Damn Spam!
Search 

Topics

User Functions






Lost your password?

Emil Kacperski still in the spamming business

    
Saturday, June 04 2005 @ 10:31 CEST
Contributed by: Dirk

(Repost with corrections. Thanks to Ann Elisabeth for pointing out my mistakes in the original post.)

Drugs / pills spam is nothing new. Blocking the names of the most popular pills usually keeps the problem at bay without you having to hunt down every new variation the spammers come up with.

However, it's still an annoyance. So we got a bunch of referrer spams, all for subdomains at bigsitecity.com. Ann Elisabeth had no success with them, but I thought I'd give it another try. No response and the subdomains are still up to this day.

The next day, we got the same referrer spam, with the exact same subdomains, only this time on 3d.net. Another email, no response again, sites still up. Sigh.

The spams in case all came from 69.50.180.186. A whois lookup for that IP address turned up the owners: A company called Atrivo and a person named Emil Kacperski. And that is where my original post took a wrong turn ...

A google search on Mr. Kacperski turns up lots of hits - stuff you can spend hours reading up on. Among other things there is a connection to a certain Eugene Blagodarny who used to sell scripts for spamming. However, that connection is rather remote, as you can learn from Tim Bishop's writeup.

So, the wrong turn I took was to assume that there's a direct connection between Atrivo / Kacperski and Blagodarny. There, it seems, I was plain out wrong. Lesson learned: Don't let your anger get in the way of proper research. Sloppy research isn't helping our case of fighting the spammers.

However, looking at Mr. Kacperski's track record (e.g. this little episode), I don't exactly feel motivated to apologize to him. Especially since, as the case that triggered this little rant shows, he's still in the business of hosting spammers.

So back to the spam in question: The aforementioned subdomains all had a JavaScript redirect (no affiliate ID, btw) to pharmacy-directory.biz which is registered to a Evgeniy Utkin from Ussuriisk, Russia. The site itself is hosted on a server in Estonia (217.159.201.132). That server hosts an interesting mix of domains, btw (pills, porn, casino, ...).

A Mr. Evgeniy Utkin is apparently the president of an Ukrainian IT company called Kvazar Micro but he seems to be a reputable figure. So either the name is a coincidence or fake.

So, it seems like I've reached a dead end in this case for now: Complaining to Atrivo / Kacperski won't help, bigsitecity.com and 3d.net are non-responsive and judging by the stuff that's hosted on that server in Estonia, I doubt complaining there will have any effect. And in the meantime, those referrer spams are still coming in (from 3d.net, at the moment) ...

Filed under: Persons
()

What's Related

Story Options

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/emil-kacperski

No trackback comments for this entry.
Emil Kacperski still in the spamming business | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Spammer switched to dreamstation.com now

Our spamming friend here appears to be hopping from one free subdomain provider to the next. After bigsitecity.com and 3d.net (both of which never replied to my reports, btw, and still have the spamvertised sites up), it's now dreamstation.com. Still with the exact same subdomain names, with a JavaScript redirect to pharmacy-directory.biz, and still spamming from the same IP address.

Authored by: Dirk on Wednesday, June 08 2005 @ 20:42 CEST
[ Reply to This | # ]
Spammer switched to dreamstation.com now

3d.net and dreamstation.com have the same abuse address (at 0catch.com). The spammer is still rampant, and the sites (including those on bigsitecity.com) are still online.

So, either bigsitecity.com and 0catch.com (3d.net, dreamstation.com) are incompetent or they are in bed with the spammers. In any case, these services are to be avoided.

Authored by: Dirk on Saturday, June 11 2005 @ 15:21 CEST
[ Reply to This | # ]

Copyright © 2010 Damn Spam! Powered by Geeklog