Mailing List CGatePro@mail.stalker.com Message #106005
From: Jeff Wark <jwark@tbaytel.net>
Subject: Spam from one 'organization'.
Date: Fri, 04 Mar 2016 09:41:12 -0500
To: CGate Mailing List <cgatepro@stalker.com>
X-Mailer: CommuniGate Pro WebUser v5.4.11
I have been getting a much higher than normal amount of spam in my Junk mailbox the past week (it is correctly getting tagged by PolluStop), but the volume was curious.

Looking at the headers of the messages, these seem to be the blocks the messages are coming from (smaller blocks than this, but associated with these ARIN assignments):

66.199.224.0/19
72.9.96.0/20
104.243.64.0/20;
216.169.96.0/19

Which all go back to this one address associated with a few companies:
$ whois 66.199.224.10 72.9.96.10 104.243.64.10 216.169.96.10 | grep -A 8 'OrgName'
OrgName:        Access Integrated Technologies, Inc.
OrgId:          ACCES-731
Address:        AccessIT - Hosting Services
Address:        440 Cobia Dr, Unit 1101
City:           Katy
StateProv:      TX
PostalCode:     77494
Country:        US
RegDate:        2009-10-02
--
OrgName:        Access Integrated Technologies, Inc.
OrgId:          ACCES-731
Address:        AccessIT - Hosting Services
Address:        440 Cobia Dr, Unit 1101
City:           Katy
StateProv:      TX
PostalCode:     77494
Country:        US
RegDate:        2009-10-02
--
OrgName:        Core Technology Services, Inc.
OrgId:          CTS-96
Address:        440 Cobia Dr, Unit 1101
City:           Katy
StateProv:      TX
PostalCode:     77494
Country:        US
RegDate:        2001-12-19
Updated:        2015-11-17
--
OrgName:        Essential Services
OrgId:          ESSS
Address:        AccessIT - Hosting Services
Address:        440 Cobia Dr, Unit 1101
City:           Katy
StateProv:      TX
PostalCode:     77494
Country:        US
RegDate:        1999-01-21

Is anyone else seeing a big jump in spam from these blocks?

$ grep -E '(216\.169\.((9[6-9])|(1[01][0-9])))|(66\.199\.(2(([2][4-9])|([34][0-9])|[5][0-6])))|(72\.9\.((9[6-9])|(10[0-9])|(11[01])))|(104\.243\.((6[4-9])|(7[0-9])))' 2016-03-04*

--

Jeff Wark
Tbaytel Internet
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster