My apologies, one of the points in the MO described in the entry for Mike Tison last time is actually the MO of Alexander Morozov. Morozov is the one clusterbombing pages.
- Comment spams with porn URLs. He and the Bulgarians are together responsible for most of the spam hits on my site.
- Has a script which is easily fooled by my on-page measures, but cluster-bombs and loads entries a lot which uses bandwidth.
- As well as the above, the queries he makes to the comment script can be over 11kb in length, including the text twice as a text parameter and a comment parameter. Other parameters used include sk2_time, sk2_my_js_check1, currency_code, business, domains, and item_name. May be a multi-purpose script.
- .com domains spammed: novusdelta, legacyart
- .org domains spammed: holyroodarchaeology
- see also: Spamhuntress Wiki: Dyakon (He's using a (fake?) New York address in domain registrataions now)
Other .com domains spammed:
- 888pokerguru via comment, registered to "Liron Snir" in Israel.
- homeequityloan-zz via trackback, registered to "Javier Navarrete" in Florida (See also: Spamhuntress Wiki: Florida comcast spammer)
- northvip via comment, registered to "Somer" (email@example.com) in Minsk, Belarus
The "Liron Snir" spam actually got to the point where it was almost posted! The domain's now in my blacklist of course.