Spamhuntress

Comment spamming bot:
195.225.177.81
at Netcathost
Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; AIRF)

The bot had left at least 1750 comments in my blog before I got wise!

E-mail addresses always end with @hotmail.com, though recently he started using hotmails.com. The e-mail addresses are obviously fake. He must have found a database of names, and mixed it up before using each name as a hotmail address.
He uses free webhosting accounts exclusively. I tried this one:
financebestmor.tripod.com/debt-help-legal-problem.html
that redirected to
findmorepill.com/findit.php?q=debt%20problem

The stuff on that page leads to various affiliate links, including peakc.com

findmorepill.com is owned by:

Registrant:
N/A
Kasturba Nagar (kasturba@gmx.net)
Gorky Sadan, 3 Gorky Terrace, 700
Calcutta
Delhi,700017
IN
Tel. +91.05223103925

Domain servers in listed order:
ns1.lexikus.com - 69.31.115.138
ns0.lexikus.com - 69.31.115.138
Creation Date: 31-Mar-2006
Expiration Date: 31-Mar-2007

And the domain resolves to
69.31.115.140
Pilosoft…

Kasturba Nagar is a place or area in Nagpur, so probably a fake name.

The nameservers refer to a domain owned by

AWMDomains Ltd.
KANTOR ELHANANI TAL (awmdom@mail.kz)
MOSES HOUSE, 74-76 ROTHSCHILD BLVD
TEL AVIV
null,65785
IL
Tel. +97.7311494

This is a well known law firm in Israel, BTW. And yes, the address is correct. Asking them about the spamming might be a good idea. Update: I e-mailed them, and got no reply. Which means they have been notified, and have not told us they’re not involved in this. So, Kantor Elhanani Tal works with spammers? Sure looks that way if they’re not bothered to protest!
On the same IP as the findmorepills domain are some other domains as well, and they’re all owned by AWMDomains. Well, except findmorepill:
fatbares.com
plumperpiece.com

plumperpiece.com has been spamvertized (May 2006) by the same spambot, and the root site currently redirects to a porn domain, daily-porn-zone.com, owned by:

N/A
Umesh Chandra Rastogi (jekkipost@yahoo.com)
2nd Blk Koramangala
Bangalore
BA,560034
IN
Tel. +009.5582015

I can’t find spamvertizements for fatbares.com, but it sports the same script as findmorepill.

lexikus.com has a javascript redirect to findmorepill.

Engtech also blogs about this spammer

This entry was posted on Sunday, June 25th, 2006 at 5:39 am and is filed under Comment spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.