Too many eggs in one IP basket

Did you receive an insanely stupid spam message? Or yet another spam message with (!!) no URL? Post it here so we can continue to laugh at mentally-challenged spammers.

Too many eggs in one IP basket

Postby Red Dwarf » Fri Feb 21, 2014 5:03 am

Today, Eva Pharmacy moved 90% of their thousands of domains onto one IP - 193.105.245.8 managed in Saint Petersburg, Russia, located in the Ukraine.

This is very unusual, most of the time they are spread over 15-20 IPs at a time. When one IP goes down, the failing domains are usually switched to another IP within minutes.

But today has been an exception. For several hours, the address 193.105.245.8 has been failing to respond with web pages for our old favorites. Favorites like
    RxExpressOnline
    RxMedications
    Canadian Health&Care Mall
    Canadian Neighbor Pharmacy
    My Canadian Pharmacy
    Toronto Drug Store
    Canadian Family Pharmacy

Whoever is meant to be minding the shop must be distracted by a local sporting event.

Mind you, there are other events creating a distraction in the Ukraine.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10539
Joined: Tue Jun 27, 2006 2:01 am

Re: Too many eggs in one IP basket

Postby Red Dwarf » Fri Feb 21, 2014 5:31 am

That IP address has been switched out, and a new one introduced - 107.6.41.96

The Eva Pharmacy network has about 2,000 domains hosted on this address right now.

It is owned by Peer1.net in the USA

Admin Name: Domain Admin
Admin Organization: PEER 1 NETWORK (USA), INC.
Admin Street: 101 Marietta Street Suite 500
Admin City: Atlanta
Admin State/Province: GA
Admin Postal Code: 30303
Admin Country: US
Admin Phone: +1.6046837747
Admin Fax: +1.6046834634
Admin Email: domains@peer1.net
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10539
Joined: Tue Jun 27, 2006 2:01 am

Re: Too many eggs in one IP basket

Postby Red Dwarf » Sun Feb 23, 2014 6:43 pm

That IP address didn't last long. Today's basket has one big egg:

72.249.81.218

Name:TierPoint Texas Abuse Department
Email:dal-abuse@tierpoint.com
Phone:214 6303100
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10539
Joined: Tue Jun 27, 2006 2:01 am

Re: Too many eggs in one IP basket

Postby spamislame » Tue Feb 25, 2014 4:37 pm

I'm actually curious as to why they did this. I think you're right, Ukrainian instability possibly means they now want to cover some tracks in the event of "big changes" in their home environment. But... it's weird timing.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: Too many eggs in one IP basket

Postby AlphaCentauri » Wed Feb 26, 2014 12:55 am

It's possible there have been changes in management. We didn't hear immediately when Stupin, Gusev or Kuvayev were arrested, though there were changes in how their business was conducted because other people had to take over. I wonder if we'll hear that someone at Eva has been arrested recently.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Too many eggs in one IP basket

Postby Red Dwarf » Wed Feb 26, 2014 2:48 am

There are three distinctly different factions in the infrastructure of the Eva family.

1. One uses redirections on EvoPlus and DomainContext to one and one only bullet-proof site (currently newdiscountmedsstore.com on InterNetX). Both these registrars are run by Russians. They are quick to suspend the redirectors.

2. One uses disposable redirection domains on the usual range of registrars to a set of less bullet-proof servers:
Code: Select all
c100.canrxstore.ru
c100.rxhealthprescriptions.com
c102.mypharmcare.be
c102.rxdrugprescriptions.com (suspended)
c102.tabletsrx.ru
e100.easyrxpharmacy.ru
e100.mypillgenerics.in
e101.rxhealthmedications.com
e101.viagrafood.com
e102.rxhealthremedies.com
e105.thetabdrugstore.net
e244.caretabletspills.ru
m100.medsdietpills.com
m102.medicinepillreckitt.com
m105.canadaspharm.be
m105.superrxstore.ru
o100.healthrxshop.ru
o101.discountrxmedications.com
o102.drugtorehealthcare.ru
o244.drugtorerxassays.ru
private.prescriptionspills.com
refills.therxmed.com


3. The third uses domain names that are initially created with google.com as the name servers, then within a week the domain goes live (resolvable) by being switched to other name servers, before being spammed. The domain name is the web site, unlike the previous two cases.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10539
Joined: Tue Jun 27, 2006 2:01 am

Re: Too many eggs in one IP basket

Postby Red Dwarf » Wed Feb 26, 2014 2:52 am

Incidentally, the Peer1 IP address is back in use - 107.6.41.96 (report to abuse@peer1.net)

The Eva group has their vast family of DNS servers set up to switch the prefered IP address at the flick of a switch.

All Eva name servers are authoritative for practically all of their domains.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10539
Joined: Tue Jun 27, 2006 2:01 am


Return to Sloppy, Lazy and Stupid Spammers

Who is online

Users browsing this forum: No registered users and 1 guest

cron