Jump to content
Sign in to follow this  
RobiBue

spammer using IP range 58.14.0.0/16 is changing to range 27.146.0.0/16

Recommended Posts

Since mid-May I have been reporting spam originating from IP-range 58.14/16

May 18, 2018 - June 29, 2018 total of 3359 spam messages from that IP range! That's over 76 per day...

It looks like my reporting is working, as the spammer seems to be switching to 27.146/16 as I have already received 10 from there in the last 1.5 hour...

Unfortunately, Cloudflare is still hosting their spamvertised websites... and doesn't seem to give "a barrier constructed to hold back water"

Edited by RobiBue
little addition about Cloudflare...

Share this post


Link to post
Share on other sites

What type of spam is being sent, is it the same thing? If you could give some examples of what's being sent it would be easier to find out what's the best way to stop it. I've dealt with persistent nuisance spammers by using any of the email address on their advertised spam pages, and digging out as many of their mail addresses as possible by using URL scan, and 'who is' e.t.c. Then I contact them and tell them they are being reported, all the info is logged and recorded, and tell them it will be passed on to the Federal Trades Commission (Or whichever regulator deals with unsolicited spam where you live) The junk mail has stopped immediately.

Cloudflare are indeed the absolute pits for junk spam and not dealing with it.

Edited by mojorisin

Share this post


Link to post
Share on other sites

I had the same problem with a cowboy spammer called rutherl.com
There was no way to contact them, and the only web page they seem to have is here
http://www.rutherl.com/

They sent loads of this advertising rubbish for all manner of things, online gambling, glossy bingo, health care e.t.c. All this crap was hosted by Limestone Networks, like Cloudflare they take no notice of abuse reports, and are a haven for spammers.

You can see many other people aren't happy with Limestone Networks  by looking at the reviews they get on their facebook page here.
https://www.facebook.com/pg/limestoneinc/reviews/

The spamvertised pages either had no un-subscribe option, or if it did, it wouldn't work. On the few occasions it did work, they didn't act on it and just kept sending the junk anyway.
So like I said above, I set out to contact the companies directly who they were advertising for. I only need send one email to get it stopped. I contacted this Glossy Bingo and reminded them the can spam act states ' A. Each separate email in violation of the law is subject to penalties of up to $41,484, and more than one person may be held responsible for violations. For example, both the company whose product is promoted in the message and the company that originated the message may be legally responsible.

After being pestered for months, all it took was one email directly to one of the companies being advertised to stop it straight away.

.limehouse...JPG

Share this post


Link to post
Share on other sites
19 hours ago, RobiBue said:

Since mid-May I have been reporting spam originating from IP-range 58.14/16

May 18, 2018 - June 29, 2018 total of 3359 spam messages from that IP range! That's over 76 per day...

It looks like my reporting is working, as the spammer seems to be switching to 27.146/16 as I have already received 10 from there in the last 1.5 hour...

Unfortunately, Cloudflare is still hosting their spamvertised websites... and doesn't seem to give "a barrier constructed to hold back water"

A track is useful? IP hopping is "normal" more for DoS attacks through port 25, which is blocked by competent providers
 

Share this post


Link to post
Share on other sites

well, I believe I found my spammer(s)... probably the same scumbag unless they teamed up...

 

List of domain names registered by Michael Wallace

https://domainbigdata.com/nj/PMs8PeMWLXMFAfjPwmyV3g
 

List of domain names registered by Frank Marsicano

https://domainbigdata.com/nj/2NMIE802bt4WH2rc3SoTUA
 

List of domain names registered by Chris Patterson

https://domainbigdata.com/nj/rnPab-DpPIdNUYynMibFFw
 

List of domain names registered by Richard Hawking

https://domainbigdata.com/nj/GlBwSDCvDWjzlWpRAgo9Kg
 

List of domain names registered by Anton Lassen

https://domainbigdata.com/nj/vubKHIY--XkSbXo_sFyHPw
 

some reports with the 58.14/16 range:

https://www.spamcop.net/sc?id=z6471482675z858c71a05814a9763517674009c94768z
https://www.spamcop.net/sc?id=z6471482674z9ab0a9c820151d7ac9ce9a041686d4c6z
https://www.spamcop.net/sc?id=z6471482673zcd19939939e9d574cdb141b1b360f152z
https://www.spamcop.net/sc?id=z6471482672z08f29a0817817fdf745140d9fa2031baz
https://www.spamcop.net/sc?id=z6471482671z9f4ead4df33727978572d5e46ac87ad1z

(and there are over 3000 more of these)

and the new 27.146/16 spams:

https://www.spamcop.net/sc?id=z6471634192z1d8fd5aece82eb5feb80e4b6b19f6eb3z
https://www.spamcop.net/sc?id=z6471634194z7350adbd7dbeaedf80def1cb4631741dz
https://www.spamcop.net/sc?id=z6471634195zf18a0c1292ecbd3adb3a2a03e64e3fb6z
https://www.spamcop.net/sc?id=z6471634196zdc9be4ffc73a9c61325ef1a168149c9bz
https://www.spamcop.net/sc?id=z6471634197z3f7ef41d7685eb94ae14eaf91f4ef100z

This isn't a DoS attack, it is just a spammer at work hopping through ISPs that want to make a quick buck...

Share this post


Link to post
Share on other sites

I've had a look at some of those links on your abuse reports. The ones I've looked at all go to an unsubscribe landing page (which obviously isn't working) The look of it all does seem like the garbage I was getting though. What you need to do is actually go to the pages that are being spamvertised,. You need to contact the companies being advertised directly. It's obviously a waste of time you complaining to Cloudflare. Let them know they are being reported, and what the potential penalty consequences are for sending nuisance mail.

These products and offers being sent are from a 3rd party marketing company. They have direct contact with the marketing company (unlike you who are failing to reach them via spam reports) It will only take one company to ask them to stop sending you their product offers, and the spammer will take you off the mailing list, and it will stop all the other junk from the same marketing source being sent to you.

This Glossy Bingo was just one of the products I was being sent from my nuisance spammer. Finally fed up I went to their page, I found this contact email address and sent them a strongly worded email about their nuisance mail, and within 10 minutes I got a reply saying how sorry they were, and they would put a stop to it. It must have frightened them into action, they mailed me back twice over the next few days to make sure it had all stopped. I never had any junk again from that same source again.

._ad.thumb.JPG.a516fb1b639c0ded04f514e7299a4c0e.JPG

This is the can spam act jargon to give you some idea of the kind of thing you can put in a complaint.

Q. What are the penalties for violating the CAN-spam Act?

A. Each separate email in violation of the law is subject to penalties of up to $41,484, and more than one person may be held responsible for violations. For example, both the company whose product is promoted in the message and the company that originated the message may be legally responsible. Email that makes misleading claims about products or services also may be subject to laws outlawing deceptive advertising, like Section 5 of the FTC Act. The CAN-spam Act has certain aggravated violations that may give rise to additional fines. The law provides for criminal penalties – including imprisonment – for:

  • accessing someone else’s computer to send spam without permission,
  • using false information to register for multiple email accounts or domain names,
  • relaying or retransmitting multiple spam messages through a computer to mislead others about the origin of the message,
  • harvesting email addresses or generating them through a dictionary attack (the practice of sending email to addresses made up of random letters and numbers in the hope of reaching valid ones), and
  • taking advantage of open relays or open proxies without permission.

    CAN-spam Act: A Compliance Guide for Business

 

Edited by mojorisin

Share this post


Link to post
Share on other sites

I don't even go to those pages.

3 main reasons:

  1. I don't care, it's spam.
  2. The links could contain viruses.
  3. The links are most likely coded so that the spammer knows that I received the spam, and by visiting it, he can prove to the spamvertised "client" that he should get paid for his efforts.

And a last, but not least reason: I didn't sign up for it, why should I unsubscribe anyway.

That's what the clue by four is for... if the provider's abuse desk gets flooded with abuse reports, eventually he'll get put in place.

I believe that my email address ended up in his/their list due to one or more of the data breaches of late...

IOW just another list where they can send their junk...

I have also been getting lots of unsubscribe confirmation requests which I handle just like spam, as I

  1. didn't unsubscribe, and
  2. if I did, why should I confirm that i am unsubscribing...

take another clue by four, spammer, I don't want your junk... abuse desk will hopefully clue you in :)

 

Share this post


Link to post
Share on other sites
11 minutes ago, RobiBue said:

That's why you'll continue to get their spam. I'd stop sending the abuse reports too if I were you. You're only wasting your time.

 

 

 

Edited by mojorisin

Share this post


Link to post
Share on other sites

Your abuse reports seem to be working cloudfare have removed link 404'ed

Share this post


Link to post
Share on other sites
13 hours ago, mojorisin said:

That's why you'll continue to get their spam. I'd stop sending the abuse reports too if I were you. You're only wasting your time.

see below ;)

5 hours ago, petzl said:

Your abuse reports seem to be working cloudfare have removed link 404'ed

and that's why I like to use the clue by four through the abuse desks :) and Spamcop is a very helpful tool (if they eventually would get through their heads that they need to fix the IPv6 part where it pertains to 6to4 addresses...)

Share this post


Link to post
Share on other sites
2 hours ago, RobiBue said:

see below ;)

and that's why I like to use the clue by four through the abuse desks :) and Spamcop is a very helpful tool (if they eventually would get through their heads that they need to fix the IPv6 part where it pertains to 6to4 addresses...)

That's all very well, but you aren't reaching the abuse desks and never will, because cloudflare ignore all abuse reports. That's why spammers use hosting companies like Cloudflare. They are a bullet proof haven for spammers.

cloudflare bulletproof spammer hosting

Edited by mojorisin

Share this post


Link to post
Share on other sites
18 hours ago, mojorisin said:

That's all very well, but you aren't reaching the abuse desks and never will, because cloudflare ignore all abuse reports. That's why spammers use hosting companies like Cloudflare. They are a bullet proof haven for spammers.

cloudflare bulletproof spammer hosting

Might depend on who at the abuse desk reacts to your report? 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×