Trends in Networks: Spam #9

Outside of the typical throwaway domain spam, we have been seeing a tremendous volume of marketing email coming from the Digital Ocean network. But first, here are this week’s Freenom and .xyz TLDs detected spamming on the Digital Ocean network.

Oct9	x3	x10	x1	x28	x5	x1	x1	x1	x2	x7	x2	x7	x2	x1	x2	x1	x3	x3	x11	x10	x1	x1	x2	x1	x1	x1	x1

Oct10	x1	x2	x1	x1	x2	x1	x2	x1	x1	x1	x2	x1	x2	x1	x1


Oct12	x1	x1	x29	x9

Oct13	x10	x3	x1	x1	x2	x1	x1	x5	x11	x3	x3	x2	x3	x8	x1	x1	x28	x2	x1	x1	x7	x4	x3	x3	x18	x1	x14	x1	x3	x1	x2	x1	x2	x3

Oct14	x7	x5	x1	x1	x4	x7	x16	x1	x2	x1	x1	x5	x2	x1	x2	x4	x1	x18	x3	x1	x4

Oct15	x3	x2	x1	x8	x1	x2	x1

The interesting thing about this marketing (spam) campaign is that it uses older domains, rather than the typical cheap new domains. It is very likely this actor has acquired old expired domains for a cheap price, as older domains generally have a better ‘reputation’ than newer domains when it comes to sending bulk email. Another pattern of activity that is not being caught by the provider, but this one is a bit harder to detect than the previous. Below is a snippet of some of the IPs and domains participating in this massive spam campaign. Next week I’ll provide more data and samples to further illustrate what is going on.	x11	x21	x18	x20	x16	x21	x19	x21	x21	x19	x20	x13	x20	x20	x20	x21	x19	x19	x18	x9	x3	x10	x9	x7	x11	x8	x6	x19	x20	x19	x21	x20	x20	x20	x20	x19	x21	x20

This entry was posted in Informative and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply