Looking through the referrer logs for my little blog, one of the biggest reasons people come here is some sort of web search on the gay.com spambots. It's surprising how widespread all over the world the visits are from. Everywhere from Mexico to Asia to Eastern Europe. Yet it's interesting how little information there is on the web about the bots.
I've long believed that these bots are run by people outside the USA. There's just something about the poor English that suggests they were written by someone with a poor handle on the language. For example:
- i need good cock to suck
- i just wanna some sex
- hi, i need a good company guys
- i will swollow your cum!
- hit me for the chat! [Hit you? Oh, if only...]
- hey guys, let's have some fun tonight. i'm a horney, smoothe bod, and a hell of a f**k [Because, you know, I'd be so offended if he'd actually spelled out "fuck."]
Lately, all these bots are advertising sites hosted at icamsonline.com. So let's see what lovely person is responsible for that domain:
whois -h whois.enom.com icamsonline.com
Registrant Contact: sss
Frank Lxxxxxxxxx (firstname.lastname@example.org)
Morristown, NJ 07960
New Jersey. That figures. Interestingly, however, the Google phonebook for Mr. L. is just a wee bit different:
Frank Lxxxxxxxxx - (973) 451-xxxx - xxxxxxxxxxxxxx, Morristown, NJ 07960
Note that the phone number and address number are slightly different.
Now let's take a look at the icamsonline.com domain, which resolves to 126.96.36.199:
whois -h whois.ripe.net 188.8.131.52 ...
inetnum: 184.108.40.206 - 220.127.116.11
descr: Exmasters.com web hosting
The CZ top level domain is for the Czech Republic. So this domain is hosted by exmasters.com, which is an adult hosting company, and has previously hosted this spammer's domains. Some of the previous ones no longer resolve (hornydolls.com, inetmates.com), so it's not clear if this exmasters is spam-friendly or whether they simply drag their feet when cleaning off their spammers' sites.
Ah, so it's ifriends.com / webpower.com / clickforcash.com, as usual. This site is responsible for pretty much all of the gay.com spam. They seem to be unwilling to do anything about it, so much so, I can't help but wonder if they are part of the abuse themselves. I've noticed that I get a lot of referrer hits for "ifrends scam" as well, so I also wonder if even the hot young things beating off for you on cam that they advertise is a scam or not.
Update (7 August 2005): I'm suspicious that this registration information may be faked, so I removed the identifying information in case this is an innocent bystander. See this post for details.
Update (16 Nov 2007): Mr. L or someone with the same name showed up in the comments claiming not to be affiliated with the site. As I suspected identity theft previously, this doesn't seem implausible, and I've obscured the used for the registration. The domain has since expired and been picked up by a domain name squatter.