goldeneye 0 Posted April 17, 2014 This week alone, I've been getting hit with at least two dozen spamvertized links from an apparent botnet in the 87.239.156.0/24 range (located in Bulgaria)... http://www.spamcop.net/sc?id=z5880145661z6...c561125266ab57z http://www.spamcop.net/sc?id=z5880145346z2...2b1098cd9b1955z http://www.spamcop.net/sc?id=z5880134197z7...3761750eb14831z http://www.spamcop.net/sc?id=z5880133926z3...298697136c06b8z http://www.spamcop.net/sc?id=z5880133838zd...42f6c219f982cfz http://www.spamcop.net/sc?id=z5880133661z5...16f54a0d9eae9dz http://www.spamcop.net/sc?id=z5880096245zf...dbcfb9347cd114z http://www.spamcop.net/sc?id=z5880095907z2...d1e9d7260bc3f5z http://www.spamcop.net/sc?id=z5879984020z4...f49615e7a46fdcz http://www.spamcop.net/sc?id=z5879887574z1...365d27ca509bc4z http://www.spamcop.net/sc?id=z5879615043z7...31e7b21d6defbcz http://www.spamcop.net/sc?id=z5877928448za...f13b9c12feca29z http://www.spamcop.net/sc?id=z5876873845z3...6e933103889008z http://www.spamcop.net/sc?id=z5876731993z7...d83bed804e4559z http://www.spamcop.net/sc?id=z5876529309z9...a71f4f471e62b2z http://www.spamcop.net/sc?id=z5874861169z1...9bc182aad1d813z http://www.spamcop.net/sc?id=z5874339058z6...a0711e5a6af332z http://www.spamcop.net/sc?id=z5874339056zf...76c23e041e7c75z http://www.spamcop.net/sc?id=z5874337416z8...b14eb3c41074acz http://www.spamcop.net/sc?id=z5874337307zd...5d01d7abff66b8z http://www.spamcop.net/sc?id=z5874334112zb...8b269401aa5d8ez http://www.spamcop.net/sc?id=z5874334110z0...8419ed5b409befz http://www.spamcop.net/sc?id=z5871263934ze...6044bd2ea3d021z http://www.spamcop.net/sc?id=z5871263933z7...42b2eddfc03ca9z So far, the spamvertized IP's are: 87.239.156.99 87.239.156.100 87.239.156.101 87.239.156.102 87.239.156.114 87.239.156.118 87.239.156.121 87.239.156.123 87.239.156.126 Are we dealing with a potential botnet here? Share this post Link to post Share on other sites
alvarnell 0 Posted April 17, 2014 Are we dealing with a potential botnet here?I believe the source of the majority of spam these days is from botnets. Share this post Link to post Share on other sites
petzl 0 Posted April 17, 2014 This week alone, I've been getting hit with at least two dozen spamvertized links from an apparent botnet in the 87.239.156.0/24 range (located in Bulgaria)... So far, the spamvertized IP's are: 87.239.156.99 87.239.156.100 87.239.156.101 87.239.156.102 87.239.156.114 87.239.156.118 87.239.156.121 87.239.156.123 87.239.156.126 Are we dealing with a potential botnet here? None are listed by CBL? cert[at]govCERT.bg is the reporting address for Bulgaria The email servers seems USA/Canada spam[at]uce.gov usa Forward as attachment to Cert addresses (not sure of Canadas) Write comments in the body of Forwarded message Share this post Link to post Share on other sites