The Spam Auditor Blog: The information nexus for the anti-spam community.

Trends in Networks: Spam #6

Posted on September 23, 2020 by Thomas

Picking up where we left off, more spam coming from the Digital Ocean network with freenom and xyz TLDs in the PTR/reverse DNS record.

Sep12
157.245.94.185	x1	mail.opoczanie.xyz
161.35.230.193	x1	server.healthdocs.xyz
164.90.228.251	x1	srv0.mails27.gq
164.90.233.88	x3	srv0.mails27.cf
165.22.74.145	x3	srv0.mails28.tk

Sep13
104.131.37.243	x4	hotice.xyz
161.35.197.220	x1	srv0.mails28.gq
68.183.17.224	x2	marketmailfactor.xyz
68.183.210.227	x1	srv0.mails28.ml
68.183.219.74	x1	srv0.mails28.cf

Sep14
104.248.225.117	x1	recent.pyouaq.xyz
104.248.230.90	x2	recent.pynakc.xyz
104.248.233.215	x1	recent.pdwsje.xyz
104.248.233.25	x1	recent.qsbgyd.xyz
128.199.10.40	x1	box.jitruimpex.xyz
128.199.6.105	x1	office.ovwyev.xyz
128.199.6.114	x1	office.vubim.xyz
128.199.6.48	x1	office.scottlu.xyz
134.122.26.113	x1	renewal.everestgroup.xyz
159.65.69.23	x2	project.ldmlcr.xyz
159.65.75.77	x1	project.gmlph.xyz
159.65.79.45	x1	receipt.walle.xyz
161.35.67.203	x1	server1.amzonbilling.xyz
164.90.216.120	x2	srv0.mails29.gq
167.172.138.65	x1	recent.gmvrla.xyz
167.172.160.61	x2	dxd0.501.maxzizo.ga
167.172.188.210	x1	srv0.mails29.tk
167.172.229.91	x1	video.namvpp.xyz
167.172.233.183	x1	video.jvaiqe.xyz
167.71.171.128	x3	rdns0.hukils.xyz
167.71.2.42	x6	dxd0.502.maxzizo.ga
167.99.155.64	x1	rdns0.kiopls.xyz
198.199.85.120	x1	renewal.hthtech.xyz
64.227.19.242	x1	renewal.znxik.xyz
64.227.36.229	x3	dxd0.504.maxzizo.ga
67.205.160.186	x1	renewal.xayum.xyz

Sep15
104.131.86.104	x1	video.inhmte.xyz
128.199.6.22	x1	office.tutendencia.xyz
128.199.6.9	x1	office.rumwh.xyz
134.122.23.203	x6	rdns0.fresab.xyz
134.122.49.46	x1	notice.youtrend.xyz
134.122.79.194	x1	srv0.mails30.gq
134.209.157.137	x5	wpw0.evermindly.ml
134.209.251.179	x1	srv0.mails31.tk
142.93.183.251	x1	rdns0.gydren.xyz
157.245.111.229	x1	wpw0.evermindly.ga
159.65.109.149	x1	project.qkegb.xyz
159.65.69.143	x1	project.fxulbw.xyz
159.65.97.110	x1	project.immuqo.xyz
161.35.2.157	x1	rdns0.prosda.xyz
164.90.185.75	x1	srv0.mails30.ml
164.90.214.254	x1	srv0.mails30.tk
164.90.217.92	x1	srv0.mails31.gq
167.172.163.94	x6	srv0.mails29.ml
167.172.173.172	x1	srv0.mails30.cf
178.62.75.20	x5	jd0.715.dingino.ga
198.199.81.34	x1	renewal.iatens.xyz

Sep16
142.93.117.241	x3	jd0.dingino.cf
157.230.4.254	x6	jd0.dingino.gq
159.89.200.11	x1	server.bwoax.cf
161.35.233.82	x3	box.zoekingtrade.xyz
164.90.229.99	x1	srv0.mails32.tk
167.172.177.128	x2	srv0.mails31.ml
167.172.185.74	x5	srv0.mails31.cf
167.71.62.183	x4	srv0.mails32.cf
64.227.77.57	x5	jd0.finodgain.cf
67.205.177.135	x18	rdns0.trenga.xyz

Sep17
104.131.111.234	x1	praktiklmarkto.xyz
128.199.101.95	x1	skyemailweb.ga
128.199.11.11	x3	bizcloud-rangersway.xyz
128.199.213.2	x1	techwebbot.ml
138.68.25.127	x1	24x7pctechies.xyz
157.245.115.188	x1	healthdocs.xyz
159.203.108.167	x1	powerdealers.xyz
159.65.131.129	x1	skyemailweb.ml
164.90.232.4	x1	srv0.mails33.gq
167.172.101.202	x2	srv0.mails33.tk
167.172.110.153	x4	srv0.mails34.tk
167.172.97.123	x4	srv0.mails33.cf
167.71.50.2	x3	srv0.mails33.ml
64.225.30.150	x1	reapfirst.xyz

Sep18
138.68.84.157	x3	srv0.mails34.gq
138.68.84.52	x2	srv0.mails34.cf
139.59.137.114	x1	srv0.mails34.ga
159.203.83.221	x1	refund.ruffclark.xyz
159.203.91.62	x1	refund.feeldnchin.xyz
159.89.233.247	x1	recall.njima.xyz
159.89.235.199	x1	recall.qingluandh.xyz
161.35.0.23	x1	rdns0.hulots.xyz
167.172.36.200	x1	account.bigcatqaq.xyz
167.71.9.187	x1	account.tahrcn.xyz
167.99.15.144	x1	recall.merrellmurphy.xyz
167.99.176.203	x1	guide.ankaygrup.xyz
167.99.188.3	x1	guide.instarct.xyz
178.62.203.165	x5	box.producetrade.xyz
188.166.190.220	x1	techwebbot.ga
206.189.172.112	x1	notice.hbmpro.xyz
206.189.172.123	x1	notice.rulesec.xyz
206.189.172.94	x1	notice.geekml.xyz
64.227.66.47	x1	account.cavriuyt.xyz

Sep19
157.245.127.11	x1	refund.riacontreras.xyz
167.71.81.100	x1	marketpoetry.xyz
167.99.177.132	x1	guide.rodenim.xyz
206.189.172.82	x1	notice.ahiustam.xyz

Sep20
104.131.19.131	x1	staging-00005.xyz
167.172.149.167	x1	aktm009-dcf01.adsenseoff.xyz
192.241.136.32	x1	dfv005-fvg03.marketodeals.xyz

Sep21
128.199.159.114	x3	techwebbot.cf
138.197.212.42	x1	co2-010.coindigitz.tk
138.68.97.164	x1	srv0.mails35.ga
167.71.191.194	x2	survivalmd.ml
167.99.106.62	x3	itsupportandservice.tk
178.62.123.38	x1	mail.hotice.xyz
206.189.208.108	x2	rdns0.tilder.xyz
46.101.159.212	x1	srv0.mails35.ml
64.227.110.143	x5	kyu0.gonbino.ga

Sep22
134.122.105.156	x1	pack.fstext.xyz
134.122.37.122	x1	ship.midio.xyz
134.122.37.124	x2	ship.mathpool.xyz
157.245.141.27	x1	rdns0.resdaf.xyz
159.203.113.108	x1	mark.mhmfb.xyz
161.35.169.246	x1	pack.hufcor.xyz
165.227.2.157	x2	gb-sfo2-010.coindigitz.tk
178.128.191.121	x1	member.mygist.xyz
178.128.191.130	x1	member.naobot.xyz
178.128.241.10	x1	mta.lamoks.xyz
46.101.5.39	x1	pack.ococsj.xyz
64.225.3.81	x1	mark.benjoy.xyz
68.183.114.83	x1	rdns0.gresdh.xyz
68.183.24.117	x1	test.shenjh.xyz

Sep23
157.230.90.221	x1	rdns0.restax.xyz
167.99.102.30	x1	techtooledu.ml
207.154.218.60	x2	pu0.722.gonbino.ml
45.55.40.194	x1	mail.meddocs.tk
46.101.6.190	x4	pu0.724.gonbino.ml

This entry was posted in Informative and tagged digital ocean, domain, freenom, freenom tld, Snowshoe spam, spam, spammer, top level domain. Bookmark the permalink.

Leave a Reply Cancel reply

You must be logged in to post a comment.