Haven't been keeping up on these, figured it is time to put one out,
even though it isn't the end of the week...
What have we been seeing the last couple of weeks..
............
* Gmail spam continues to be one of the biggest problems
* New Russian Snowshow spammer volumes
* Continuing Email Replay attacks for pushing malicious links
* Increase of Cloud AUTH Attackers
* Increase of Cloud Wordpress Attackers (Azure)
* Snowshoe Spamming in general way down over the last month
(No new IP space?)
* Seeing a lot more spam leakage from Amazon SES
eg From: "Business Manager ERP" <conta...@businessmanagererp.com>)
From: Brian Williams <brian.xpro...@kalender-us-7a.com>
From: "Mr. Lim Ming Loong" <sandip.s...@innofied.com>
* SendGrid Continued problems with phishing/spam leakage
* Other ESP's seeing increased similar activity
* Speaking of OVH, can you bring down your reseller HostStage?
#51.91.206.131 x1 plowable.canadianhealthreports.com
#51.91.206.134 x1 charlie.canadianhealthreview.com
#51.91.206.138 x1 upbring.clarityhealthreports.com
#51.91.206.154 x1 nat.latesthealthreview.com
#51.91.206.157 x2 antimalarial.naturalhealthglossary.com
#51.91.206.159 x1 sisera.newesthealthreport.com
#51.91.206.135 x1 dubiousness.canadianhealthreview.com
#51.91.206.144 x1 life.latesthealingreports.com
#51.91.206.149 x1 siciliana.latesthealthcure.com
#51.91.206.155 x1 severalizes.naturalhealthglossary.com
#51.91.206.161 x1 decretory.perfecthealthreports.com
#51.91.206.175 x1 walfish.superthealthreports.com
#51.91.206.180 x1 provincialize.todayhealingreports.com
(We could also provide long lists of IPs on OVH conducting AUTH attack)
* Some AUTH Attacker has found that Alibaba IP Space is a great home to
launch attacks, like many other cloud providers, very long take down cycles
* This week, o365 spam to invalid users surpassing Google's for a change
And of course .. Always love these... what country do these spammy
networks belong to?
inetnum: 217.145.227.0 - 217.145.227.255
netname: Net-traffictransitsolution-64
country: CH
admin-c: TN3908-RIPE
tech-c: TN3908-RIPE
org: ORG-TL632-RIPE
status: ASSIGNED PA
mnt-by: traffictransitsolution
created: 2021-01-22T05:53:52Z
last-modified: 2021-01-22T05:53:52Z
source: RIPE
organisation: ORG-TL632-RIPE
org-name: TrafficTransitSolution LLC
org-type: OTHER
address: 30 N Gould St # 1919
address: Sheridan
address: WY
address: 82801
address: United States
abuse-c: ACRO27187-RIPE
mnt-ref: traffictransitsolution
mnt-ref: MNT-GLBTX
mnt-ref: Cyber-MNT
mnt-by: traffictransitsolution
created: 2019-09-23T10:50:59Z
last-modified: 2021-01-26T11:55:24Z
source: RIPE # Filtered
role: TrafficTransitSolution NOC
address: United States, 82001, WY, Cheyenne, 1910 Thomes Ave
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
