Your source for news and ideas on how to deal with spam trends. A spamauditor's perspective of life in the trenches battling the world of spam.
Joined April 2014
- Tweets 2,076
- Following 249
- Followers 690
- Likes 505
799 Photos and videos
New prolific bad actor using @google cloud IPs, throwaway domains, to send #malware to our #JAPANESE friends.. @GoogleCloudTech can you check out the guys using 35.212.143.]21 et al?
2
60
New week, and #JOHINDER still finding new IP space to set up shop.. This time on @Mirohost 78.27.236.]64 and @netversor 185.59.103.]136 and others..
7
Jun 9
You know what happens when you add BulletProof hosters to your Blacklists? They just start relaying out other suspect networks. PITLINE 77.83.36.]0/22 being used to relay phishing out IPs on @ExabytesWebHost 202.157.176.]0/23
51
Jun 4
Okay, people .. today is pick on #netherlands day, let's share what 'hinky' network operators based out of the netherlands are you tracking, here's another one.. Hosting the @QuickBooks scammer on 79.141.165.]253 right now, but lots of other activity tracked.. AS59711
41
Jun 2
Speaking of.. we need more takedowns in #netherlands, seems to be a hotspot for bullet proof hosters. Here is another bad network right now..
4
2
11
1,941
Jun 4
For the record, @Shadowserver @DutchPolice be nice if you go after these guys.. Threat actors also operating large botnets, via IPs in this range, used for password spray attacks. Welcome to reach out for evidence.
88
Jun 3
Another sample lure.. From: Kroger fuel points <krogerfuelpoints@mayshooting.]garden> This one on AS44793 #Alliumtech S.R.L. lir-it-cloudvox-1-MNT
55
Jun 3
Oh @sendgrid_ops you REALLY have to start addressing these compromises in your systems.. #FAKE @TD_Canada notifications this time..149.72.123.]24 start including the originating IP, and we can help you determine who this actor is.
55
Jun 1
There is always a reason why the same hackers keep abusing the same hosting companies.. @DreamHost
1
180
Jun 1
This @QuickBooks @QBCares scammer/phisher sure is getting cocky and agressive.. And you wonder why @ContaboCom gets a bad name for allowing these.. Starting to feel that all the #opsec guys have been let go at hosting companies.. Noone watching the gates?
65
Jun 1
Guess who's back.. 'shady' is back.. CAJU Spammer didn't give up on using @Hetzner_Online IPs.. silly isn't this?
2
6
1,753
Jun 1
New rule.. any domain registered within a week, and sending from Hetzner IPs.. *poof* ;0 Oh, I mean HETZNER should check for these.. *sigh*, a hundred ways to stop this actor if they cared..
93
May 28
Pet Peeve# 486: Company the size of @netflix can't manage their own mailouts, have to use a shared Amazon SES platform.. Let the #phishing begin.. @mailer.members.netflix.com via a114-75.smtp-out.us-east-2.amazonses.]com. Can't afford a dedicated IP address? Who is going to add THAT to their whitelist ;)
50
May 28
Why the @BytedanceTalk @tiktok_us servers in the US don't have rDNS/PTR records.. plain silly for a company that size.. (SERVFAIL) Even sillier to try sending email..
1
53
May 28
Not the first time we have reported IPs from #xserver in #ukraine, but always still suprised to see .ru domains on a 'Ukranian' network.. RIPE country registrar shows Bulgaria, addresses in Kharkiv, geo located to HongKong.. a bit messy.. what do you say? 4k3uht3t.hosted-by-24hg.]ru 138.249.247.]249
121