Jump to content

Spamvertized links from apparent botnet??? at 87.239.156.0/24


goldeneye
 Share

Recommended Posts

This week alone, I've been getting hit with at least two dozen spamvertized links from an apparent botnet in the 87.239.156.0/24 range (located in Bulgaria)...

http://www.spamcop.net/sc?id=z5880145661z6...c561125266ab57z

http://www.spamcop.net/sc?id=z5880145346z2...2b1098cd9b1955z

http://www.spamcop.net/sc?id=z5880134197z7...3761750eb14831z

http://www.spamcop.net/sc?id=z5880133926z3...298697136c06b8z

http://www.spamcop.net/sc?id=z5880133838zd...42f6c219f982cfz

http://www.spamcop.net/sc?id=z5880133661z5...16f54a0d9eae9dz

http://www.spamcop.net/sc?id=z5880096245zf...dbcfb9347cd114z

http://www.spamcop.net/sc?id=z5880095907z2...d1e9d7260bc3f5z

http://www.spamcop.net/sc?id=z5879984020z4...f49615e7a46fdcz

http://www.spamcop.net/sc?id=z5879887574z1...365d27ca509bc4z

http://www.spamcop.net/sc?id=z5879615043z7...31e7b21d6defbcz

http://www.spamcop.net/sc?id=z5877928448za...f13b9c12feca29z

http://www.spamcop.net/sc?id=z5876873845z3...6e933103889008z

http://www.spamcop.net/sc?id=z5876731993z7...d83bed804e4559z

http://www.spamcop.net/sc?id=z5876529309z9...a71f4f471e62b2z

http://www.spamcop.net/sc?id=z5874861169z1...9bc182aad1d813z

http://www.spamcop.net/sc?id=z5874339058z6...a0711e5a6af332z

http://www.spamcop.net/sc?id=z5874339056zf...76c23e041e7c75z

http://www.spamcop.net/sc?id=z5874337416z8...b14eb3c41074acz

http://www.spamcop.net/sc?id=z5874337307zd...5d01d7abff66b8z

http://www.spamcop.net/sc?id=z5874334112zb...8b269401aa5d8ez

http://www.spamcop.net/sc?id=z5874334110z0...8419ed5b409befz

http://www.spamcop.net/sc?id=z5871263934ze...6044bd2ea3d021z

http://www.spamcop.net/sc?id=z5871263933z7...42b2eddfc03ca9z

So far, the spamvertized IP's are:

87.239.156.99

87.239.156.100

87.239.156.101

87.239.156.102

87.239.156.114

87.239.156.118

87.239.156.121

87.239.156.123

87.239.156.126

Are we dealing with a potential botnet here?

Link to comment
Share on other sites

This week alone, I've been getting hit with at least two dozen spamvertized links from an apparent botnet in the 87.239.156.0/24 range (located in Bulgaria)...

So far, the spamvertized IP's are:

87.239.156.99

87.239.156.100

87.239.156.101

87.239.156.102

87.239.156.114

87.239.156.118

87.239.156.121

87.239.156.123

87.239.156.126

Are we dealing with a potential botnet here?

None are listed by CBL?

cert[at]govCERT.bg

is the reporting address for Bulgaria

The email servers seems USA/Canada

spam[at]uce.gov usa

Forward as attachment to Cert addresses (not sure of Canadas)

Write comments in the body of Forwarded message

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...