Sponsored by..

Friday, 8 August 2014

Aggressive scumbag spam 2014-08-08

More aggressive spam from the scumbag spammers I have been tracking for a few days [1] [2] [3] [4] [5] [6] [7].. this time spamming from ColoCrossing IPs. I daresay they will have another spam run starting soon from a completely new IP range.

IPs:
198.23.159.51
198.23.159.52
198.23.159.53
198.23.159.54
198.23.159.55
198.23.159.56

Domains:
clubbrides.com
extremeconcretecoating.com
propermedicare.com
anyonegetskinny.com
rarecure.com
denynervepain.com

Sample subjects:
Hey, Ilsa, Sasha, Sonya and others want to say Hello
Re: Garage Floor Coatings before Winter Rain and Snow
Unhappy with your Plan? Notice #12942715
Hey, Foreskolin - Recently reviewed on The Dr. Oz Show. Order: 11343923
Fwd: 5 Diseases You Thought Couldn't Be Cured, See Article 18871602
Hey, SUFFERING? New Neuropathy Curing Breakthrough Revealed

Fake WHOIS:
Registrant Name: JENNY DAVIES
Registrant Organization:
Registrant Street: 17260 HARBOUR POINTE DR
Registrant City: JACKSONVILLE
Registrant State/Province: FL
Registrant Postal Code: 33908
Registrant Country: US
Registrant Phone: +1.8888961959
Registrant Phone Ext:
Registrant Fax: +1.5555555555
Registrant Fax Ext:
Registrant Email: jennydavies386@yahoo.com


I'm currently working on some leads as to which particular scumbags are behind this..

UPDATE 1:

The pattern continues, still on ColoCrossing..

IPs:
198.23.159.57
198.23.159.58
198.23.159.59

Domains:
factsautowarranty.com
textasianbrides.com
useharprefi.com

Sample subjects:
Re: Expiration Notice: Keep Your Auto Warranty. Notice#5527104
Fwd: It's Communication Week. Ting and her friends want to say Hi No: 9183446
Fwd: Save-Thousands on Your Home Loan. Rpt: 7977757

UPDATE 2:

ColoCrossing seem unresponsive to the problem, here is another batch from the same range.

IPs:
198.23.159.60
198.23.159.61
198.23.159.62

Domains:
yeswalkintubs.com
secretlocalsingles.com
epichomesiding.com

Example subjects:
Hi, Learn about the Versatility of a Walk in Bathtub Message: 24268321
Hey, Hook-up with sexy people looking for fun? Invite No. 9938717
Hey, New siding can increase the value of your home. Correspondence: 12613390

Given the volume of spam and lack of action from ColoCrossing, perhaps blocking 198.23.159.0/24 is the best bet.

5 comments:

Mikey D said...

Thank you. My web site email has been saturated with various versions of this. My spam settings are turned way up, but no help there. Any ideas?
Mike

Conrad Longmore said...

@Mikey D: it's tricky to use IP blacklists because of the rate that they swap hosts. They seem to be burning through IPs at a very quick rate indeed. Gmail is picking up almost all of them, but I guess they have really good real-time metrics.

Devolv said...
This comment has been removed by the author.
Devolv said...

factsautowarranty.com

IP
198.23.159.57

Re: Expiration Notice: Keep Your Auto Warranty. Notice#23301535

Devolv said...

They are back again with a new IP range:

31.220.40.39
31.220.40.40
31.220.40.41
31.220.40.42
31.220.40.43
31.220.40.44
31.220.40.45

Subjects:
Hi, Foreskolin - Recently reviewed on The Dr. Oz Show. Order: 5812695
Fwd: Garage Floor Coatings before Winter Rain and Snow
Re: Unhappy with your Plan? Notice #24148630
Hi, Ilsa, Sasha, Sonya and others want to say Hello
Re: 5 Diseases You Thought Couldn't Be Cured, See Article 20556232
Hi, SUFFERING? New Neuropathy Curing Breakthrough Revealed
Re: Save-Thousands on Your Home Loan. Rpt: 9121466