Sponsored by..

Thursday, 9 April 2015

Namailu.com spam

This spam has been appearing in my inbox for several days now:

From:    Shana Felton [9k7bf-2976014268@serv.craigslist.org]
Date:    9 April 2015 at 19:10
Subject:    New commitment invitation - [redacted]

Hi Namailu User,
You have a commitment invitation from Sarah Smith. To view your commitment invitation please follow this link:
Copyright © 2015, Namailu Online Ltd
|
|
|

I've never heard of Namailu so I assumed that it was a virus. I couldn't detect a malicious payload though, and further investigation indicates that this is a wannabe dating site that appears to be promoting itself through spam.

Clicking through the link leads to https://www.namailu.com/Smith.Sarah.206

Obviously we are lead to believe that the girl in the picture is sending the message.

Reverse image search comes up with no matches, unusually. Goodness knows how many people there are called "Sarah Smith" in New Zealand. Probably quite a lot.

The spam messages come from a range of IPs that are also used to spam out promotional material for a site called dirtyemojis.com (using a redirector of dirtyemojis.ru). The spam is sent from a range of Chinese IP addresses, including:

115.221.50.15
115.221.50.179
115.221.51.238
115.221.53.228
115.221.54.15
115.221.55.46
115.221.56.29
115.221.60.212
115.221.63.38

In each case the "From" address is fake, for example:

Shana Felton [9k7bf-2976014268@serv.craigslist.org]
Nestor Blackwell [orders@floristexpress.com.au]
Shirley Webb [rio@e-mail.com]
Mauricio Lundy [marilyndukacz@aol.com]
Edward Ybarra [v.wittke@schafmail.de]

A quick search of the body text of the message shows that it has been spammed out quite widely.

Although the site uses HTTPS, there is no ownership information. The WHOIS details are also anonymised, which is always a red flag for anything handling your personal data.

There are no contact details on the website, but the "User Agreement" page says that it is owned by Namailu Online Limited of New Zealand. It turns out that the New Zealand Companies Office offers very good information, and this is actually a real company.

The two directors listed are:

Philipp Rudolf RIPA
26 Whitehills Road, Rd 1, Silverdale, 0994 , New Zealand

Rudolf SAYEGH
111 Pilkington Road, Panmure, Auckland, 1072 , New Zealand

Incidentally, if you want to serve legal papers then the Pilkington Road address is the one to use. There aren't many people by the name of "Philipp Ripa" or "Rudolf Sayegh" in New Zealand, that is for sure.

A look at their Facebook page shows some information about the product being in development, but no other real details. Their spares Twitter page at @namailu shows they have four followers. I am one of them.


I'm going to be charitable and suggest that the people running Namailu have contracted another party to do the spamming and are possibly unaware of what is going on.

However, this clueless approach does not bode well for a site that deals in highly personal data and my personal opinion would be to give this particular outfit a very wide berth.

3 comments:

TP said...

So Conrad, how do we stop the spamming? I'm getting several a day.

Cheers,
Ta

TP said...

Thank you Conrad,
But how do we stop the spamming? I'm getting several a day.

Cheers,
Ta

16 April 2015 at 01:23
Delete

Vincent Di Stefano said...

Thanks for your detailed research on this crowd. Very helpful. Can you advise how best and how safely to stop receiving such unwanted spam? Thanks for your fine sleuthing.