Loads and loads of spam for 'Canadian Pharmacy'. Spam rates are in messages
per hour. I noticed that the sending machines are almost all in south-america
and the sites pointed at seem to live at IPs in China. But with very short
TTL values so they can change any minute. Literally:
;; ANSWER SECTION:
currentneighbor.com. 60 IN A 18.104.22.168
Other standards like valid SOA records and stuff like that aren't needed,
potential customers just have to be able to reach the spamvertised site.
I haven't seen a lot of IPs (yet). All running nginx, the choice of spammers
and virus-spreaders. Or rather guided by language: the documentation
for nginx is in russian so that part of the cybercriminals of this
world can read it. Since nginx can do a lot with proxying I guess there is
just a proxy at that IP pointing somewhere else where the real processing
happens (or maybe that just goes to another proxy). I received 94 of these
spams in the last 2 days (sofar). I can't imagine anybody receiving this
not seeing that this must be some kind of scam.