Twitch is in the process of digging out who is behind a series of spambot posting that started on February 24th that was bombarding channels with on average of 34 messages per a minute and at times up to 700 a minute. These spambots were posting messages that were racists, homophobic and worse that Twitch’s Automod tool was unable to keep up with. According to Ars Technica:
witch, which bills itself as the “leading video platform and community for gamers,” says it has traced the attacks to Chatsurge.net, which offers spambot attacks for sale. From there, Twitch investigators believe the perpetrator is associated with the e-mail address of email@example.com and a Shaw Communications IP address of 18.104.22.168 located in Coquitlam, British Columbia. In addition, Twitch thinks a PayPal account associated with the e-mail firstname.lastname@example.org is connected, according to court documents.
Legal documents: https://arstechnica.com/wp-content/uploads/2017/04/twitch.pdf
In total, Twitch is requesting:
For starters, Twitch wants Shaw to produce any identifying information about the customer associated with the 22.214.171.124 IP address. Twitch also wants an order commanding PayPal to hand over identifying information “of the customer associated with Chatsurge.net, email@example.com, or firstname.lastname@example.org.”
As for CloudFlare, which is the server host of Chatsurge.net, Twitch wants it to unmask identifying information associated with the Chatsurge.net domain. Twitch is making the same request to WhoisPrivacy and WhoisGuard to unveil ownership of the Chatsurge.net and Dongcorp.org domains.
What’s more, Twitch claims that all of these companies “are involved in the Spambot Attacks,” including WhoisPrivacy and WhoisGuard for “providing a means for the perpetrator to don the cloak of anonymity to undertake this harmful conduct.”
Moral of this story is if you try to mess with Twitch’s business, they will track you down.