Sponsored by..

Monday 11 August 2014

Aggressive scumbag spam 2014-08-11

These prolific scumbag spammers [1] [2] [3] [4] [5] [6] [7] [8] are back again.. this time pumping out masses of spam from two different IP ranges.

The first batch is Terratransit Ag/ Kodos in Belize. The web host has reported that they have terminated the spammers.

IPs:
31.220.40.40
31.220.40.41
31.220.40.42
31.220.40.43
31.220.40.46
31.220.40.49
31.220.40.51

Domains:
unitemedicarehelp.us
fineeuropeansbrides.us
foundmiraclecure.us
leadingcasualmeet.us
survivalbracelettry.us
preparedlanguage.us
greatfloorcoating.us

Sample subjects:
Re: Unhappy with your Plan? Notice #18093831
Hi, Ilsa, Sasha, Sonya and others want to say Hello
Re: 5 Diseases You Thought Couldn't Be Cured, See Article 4093078
Hi, Hook-up with sexy people looking for fun? Invite No. 11413790
Fwd: New Survival Bracelet Sample. Gift: 18003902
Hey, 1 Sneaky Linguistic Secret to Learning a Foreign Language. No. 12072666
Re: Garage Floor Coatings before Winter Rain and Snow

The second batch belongs to Nforce in the US. The spammers have been using this web host repeatedly, and since their abuse@ email address bounces I would suggest blocking the entire /24.

IPs:
46.166.178.34
46.166.178.35
46.166.178.37
46.166.178.38
46.166.178.41
46.166.178.42
46.166.178.43

Domains:
completelydroplbs.us
showmedicarehelp.us
seekeuropeansbrides.us
imiraclecure.us
behindpaleo.us
improvehomeshutters.us
asianbridesluv.us

Example subjects:
Hi, Foreskolin - Recently reviewed on The Dr. Oz Show. Order: 4735337
Re: Unhappy with your Plan? Notice #3414040
Hi, Ilsa, Sasha, Sonya and others want to say Hello
Re: 5 Diseases You Thought Couldn't Be Cured, See Article 4023242
Re: "Ancient" Nutrition Plan - Look and Feel Amazing. Video: 10558123
Fwd: Timberlane - The World???s Finest Handcrafted Shutters Catalog: 2640878
Re: It's Communication Week. Ting and her friends want to say Hi No: 14630251

5 comments:

BloggerBen said...

I thought i had blocked these completely until today. I received 70 emails in a few hours. Will blocking the domains work, or must i block the ip's? Will they ever stop or are we doomed to receive these emails forever?

Conrad Longmore said...

@BloggerBen - I haven't seen spam quite like this before. They are blasting it out quickly from rented servers which they are then throwing away.

I haven't really had time to look at the click analysis, but if their affiliate networks cut them off then there's no point them doing it. But the networks they use are fifth-tier bottom-of-the-pile ones who don't really care.

The other option is to identify the spammers behind it and then take legal action. There is some speculation as to the identities of these guys, but nothing absolutely concrete yet.

Devolv said...
This comment has been removed by the author.
Devolv said...

Morning Conrad,

I'm getting a whole new IP range this morning:

162.222.193.52
162.222.193.53

Andy said...

Same here - today I am getting this range:

162.222.193.58
162.222.193.57
162.222.193.56
162.222.193.55
162.222.193.54
162.222.193.53