Suspected Snowshoe Spam IP Range — SELECTEL-NET

Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission.

As a precaution therefore we are listing this IP range in an SBL Advisory for the protection of Spamhaus users until we are able to determine the extent of the problem in this IP range, the exact size of the problematic IP allocation within this IP range, who is operating the domains/hosts/servers in this IP range, and receive a reassurance from the network owner that the IP range does not and will not pose a threat to Spamhaus users.


Almost IP in this /24 appears to be spamming with some combination of:
—————8<———————————————
srcip: 89.248.192.146
bodyfrom: 2*AVISO BOLETO SCN
Subject: (AVISO) Lembrete de vencimento 02/2022 -/- xxx +
timestamp: 2022-02-21 xxx

bodyurl: http://tinyurl.com/4dfdm2up/XXXX
bodyurl_shortened: http://sue6djvai89.autorizadoserasaexperian.sbs/XXXXX
—————8<———————————————

Today we have:

89.248.192.6 serasaautorizadoscn4.cloud
89.248.192.7 serasaautorizadoscn00.cloud
89.248.192.9 serasaautorizadoscn4.cloud
89.248.192.10 autorizadoserasaexperian00000.cloud
89.248.192.11 serasaautorizadoscn00.cloud
89.248.192.12 serasaautorizadoscn0000.cloud
89.248.192.14 serasaautorizadoscn4.cloud
89.248.192.16 autorizadoserasaexperian1.cloud
89.248.192.17 serasaautorizadoscn4.cloud
89.248.192.18 autorizadoserasaexperian00000.cloud
89.248.192.19 serasaautorizadoscn0000.cloud
89.248.192.20 serasaautorizadoscn4.cloud
89.248.192.21 serasaautorizadoscn4.cloud
89.248.192.22 autorizadoserasaexperian000000.cloud
89.248.192.23 serasaautorizadoscn0000.cloud
89.248.192.24 serasaautorizadoscn4.cloud
89.248.192.25 autorizadoserasaexperian000000.cloud

up to about 170, where it changes to .golf and .ink domains.

This has been going on since at least Feb 2nd with new domains every week.
Other domains seen here, with countless hostnames:

administrativoscn.cloud
autorizadoserasaexperian0.cloud
autorizadoserasaexperian00000.cloud
autorizadoserasaexperian000000.cloud
autorizadoserasaexperian1.cloud
brunasilva.cloud
claudiodestrito.cloud
danielribeiro.ink
emailcredito.cloud
fernandaferriolli.ink
grantvoyage.com.br
marcelavaliengo.ink
matheusrepublico.cloud
mediaclient.ink
moacirpalterms.cloud
noreplyelianecardoso.cloud
notafiscaldesetor.cloud
required-action.cloud
rodrigobalcao.cloud
scnsetor.cloud
serasaautorizadoscn00.cloud
serasaautorizadoscn0000.cloud
serasaautorizadoscn4.cloud
suagestao.golf
tecnolarmoveis.cloud
vivianesetor.cloud

Опубликовано
В рубрике selectel.ru

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *