Tag Archives: domain

Trends in Networks: Spam #9

Posted on October 15, 2020 by Thomas

Outside of the typical throwaway domain spam, we have been seeing a tremendous volume of marketing email coming from the Digital Ocean network. But first, here are this week’s Freenom and .xyz TLDs detected spamming on the Digital Ocean network. … Continue reading

Posted in Informative | Tagged , , , , , , , | Leave a comment

Trends in Networks: Spam #8

Posted on October 8, 2020 by Thomas

Another week, and sadly nothing has changed. Spoke too soon last week, nothing has been done about Digital Ocean IPs spamming with Freenom TLDs in the PTR record. Oct1 164.90.146.134 x1 rdns0.okisat.xyz 165.227.161.178 x7 bizcloud-send0.servar.xyz 165.227.164.181 x1 vcu0.minixo.gq 206.189.210.58 x1 … Continue reading

Posted in Informative | Tagged , , , , , , , | Leave a comment

Trends in Networks: Spam #7

Posted on September 30, 2020 by Thomas

This week we saw a significant drop in the use of Freenom TLDs coming from Digital Ocean. Wonder if the spammers just took a break from using them, but if this was the result of Digital Ocean’s efforts then good … Continue reading

Posted in Informative | Tagged , , , , , , , | Leave a comment

Trends in Networks: Spam #6

Posted on September 23, 2020 by Thomas

Picking up where we left off, more spam coming from the Digital Ocean network with freenom and xyz TLDs in the PTR/reverse DNS record. Sep12 157.245.94.185 x1 mail.opoczanie.xyz 161.35.230.193 x1 server.healthdocs.xyz 164.90.228.251 x1 srv0.mails27.gq 164.90.233.88 x3 srv0.mails27.cf 165.22.74.145 x3 srv0.mails28.tk … Continue reading

Posted in Informative | Tagged , , , , , , , | Leave a comment

Trends in Networks: Spam #5

Posted on September 11, 2020 by Thomas

Weekly dump of Digital Ocean abuse using Freenom (and .xyz) domains. Sep5 134.122.112.139 x1 kota.paypak.xyz 138.68.110.2 x3 srv0.mails19.ga 138.68.87.194 x4 srv0.mails19.ml 138.68.96.83 x1 srv0.mails19.cf 159.65.232.195 x2 bundi.paypax.xyz 161.35.14.115 x2 srv0.mails18.cf 46.101.163.120 x2 srv0.mails18.gq 64.225.10.63 x1 srv0.mails19.tk Sep6 134.122.125.156 x2 srv0.mails19.gq … Continue reading

Posted in Informative | Tagged , , , , , , , , | Leave a comment

Trends in Networks: Spam #4

Posted on September 4, 2020 by Thomas

Another week of Digital Ocean abuse using Freenom domains… I don’t want to assume they are all bad, but I have yet to see a ‘legit’ domain. Aug28 134.122.81.184 x1 srv0.mails13.ml 142.93.96.187 x1 srv0.mails13.ga 161.35.112.82 x1 der005-fv03.powerdealers.xyz 164.90.237.213 x4 srv0.mails13.tk … Continue reading

Posted in Informative | Tagged , , , , , , , , | Leave a comment

Trends in Networks: Spam #3

Posted on August 27, 2020 by Thomas

Just a quick data dump today, not much to say. The activity continues, and people continue to get spammed by the Digital Ocean network with the exact same patterns. If anyone is interested in other data points related to this … Continue reading

Posted in Informative | Tagged , , , , , , , , | Leave a comment

Trends in Networks: Spam #2

Posted on August 20, 2020 by Thomas

In last week’s article we covered Freenom domains and how they are used in Digital Ocean snowshoe spam campaigns. Let’s see what kind of activity has been coming from Digital Ocean over the past week. While not a Freenom TLD, … Continue reading

Posted in Informative | Tagged , , , , , , , , , , , , | Leave a comment

Trends in Networks: Spam #1

Posted on August 13, 2020 by Thomas

This is the beginning of a recurring article where I’ll be reviewing patterns in spam activity. I’ll start with something easily overlooked but surprisingly still prevalent in the spam landscape. Freenom TLDs (Top Level Domains) Freenom is a service that … Continue reading

Posted in Informative | Tagged , , , , , , , , , | Leave a comment