Re: [mailop] cloudapp.azure.com spamming again

Mon, 01 Nov 2021 14:51:20 -0700 

This has been ongoing for several months now..
RATS-AZURE might be your friend, but we combine that with other checks to auto detect spammers from Azure.. 

Are the ones you seeing the NOPTR ones?  Or the ones like this..

20.113.36.155                     1   rfsvznma9.sabadosprimedevida.org
20.114.27.98                      1   robyaz7.sabadosprimedevida.org
20.114.29.254                     1   robyaz2.sabadosprimedevida.org


This guy has been operating for several months now, changing the domain 
about once a week..



PS, It's not JUST azure, once it worked there, spammers started using 
all the large cloud providers, either for short duration spamming, or 
because they don't get shutdown.


34.67.179.206                     2   206.179.67.34.bc.googleusercontent.com

35.188.157.233                    7 
233.157.188.35.bc.googleusercontent.com

35.206.93.153                     6   153.93.206.35.bc.googleusercontent.com

35.206.118.138      (RS)          3 
138.118.206.35.bc.googleusercontent.com

35.208.66.50                      3   50.66.208.35.bc.googleusercontent.com

35.208.114.231      (RS)          6 
231.114.208.35.bc.googleusercontent.com

35.208.118.93       (RS)          1   93.118.208.35.bc.googleusercontent.com
35.208.124.17       (RS)          6   17.124.208.35.bc.googleusercontent.com

35.208.131.222                    4 
222.131.208.35.bc.googleusercontent.com

35.208.142.7                      3   7.142.208.35.bc.googleusercontent.com

35.208.158.106                    2 
106.158.208.35.bc.googleusercontent.com

35.208.164.35       (RS)          6   35.164.208.35.bc.googleusercontent.com

35.208.207.232      (RS)          3 
232.207.208.35.bc.googleusercontent.com

35.208.212.80       (RS)          4   80.212.208.35.bc.googleusercontent.com

35.208.255.145                    1 
145.255.208.35.bc.googleusercontent.com

35.209.2.182                      4   182.2.209.35.bc.googleusercontent.com
35.209.47.217                     1   217.47.209.35.bc.googleusercontent.com
35.209.98.84                      2   84.98.209.35.bc.googleusercontent.com

35.209.130.227                    7 
227.130.209.35.bc.googleusercontent.com
35.209.141.104                    2 
104.141.209.35.bc.googleusercontent.com
35.209.168.130                    2 
130.168.209.35.bc.googleusercontent.com
35.209.171.254      (RS)          6 
254.171.209.35.bc.googleusercontent.com

35.209.217.74                     1   74.217.209.35.bc.googleusercontent.com

35.213.135.152      (RS)          5 
152.135.213.35.bc.googleusercontent.com
35.213.136.197      (RS)          4 
197.136.213.35.bc.googleusercontent.com
35.213.139.133      (RS)          4 
133.139.213.35.bc.googleusercontent.com

35.213.165.49       (RS)          2   49.165.213.35.bc.googleusercontent.com
35.213.168.22                    10   22.168.213.35.bc.googleusercontent.com
35.213.179.81       (RS)          5   81.179.213.35.bc.googleusercontent.com
35.213.184.91       (RS)          2   91.184.213.35.bc.googleusercontent.com
35.214.58.233       (RS)          8   233.58.214.35.bc.googleusercontent.com
35.214.91.210       (RS)          7   210.91.214.35.bc.googleusercontent.com

35.214.103.115      (RS)          6 
115.103.214.35.bc.googleusercontent.com
35.214.104.174                    2 
174.104.214.35.bc.googleusercontent.com
35.214.134.161                    1 
161.134.214.35.bc.googleusercontent.com

35.214.142.24                     3   24.142.214.35.bc.googleusercontent.com

35.214.145.146      (RS)          3 
146.145.214.35.bc.googleusercontent.com

35.214.176.76       (RS)          1   76.176.214.35.bc.googleusercontent.com

   35.214.176.245                 2 
245.176.214.35.bc.googleusercontent.com
35.214.203.225                    1 
225.203.214.35.bc.googleusercontent.com

35.214.205.45                     7   45.205.214.35.bc.googleusercontent.com

35.214.222.121      (RS)          5 
121.222.214.35.bc.googleusercontent.com
35.214.230.172                    1 
172.230.214.35.bc.googleusercontent.com

35.214.248.51       (RS)          1   51.248.214.35.bc.googleusercontent.com
35.225.186.72       (RS)          2   72.186.225.35.bc.googleusercontent.com
35.226.97.152       (RS)          1   152.97.226.35.bc.googleusercontent.com


121.37.66.219       (M)           1 
ecs-121-37-66-219.compute.hwclouds-dns.com
121.37.68.64        (M)           1 
ecs-121-37-68-64.compute.hwclouds-dns.com
121.37.69.32        (M)           1 
ecs-121-37-69-32.compute.hwclouds-dns.com
   121.37.69.127    (M)           1 
ecs-121-37-69-127.compute.hwclouds-dns.com
121.37.70.49        (M)           1 
ecs-121-37-70-49.compute.hwclouds-dns.com
   121.37.70.59     (M)           1 
ecs-121-37-70-59.compute.hwclouds-dns.com
   121.37.70.237    (M)           1 
ecs-121-37-70-237.compute.hwclouds-dns.com
121.37.81.62        (M)           1 
ecs-121-37-81-62.compute.hwclouds-dns.com
   121.37.81.252    (M)           1 
ecs-121-37-81-252.compute.hwclouds-dns.com
121.37.82.155       (M)           1 
ecs-121-37-82-155.compute.hwclouds-dns.com
   121.37.82.179    (M)           1 
ecs-121-37-82-179.compute.hwclouds-dns.com
121.37.83.96        (M)           1 
ecs-121-37-83-96.compute.hwclouds-dns.com
121.37.84.13        (M)           1 
ecs-121-37-84-13.compute.hwclouds-dns.com
121.37.85.116       (M)           1 
ecs-121-37-85-116.compute.hwclouds-dns.com
121.37.86.48        (M)           1 
ecs-121-37-86-48.compute.hwclouds-dns.com
   121.37.86.254    (M)           1 
ecs-121-37-86-254.compute.hwclouds-dns.com
121.37.87.184       (M)           1 
ecs-121-37-87-184.compute.hwclouds-dns.com
121.37.88.168       (M)           1 
ecs-121-37-88-168.compute.hwclouds-dns.com
121.37.89.162       (M)           1 
ecs-121-37-89-162.compute.hwclouds-dns.com
121.37.90.62        (M)           1 
ecs-121-37-90-62.compute.hwclouds-dns.com
   121.37.90.159    (M)           1 
ecs-121-37-90-159.compute.hwclouds-dns.com
121.37.92.191       (M)           1 
ecs-121-37-92-191.compute.hwclouds-dns.com
   121.37.92.200    (M)           1 
ecs-121-37-92-200.compute.hwclouds-dns.com


On 2021-11-01 2:25 p.m., Jarland Donnell via mailop wrote:

Did they start unblocking SMTP on Azure? This hadn't crossed my desk 
yet, but when I search for "cloudapp.azure.com" across my fleet I'm 
immediately flooded with absolute junk. I grabbed a list of IPs from 
just the most recent logs since rotation: https://clbin.com/z5D8t


The word "Bitcoin" is pretty prominent in the email subjects.

On 2021-11-01 15:44, Hans-Martin Mosner via mailop wrote:

Spam started again about 10 minutes ago. The only sample I could look
at came through a forwarder, but I see IP level rejections for
cloudapp.azure.com.

Looks like Azure isn't able or willing to identify and stop the spammer.

Cheers,
Hans-Martin

_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop




--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop






















					Reply via email to