« Broken posting
Postfix filter: HELO »

Dimago overseas

I just posted the MO of two spammers. Both affiliates of topsearch10.com.

The whois info comes back to this outfit:

Dimago Overseas GmbH
Jaan Randolph (searchadv@gmail.com)
Suites 25 and 27, Second Floor,
Oliaji Trade Centre, Francis Rachel Street, P
Victoria
Mahe,120000
SC
Tel. +42.0723233092

What’s interesting here, is that this is the outfit behind other websites, with permutations of the term umax. Which usually means - Russian stuff.

And if you look at the Alexa page for the domain, it’s got Umax contact info.

And yes, if I follow the trail of domains associated with Dimago, I end up with this e-mail address:
wello@mail.ru

The address given is in Prague, but I’ve seen him posting on Russian sites like he’s living there.

And according to his ICQ page (169184030), his first name is Alexey, he speaks Russian and English and is interested in high profile sports cars. He also says he lives in the US, and was born 24-nov-1968. His nickname is unimaxxximmuuus.

I also find lists of cws infected sites, with some of his on them.

And he’s got another network, run with the name Rex Services Ltd. Also on CWS lists.
But this company has an anti parasite tool, named Security iGuard. Problem is, that TOO has landed itself on some uncool lists. Namely rogue spyware. In this case, it’s on the list because it’s often advertized through CWS sites.

I found a WIPO case for a domain that appeared to knock off MSN search. The respondent’s name was given as Serge Kovalev. He used the domain to promote Rex Service’s programs, though I can’t be sure it’s the same person, due to lack of detail in the WIPO document (ie, affiliate links or not?).

Sans reports a pharming attack in March 2005, with one of his sites as the beneficiary.

I’ll dig some more later, but I’ve got stuff to do, so posting for now.

Update July 9, 2006:

Found this:

APS Telecom APS-EPSI (NET-216-195-32-0-1)
216.195.32.0 - 216.195.63.255
Dimago Overseas GmbH NET-216-195-51-0 (NET-216-195-51-0-1)
216.195.51.0 - 216.195.51.255

Details:

CustName:   Dimago Overseas GmbH
Address:    Suites 25 and 27, Second Floor, Oliaji Trade Centre, Francis Rachel Street
City:       Victoria
StateProv:  Mahe
PostalCode: 120000
Country:    SC
RegDate:    2005-05-04
Updated:    2005-05-04

abuse is at 0ad.net

What this means, is that the Dimago overseas whois info we’ve been seeing, might be whois protection from the sub-netblock owner.

This entry was posted on Sunday, February 5th, 2006 at 10:04 am and is filed under Preachy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

10 Responses to “Dimago overseas”

  1. Oleg Says:
    March 20th, 2006 at 7:25 am

    hi

    glad i found your site. these busturds are spamming me too. i called the company they host on in the USA and then called some of the advertisers including 888.com

    we need to let these people know they can not make money on destorying our sites. yesterday these people launched a denial of service attack on my servers only because i blocked their spamming

    CoolWebSearch:

    umaxsearch.com = [ 64.124.210.98 ]
    Registrant:
    Leos Rousek wello@mail.ru
    420 721 121 332
    Leos Rousek
    Na Prikope 858/20
    Praha 1 Praha Czech Republic 113 80

    eSearch.cc 195.190.118.170
    Kot Sapogah
    Bespont 11
    Vasuki, Newmoscow 450032
    Russian Federation

    Registered through: GoDaddy.com (http: //www.godaddy.com)

    Domain Name: ESEARCH.CC
    Created on: 15-Jun-04
    Expires on: 15-Jun-05
    Last Updated on: 16-Jun-04

    same email is used to register a domain. take a look

  2. DimagoOverseasGmbHMustDie Says:
    April 23rd, 2006 at 8:24 am

    This jerk needs to be brought down. He spams my site as well with some lame websites they own.

    Where do we report these sites??

  3. Lars Says:
    April 30th, 2006 at 10:02 am

    Hi,

    just found you blog when I googled for “Dimago Overseas GmbH”. That guy is spamming my wiki and I only just found out. He created some 4000 sites on my wiki with his search websites and pharma advertising, one of them being Bestpharm.net in the US (it seems).

    Reporting him somewhere will be difficult, maybe it brings more to complain to the ISPs hosting his websites. There are some courts around the world who already ruled that ISPs can be made responsible for the content of their customers websites.

  4. The Preacher Says:
    May 5th, 2006 at 6:40 pm

    I noticed that this character is also the owner of umax.com, you may remember this post..

    http://spamhuntress.com/2005/04/27/googlepray/

    I suspect that this chap is either the Googlepray spammer or at least linked to them. It’s not good to see the umax search sites running again.

  5. Administrator Says:
    May 6th, 2006 at 7:48 am

    The owner of the original umax sites is not (as far as we know) identical to the googlepray spammer. I believe he misused the umax name.

  6. Rhett Hightower Says:
    May 15th, 2006 at 1:45 pm

    Global Whois shows the phone number given in the topsearch10.com domain registration as 1-646-383-5234 (area code 646, prefix 383) which is in upper Manhattan, NYC, and that number also appears on the Innovagest2000.com website. Of course, the phone number on the reqistration may be bogus or even out-of-date. On the other hand, if the phone number on the topsearch10.com domain is accurate, then perhaps Innovagest2000 and TopSearch10 are cut from the same cloth.

    So what is Innovagest2000?

    It appears to be a company that offers a plethora of Spyware removal products but from comments seen via a Goggle search, it actually implants spyware on users ‘putters.

    Rhett

  7. Colin Alston Says:
    July 2nd, 2006 at 3:30 pm

    Hmmm, these idiots tried to spam my weblog as well. I sent a “friendly” letter to the whois contact for the site that was advertised.

    However the site is hosted by h*tp://www.3fn.net/

  8. Lenderistech » The exact price of mortgage lead generation Says:
    October 27th, 2006 at 2:00 pm

    […] Ok, who are you really? spamhuntress.com has a couple of entries on these spammers: Typical Eastern European operation trying to snake through all posts to display their scum.There is really nothing new or interesting, it is the same kind of annoying persistence that attracts my curiosity. Rokso gives evidence of their relationship to Yambo financials ( if you do not know the true nature of Yambo financials, their profile at Rokso gives a pretty picture of the kind of business these people are involved): […]

  9. So Lost Says:
    October 27th, 2006 at 10:00 pm

    Hey, maybe you could help me. I had a blogspot blog forever. I switched it today, and I went to make a new account with the old name so I could have blogspot link to the new blog and this ass stole it. Now they have my domain from blogspot, and I WANT IT BACK.

    Suggestions?

  10. What We Know of Our Botnet Master - 89.106.39.239 - ScamFraudAlert Says:
    October 28th, 2007 at 4:59 pm

    […] permalink Dimago overseas I just posted the MO of two spammers. Both affiliates of topsearch10.com. The whois info comes back to this outfit: Dimago Overseas GmbH Jaan Randolph (searchadv@gmail.com) Suites 25 and 27, Second Floor, Oliaji Trade Centre, Francis Rachel Street, P Victoria Mahe,120000 SC Tel. +42.0723233092 What

Leave a Reply