Webtouch

From Spamhuntress

Jump to: navigation, search

Update: The webhost has been notified and has told the customer to stop spamming or be terminated. So please keep this in mind if you find a spambot from that IP range again. Let's keep an eye on him!

New article about this spammer: Yahoo Group Spam

Got two trackbacks on annelisabeth.com today (June 21, 2005).

Spamvertizing varicose veins on donden.biz.

Spambot: 69.50.187.242 User agent: Snoopy v1.2

Webhost IP:

  • 69.50.187.242
  • 69.50.187.243
  • 69.50.187.244
  • 69.50.187.245
  • 69.50.187.246

Both these numbers are on ESThost, on Atrivo.

Whois info: 

Registrant Name:                             Pavel Efimov
Registrant Organization:                     NA
Registrant Address1:                         Red Square, 1
Registrant City:                             Moscow
Registrant Postal Code:                      65011
Registrant Country:                          Russian Federation
Registrant Country Code:                     RU
Registrant Phone Number:                      91.226370256
Registrant Email:                            donden@gmail.com
Name Server:                                 NS2.WEBTOUCH.INFO
Name Server:                                 NS1.WEBTOUCH.INFO
Created by Registrar:                        DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)

I started tugging at the name servers, and discovered they were in the same IP range.

Affected IP numbers:

  • 69.50.187.242
  • 69.50.187.243
  • 69.50.187.244
  • 69.50.187.245
  • 69.50.187.246

Most of the domains had this whois info: 

Domain Name:WEBTOUCH.INFO
Registrant Name:msgroup
Registrant Organization:MS Group Ltd.
Registrant Street1:Diving street, 174
Registrant City:Gibraltar
Registrant Postal Code:000001
Registrant Country:GI
Registrant Phone: 350.7770666
Registrant mcity@te.net.ua

I found one with this info: 

Denz Network Productions
Denis Gannochka        (donden@post.ru)
Lytkarino
Moscow
null,65011
RU
Tel.  095.5520810

That info seems related to the first, if you notice donden in the e-mail address.

But what's most interesting, is that quite a few of the domains on those servers have been spamvertized. Some were spamvertized quite a while ago, such as subdomains of webtouch.info. That was very hard to find, since a search for the domain didn't turn them up. But another search turned up this guestbook page, which had quite a few spams from this outfit:

mcgivetp


Spamvertized domains that belong to this outfit. These I'm fairly sure of. I'm also sure there are more spams that have fallen out of Google by now:

  • allwebclicks.com
  • chanoff.name
  • cheap-drugs-pills.com
  • cholesterol-facts.net
  • disorders.biz
  • donden.biz
  • drugs-store.info
  • e-boogle.com
  • gokeen.com
  • iseek-cheapcruises.com
  • kill-spyware.net
  • webtouch.info
  • wwwstart.net
  • xuyase.com

They occasionally use free websites as well. Particularly fateback sites. So far the earliest spams I've seen are from December 2004.

Disclaimer: I can't know for sure that the various whois info variants belong to the same outfit. But it sure looks that way.


More Link spammer pages

Retrieved from "http://spamhuntress.com/w/index.php/Webtouch"
Personal tools