Internet Mysteries: Who is an5858?

Those of you who read here regularly know that I love a good mystery and/or puzzle. I recently subscribed to a YouTube channel called Barely Sociable, who covers this kind of topic a lot, and one video in particular stood out: The Fake Diploma Forum Spammer – Internet Oddities.

Of course, spam, in and of itself, isn’t a mystery (just check your inbox), but the strange thing about this particular spammer is how widespread and prolific the spam posts are, in spite of the fact that there are anti-spam protocols on most websites these days. Even so, this doesn’t mean that the anti-spam programs (like CAPTCHAs) are able to stop everything.

A while back, I had written a post entitled Who Would Hack writerscafe.org?, and I believe that it may have been the same spammer (or one involved in similar scams) that Barely Sociable is referring to in his video. While the site that they were advertising on WritersCafe was different than the one mentioned in the video, the spam messages used a very similar format. It may be that back when I wrote the post, the same person or people used a different site, which was unsuccessful, so they started up new businesses.

In any case, this particular spammer (who sometimes uses the name “Andy”) frequently advertises illegal diplomas, particularly to people who live in China, in which diplomas are a desirable commodity, especially to people who may be unable to afford the cost of going to a university. While I would approach something like this with a degree of skepticism, someone who’s desperate might not.

Interestingly, I managed to find thousands of instances where Andy had posted on different sites by searching for “501058216” on different search engines, like DuckDuckGo, Google, and StartPage. This number references a WeChat ID used by Andy.

Also, Andy uses many variations on the name “dyellogfhf,” usually followed by a string of numbers. This Pastebin post lists quite a few of the different email addresses used by this same person: The Forum Spammer Txt Document. As Barely Sociable mentions in his video, it’s possible that one of the programs that Andy may be using is called XRumer, made by BotmasterLabs. The program advertises itself with the following description:

This software will help to increase traffic to website to hundreds, thousands times. Program have a rich seven year history, which use experience of professionals in search engine optimization. Appreciate and use a truly unique and powerful XRumer program, can both professionals and beginners.

The use of a program like this might explain how the spammer is able to circumvent CAPTCHAs and other anti-spam methods. The version in question is proprietary and quite expensive, but there may be some open source versions floating around as well.

It’s also interesting to note that “Andy” may be involved in other illegal businesses as well (which is not that surprising, given the spam/fraud stuff). According to the video, the same person seems to be connected to a Korean escort service/massage parlor business, but under different usernames, one of these being “AN5858.”

If you actually visit an5858.com, you’ll see a site like this:

Initially, when I had visited this site, the buttons were clickable, and led to a forum of sorts; that doesn’t seem to be the case now. It may be that Barely Sociable’s video was starting to draw unwanted attention to the site, and the owner disabled those functions.

All in all, the fact that “Andy” is a spammer and posts on as many websites as possible isn’t that strange, but the fact that he’s been able to get past many sites’ security protocols and is involved in multiple sketchy businesses is intriguing to me.

Has anyone else encountered this bot before on a site? Do you have any other interesting links to share related to it? Let me know in the comments, as usual.

One thought on “Internet Mysteries: Who is an5858?

  1. In reference to spam filters not being able to stop this person, I think if you have any cyber-security application that’s controlled by a machine learning algorithm, you’re operating on fuzzy logic, so the AI is going to make mistakes from time to time, because you can’t gain human-like intelligence without introducing a level of human error. I think as spam filters and other cyber-security programs rely increasingly on AI, we’re going to see a shift in the focus of spammers, crackers, etc. from traditional methods of exploiting known vulnerabilities to finding ways to fool the AI into thinking a session, program, message, etc. is non-malicious. This is a pen-testing project I’ve had in the works for the last couple weeks – the problem of how to bypass a security system that’s actually intelligent, and I’m eager to try out some of the concepts I’ve come up with on my own HackMe server (in the safety of my own pen-testing lab of course) using an ML framework like TensorFlow or Jupyter. It’s going to be pretty interesting to see the direction that hacking as a field of research goes in as AI takes over the security scene.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.