Spamming my HTTP referrer logs, pt. 2

I’ve been getting a very wierd attack on my sites recently, including this blog, the SpamAssassin websites, and http://jmason.org/ , whereby some luser is sending lots of requests, using made-up URLs in the referral field. Initially, I thought it was some kind of underpowered retaliation for SpamAssassin, but if that’s the case, they need to bone up a bit more on how these things work ;)

Alternatively, it could be an attempt to gain Googlejuice, by getting links from public referrer logs (my ones are).

Up ’til about a month ago, it was all porn sites. Recently, though, it’s been a selection of real domains that sound like they were put together by combining dictionary words or something.

All the attempts have come from IP address 216.127.68.58, owned by Everyone’s Internet, Inc. in Houston, TX:

216.127.68.58 – – [31/Mar/2003:00:01:53 +0100] “GET / HTTP/1.1” 200 72143 “http://www.aircheckfactory.com” “User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)”

Here’s the domains in question:

  • AIRCHECKFACTORY.COM
  • ALTOTECHNOLOGY.COM
  • BAIDYANATHINDIA.COM
  • NXTCENTURY.COM
  • TIMEART.NET
  • WOTEVA.COM

Perhaps they’re recent lapsed domains which the spammer has picked up. Otherwise, what’s the connection between Baidyanath (a manufacturer of Ayurvedic products in India, thx Suresh) and ‘woteva’ (which sounds like ‘whatever’ in a UK english accent)?

I’ve whois’d them all, and they all seem to share two things: the name ‘Robert Woodley’ (or its initials), and the number (772) 594-2421. Area code 772 is — guess where — Florida. They should just cut to the chase and put ‘The Spammer State’ on their numberplates.

The pages on those sites are automatically-generated using what looks like USENET postings and google image search results, with a link to Commission Junction.

None of the names are in ROKSO, it seems. Do they ring a bell with anyone reading?

Date: Thu, 03 Apr 2003 13:20:06 -0800
From: (spam-protected) (Justin Mason)
Subject: whois details on referrer spam

Registrant:
Michael Lewisham
RW Internet
PO Box 4723
Grand Cayman,  8621
Cayman Islands
Registered through: ozwebsites 
Domain Name: AIRCHECKFACTORY.COM
Created on: 03-Jan-03
Expires on: 03-Jan-04
Last Updated on: 03-Jan-03
Administrative Contact:
Lewisham, Michael  (spam-protected)
RW Internet
PO Box 4562
Grand Cayman,  7238
Cayman Islands
(772) 594-2421      Fax -- 
Technical Contact:
Lewisham, Michael  (spam-protected)
RW Internet
PO Box 4562
Grand Cayman,  7238
Cayman Islands
(772) 594-2421      Fax -- 
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM
NS4.MYDOMAIN.COM
Registrant:
Michael Lewisham
RW Internet
PO Box 4723
Grand Cayman,  8621
Cayman Islands
Registered through: ozwebsites 
Domain Name: ALTOTECHNOLOGY.COM
Created on: 29-Dec-02
Expires on: 29-Dec-03
Last Updated on: 29-Dec-02
Administrative Contact:
Lewisham, Michael  (spam-protected)
RW Internet
PO Box 4562
Grand Cayman,  7238
Cayman Islands
(772) 594-2421      Fax -- 
Technical Contact:
Lewisham, Michael  (spam-protected)
RW Internet
PO Box 4562
Grand Cayman,  7238
Cayman Islands
(772) 594-2421      Fax -- 
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM
NS4.MYDOMAIN.COM
Registrant:
Robert Woodley
Robert Woodley Internet
PO Box 401
Grand Cayman,  7651
Cayman Islands
Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: BAIDYANATHINDIA.COM
Created on: 09-Jan-03
Expires on: 09-Jan-04
Last Updated on: 09-Jan-03
Administrative Contact:
Woodley, Robert  (spam-protected)
Robert Woodley Internet
PO Box 4634
Suite 205
Port Vila,  8621
Vanuatu
(772) 594-2421      Fax -- (772) 594-2421
Technical Contact:
Woodley, Robert  (spam-protected)
Robert Woodley Internet
PO Box 4634
Port Vila,  8621
Vanuatu
(772) 594-2421      Fax -- (772) 594-2421
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM
NS4.MYDOMAIN.COM
Registrant:
Wanker Engineering
PO Box 9816
Auckland,  3522
New Zealand
Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: NXTCENTURY.COM
Created on: 21-Mar-01
Expires on: 21-Mar-04
Last Updated on: 21-Mar-03
Administrative Contact:
Engineering, Wanker  (spam-protected)
Wanker Engineering
PO Box 9816
Auckland,  3522
New Zealand
3530912167      Fax -- 
Technical Contact:
Engineering, Wanker  (spam-protected)
Wanker Engineering
PO Box 9816
Auckland,  3522
New Zealand
3530912167      Fax -- 
Domain servers in listed order:
NS1.LYNXWEBHOSTING.COM
NS2.LYNXWEBHOSTING.COM
Registrant:
Robert Woodley
Robert Woodley Internet
PO Box 4634
Port Vila,  8621
Vanuatu
Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: TIMEART.NET
Created on: 16-Mar-01
Expires on: 16-Mar-04
Last Updated on: 16-Mar-03
Administrative Contact:
Woodley, Robert  (spam-protected)
Robert Woodley Internet
PO Box 4634
Suite 205
Port Vila,  8621
Vanuatu
(772) 594-2421      Fax -- (772) 594-2421
Technical Contact:
Woodley, Robert  (spam-protected)
Robert Woodley Internet
PO Box 4634
Port Vila,  8621
Vanuatu
(772) 594-2421      Fax -- (772) 594-2421
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM
NS4.MYDOMAIN.COM
Registrant:
Robert Woodley
PO Box 4573
Grand Cayman,  871251
Cayman Islands
Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: WOTEVA.COM
Created on: 16-Mar-00
Expires on: 16-Mar-04
Last Updated on: 16-Mar-03
Administrative Contact:
Woodley, Robert  (spam-protected)
Robert Woodley Internet
PO Box 4573
Grand Cayman,  87125
Cayman Islands
(772) 594-2421      Fax -- (772) 594-2421
Technical Contact:
Woodley, Robert  (spam-protected)
Robert Woodley Internet
PO Box 4753
Suite 205
Grand Cayman,  87125
Cayman Islands
(772) 594-2421      Fax -- (772) 594-2421
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM
NS4.MYDOMAIN.COM

This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.