an5858: a Follow-Up (Adult Content)

There had been a post here in 2019 called Internet Mysteries: Who is an5858?, inspired by a video from Barely Sociable on YouTube. For those who haven’t seen the video, watch it and catch up.

Barely Sociable – The Fake Diploma Forum Spammer

Out of curiosity, a search today for “an5858” turned up some different results than the previous time. Is it the same spammer as in the previous post? It certainly appears to be the case.

This time around, one of the search results that showed up directed to xb5858.com, which is a site called Xinbo Lottery. It looks like your typical online gambling site:

Whether it’s legit or just a scam is hard to say. All casinos feel like a scam to some degree. Another of the sites that came up was xn5858.com (Dorsing Night), which is some kind of adult dating/hookup site, albeit one geared toward Asian countries like South Korea.

In addition, they also appear to be behind the sites korg1.com and xo23.net, which are Korean escort services, as well as meet-enjoy.com, which is a hookup site. The question is – are all of these sites really run by the same person, or do they just have similar names? It seems like more than just a coincidence, given the nature of the sites. For example, the screenshots below correspond to a dubious “pharmacy” site that sells generic Viagra-like drugs, a Korean Ashley Madison-like site, and a forum for porn and other adult content.

If they are related, it appears that they have many more domains registered as well, such as zm5858.com, am5858.com, xj5858.com, etc. In addition, they have spam accounts on numerous sites, such as:

  1. The Doctor Who Forum: dyellihhi001
  2. https://community.allen-heath.com/members/dyellihhi001/
  3. http://forum.mibandnotify.com/profile/dyellihhi001
  4. https://rolanddg-ae.com/forum/profile/dyellihhi001/
  5. https://carnivals.translationvillage.org/forums/users/dyellihhi001/
One of the sites on which the spam comments appeared.

Barely Sociable had theorized that this person was using a type of software called XRumer to send out spam messages and comments. BotmasterLabs, the creators of XRumer, have also developed similar software such as XEvil, which is capable of bypassing many types of CAPTCHAs:

XEvil allow to automatically recognize more than 8400 types of captchas with a very high recognition speed — more than 100 images per second. New technology of decoding allow extremely fast and precisely to decode text, numbers, arithmetic’s and symbols even on hard types of captchas, no matter of their size, noise, deformations and font type. No matter how hard is captcha, speed of decoding it’s always same fast (~0.01 sec per 1 captcha).

This would certainly explain how their spam comments have ended up on so many different sites, even if those sites had anti-spam measures. Many of the current darknet markets have stepped up their anti-spam software to combat bots such as these with more complex CAPTCHAs.

So, does this solve the “mystery”? Sort of. It may not be the last appearance of an5858, of course.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.