Trends in Networks: Spam #15

Posted on February 4, 2021 by Thomas

Back at it again with some more throwaway domains from our old friends. Amazing how we can always count on spammers to persist like cockroaches. Still no sign of this spam activity stopping since we’ve last reported in December, and here’s the past week’s activity just to stick with relevant data.

Jan28
104.131.111.115	x6	kx0.814.eryfj.ml
134.122.1.59	x3	srv0.us81.ga
161.35.178.20	x1	box.exactestimating.xyz
161.35.185.72	x1	srv0.mails207.gq
165.227.101.237	x4	box.tersdaew.xyz
165.227.8.139	x1	box.cersdaes.xyz
167.172.237.8	x1	mail-outbound2.cyberalps.ga
167.99.41.8	x19	box.serterge.xyz
188.166.108.12	x1	server.amazontrackorders.xyz
45.55.53.172	x2	mtec.amif.tk
64.227.106.152	x2	box.versawig.xyz

Jan29
159.203.68.120	x1	box.partnersrk.gq
161.35.133.164	x3	box.estimationnn.cf
161.35.143.251	x3	box.estimationnn.tk
161.35.143.89	x3	box.estimationnn.ml
161.35.184.206	x1	box.srklife.ml
161.35.185.90	x1	srv0.mails207.cf
164.90.128.30	x1	box.srklife.tk
165.227.101.237	x3	box.tersdaew.xyz
167.172.237.8	x1	mail-outbound2.cyberalps.ga
174.138.9.112	x1	box.cersdades.xyz
64.227.106.152	x6	box.versawig.xyz

Jan30
104.248.230.67	x3	box.hellogift.ga
157.245.129.194	x1	box.fridaydeals.ml
167.172.237.8	x1	mail-outbound2.cyberalps.ga

Jan31
165.227.99.1	x1	srv0.mails207.ga
167.172.227.61	x1	box.srkhamza.ml
64.227.65.110	x1	dshi1.xyz
68.183.98.192	x1	box.buybyclick.cf

Feb1
104.248.53.251	x2	box.saerdsae.xyz
134.122.34.247	x4	softaxx.cf
134.209.242.52	x58	newsgood-02.xyz
138.197.191.113	x103	newsgood-05.xyz
138.68.100.213	x84	newsgood-04.xyz
139.59.128.35	x40	newsgood-10.xyz
159.65.86.225	x1	box.fersdaesr.xyz
165.22.237.204	x1	softaxv.tk
206.81.31.168	x104	newsgood-03.xyz
64.225.97.211	x88	newsgood.xyz
64.225.98.116	x55	newsgood-07.xyz
64.227.113.22	x38	newsgood-09.xyz
64.227.113.36	x42	newsgood-08.xyz
68.183.180.85	x1	monstavpn.cf

Feb2
134.122.125.30	x1	box.exactestimator.xyz
134.122.40.16	x1	softaxx.gq
134.209.236.220	x2	sdf0.329.skjo.gq
157.230.2.245	x2	box.ferdstag.xyz
157.230.83.38	x8	box.lifersda.xyz
159.203.44.222	x3	softaxv.ga
159.65.234.238	x1	reverse-order.xyz
165.22.230.203	x8	softaxv.ml
167.172.136.87	x3	box.herdaser.xyz
192.241.131.54	x23	box.baersdath.xyz

Feb3
138.197.185.191	x3	sy0.nvbo.cf
142.93.146.28	x1	patly.xyz
142.93.48.65	x2	wsu0.705.eryfj.ml
157.230.53.226	x1	srv0.us80.ml
164.90.144.61	x1	borsuk.xyz
165.22.236.247	x64	softaxv.cf
167.172.136.87	x1	box.herdaser.xyz
178.128.2.180	x1	validate-order.xyz
192.241.131.54	x5	box.baersdath.xyz
198.199.84.205	x2	box.predstya.xyz
68.183.199.213	x6	softavv.tk

Feb4
157.230.15.66	x2	srv0.us105.ga
157.230.90.30	x1	srv0.us103.tk
161.35.50.194	x4	mail.shaheenbegairathain.xyz
161.35.8.198	x3	srv0.usa111.gq
164.90.138.28	x1	box.srklife.ga
167.172.147.160	x1	srv0.usa113.tk
192.241.131.54	x2	box.baersdath.xyz
206.189.181.110	x1	box.dahgersd.xyz
206.189.205.197	x14	srv0.usa111.cf

Interestingly though, the enormous spam campaign coming from domains a couple of years old (as if they were expired and purchased), stopped in its tracks by mid January 2021. We no longer see reports of such IPs. Below is the last two days of it that we saw, then sudden silence. Did Digital Ocean actually get rid of these guys (but not the above..), or have these Spammers moved on somewhere else?

Jan14
104.248.133.37	x16	mail.qattos.com
104.248.18.156	x24	mail.bedandbreakfastnorfolk.com
128.199.62.18	x7	mail.connecttopurpose.com
134.122.45.10	x19	mail.greg-sport.com
134.209.246.63	x13	mail.bvikitevillage.com
138.197.111.36	x5	mail.steynar.com
138.197.133.213	x9	mail.gear24-7.com
138.197.150.225	x6	mail.ikoneek.com
138.197.154.60	x7	mail.bvifm.com
138.197.175.107	x5	mail.crowdmasterstocks.com
138.197.181.217	x9	mail.crowdmasterexchange.com
138.197.6.7	x19	mail.imediarank.com
138.197.96.147	x19	mail.diversiforma.com
138.197.99.226	x25	mail.americanteeshirts.com
138.68.53.79	x3	mail.librar-e.com
138.68.62.21	x7	mail.wilpattuwanationalpark.com
142.93.20.252	x14	mail.hubsz.com
142.93.77.92	x7	mail.llanteraavalos.com
142.93.93.51	x3	mail.randombn.com
143.110.152.218	x19	mail.stowlocal.com
143.110.156.18	x14	mail.supplementscheck.com
143.110.228.164	x12	mail.todido.com
143.110.235.25	x9	mail.loveeathome.com
143.110.235.26	x9	mail.thedisabilityguysgoshen.com
143.110.235.29	x7	mail.raiderbackup.com
143.110.235.30	x8	mail.hydroxit.com
143.110.235.47	x11	mail.bvikiters.com
143.110.235.51	x4	mail.lumenspeech.com
157.230.111.30	x22	mail.cookbrosomnia.com
157.230.21.156	x22	mail.isasermais.com
157.230.29.1	x17	mail.estate-agent-in-javea.com
159.203.190.190	x3	mail.ggjmanagement.com
159.203.33.56	x6	mail.myethconnect.com
159.203.36.38	x5	mail.crowdmasterstockmarket.com
159.203.39.71	x6	mail.gillingham-ryan.com
159.203.45.133	x6	mail.adwingmedia.com
159.203.47.99	x7	mail.bvikiteboarding.com
159.203.63.79	x12	mail.codecuack.com
159.65.110.133	x3	mail.barzantravel.com
159.65.193.142	x19	mail.vietbonsai.com
159.65.195.180	x27	mail.theleftbrainagency.com
159.65.197.142	x20	mail.eurosalonspa.com
159.65.202.185	x7	mail.snappyfi.com
159.89.118.66	x16	mail.realbvikitejam.com
159.89.126.126	x21	mail.goribi.com
159.89.87.21	x22	mail.kodevianstudio.com
161.35.129.8	x17	mail.arpadhousing.com
161.35.135.5	x18	mail.vincruise.com
161.35.139.83	x17	mail.workinjuryanswers.com
161.35.140.130	x23	mail.besthorrorfilms.com
161.35.143.110	x16	mail.integrizo.com
161.35.176.59	x21	mail.otavillamechanicalcontractors.com
161.35.180.15	x27	mail.aepages.com
161.35.180.16	x21	mail.kitevillagebvi.com
161.35.180.36	x17	mail.bierclip.com
165.22.41.250	x17	mail.georgetweets.com
165.22.79.146	x20	mail.tidewatercollection.com
165.22.92.50	x14	mail.anegadakiteclub.com
165.227.137.142	x16	mail.vimyx.com
165.227.24.245	x3	mail.proximaedicion.com
165.227.27.34	x5	mail.mysupportflow.com
165.227.46.52	x9	mail.vanacle.com
165.227.47.80	x6	mail.remucica.com
165.227.64.32	x7	mail.ecomugurukul.com
165.227.72.85	x16	mail.glennraid.com
165.227.74.12	x21	mail.tedxbvi.com
165.227.78.100	x16	mail.ralphtoneal.com
165.227.88.185	x17	mail.bvisupcup.com
167.172.146.19	x16	mail.bingocarioca.com
167.172.176.22	x15	mail.thebvibeachbar.com
167.172.176.45	x24	mail.isabemore.com
167.172.177.116	x22	mail.maksgaragedoors.com
167.172.177.176	x21	mail.drinktempest.com
167.172.178.161	x19	mail.torcedorfc.com
167.172.178.211	x19	mail.rvprotravelguide.com
167.172.178.215	x16	mail.trendmylife.com
167.172.180.117	x22	mail.otvibes.com
167.172.180.148	x19	mail.aldolga.com
167.172.180.219	x23	mail.bigcitysiren.com
167.172.185.0	x19	mail.tomoxide.com
167.172.186.119	x2	mail.expresatepanama.com
167.172.186.20	x21	mail.ulagallaresort.com
167.172.188.8	x24	mail.instaridellc.com
167.172.21.174	x16	mail.moldemi.com
167.172.231.153	x17	mail.mirissasrilanka.com
167.172.245.97	x18	mail.sampengplaza.com
167.71.110.98	x13	mail.petbuilds.com
167.71.168.193	x18	mail.staffordlawoffices.com
167.71.168.217	x19	mail.trantandat.com
167.71.59.138	x26	mail.sneakinguplikecelery.com
167.99.199.78	x18	mail.lexcincierge.com
167.99.39.66	x5	mail.televvun.com
167.99.41.37	x19	mail.tolaradio.com
174.138.11.111	x6	mail.capquestpacific.com
174.138.38.248	x18	mail.vincruises.com
174.138.49.255	x18	mail.diyadjustabledesk.com
174.138.49.99	x15	mail.bvikite.com
174.138.54.158	x22	mail.electricalcontractorwestminster.com
174.138.58.149	x24	mail.listfor999.com
174.138.58.221	x18	mail.crowdmasterstock.com
174.138.9.8	x5	mail.meditech-solutions.com
178.128.13.195	x3	mail.anegadakitejam.com
178.128.178.106	x4	mail.plxcw.com
178.128.189.162	x11	mail.greentechnologybvi.com
178.128.200.88	x3	mail.grosvenorfire.com
178.128.206.45	x1	mail.nohidigitalpress.com
178.128.235.153	x4	mail.3emecline.com
178.128.44.208	x5	mail.biomusclegym.com
178.62.121.10	x17	mail.prosperitynetworker.com
178.62.123.250	x19	mail.abstractdomains.com
178.62.196.248	x3	mail.lexmatprinting.com
178.62.233.6	x4	mail.wwwsports24bd.com
178.62.4.44	x20	mail.otvibez.com
188.166.109.138	x5	mail.samphengplaza.com
188.166.24.33	x16	mail.zurmend.com
188.166.83.120	x8	mail.erdisdriza.com
192.241.149.81	x4	mail.weixin288.com
206.189.100.103	x8	mail.orthoweave.com
206.189.111.56	x6	mail.borsamotorstekirdag.com
206.189.111.57	x4	mail.hikkaduwabeach.com
206.189.13.96	x18	mail.metaspec-sorb.com
206.189.205.148	x29	mail.indotori.com
206.189.214.69	x19	mail.altholaia.com
206.189.7.40	x22	mail.asketc.com
206.189.74.154	x25	mail.virginislandskitejam.com
206.189.9.101	x2	mail.weannameef.com
206.81.11.50	x16	mail.golizle.com
206.81.15.62	x17	mail.srilankaboutiquehotel.com
206.81.4.211	x17	mail.serviplatiniumrentacar.com
206.81.6.162	x25	mail.proaguacate.com
209.97.130.166	x18	mail.hoteltopazkandy.com
45.55.41.127	x3	mail.discountgiftpens.com
45.55.49.176	x5	mail.longislandmenu.com
46.101.14.177	x16	mail.thewebisart.com
46.101.168.186	x6	mail.atomicsolarwatches.com
46.101.4.41	x8	mail.thehauntingathalloween.com
46.101.45.84	x2	mail.mediasmartphilly.com
46.101.49.109	x7	mail.epicnitro.com
46.101.49.228	x9	mail.hanahspa.com
46.101.50.91	x12	mail.zeekiebootz.com
46.101.53.204	x6	mail.kiteboardingbvi.com
46.101.55.10	x9	mail.portlandbuttler.com
46.101.55.55	x5	mail.birdandbearbakehouse.com
46.101.56.159	x9	mail.santabarbaracampers.com
46.101.57.5	x7	mail.artfulworldgalleria.com
46.101.61.134	x11	mail.anasfamilydentistry.com
46.101.80.179	x18	mail.cottageusa.com
46.101.81.181	x16	mail.anegadakitevillage.com
46.101.83.125	x15	mail.tedbvi.com
46.101.83.152	x16	mail.grandvaluecapital.com
46.101.83.93	x25	mail.czicare.com
46.101.85.175	x17	mail.3mcline.com
46.101.88.156	x23	mail.anna-theo.com
46.101.89.243	x20	mail.regionalplumber.com
46.101.90.110	x1	mail.airntatily.com
46.101.90.154	x7	mail.keonband.com
46.101.93.245	x19	mail.rocagames.com
46.101.93.96	x21	mail.alqahira-academy.com
64.225.57.102	x21	mail.crowdmasterstockexchange.com
67.205.164.174	x5	mail.balancingbloodsugar.com

Jan15
104.248.19.69	x25	mail.alqahira-academy.com
128.199.62.18	x8	mail.connecttopurpose.com
134.122.15.190	x27	mail.tolaradio.com
138.197.138.225	x5	mail.bingocarioca.com
138.197.146.251	x8	mail.goribi.com
138.197.147.132	x8	mail.grandvaluecapital.com
138.197.151.140	x4	mail.moldemi.com
138.197.151.245	x4	mail.maksgaragedoors.com
138.197.154.60	x4	mail.bvifm.com
138.197.161.191	x3	mail.besthorrorfilms.com
138.197.161.98	x6	mail.borsamotorstekirdag.com
138.197.181.217	x7	mail.crowdmasterexchange.com
138.68.18.236	x5	mail.biomusclegym.com
138.68.244.109	x12	mail.televvun.com
138.68.249.86	x4	mail.stowlocal.com
138.68.250.134	x12	mail.thewebisart.com
138.68.49.158	x5	mail.hanahspa.com
138.68.70.69	x4	mail.virginislandskitejam.com
139.59.155.44	x41	mail.kitevillagebvi.com
142.93.10.42	x22	mail.tedxbvi.com
142.93.109.109	x24	mail.weixin288.com
142.93.145.70	x22	mail.indotori.com
142.93.148.137	x33	mail.die-pr-agentur.com
142.93.151.78	x5	mail.vanacle.com
142.93.16.46	x29	mail.thehauntingathalloween.com
142.93.20.226	x22	mail.atomicsolarwatches.com
142.93.23.239	x27	mail.snakoon.com
142.93.252.218	x31	mail.expresatepanama.com
142.93.30.123	x31	mail.glennraid.com
143.110.158.249	x29	mail.adwingmedia.com
143.110.230.33	x4	mail.raiderbackup.com
143.110.231.139	x8	mail.hubsz.com
143.110.235.25	x9	mail.loveeathome.com
143.110.235.26	x4	mail.thedisabilityguysgoshen.com
143.110.235.30	x3	mail.hydroxit.com
143.110.237.194	x11	mail.kiteboardingbvi.com
157.230.21.156	x3	mail.isasermais.com
157.230.22.92	x29	mail.supplementscheck.com
159.203.100.227	x29	mail.gillingham-ryan.com
159.203.21.243	x7	mail.torcedorfc.com
159.203.33.56	x4	mail.myethconnect.com
159.203.34.68	x9	mail.remucica.com
159.203.36.38	x4	mail.crowdmasterstockmarket.com
159.203.68.203	x8	mail.anegadakitejam.com
159.65.107.127	x7	mail.thebvibeachbar.com
159.65.110.195	x6	mail.hikkaduwabeach.com
159.65.194.244	x23	mail.integrizo.com
159.65.196.17	x26	mail.abstractdomains.com
159.65.200.192	x26	mail.drinktempest.com
159.65.206.107	x27	mail.petbuilds.com
159.65.91.152	x4	mail.lexcincierge.com
159.89.112.149	x10	mail.rvprotravelguide.com
161.35.100.25	x30	mail.lumenspeech.com
161.35.123.83	x17	mail.ecomugurukul.com
161.35.180.36	x2	mail.bierclip.com
161.35.184.44	x16	mail.3emecline.com
161.35.96.236	x24	mail.longislandmenu.com
164.90.154.178	x17	mail.portlandbuttler.com
165.22.47.223	x24	mail.crowdmasterstocks.com
165.227.137.142	x7	mail.vimyx.com
165.227.14.216	x5	mail.tidewatercollection.com
165.227.31.100	x7	mail.theleftbrainagency.com
165.227.68.81	x26	mail.ralphtoneal.com
165.227.78.57	x14	mail.crowdmasterstock.com
167.172.163.237	x8	mail.asketc.com
167.172.178.215	x5	mail.trendmylife.com
167.172.180.117	x5	mail.otvibes.com
167.172.180.219	x3	mail.bigcitysiren.com
167.172.185.0	x4	mail.tomoxide.com
167.172.231.153	x6	mail.mirissasrilanka.com
167.99.213.149	x5	mail.bvikite.com
167.99.213.230	x7	mail.librar-e.com
167.99.215.78	x6	mail.bvikiters.com
167.99.218.61	x9	mail.ggjmanagement.com
167.99.223.80	x6	mail.otavillamechanicalcontractors.com
167.99.238.164	x24	mail.sneakinguplikecelery.com
167.99.36.67	x6	mail.listfor999.com
167.99.39.49	x7	mail.zurmend.com
167.99.40.187	x27	mail.imediarank.com
174.138.11.111	x2	mail.capquestpacific.com
174.138.11.222	x6	mail.hoteltopazkandy.com
174.138.14.71	x5	mail.nohidigitalpress.com
174.138.38.248	x5	mail.vincruises.com
174.138.40.57	x22	mail.instaridellc.com
174.138.49.220	x29	mail.czicare.com
174.138.58.247	x22	mail.balancingbloodsugar.com
174.138.60.79	x33	mail.regionalplumber.com
178.128.157.112	x6	mail.arpadhousing.com
178.128.184.6	x21	mail.bvikiteboarding.com
178.128.191.225	x30	mail.bvikitevillage.com
178.128.231.108	x1	mail.randombn.com
178.128.233.206	x4	mail.grosvenorfire.com
178.128.237.32	x6	mail.golizle.com
178.128.70.145	x4	mail.greg-sport.com
178.128.77.53	x4	mail.zeekiebootz.com
178.128.9.163	x5	mail.crowdmasterstockexchange.com
178.62.100.96	x24	mail.bestupusa.com
178.62.121.10	x2	mail.prosperitynetworker.com
178.62.196.248	x2	mail.lexmatprinting.com
178.62.233.6	x3	mail.wwwsports24bd.com
178.62.4.44	x6	mail.otvibez.com
188.166.22.226	x35	mail.eurosalonspa.com
188.166.22.52	x31	mail.mysupportflow.com
204.48.19.65	x18	mail.cookbrosomnia.com
206.189.100.103	x4	mail.orthoweave.com
206.189.164.140	x27	mail.srilankaboutiquehotel.com
206.189.176.135	x33	mail.trantandat.com
206.189.4.209	x30	mail.anasfamilydentistry.com
206.189.6.228	x4	mail.anegadakiteclub.com
206.189.7.179	x16	mail.americanteeshirts.com
206.189.7.196	x23	mail.electricalcontractorwestminster.com
206.189.96.121	x24	mail.wilpattuwanationalpark.com
206.189.96.15	x24	mail.erdisdriza.com
206.189.96.32	x32	mail.staffordlawoffices.com
206.189.96.69	x20	mail.sampengplaza.com
206.81.22.247	x28	mail.aldolga.com
206.81.4.211	x3	mail.serviplatiniumrentacar.com
209.97.154.187	x20	mail.vincruise.com
209.97.155.205	x22	mail.snappyfi.com
209.97.183.80	x18	mail.ulagallaresort.com
45.55.41.127	x2	mail.discountgiftpens.com
46.101.236.81	x3	mail.anegadakitevillage.com
46.101.41.66	x3	mail.proaguacate.com
46.101.43.34	x2	mail.steynar.com
46.101.45.84	x2	mail.mediasmartphilly.com
46.101.53.82	x9	mail.birdandbearbakehouse.com
46.101.72.136	x8	mail.diversiforma.com
46.101.72.161	x4	mail.greentechnologybvi.com
46.101.72.172	x8	mail.bvisupcup.com
46.101.72.29	x6	mail.metaspec-sorb.com
46.101.72.80	x8	mail.samphengplaza.com
46.101.83.10	x20	mail.proximaedicion.com
46.101.83.125	x2	mail.tedbvi.com
46.101.83.56	x22	mail.realbvikitejam.com
46.101.85.175	x12	mail.3mcline.com
46.101.86.154	x14	mail.aepages.com
46.101.86.170	x16	mail.vietbonsai.com
46.101.90.154	x7	mail.keonband.com
46.101.93.152	x23	mail.diyadjustabledesk.com
46.101.93.41	x23	mail.altholaia.com
46.101.94.80	x29	mail.gear24-7.com
64.225.9.119	x20	mail.anna-theo.com
64.227.103.117	x25	mail.cottageusa.com
64.227.109.110	x5	mail.rocagames.com
67.205.171.209	x9	mail.meditech-solutions.com
67.205.191.128	x9	mail.codecuack.com
67.207.86.94	x20	mail.barzantravel.com

I think to spice things up a little for 2021, I’ll broaden the net of suspicious domains spamming. Let’s not just let one company get all of the (dis)glory, we’ll see who else allows such a simple pattern of activity to consistently be abused on their networks.

This entry was posted in Informative and tagged , , , , , , . Bookmark the permalink.

Leave a Reply