.107.191	x5	mail.bar-sound-systems.com
64.227.66.103	x18	mail.infofem.com

This entry was posted in Informative and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply