We’ve been seeing more B2B spam lately that uses throwaway domain names that redirect to the companies they are spamvertizing.
It turns out that these are being sent from the protus.com / campaigner.com group based in Montreal and Ottawa, mostly from the 214.24.225.100 and 214.24.225.200 IP ranges. We’re blacklisting everything sent from email servers there, since each one we’ve looked up so far belongs to a throwaway domain.
Spammer examples:
- spam for
www.momentumsi.comuses the throwawaymomentum-si.comdomain [216.24.225.107] - spam for
www.corporatesvcs.netuses the throwawaymkt-supportsolutions.comdomain [216.24.225.116] - spam for
www.guixt.comuses the throwawayoptimize-sap.comdomain [216.24.225.126] - spam for
www.liveoffice.comuses the throwawayemailarchive-solutions.comdomain [216.24.225.147] www.receivablesxchange.comis connected to the throwawaytre-platform.com[216.24.225.216] andtre-knowledge.com[216.24.225.217] domains (The Receivables Exchange has a history of using throwaway domains for spamming)www.accelipoint.comis connected to the throwawaymspartners-optimize.com[216.24.225.219] andmspartners-integration.com[216.24.225.220] domainswww.accelerance.comis connected to the throwawaymstintegration.comdomain [216.24.225.221]www.associates-solutions.comis connected to the throwawaymspartners-technology.comdomain [216.24.225.222]- spam for
www.indusa.comuses the throwawaymspintegrators.comdomain [216.24.225.223]
Other throwaway spam domains which also appear to be in use recently by this spam service include:
ap-process.com, workshop-driven.com, crm-methodologies.com, sherpacrm.com, sales-performer.com, moss-experts.net, erpaffiliates.com, mir-3.com, workforcecompsolutions.com, netsuite-info.com, and many more…