Get your Amazon Gift Card? fightspam.ca

It’s Xmas time, so of course this is the time of year when people try to take advantage, have you ever got one of those surprise Amazon Gift Cards in the email?

Well, here is an example of what hit the internet today.

By the way, if you are are Canadian and get one of these emails, do you know that you can report it to the website http://fightspam.ca? This is a service operated as part of the Canadian governments Anti-Spam legislation.

In this case it came from a network operated by a canadian operator, but it hit ISP’s all over North America.

CIDR: 199.189.26.0/23
NetName: AMANAH-BLOCK7
NetHandle: NET-199-189-26-0-1
Parent: NET199 (NET-199-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS32489
Organization: Amanah Tech Inc. (AT-2)
RegDate: 2015-08-05
Updated: 2015-08-05
Ref: http://whois.arin.net/rest/net/NET-199-189-26-0-1

(looks like they got this range quite recently, and hard to determine if they are doing it themselves, or renting their IP Address space out to 3rd parties that are responsible)

OrgName: Amanah Tech Inc.
OrgId: AT-2
Address: 151 Frontstreet West
Address: Suite 341
City: Toronto
StateProv: ON
PostalCode: M5J 2N1
Country: CA
RegDate: 2010-11-23
Updated: 2013-06-18
Comment: Please send all abuse reports uncensored for review and action.
Ref: http://whois.arin.net/rest/org/AT-2

#199.189.26.195 30 fdbgh.lynxqws.racing
# 199.189.26.196 31 acvft.giftcardscause.win
# 199.189.26.197 30 axzder.recorddcxs.win
# 199.189.26.198 28 avfgy.dcxswant.racing
# 199.189.26.199 30 abghj.rareplk.win
# 199.189.26.200 30 avbgy.particularlcv.top
# 199.189.26.201 31 nnbhj.remindgiftpoints.top
# 199.189.26.202 29 vdfe.walkintubsaved.top
# 199.189.26.203 30 nnjki.forcessurvival.top
# 199.189.26.204 30 ccvdf.rewardsvery.top
# 199.189.26.205 22 qasw.rewardsmight.top
# 199.189.26.206 31 bcdfgj.hairlossbackdear.top
# 199.189.26.207 30 jfgvb.anqneither.top
# 199.189.26.208 17 vadeo.approvelmbx.top
# 199.189.26.209 9 vbhse.internationalhvacdeals.top
# 199.189.26.210 12 avbghj.puffdefeatingdiabetes.top
# 199.189.26.211 11 fdeki.oozenjhz.top
# 199.189.26.212 11 dqawe.ijuasurround.top
# 199.189.26.213 13 kkdfg.memorycarenaturally.faith
# 199.189.26.214 14 hsdet.thawyhgf.faith
# 199.189.26.215 13 nasdrt.cfgjknow.faith
# 199.189.26.216 14 ppwde.dripcfgj.faith
# 199.189.26.217 14 aaqvbh.providescaretempt.faith
# 199.189.26.218 17 fgtry.snuffggg.review
# 199.189.26.219 8 anhik.gggnice.review
# 199.189.26.220 8 sfghy.recentlyhealthcare.review
# 199.189.26.221 8 abnhj.goldbonuspointsamp.review
# 199.189.26.222 8 gsert.giftcardsstart.review

In this case, the number is the number of ISP’s that reported the spam attack.
Notice of course the typical throw away domain names.

The actual email looked like this:

Return-Path:
Received: from nnjki.forcessurvival.top (HELO nnjki.forcessurvival.top) (199.189.26.203)
by {ISPNAME} with SMTP
(0289b0da-ae53-11e5-84e9-001e0bc9d41e); Tue, 29 Dec 2015 11:38:49 -0600
Date: Tue, 29 Dec 2015 10:35:17 -0700
Mime-Version: 1.0
Message-ID:
To:
From: Amazon $50 Cyber Monday Voucher
Subject: Re: Your 50 Amazon Cyber Monday reward
Ponderous: 13451022h13451022-18693f4fd53b4164a3a81e921acfdee7_16301004
Content-Type: text/plain

Amazon Holiday Gift Give-Away
=======================================================
Date: 11/26/15

Season’s Greetings ,

With the Holidays fast approaching, we are giving back to our Amazon Prime customers.

We are giving out a $50 X-Mas reward, now through the weekend.

To claim your $50 Amazon Black Friday reward, go here today- http://viewhere.forcessurvival.top/limited

Thank you for shopping with us,

Amazon Customer Service

———————————-
Reward No.13451022
———————————-

Remember, if it sounds too good to be true, it probably is. This operator has sprung up on many networks around the world, and many hosting companies right here in North America. However, the damage they can do in only a short few hours is why it is so important for hosting providers to monitor any sudden new email traffic spikes from their customer base.

This entry was posted in Informative and tagged , , , , . Bookmark the permalink.

Leave a Reply