Blogger spammer
I was looking for patterns concerning the bandwidth stealer I wrote about in the preceding post. And looked for patterns with spammers spamming the Roy Giles post.
Here’s one:
kryogennaya tehnika
Vladimir Podgornyy (adminroot@mail.ru)
Krupskoy 27
Omsk
Omskaya oblast,644123
RU
Tel. +7.9043212962
And
N/A
Vladimir (rootnew@gmail.com)
Krupskoy 27
Omsk
Omskaya oblast,644123
RU
Tel. +7.9043212962
Another site owned by him has this info:
Podgorny Vladimir rootnew@gmail.com +7.3812264823
Cryogennaya Technika
Partsjezda 22
Omsk,Omskaya,RUSSIAN FEDERATION 644000
There’s a Russian composer also by that name. But on the other hand, there’s a guy by that name who’s been present on the net at least since 2002, and he seems to have frequented the typical technical sites that we see computer whizzes turned spammers often frequented in the past.
He’s using javascripts redirecting from blogger, using this cutout:
1google1.com
To lead to this site:
here.sexbegun.net
Both are on this IP:
72.21.44.34
It’s on the LayeredTech IP block, and this rwhois info:
organization Daniel OKeeffe
org-name D OKeeffe Hosting
street-address 22/1 Esplanade East
city Port Melbourne
state Victoria
postal-code 61054
country-code AU
phone 972-398-7998
But the nameservers are xmastershost.com, which are owned by:
Epsilon inc.
Eugeny (eugenyzxc@mail.ru)
Lenina str.25
N-Tagil
null,622002
RU
Tel. +7.3435247382
The links are hard to figure out, so I don’t know exactly what the payoff is.