Twitch is in the process of digging out who is behind a series of spambot posting that started on February 24th that was bombarding channels with on average of 34 messages per a minute and at times up to 700 a minute. These spambots were posting messages that were racists, homophobic and worse that Twitch’s Automod tool was unable to keep up with. According to Ars Technica:
witch, which bills itself as the “leading video platform and community for gamers,” says it has traced the attacks to Chatsurge.net, which offers spambot attacks for sale. From there, Twitch investigators believe the perpetrator is associated with the e-mail address of firstname.lastname@example.org and a Shaw Communications IP address of 126.96.36.199 located in Coquitlam, British Columbia. In addition, Twitch thinks a PayPal account associated with the e-mail email@example.com is connected, according to court documents.
Legal documents: https://arstechnica.com/wp-content/uploads/2017/04/twitch.pdf
In total, Twitch is requesting:
For starters, Twitch wants Shaw to produce any identifying information about the customer associated with the 188.8.131.52 IP address. Twitch also wants an order commanding PayPal to hand over identifying information “of the customer associated with Chatsurge.net, firstname.lastname@example.org, or email@example.com.”
As for CloudFlare, which is the server host of Chatsurge.net, Twitch wants it to unmask identifying information associated with the Chatsurge.net domain. Twitch is making the same request to WhoisPrivacy and WhoisGuard to unveil ownership of the Chatsurge.net and Dongcorp.org domains.
What’s more, Twitch claims that all of these companies “are involved in the Spambot Attacks,” including WhoisPrivacy and WhoisGuard for “providing a means for the perpetrator to don the cloak of anonymity to undertake this harmful conduct.”
Moral of this story is if you try to mess with Twitch’s business, they will track you down.