Sunday, 26 June 2016
What do you get if you cross an extremely prolific pharma spammer, with a company that both doesn't have anyone working weekends, nor allows non-staff to moderate? A crap ton of errr, crap of course. In this case, over 900 posts spanning almost 4 pages, from a single user account;
I've already grabbed a copy of the offending domains involved, and they're all sitting on just 2 IPs (or were at the time of writing);
These IPs belong to AS394466 18.104.22.168/24 MyNetMojo (C02682025), aka Fiber Hosting Canada, leased to them by AS18451 Les.Net. Personally, I'd blackhole the entire /24, but I've got zero tolerance for this rubbish. At the time of writing, I'm only seeing badness on these two specific IPs, so I'll leave the decision to you.
Domains list for anyone wanting it (if you see any not on this list, and owned by the same bunch of miscreants, feel free to ping me);
Posted by MysteryFCM at 16:15