Damn Spam!
Search 

Topics

User Functions






    Lost your password?

The Airline Ticket Spammer

    
Sunday, May 22 2005 @ 21:08 CEST
Contributed by: Dirk

I've originally posted some information about this person in Ann Elisabeth's wiki. Since he's still rampant, I just reviewed my observations to make sure they're consistent.

We're mostly seeing referrer spam for airline tickets, insurances (cars, boats), and ringtones. Interspersed are spams for seemingly unconnected things like spyware removal tools, various brands of cars (Honda, Ford, Chevrolet), cellphones, pharmacy products, loans, and other random topics (Hawaii, for example).

Certainly a mixed bag of things. So why do I think there's always the same person behind those spams?

Looking up the registrant information for all the spamvertized domains returns three names:

  • Midel Birek (tgp@toughguy.net), supposedly located in "Glasgo" (no 'w'!), Great Britain.
  • Fred Sext (tgp@bonbon.net), located in Kasan, Russia
  • Gert Ledov (tgp@toughguy.net(!) and tgp@phreaker.net), located in Kasan(!), Great Britain(?!)

So Midel Birek and Gert Ledov share an email address, while Fred Sext and Gert Ledov live in the same city. And they all have "tgp" as the localpart of their email addresses. Conincidence?

All the spamvertized domains actually redirect to "search engine"-like pages - the sort you've never heard of before, like searchmeup.com and topsearch10.com. And all the URLs on those "search engines" contain aid=34671 - most likely an affiliate id and the actual reason for all that spam.

So, yes, I firmly believe behind these three (or how many) identities there is exactly one person. As to which of these names is his real one I have no idea - probably none of them. Maybe "tgp" are his real initials or maybe not ...

Room for further investigation is in how those "search engines" actually produce any sort of revenue that makes this whole spamming worthwhile. And a closer look at the hosting services involved may also be of interest (and a way to get at least some of his accounts terminated) ...

Filed under: Persons
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/airline-ticket-spammer

No trackback comments for this entry.
The Airline Ticket Spammer | 1 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
The Airline Ticket Spammer
Since July 12th I have had to delete daily from my guestbook(In memory of my son)spam from this same creep- from car insurance ,perfume ,ring tones, airline tickets, fast gift ideas, megaweb hosting,etc..,.
I clicked on some of the places which directed me to topsearch10.com…also some of the information I found is listed below.Interestingly the “Beres” person listed in Dallas has the phone number with too many digits and area code wrong and the zip for Dallas is way off.Big surprise,huh. I went to some of the sponsored links connected at topsearch10.com and emailed this message:” Everyday I have to delete spam in my DEAD son's memorial guestbook that someone YOU are affiliated with keeps writing in. This is disgraceful . Please take appropriate steps to have this stopped. I have sent a complaint to Google also……….”
**********I did get several automated replys back including one from google(http://www.google.com/contact/spamreport.html)******
It will be interesting to see if I get any replys back from real people.


Website: http://www.directi.com

Domain Name: CRITICALINTERNET.COM

Registrant:
Direct Information Pvt Ltd
Domain Manager (domain.manager@directi.com)
330, Link Way Estate
Link Road
Malad (W)
Mumbai
Maharashtra,400064
IN
Tel. +91.2256797500

Creation Date: 17-Aug-2004
Expiration Date: 17-Aug-2006

Domain servers in listed order:
dns1.directi.com
dns2.directi.com
dns3.directi.com
dns4.directi.com

Administrative Contact:
Direct Information Pvt Ltd
Domain Manager (domain.manager@directi.com)
330, Link Way Estate
Link Road
Malad (W)
Mumbai
Maharashtra,400064
IN
Tel. +91.2256797500

Technical Contact:
Direct Information Pvt Ltd
Domain Manager (domain.manager@directi.com)
330, Link Way Estate
Link Road
Malad (W)
Mumbai
Maharashtra,400064
IN
Tel. +91.2256797500

Billing Contact:
Direct Information Pvt Ltd
Domain Manager (domain.manager@directi.com)
330, Link Way Estate
Link Road
Malad (W)
Mumbai
Maharashtra,400064
IN
Tel. +91.2256797500

Domain Name: MEGA-WEB-HOSTING.NET
Registrar: CRITICAL INTERNET, INC.
Referral URL: http://www.criticalinternet.com
Name Server: NS1.MEGA-WEB-HOSTING.NET
Name Server: NS2.MEGA-WEB-HOSTING.NET
Status: ACTIVE
Updated Date: 15-jul-2005
Creation Date: 15-jul-2005
Expiration Date: 15-jul-2006
Domain Name: MEGA-WEB-HOSTING.NET

Registrant:
Beres
Beres (vitos@tiscali.es)
str.Miders 43
Dallas
Texas,534343
US
Tel. +001.23432433224

Creation Date: 15-Jul-2005
Expiration Date: 15-Jul-2006

Domain servers in listed order:
ns1.mega-web-hosting.net
ns2.mega-web-hosting.net

Administrative Contact:
Beres
Beres (vitos@tiscali.es)
str.Miders 43
Dallas
Texas,534343
US

Authored by: Anonymous on Sunday, July 24 2005 @ 02:54 CEST
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog