an5858: a Follow-Up (Adult Content)

There had been a post here in 2019 called Internet Mysteries: Who is an5858?, inspired by a video from Barely Sociable on YouTube. For those who haven’t seen the video, watch it and catch up.

Barely Sociable – The Fake Diploma Forum Spammer

On this video, someone in the comments section pointed out the following:

A bit of background for anyone who might care. The numbers “58” have a different meaning for Koreans. The numbers “58” roughly translates to “oppa” when you sound it out. For those of you who don’t know, “oppa” is what Korean women call guys who are older than they are. While it usually only indicates that the guy is older than the girl, it can also denote a position of standing. A girl who calls a guy “oppa” can also be taken as a signal the she recognizes the guy is higher in the hierarchy in the relationship. This is one of the main reasons many Korean guys prefer when they are called oppa by girls and is also why it is commonly used by guys in internet usernames.

5 = oh

8 = pal

If you shorten it and say it fast, it turns into “oppa”. The user “AN5858” can be translated as “AN oppa oppa”.

I could be totally wrong about this, but for some reason I don’t think I am. Also one other tidbit of info. It’s funny how Barelysociable found a Korean/Chinese connection to this. It’s commonly believed in Korea that the people who commit the most crimes (in Korea) are the people who come from the Korean and Chinese border. They are Chinese nationals but can speak Korean fluently due to their proximity with Korea. These folks are looked at in the same way that some Americans look at “illegal aliens”. They have a higher population in Korean jails and are usually involved in organized crime.

Please don’t misunderstand what I’m saying, I’m not saying that all of these people are criminals.

Anyway, it’s highly likely that the person “An5858” is someone who can both speak Korean and Chinese and is involved in both prostitution and some form of fraudulent activity. If he is, there is a good chance there is a criminal organization behind this racket and if you look up the history of these types of folks, are not fun to mess around with. They are the same people who you hear about when you think of illegal organ harvesting and other super shady shit in Korea/China.

Out of curiosity, a search today for “an5858” turned up some different results than the previous time. Is it the same spammer/organized crime member as in the previous post? It certainly appears to be the case.

This time around, one of the search results that showed up directed to (link is currently down and gives a privacy error), which is a site called Xinbo Lottery. It looks like your typical online gambling site:

Whether it’s legit or just a scam is hard to say. All casinos feel like a scam to some degree. Another of the sites that came up was (Dorsing Night), which is some kind of adult dating/hookup site, albeit one geared toward Asian countries like South Korea.

In addition, they also appear to be behind the sites and, which are Korean escort services, as well as, which is a hookup site. The question is – are all of these sites really run by the same person, or do they just have similar names? It seems like more than just a coincidence, given the nature of the sites. For example, the screenshots below correspond to Via Pharmacy, a site that sells generic Viagra-like drugs, the aforementioned, and a forum for porn and other adult content.

If they are related, it appears that they have many more domains registered as well, such as,,, etc. In addition, they have spam accounts on numerous sites, such as:

  1. The Doctor Who Forum: dyellihhi001
  8. On Water Designs – spam comment
  9. She Leads Africa forum – spam comment
One of the sites on which the spam comments appeared.

Barely Sociable had theorized that this person was using a type of software called XRumer to send out spam messages and comments. BotmasterLabs, the creators of XRumer, have also developed similar software such as XEvil, which is capable of bypassing many types of CAPTCHAs:

XEvil allow to automatically recognize more than 8400 types of captchas with a very high recognition speed — more than 100 images per second. New technology of decoding allow extremely fast and precisely to decode text, numbers, arithmetic’s and symbols even on hard types of captchas, no matter of their size, noise, deformations and font type. No matter how hard is captcha, speed of decoding it’s always same fast (~0.01 sec per 1 captcha).

This would certainly explain how their spam comments have ended up on so many different sites, even if those sites had anti-spam measures. Many of the current darknet markets have stepped up their anti-spam software to combat bots such as these with more complex CAPTCHAs.

The same person or people also seem to be in charge of all the domains listed on this forum: 2VEE > Event > asdgsf. Like most forums, it does use CAPTCHAs for anti-spam reasons, but the bot appears to be able to bypass them easily. Not only did it make this post, but it seems to post at regular intervals on the same site, advertising multiple businesses.

So, does this solve the “mystery”? Sort of. It may not be the last appearance of an5858, of course.

Other related links: Korean Guild Spam Bots

Apup: Spam bot post

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.