Spamhuntress

I’ve been seeing some spam for pages with the same green and blue design

The stuff spammed is usually never one of the top three: porn, gambling, pills

I’ve puzzled over it, until today, when I decided to get the names of the graphics, to see if that could be used as exclusion parameters. Found out some of the pages are in frames…

And on the framed site, I found code with redirection if you’re coming from a search engine. That loads a page on elegant-choice.com, which doesn’t seem to use affiliate codes. So, it probably belongs to the spammer. It contains encoded URL’s, one of which 302 redirected to a page on umaxsearch.com, with affiliate ID 28. So, that’s one of the affiliate schemes, and the end store is connected to that scheme…

whois info for elegant-choice.com

Nova
Nova (nova@nova.ws)
Marks st6 ap56
Kharkov
null,50140
UA
Tel. +380.6331134

And nameservers are from Alexander Morozov’s favorite:
3fn.net

And the images?
012_01.jpg
012_02.jpg

IP addresses spammed from include:
12.170.99.234

This entry was posted on Tuesday, March 29th, 2005 at 3:28 pm and is filed under Referrer spam, Comment spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.