Trends in Networks: Spam #18

Posted on February 26, 2021 by Thomas

It’s a shame that such simple fixes can’t or won’t be done by a company to make the world a better place. I wonder if the money is really worth knowingly turning a blind eye to malicious activity, activity that can make the lives of innocent people worse. With domain names like ‘order-confirm.gq’ and ‘amazonsecurity.gq’, imagine the number of people these Spammers can scam if they really put their minds to it.

Feb19
159.203.91.38	x3	srv0.mail50.xyz
167.99.177.31	x1	backendteam247.xyz

Feb20
167.71.252.16	x8	electricroi.xyz
206.189.97.167	x2	kvitka.xyz

Feb21
161.35.188.179	x1	mail.laohg.xyz
206.189.97.167	x4	kvitka.xyz

Feb22
128.199.126.130	x1	mail.helensmith.xyz
134.209.32.178	x1	amazonsecurity.gq
142.93.203.73	x1	slot0.ventyllcservices.cf
159.89.105.85	x1	box.portymder.xyz
161.35.127.211	x2	bigboytool.xyz
161.35.231.32	x5	box.mandyf.xyz
206.189.97.167	x1	kvitka.xyz

Feb23
128.199.121.27	x1	mail0.dorreve.xyz
128.199.18.55	x1	box.germteh.xyz
134.122.29.42	x1	df0.316.xvonq.ml
138.197.174.158	x7	softyyd.ml
138.68.11.182	x1	box.jimpert.xyz
142.93.138.82	x3	mail.babengi.ml
159.203.42.118	x3	softyyh.gq
46.101.82.157	x1	mail.mogawe.ml

Feb24
138.197.172.41	x1	softyyd.tk
138.197.174.158	x3	softyyd.ml
139.59.235.249	x20	domserversett.xyz
139.59.236.19	x1	box.parmtex.xyz
165.22.229.233	x1	server1.order-confirm.gq
167.99.182.100	x1	softyyd.ga


Feb25
104.248.83.137	x3	mail.zenacalog.ml
142.93.130.136	x7	mail.xmailingserver.ml
157.245.253.88	x3	botkings.xyz
159.203.20.128	x19	affiliatsuit.xyz
46.101.46.40	x128	mail.extrathis.ml

A new trend occurring within the Digital Ocean network is a large increase in fake Bitcoin investment themed spam. This is coming from over a hundred unique IPs daily, all with newly registered .com domains. It seems to be trying to trick people into giving up their account information, of course with the promise of wealth. The Spammers seem to be investing a decent amount into this campaign. Most, if not all of the URLs in this campaign seem to be abusing page.link services to host phishing pages.

Feb23
104.248.117.90	x1	mail.allmead.com
104.248.194.223	x1	mail.scelpnow.com
104.248.199.166	x1	mail.feringfrun.com
104.248.200.244	x1	mail.pocesisple.com
104.248.206.211	x1	mail.yipelear.com
104.248.207.116	x2	mail.backsuccess.com
104.248.84.164	x1	mail.lousiovals.com
128.199.110.51	x1	mail.besthotnow.com
128.199.118.223	x2	mail.reallindenleaves.com
128.199.153.104	x1	mail.uninimbi.com
128.199.16.160	x1	mail.baurtell.com
128.199.1.63	x1	mail.rhanid.com
128.199.17.139	x1	mail.crairiza.com
128.199.18.103	x1	mail.allbrodtblog.com
128.199.23.91	x1	mail.caminorealsolutions.com
128.199.27.37	x1	mail.bestredllc.com
128.199.29.233	x1	mail.upberict.com
128.199.29.255	x1	mail.cilpnews.com
134.122.106.110	x1	mail.ruposaterb.com
134.122.110.103	x1	mail.refitrunca.com
134.122.126.225	x1	mail.realshopsolutions.com
134.209.148.94	x1	mail.eryliney.com
134.209.17.100	x2	mail.besttravelllc.com
134.209.179.66	x1	mail.celiblasco.com
134.209.187.66	x1	mail.rologemart.com
138.197.154.147	x1	mail.holelaw.com
139.59.14.157	x1	mail.mygreb.com
139.59.160.126	x1	mail.thesetes.com
139.59.162.21	x1	mail.blessauto.com
139.59.166.251	x1	mail.besthealthblogllc.com
139.59.170.55	x2	mail.best-marketing-campaigns.com
139.59.174.227	x1	mail.designmakestore.com
139.59.28.159	x1	mail.bestclaimback.com
139.59.35.193	x1	mail.eentr.com
139.59.46.233	x1	mail.thebetnow.com
139.59.47.224	x1	mail.jenctad.com
139.59.71.82	x1	mail.buygreensurveysstudio.com
139.59.81.146	x1	mail.fartsang.com
139.59.87.151	x1	mail.credrinx.com
142.93.102.115	x1	mail.hisculebes.com
142.93.103.117	x1	mail.wernesky.com
142.93.127.128	x1	mail.iceplav.com
142.93.145.217	x1	mail.buygrandtravel.com
142.93.211.208	x1	mail.allxboxlivestore.com
142.93.230.99	x2	mail.onedeadstock24.com
142.93.232.201	x3	mail.scelpbox.com
142.93.238.201	x1	mail.fedttoj.com
142.93.96.234	x1	mail.essonoa.com
143.110.145.178	x1	mail.taclatcy.com
143.110.150.238	x1	mail.lolierce.com
143.110.150.51	x1	mail.wessooes.com
143.110.155.228	x2	mail.twitles.com
143.110.158.205	x1	mail.grebpro.com
143.110.178.153	x1	mail.cottenproperties.com
143.110.180.121	x1	mail.uncoserr.com
143.110.183.226	x1	mail.vetstudios.com
143.110.183.66	x1	mail.whelpcenter.com
143.110.185.170	x1	mail.onedeadinvestment.com
143.110.186.36	x1	mail.kybuseaimedup.com
143.110.187.196	x1	mail.yourstudiousa.com
143.110.190.187	x1	mail.housbrow.com
143.110.208.243	x1	mail.allunitedinternational.com
143.110.209.126	x2	mail.bestbacklive.com
143.110.217.136	x1	mail.eentpro.com
143.110.217.199	x1	mail.accentpark.com
143.110.217.25	x1	mail.oneclubgroup.com
144.126.211.210	x1	mail.traudtart.com
144.126.220.241	x1	mail.wurgeash.com
157.230.103.49	x1	mail.vetmovie.com
157.230.106.227	x1	mail.foclerte.com
157.230.112.31	x1	mail.webbetsolutions.com
157.230.19.34	x1	mail.robessel.com
157.230.23.38	x1	mail.counsmea.com
157.245.100.243	x1	mail.nyamhome.com
157.245.105.165	x1	mail.realshopnet.com
157.245.4.233	x1	mail.oatatada.com
157.245.8.133	x1	mail.welertis.com
159.65.131.237	x1	mail.irratud.com
159.65.139.200	x1	mail.gismovel.com
159.65.196.69	x1	mail.rontoable.com
159.65.199.169	x1	mail.buygetcenter.com
159.65.200.35	x1	mail.dulondelox.com
159.65.6.109	x1	mail.onsightbacctothis.com
159.89.103.103	x1	mail.detenmaism.com
159.89.118.191	x1	mail.bestlivereal.com
161.35.142.218	x1	mail.finaprimin.com
161.35.187.125	x1	mail.econgly.com
161.35.209.123	x1	mail.onedeadstock.com
161.35.210.99	x1	mail.anaroaty.com
161.35.221.119	x2	mail.oneclubdesign.com
161.35.221.37	x1	mail.hermanntv.com
161.35.221.41	x1	mail.dousecity.com
164.90.130.233	x1	mail.snuitlet.com
164.90.142.100	x1	mail.allpropertymanage.com
165.22.16.232	x1	mail.asynasto.com
165.22.241.110	x2	mail.theallanitellc.com
165.22.247.104	x1	mail.pairsimple.com
165.22.254.174	x1	mail.fashionmahlaclothing.com
165.227.112.98	x1	mail.happlive.com
165.227.129.208	x1	mail.smerms.com
165.227.207.224	x1	mail.nextbigpackage.com
165.22.78.14	x1	mail.oresesiz.com
165.22.85.10	x1	mail.buyweddingtalent.com
167.172.103.23	x2	mail.property-manage-services.com
167.172.180.59	x1	mail.auctormods.com
167.172.19.205	x1	mail.claimbackstudio.com
167.172.49.55	x1	mail.wartriflou.com
167.172.60.64	x1	mail.pettots.com
167.172.98.85	x1	mail.entouragestar.com
167.71.139.113	x1	mail.omathirv.com
167.71.141.127	x2	mail.areistly.com
167.71.166.17	x1	mail.mexhary.com
167.71.236.126	x1	mail.sneedhelp.com
167.71.43.4	x1	mail.isiabis.com
167.99.135.249	x1	mail.toogrecurf.com
167.99.183.149	x1	mail.ochanoy.com
167.99.188.52	x1	mail.insplerk.com
167.99.200.87	x1	mail.webperfectsmile.com
167.99.246.135	x3	mail.buy-green-leaves-center.com
167.99.253.110	x1	mail.seallive.com
167.99.86.122	x1	mail.restgnams.com
178.128.228.184	x1	mail.duaturnex.com
178.128.244.140	x1	mail.weelstas.com
178.128.245.252	x2	mail.subithlar.com
178.62.28.22	x1	mail.stechhelp.com
178.62.56.163	x1	mail.octualik.com
188.166.21.23	x1	mail.turmonrege.com
188.166.218.96	x1	mail.smellway.com
188.166.39.213	x1	mail.teleponline.com
188.166.45.167	x1	mail.yourvetclub.com
206.189.105.112	x1	mail.musibag.com
206.189.109.135	x2	mail.melonlaw.com
206.189.111.68	x1	mail.emennornod.com
206.189.13.123	x1	mail.keysjoy.com
206.189.141.248	x1	mail.turmiac.com
206.189.190.255	x1	mail.topfastgreencenter.com
206.189.4.13	x1	mail.occlatt.com
206.189.59.125	x1	mail.cachlommic.com
206.189.7.39	x2	mail.eavicepeny.com
206.189.83.127	x1	mail.aderydra.com
206.81.17.156	x1	mail.bolepern.com
207.154.220.93	x1	mail.medopade.com
209.97.188.254	x1	mail.caminoreal24.com
46.101.26.85	x1	mail.vircoragev.com
46.101.27.67	x1	mail.oessengolt.com
46.101.80.189	x1	mail.sioustmoth.com
46.101.82.211	x1	mail.hugarimanishby.com
46.101.85.100	x1	mail.dobbeltmode.com
46.101.85.203	x1	mail.vioriley.com
46.101.95.80	x1	mail.getbellon.com
64.225.103.85	x1	mail.siduantned.com
64.227.0.58	x1	mail.thesantorumgroup.com
64.227.114.249	x1	mail.farpeatchy.com
64.227.116.47	x1	mail.kiemingief.com
64.227.124.77	x1	mail.hemenmedon.com
64.227.126.101	x1	mail.nianify.com
68.183.13.184	x2	mail.topbuynsell24.com
68.183.196.28	x1	mail.heelspace.com
68.183.201.4	x1	mail.vetrental.com
68.183.203.70	x1	mail.tapegood.com
68.183.204.118	x1	mail.tassisso.com
68.183.205.224	x1	mail.meraiph.com
68.183.212.139	x1	mail.yourbetgroup.com
68.183.4.75	x1	mail.zendustids.com
68.183.5.122	x1	mail.normigresi.com
68.183.5.5	x1	mail.thesetcenter.com
68.183.6.122	x1	mail.jeliasshet.com
68.183.83.191	x1	mail.hiscoson.com
68.183.91.214	x1	mail.theshoponlinestudio.com
68.183.94.76	x1	mail.bestvibeservices.com

Feb24
104.248.155.216	x1	mail.simrnidea.com
104.248.162.6	x1	mail.heelguru.com
104.248.172.175	x1	mail.milkeco.com
104.248.199.155	x1	mail.scelpweb.com
104.248.202.148	x3	mail.webmoneymakeshop.com
104.248.202.180	x1	mail.ataillc.com
104.248.202.243	x1	mail.relayarchitects.com
104.248.28.226	x1	mail.sonjactign.com
104.248.41.141	x1	mail.ornsely.com
128.199.10.77	x1	mail.adventplan.com
128.199.25.45	x1	mail.prapinip.com
128.199.97.107	x1	mail.sooraten.com
134.122.24.137	x3	mail.bellonstudio.com
134.122.43.184	x1	mail.zinaicus.com
134.122.46.92	x1	mail.milkrent.com
134.122.5.63	x1	mail.blessmax.com
134.209.179.189	x1	mail.isouniza.com
134.209.19.26	x1	mail.smellmoney.com
134.209.228.154	x1	mail.vensfanger.com
134.209.241.238	x1	mail.optimesis.com
134.209.73.136	x1	mail.slegalhelp.com
139.59.161.245	x1	mail.onefelony.com
139.59.166.114	x1	mail.itiqua.com
139.59.167.46	x1	mail.polsistorr.com
139.59.172.7	x1	mail.drotickine.com
139.59.26.64	x1	mail.chairseo.com
139.59.43.157	x1	mail.gladbest.com
139.59.43.190	x1	mail.sineakerm.com
142.93.129.142	x1	mail.organiccare24.com
142.93.133.172	x1	mail.kialayear.com
142.93.141.174	x1	mail.pixellade.com
142.93.225.65	x1	mail.shipmenttech.com
142.93.229.126	x1	mail.eltanchare.com
142.93.231.151	x1	mail.klenleresi.com
142.93.231.218	x1	mail.mllardanct.com
142.93.242.37	x1	mail.whelpdesign.com
143.110.146.84	x1	mail.myparkclub.com
143.110.151.188	x1	mail.platthem.com
143.110.152.23	x1	mail.slashfun.com
143.110.158.59	x1	mail.jentenem.com
143.110.181.219	x1	mail.metespie.com
143.110.221.69	x1	mail.smellseo.com
143.110.252.22	x2	mail.shipmenttravel.com
144.126.209.38	x1	mail.placfit.com
144.126.221.142	x1	mail.paudeary.com
157.230.16.57	x1	mail.financeblogllc.com
157.230.246.224	x1	mail.peddix.com
157.230.4.161	x1	mail.jonimow.com
157.245.100.85	x1	mail.bedseo.com
157.245.106.58	x1	mail.uridetem.com
157.245.109.86	x1	mail.isnerito.com
157.245.125.115	x1	mail.grebme.com
157.245.133.141	x1	mail.pereterf.com
157.245.222.160	x1	mail.lloitend.com
159.203.126.78	x1	mail.webwindynow.com
159.65.136.106	x1	mail.zwicongy.com
159.65.15.154	x1	mail.cotonani.com
159.89.10.16	x1	mail.otleylife.com
159.89.125.219	x1	mail.vourseck.com
161.35.124.74	x1	mail.enmankime.com
161.35.215.98	x1	mail.telvestrevo.com
161.35.220.128	x1	mail.cabedalk.com
161.35.223.176	x1	mail.gardelianne.com
161.35.5.164	x1	mail.intoblid.com
164.90.128.33	x2	mail.xocarann.com
164.90.129.189	x1	mail.traudtlife.com
164.90.129.38	x1	mail.uppetake.com
164.90.133.191	x1	mail.letneed.com
165.22.213.36	x1	mail.allboxllc.com
165.22.221.110	x1	mail.nymilon.com
165.22.221.155	x1	mail.planrepair.com
165.22.222.200	x1	mail.sueanium.com
165.22.248.198	x1	mail.letsdoconsulting.com
165.22.28.15	x1	mail.dawatedi.com
165.22.69.67	x1	mail.wareakji.com
165.227.135.25	x1	mail.velimagm.com
165.227.150.107	x1	mail.gradvileat.com
165.227.173.15	x1	mail.meistolout.com
165.22.74.239	x1	mail.putaiverna.com
165.22.79.19	x1	mail.feritartel.com
165.22.89.250	x1	mail.sydroism.com
167.172.105.105	x1	mail.lapluman.com
167.71.235.123	x1	mail.trapbio.com
167.99.180.168	x1	mail.tosarper.com
167.99.184.213	x1	mail.lealelid.com
167.99.214.149	x1	mail.deasarme.com
167.99.241.108	x1	mail.cysectoths.com
167.99.41.70	x1	mail.teeeshoppen.com
167.99.43.107	x1	mail.buybloggroup.com
167.99.68.97	x1	mail.gaterbou.com
178.62.36.196	x1	mail.lasymearry.com
178.62.49.167	x2	mail.tricurou.com
188.166.14.127	x1	mail.zoomanut.com
188.166.214.20	x1	mail.narseur.com
188.166.54.11	x1	mail.vincharn.com
188.166.6.199	x1	mail.juroulebon.com
204.48.18.44	x1	mail.blopponk.com
206.189.103.127	x1	mail.realsimlive.com
206.189.109.235	x1	mail.jollonline.com
206.189.110.234	x1	mail.belampso.com
206.189.147.191	x1	mail.theaota.com
206.189.237.94	x1	mail.couclemp.com
206.189.3.51	x1	mail.lhourot.com
206.189.99.59	x1	mail.betornom.com
209.97.143.23	x3	mail.salluibe.com
209.97.185.171	x1	mail.wedouse.com
209.97.185.219	x1	mail.readsales.com
64.225.98.171	x1	mail.komptelive.com
64.227.98.70	x1	mail.abutnews.com
68.183.10.228	x1	mail.hutigile.com
68.183.1.176	x1	mail.dinkennein.com
68.183.138.108	x1	mail.latliah.com
68.183.157.154	x2	mail.upsetfit.com
68.183.182.60	x1	mail.applybuzz.com
68.183.205.216	x2	mail.biockshy.com
68.183.5.192	x1	mail.batalapaun.com
68.183.9.135	x1	mail.suleraitae.com
68.183.97.132	x2	mail.mia-mad.com

Feb25
104.248.193.220	x1	mail.icerbola.com
104.248.201.149	x1	mail.cobelligerentlab.com
104.248.204.169	x1	mail.haytherush.com
104.248.206.132	x1	mail.phessiccoa.com
104.248.206.236	x1	mail.fedttoj.com
104.248.207.98	x1	mail.buygetsolutions.com
104.248.46.87	x1	mail.smitticioc.com
104.248.81.255	x1	mail.ahronitiog.com
104.248.85.53	x1	mail.besthealthblogllc.com
104.248.87.16	x1	mail.onevetstore.com
128.199.27.226	x2	mail.disdaincity.com
134.209.114.175	x1	mail.yourhealthbeauty24.com
134.209.115.11	x1	mail.scelpzone.com
134.209.125.84	x3	mail.onesell24.com
134.209.146.89	x1	mail.onedeadinvestment.com
134.209.150.163	x1	mail.simsrn.com
134.209.158.129	x1	mail.premiumflatrate.com
139.59.10.5	x1	mail.myperfectsmileshop.com
139.59.116.156	x2	mail.fashionmahlaclothing.com
139.59.124.232	x1	mail.besthotnow.com
139.59.127.214	x4	mail.pairsimple.com
139.59.167.82	x1	mail.jinkzen.com
139.59.170.207	x2	mail.onecaminorealclub.com
139.59.171.180	x1	mail.granistic.com
139.59.171.58	x1	mail.smenrebeli.com
139.59.173.136	x1	mail.emailingexpertsaffiliate.com
139.59.174.83	x1	mail.bloopiana.com
139.59.180.14	x2	mail.worldtripstudio.com
139.59.186.84	x1	mail.best-marketing-campaigns.com
139.59.188.223	x1	mail.aculphoved.com
139.59.25.47	x1	mail.finheped.com
139.59.67.84	x1	mail.buybeautyblog.com
139.59.97.49	x1	mail.onebackcompany.com
142.93.141.101	x1	mail.ciludent.com
142.93.221.161	x1	mail.onedeadstock.com
142.93.225.83	x1	mail.seidanda.com
142.93.235.13	x2	mail.reallindenleaves.com
142.93.235.36	x1	mail.givingoutapps.com
143.110.180.105	x1	mail.rordal.com
143.110.183.155	x1	mail.heelllc.com
143.110.211.212	x3	mail.dobbeltmode.com
143.110.211.64	x2	mail.bestbringback24.com
143.110.213.26	x1	mail.buybiketourstudio.com
143.110.215.72	x2	mail.falerfoe.com
143.110.219.143	x2	mail.oneclubgroup.com
157.230.191.35	x2	mail.requestpower.com
157.230.19.21	x1	mail.oneclubdesign.com
159.65.155.76	x1	mail.allxboxlivestore.com
159.65.203.190	x1	mail.stinesumar.com
159.89.93.222	x1	mail.heelmedia.com
161.35.211.252	x1	mail.webloveservices.com
161.35.218.47	x1	mail.dusersee.com
161.35.5.231	x1	mail.jinkingllc.com
164.90.133.202	x1	mail.heelauto.com
164.90.168.131	x1	mail.dousecity.com
164.90.172.227	x1	mail.bestbacklive.com
165.22.224.136	x2	mail.bymemorycity.com
165.22.236.23	x2	mail.hermanntv.com
165.227.155.65	x1	mail.tarabsta.com
167.71.38.205	x1	mail.heellaw.com
167.99.200.156	x1	mail.verhopinol.com
167.99.243.237	x1	mail.oscintit.com
167.99.253.94	x1	mail.biouretrue.com
178.128.249.71	x1	mail.fantsulone.com
178.62.6.93	x1	mail.lailales.com
188.166.29.124	x1	mail.gotericuip.com
188.166.49.4	x1	mail.trading4beginners.com
206.189.105.231	x1	mail.onefastcashcenter.com
206.189.224.63	x2	mail.wrolopir.com
46.101.206.13	x1	mail.swatherbol.com
46.101.24.96	x1	mail.murpriciph.com
46.101.25.241	x1	mail.zilaiateng.com
46.101.26.19	x1	mail.crosserield.com
64.225.102.150	x1	mail.paralinett.com
64.225.104.126	x1	mail.youronlineatelier.com
64.227.120.238	x1	mail.rechramemn.com
64.227.41.126	x1	mail.doorrock.com
67.207.86.115	x1	mail.knemegs.com
68.183.10.58	x1	mail.sonilist.com
68.183.113.23	x2	mail.felonstar.com
68.183.13.219	x2	mail.heelservice.com
68.183.13.230	x1	mail.weddingtalentgroup.com
68.183.14.226	x2	mail.heelnews.com
68.183.14.73	x1	mail.vasthere.com
68.183.212.62	x1	mail.dismolyani.com
68.183.48.185	x1	mail.get-property-design.com
68.183.5.129	x1	mail.watesexisp.com
68.183.9.191	x1	mail.xoxopro.com

Feb26
104.248.198.218	x2	mail.allloveonline.com
104.248.202.203	x1	mail.ziemonse.com
104.248.204.85	x1	mail.geneicle.com
104.248.84.10	x2	mail.caminorealsolutions.com
104.248.84.233	x2	mail.thesetcenter.com
104.248.84.32	x1	mail.anottlel.com
104.248.87.57	x2	mail.lifebackcompany.com
104.248.91.198	x1	mail.paymentsbest.com
104.248.93.224	x3	mail.gaussnow.com
128.199.3.216	x1	mail.feneakie.com
128.199.45.183	x1	mail.xhonthoe.com
134.209.73.157	x2	mail.scelpnow.com
134.209.78.215	x2	mail.onebackcompany.com
134.209.84.1	x1	mail.rouckett.com
134.209.84.76	x1	mail.deaurana.com
134.209.86.206	x1	mail.slaymesein.com
134.209.86.58	x1	mail.mardephorr.com
134.209.88.109	x1	mail.lolinorf.com
134.209.92.60	x1	mail.camptred.com
139.59.14.57	x1	mail.bresitav.com
139.59.165.33	x1	mail.huairery.com
139.59.171.131	x2	mail.louisesmadblog.com
139.59.184.239	x1	mail.oneownersclubllc.com
139.59.186.21	x1	mail.felgenoris.com
139.59.188.185	x1	mail.buypropertybloggroup.com
139.59.190.161	x1	mail.bilamelasm.com
142.93.147.184	x1	mail.bikeluxury.com
142.93.150.86	x1	mail.critlico.com
142.93.198.111	x1	mail.ocealter.com
142.93.230.103	x1	mail.murosarcon.com
142.93.236.189	x1	mail.ponagias.com
143.110.176.214	x1	mail.hyatiods.com
143.110.179.83	x1	mail.shersacc.com
143.110.191.207	x1	mail.kiescine.com
143.110.209.159	x1	mail.edinaerd.com
143.110.209.164	x1	mail.allstreamlivesolutions.com
143.110.211.124	x2	mail.topopenproperty.com
143.110.211.152	x1	mail.backsuccess.com
143.110.211.88	x2	mail.cilpg.com
143.110.217.225	x1	mail.taialech.com
143.110.219.201	x1	mail.topbetgroup.com
143.110.219.230	x1	mail.onesell24.com
143.110.221.233	x2	mail.caminoreal24.com
144.126.211.238	x1	mail.vocorium.com
157.230.102.209	x1	mail.iatirelphy.com
157.230.178.180	x1	mail.droablem.com
157.230.23.27	x1	mail.avonomalan.com
157.230.234.179	x2	mail.paymentslove.com
157.230.44.104	x1	mail.irechibe.com
157.230.94.230	x1	mail.knoniome.com
157.245.102.32	x2	mail.mygetsolutions.com
159.65.200.18	x1	mail.innutici.com
159.65.206.235	x1	mail.paymentsproperty.com
159.65.217.154	x1	mail.norcetet.com
159.89.92.215	x1	mail.allbusinesstour.com
159.89.93.67	x1	mail.allunitedinternational.com
161.35.211.19	x1	mail.puplelemac.com
161.35.211.80	x1	mail.arslartace.com
161.35.222.249	x1	mail.terifeez.com
164.90.160.117	x1	mail.eclumarl.com
164.90.160.39	x1	mail.naturalcarestudio.com
164.90.162.169	x1	mail.thetourllc.com
164.90.162.98	x1	mail.realonlinesportsgroup.com
164.90.170.216	x1	mail.nauremay.com
164.90.170.220	x1	mail.swepattely.com
164.90.170.45	x1	mail.allunitedinternational.com
164.90.172.105	x2	mail.iphonerent.com
164.90.172.96	x1	mail.staigerv.com
165.22.221.205	x1	mail.bestluxurytourllc.com
165.22.76.177	x2	mail.luxurytourdesign.com
165.227.175.198	x2	mail.barocanica.com
167.172.136.161	x1	mail.dawakism.com
167.71.224.186	x3	mail.onegolfassociation.com
167.71.226.253	x1	mail.josadock.com
167.99.42.156	x1	mail.veicalenom.com
174.138.39.143	x1	mail.realshopsolutions.com
178.62.50.221	x1	mail.uriticider.com
178.62.56.234	x1	mail.leoronig.com
178.62.80.176	x1	mail.gulerleund.com
206.189.101.149	x1	mail.tesheemoud.com
206.189.28.125	x1	mail.galluppro.com
207.154.218.0	x1	mail.boorscle.com
209.97.128.177	x1	mail.liecernede.com
46.101.16.132	x2	mail.setiflam.com
46.101.30.216	x1	mail.realperfectsmileshop.com
46.101.79.24	x1	mail.adhoneau.com
46.101.93.49	x1	mail.besttravelllc.com
64.225.108.82	x1	mail.migrefulto.com
64.225.111.102	x1	mail.lenilinn.com
64.227.116.238	x1	mail.oktourmard.com
64.227.127.234	x1	mail.macarmanch.com
64.227.9.179	x1	mail.ayaporal.com
67.207.84.203	x2	mail.bestreal24.com
67.207.94.253	x1	mail.alolanac.com
68.183.117.209	x2	mail.topateliercenter.com
68.183.122.130	x1	mail.nestship.com
68.183.177.82	x1	mail.halotoch.com

Bulk snowshoe marketing spam has also made a comeback. We had a bit of a break from it, but it has reemerged this week in full force. Hundreds of unique IPs are sending garbage from the Digital Ocean network daily. By now most of the PTR/reverse DNS of the IPs have been updated to none (e.g. NXDOMAIN).

104.131.10.223	x1	NXDOMAIN
104.131.106.90	x1	NXDOMAIN
104.131.110.217	x2	NXDOMAIN
104.131.114.244	x2	NXDOMAIN
104.131.118.131	x3	NXDOMAIN
104.131.12.34	x1	db-primary.artstationstaging.com
104.131.184.233	x3	NXDOMAIN
104.131.186.210	x2	NXDOMAIN
104.131.27.15	x1	NXDOMAIN
104.131.48.132	x1	NXDOMAIN
104.131.98.205	x2	NXDOMAIN
104.131.99.69	x1	NXDOMAIN
104.248.139.243	x2	freshland-wp.madebycolorelephant.com
104.248.141.156	x4	NXDOMAIN
104.248.195.81	x2	demo.test3.nethserver.info
104.248.198.30	x4	NXDOMAIN
104.248.199.109	x8	NXDOMAIN
104.248.200.251	x6	NXDOMAIN
104.248.201.188	x5	NXDOMAIN
104.248.205.161	x8	NXDOMAIN
104.248.224.152	x4	NXDOMAIN
104.248.242.208	x4	mail.inguicar.com
104.248.30.24	x1	mail.integrizo.com
104.248.34.163	x7	NXDOMAIN
104.248.37.56	x1	mail.imediarank.com
104.248.49.104	x4	NXDOMAIN
104.248.57.44	x6	prod-nyc1.qencode-encoder-1fdda2ac784e11ebb0710e903d539a24
104.248.85.213	x8	tdeasy2webiogin.com
104.248.85.98	x2	farm.ams3.11.8331
104.248.86.239	x1	NXDOMAIN
104.248.91.63	x7	NXDOMAIN
104.248.94.179	x1	NXDOMAIN
128.199.8.86	x5	NXDOMAIN
134.122.116.241	x6	NXDOMAIN
134.122.117.71	x8	NXDOMAIN
134.122.39.41	x4	NXDOMAIN
134.122.39.5	x5	NXDOMAIN
134.122.43.153	x4	NXDOMAIN
134.209.113.192	x2	m081021.rna1.blindsidenetworks.com
134.209.116.48	x4	NXDOMAIN
134.209.118.29	x2	NXDOMAIN
134.209.120.232	x5	NXDOMAIN
134.209.121.156	x2	mail.estate-agent-in-javea.com
134.209.126.150	x5	NXDOMAIN
134.209.126.76	x4	NXDOMAIN
134.209.216.208	x1	NXDOMAIN
134.209.223.114	x1	NXDOMAIN
134.209.64.131	x8	m000412.rna1.blindsidenetworks.com
134.209.70.212	x1	NXDOMAIN
134.209.73.7	x12	NXDOMAIN
134.209.74.164	x8	NXDOMAIN
134.209.77.202	x5	NXDOMAIN
134.209.77.227	x7	NXDOMAIN
134.209.81.36	x12	NXDOMAIN
134.209.82.132	x1	NXDOMAIN
134.209.82.208	x10	mail.freppontag.com
134.209.82.8	x2	NXDOMAIN
134.209.84.156	x1	NXDOMAIN
134.209.84.210	x7	xhndcdowfy.fohlgfcpdo.nl
134.209.89.55	x10	NXDOMAIN
134.209.92.129	x1	NXDOMAIN
134.209.94.53	x5	NXDOMAIN
134.209.95.229	x3	NXDOMAIN
138.197.135.200	x3	NXDOMAIN
138.197.149.150	x1	mail.vanacle.com
138.197.167.151	x3	NXDOMAIN
138.197.176.245	x5	mail.guchastont.com
138.197.185.96	x2	NXDOMAIN
138.68.69.10	x2	NXDOMAIN
138.68.77.236	x1	NXDOMAIN
138.68.84.54	x1	mail.plxcw.com
138.68.92.228	x2	NXDOMAIN
139.59.130.254	x5	mail.niforela.com
139.59.133.125	x2	mail.ggjmanagement.com
139.59.167.185	x6	NXDOMAIN
139.59.168.201	x5	NXDOMAIN
139.59.171.15	x3	NXDOMAIN
139.59.176.252	x1	NXDOMAIN
139.59.177.20	x3	NXDOMAIN
139.59.182.245	x3	NXDOMAIN
139.59.185.238	x2	NXDOMAIN
139.59.186.195	x2	mail.adwingmedia.com
139.59.186.218	x6	NXDOMAIN
139.59.188.190	x6	NXDOMAIN
139.59.188.71	x6	NXDOMAIN
139.59.190.198	x3	NXDOMAIN
139.59.213.135	x1	NXDOMAIN
142.93.113.187	x4	NXDOMAIN
142.93.113.242	x3	stage.ubuntu1804.com
142.93.130.98	x6	NXDOMAIN
142.93.134.90	x5	NXDOMAIN
142.93.139.233	x7	NXDOMAIN
142.93.143.201	x7	NXDOMAIN
142.93.147.32	x5	NXDOMAIN
142.93.149.240	x7	NXDOMAIN
142.93.15.198	x3	NXDOMAIN
142.93.166.88	x6	NXDOMAIN
142.93.170.216	x7	NXDOMAIN
142.93.200.87	x7	NXDOMAIN
142.93.229.44	x6	NXDOMAIN
142.93.234.102	x5	NXDOMAIN
142.93.252.69	x4	NXDOMAIN
142.93.255.7	x8	NXDOMAIN
142.93.58.73	x7	m081065.rna1.blindsidenetworks.com
142.93.59.83	x3	NXDOMAIN
142.93.96.73	x3	NXDOMAIN
143.110.158.23	x2	NXDOMAIN
143.110.211.122	x4	NXDOMAIN
143.110.211.155	x8	NXDOMAIN
143.110.211.254	x2	NXDOMAIN
143.110.211.52	x4	NXDOMAIN
143.110.211.85	x9	NXDOMAIN
143.110.211.96	x3	NXDOMAIN
143.110.212.236	x4	NXDOMAIN
143.110.213.210	x6	NXDOMAIN
143.110.213.48	x6	NXDOMAIN
143.110.213.58	x5	maboitefraiche.wpmudev.host
143.110.215.108	x6	NXDOMAIN
143.110.215.152	x3	NXDOMAIN
143.110.215.255	x5	NXDOMAIN
143.110.215.71	x11	NXDOMAIN
143.110.215.73	x12	NXDOMAIN
143.110.215.77	x9	NXDOMAIN
143.110.215.93	x7	NXDOMAIN
143.110.217.116	x5	NXDOMAIN
143.110.217.178	x8	NXDOMAIN
143.110.217.40	x8	NXDOMAIN
143.110.219.102	x7	NXDOMAIN
143.110.219.14	x7	NXDOMAIN
143.110.219.184	x4	NXDOMAIN
143.110.219.221	x5	NXDOMAIN
143.110.219.245	x5	NXDOMAIN
143.110.219.54	x3	NXDOMAIN
143.110.219.57	x2	NXDOMAIN
143.110.220.209	x2	NXDOMAIN
143.110.221.133	x3	mail.sampengplaza.com
143.110.221.191	x4	NXDOMAIN
143.110.221.228	x4	NXDOMAIN
143.110.221.251	x9	NXDOMAIN
143.110.221.253	x6	NXDOMAIN
143.110.221.26	x6	NXDOMAIN
143.110.221.38	x4	NXDOMAIN
143.110.222.81	x3	NXDOMAIN
143.110.223.0	x4	NXDOMAIN
143.110.223.102	x1	NXDOMAIN
143.110.223.144	x8	htb-mbtxiojpiv.htb-cloud.com
143.110.223.175	x4	NXDOMAIN
143.110.223.47	x9	NXDOMAIN
143.110.223.59	x8	NXDOMAIN
144.126.209.130	x3	NXDOMAIN
144.126.211.187	x2	NXDOMAIN
144.126.213.45	x7	NXDOMAIN
144.126.216.100	x4	NXDOMAIN
144.126.217.229	x7	clonableinstall.wpmudev.host
144.126.220.102	x3	NXDOMAIN
144.126.220.132	x11	NXDOMAIN
144.126.223.213	x2	lifer4.vroi.online
157.230.103.128	x5	NXDOMAIN
157.230.110.239	x3	NXDOMAIN
157.230.191.112	x4	m000363.rna1.blindsidenetworks.com
157.230.220.199	x4	prod-nyc1.qencode-master-6ffe896e786611eb83110e903d539a24
157.230.222.159	x5	NXDOMAIN
157.230.230.90	x3	NXDOMAIN
157.230.234.193	x10	bullishspins.com
157.230.49.95	x3	NXDOMAIN
157.245.80.167	x1	NXDOMAIN
157.245.95.99	x2	mail.buyglobalsolutions.com
159.203.121.150	x8	NXDOMAIN
159.203.13.210	x3	NXDOMAIN
159.203.15.236	x2	NXDOMAIN
159.203.31.225	x3	NXDOMAIN
159.203.31.86	x1	NXDOMAIN
159.203.39.117	x2	NXDOMAIN
159.203.39.168	x1	NXDOMAIN
159.203.61.108	x3	NXDOMAIN
159.203.9.196	x1	mta1.wordstream14.tk
159.89.0.200	x6	NXDOMAIN
159.89.105.149	x4	NXDOMAIN
159.89.98.136	x9	NXDOMAIN
161.35.103.172	x2	mail.samphengplaza.com
161.35.121.73	x11	NXDOMAIN
161.35.209.84	x8	NXDOMAIN
161.35.212.209	x11	NXDOMAIN
161.35.214.220	x6	NXDOMAIN
161.35.215.1	x4	fra1.squid.digitalocean.10
161.35.216.149	x3	NXDOMAIN
161.35.216.206	x7	NXDOMAIN
161.35.223.141	x7	NXDOMAIN
161.35.223.157	x5	NXDOMAIN
161.35.223.220	x9	NXDOMAIN
161.35.223.221	x5	tapaz-233862673.azstaging.net
161.35.223.22	x2	NXDOMAIN
161.35.223.220	x9	NXDOMAIN
161.35.223.221	x5	tapaz-233862673.azstaging.net
161.35.223.237	x11	NXDOMAIN
161.35.229.143	x9	NXDOMAIN
161.35.229.22	x2	mail.barzantravel.com
161.35.236.54	x3	NXDOMAIN
161.35.237.96	x6	runner-osmp-huffingtonpost.gr
161.35.49.126	x2	prod-nyc1.qencode-encoder-cea11026786c11eb92c10e903d539a24
161.35.49.191	x2	mail.gaylemcdonald.com
161.35.5.24	x2	NXDOMAIN
161.35.97.138	x10	NXDOMAIN
161.35.9.88	x7	pttiyfuw.oniohwfukwqxqlc.nl
164.90.131.52	x6	NXDOMAIN
164.90.145.255	x7	NXDOMAIN
164.90.149.24	x2	NXDOMAIN
164.90.160.216	x12	NXDOMAIN
164.90.166.21	x8	NXDOMAIN
164.90.166.30	x12	NXDOMAIN
164.90.166.41	x8	NXDOMAIN
164.90.170.41	x5	NXDOMAIN
164.90.170.63	x4	delkin.surf
164.90.172.110	x3	NXDOMAIN
164.90.172.62	x5	NXDOMAIN
164.90.172.93	x6	NXDOMAIN
165.22.233.96	x5	NXDOMAIN
165.22.235.144	x3	NXDOMAIN
165.22.235.91	x6	NXDOMAIN
165.227.102.115	x5	NXDOMAIN
165.227.104.225	x5	NXDOMAIN
165.227.134.61	x6	NXDOMAIN
165.227.135.198	x1	mail.isabemore.com
165.227.136.220	x1	NXDOMAIN
165.227.187.40	x1	NXDOMAIN
165.227.206.144	x4	555052.cloudwaysapps.com
165.227.210.243	x1	NXDOMAIN
165.227.216.61	x3	NXDOMAIN
165.227.218.165	x3	NXDOMAIN
165.227.220.233	x14	NXDOMAIN
165.227.220.51	x3	NXDOMAIN
165.227.42.225	x2	NXDOMAIN
165.227.74.212	x6	NXDOMAIN
167.172.144.144	x8	NXDOMAIN
167.172.97.175	x2	mail.asketc.com
167.172.99.157	x8	NXDOMAIN
167.71.165.213	x3	NXDOMAIN
167.71.169.99	x5	NXDOMAIN
167.71.179.98	x2	NXDOMAIN
167.71.184.135	x3	NXDOMAIN
167.71.247.57	x1	mail.joeypeh.com
167.71.253.87	x2	NXDOMAIN
167.71.33.57	x2	NXDOMAIN
167.99.133.147	x4	NXDOMAIN
167.99.136.113	x6	NXDOMAIN
167.99.153.30	x3	NXDOMAIN
167.99.179.42	x3	NXDOMAIN
167.99.181.84	x4	NXDOMAIN
167.99.185.240	x8	NXDOMAIN
167.99.186.212	x3	NXDOMAIN
167.99.209.67	x1	NXDOMAIN
167.99.210.207	x1	farm.ams3.11.8334
167.99.251.62	x5	mail.bedandbreakfastnorfolk.com
167.99.252.53	x2	mail.healthedryskin.com
167.99.44.253	x1	NXDOMAIN
174.138.1.53	x1	NXDOMAIN
174.138.40.110	x11	mail.witailat.com
178.128.200.117	x9	NXDOMAIN
178.128.244.234	x1	NXDOMAIN
178.62.119.20	x2	htb-bgm6sduft9.htb-cloud.com
178.62.210.172	x2	NXDOMAIN
178.62.239.195	x1	NXDOMAIN
178.62.242.181	x3	NXDOMAIN
178.62.250.78	x3	NXDOMAIN
178.62.251.97	x3	555007.cloudwaysapps.com
178.62.255.62	x2	farm.ams3.11.8337
178.62.43.80	x7	htb-sqlzu3e2se.htb-cloud.com
178.62.57.165	x2	NXDOMAIN
178.62.58.131	x1	NXDOMAIN
178.62.58.238	x2	555038.cloudwaysapps.com
178.62.66.59	x2	NXDOMAIN
178.62.83.91	x5	se7en02.link
188.166.116.192	x2	NXDOMAIN
188.166.119.210	x1	NXDOMAIN
188.166.150.164	x2	NXDOMAIN
188.166.15.210	x2	NXDOMAIN
188.166.172.181	x1	htb-gtcsiaourf.htb-cloud.com
188.166.19.62	x2	mail.kannanee.com
188.166.20.49	x6	NXDOMAIN
188.166.62.109	x4	NXDOMAIN
188.166.64.173	x2	NXDOMAIN
188.166.97.156	x1	NXDOMAIN
192.241.133.240	x1	NXDOMAIN
192.81.219.8	x2	NXDOMAIN
192.81.219.9	x1	NXDOMAIN
198.199.84.118	x1	NXDOMAIN
198.211.105.47	x1	romelia.khalidbarakat.com
206.189.13.32	x11	NXDOMAIN
206.189.176.187	x7	m080925.rna1.blindsidenetworks.com
206.189.181.57	x5	NXDOMAIN
206.189.188.64	x9	NXDOMAIN
206.189.2.7	x2	mail.prosperitynetworker.com
206.189.5.169	x12	prod-ams3-1.qencode-master-f9ab311a786311eb8501ca840d5ea375
206.189.99.130	x4	NXDOMAIN
206.81.11.108	x7	NXDOMAIN
206.81.11.28	x5	newsite.staging.nodo.cc
206.81.24.204	x10	NXDOMAIN
206.81.30.148	x1	NXDOMAIN
207.154.203.248	x2	mail.theleftbrainagency.com
207.154.212.187	x2	s-44923.de.vpnshieldapp.com
207.154.245.198	x5	mail.whetebar.com
208.68.37.15	x1	NXDOMAIN
45.55.37.18	x1	prod-nyc3-2.qencode-encoder-84a3a9da786611eb92c262b78d0049ec
45.55.47.173	x1	prod-nyc3-2.qencode-encoder-ab8a51ac784d11eb949262b78d0049ec
45.55.50.175	x2	NXDOMAIN
46.101.101.105	x1	NXDOMAIN
46.101.113.233	x1	mail.steynar.com
46.101.114.210	x1	NXDOMAIN
46.101.134.165	x2	NXDOMAIN
46.101.154.245	x1	NXDOMAIN
46.101.155.109	x2	NXDOMAIN
46.101.183.39	x1	NXDOMAIN
46.101.193.229	x2	NXDOMAIN
46.101.206.90	x3	alex5.node
46.101.219.98	x5	NXDOMAIN
46.101.224.181	x2	master.5e74200d78c15ea72e3290df0a7d9ab6
46.101.231.5	x1	NXDOMAIN
46.101.23.34	x5	victoria-beauty.xyz
46.101.26.173	x6	554974.cloudwaysapps.com
46.101.39.237	x2	NXDOMAIN
46.101.73.88	x4	NXDOMAIN
46.101.73.91	x5	NXDOMAIN
46.101.81.119	x6	NXDOMAIN
64.225.30.8	x4	prod-nyc3-2.qencode-master-bff830e6785211ebad6b62b78d0049ec
64.227.0.57	x3	NXDOMAIN
64.227.100.25	x4	NXDOMAIN
64.227.109.26	x1	NXDOMAIN
64.227.119.87	x4	NXDOMAIN
64.227.123.185	x2	NXDOMAIN
64.227.15.190	x2	NXDOMAIN
64.227.1.75	x13	NXDOMAIN
64.227.96.226	x3	premier-citadel.wpmudev.host
64.227.98.166	x1	mail.qattos.com
64.227.98.5	x2	NXDOMAIN
67.205.140.244	x1	NXDOMAIN
67.205.154.150	x1	NXDOMAIN
67.205.168.51	x1	NXDOMAIN
67.205.177.86	x1	NXDOMAIN
67.205.190.247	x1	NXDOMAIN
67.205.191.26	x1	NXDOMAIN
68.183.105.63	x8	554954.cloudwaysapps.com
68.183.13.145	x4	NXDOMAIN
68.183.140.167	x10	NXDOMAIN
68.183.154.228	x1	NXDOMAIN
68.183.195.32	x7	NXDOMAIN
68.183.200.17	x4	NXDOMAIN
68.183.204.119	x3	NXDOMAIN
68.183.206.234	x1	NXDOMAIN

This entry was posted in Informative and tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply