Sponsored by..

Tuesday 12 August 2014

Aggressive scumbag spam 2014-08-12

More from this prolific spammer that I'm calling F3Y for the moment (because the fake email address in the WHOIS details always consists of a Female name plus 3 numbers and is hosted by Yahoo!).

IP address belong to Global Layer BV in the US who say that they have already terminated them.

IPs:
162.222.193.53
162.222.193.54
162.222.193.55
162.222.193.56
162.222.193.58

Domains:
improvewindowshutters.mobi
entirerussianbrides.mobi
med-enrollmentpick.mobi
starmiraclecure.mobi
mostasiandating.mobi

Example subjects:
Re: Timberlane - The World???s Finest Handcrafted Shutters Catalog: 5825659
Hey, Ilsa, Sasha, Sonya and others want to say Hello
Re: Are you still eligible to change your Medicare Plan? Find out today. Notice #3850150
Fwd: 5 Diseases You Thought Couldn't Be Cured, Blog: 16602444
Hey, Meet Ming our top pick of the week. No. 15318724

Fake WHOIS details:
Registrant ID:657a6ba9372a5461
Registrant Name:Alisons Foley
Registrant Organization:n/a
Registrant Street1:6418 N Us Highway 41
Registrant City:Jacksonville
Registrant State/Province:FL
Registrant Postal Code:33572
Registrant Country:US
Registrant Phone:+1.8136490339
Registrant Email:alisonsfoleym634@yahoo.com

12 comments:

Andy said...

Today's run:

63.223.78.101 Hey, Walk-in Tub means Peace of Mind http://requestnow.calm-walkin-tub.com
63.223.78.104 Hi. Announcing: Connection Week at Brazilia Women http://encounter.enter-latin-bride.com
63.223.78.100 Hey, Attention: Medicare Open Enrollment Begins Soon. http://check.pro-medicare-plans.com
63.223.78.98 Fwd: Garage Floor Coatings before Winter Rain and Snow http://safe.put-floor-epoxy.com
63.223.78.97 Re: 5 Diseases You Thought Couldn't Be Cured http://learnmore.hope-miracle-cure.com
63.223.78.96 Fwd: Are you still eligible to change your Medicare Plan? Find out today. http://trynow.full-medicare-plans.com

They're getting through Spam Assassin because they score well in Bayes, among other things:
-0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]

Devolv said...

107.150.45.243
107.150.45.244
107.150.45.245
107.150.45.246
173.208.176.194
173.208.176.195
173.208.176.196
173.208.176.197
173.208.176.198
173.208.176.199
173.208.176.200
173.208.176.201
173.208.176.202

More...

Devolv said...

They are really really aggressive today! Not going to bother with the subject names, it's same ones over and over for the past week.

More from the same 173.208.176.* range:
173.208.176.203
173.208.176.204
173.208.176.205

I expect more from this new one that appeared just now:

205.234.152.99

Devolv said...

and here they come...

205.234.152.102
205.234.152.103
205.234.152.104
205.234.152.106
205.234.152.107

49 Spem received so far today.

Devolv said...

And a few more...

205.234.152.108
205.234.152.109
205.234.152.110

Did a lookup and the IPs belong to Velocity Servers.net in Buffalo NY, owners of ColoCrossing which we've already received the same spam from.

BloggerBen said...

Received over 100 today so far, there seems no end to it, its just getting worse :( and its my main business address i've had for over 15 years. Scum.

Andy said...

Nothing today so far (it's 6.15pm here). First time in ages there hasn't been. Odd. Temporary relief, no doubt.

Devolv said...

Relief indeed, I even devised a set of Spam Rules last night to combat this, and was going to test whether it worked against it this morning.

BloggerBen said...

I got a few today, but nothing like the scale of the last load... maybe like 10+ or so.

Devolv said...

Any reports? I'm not getting anymore spam from these guys for days. Good news indeed.

BloggerBen said...

It slowed down to maybe a handful per day, but today i've been receiving a lot, one every 15-20 mins since noon.

Brees M-Patch
Compare Today
My Shed
Fidelity Life
Diabetic Guide....

dude said...

FYI: My own site's attack profile by country: http://www.dudek.org/static/dudek/hackerspie.png
inspired partly by your reportage