Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Cyrillic Spam, Runssian Spam

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
Chao284
Warrior


Joined: 06 Sep 2004
Last Visit: 30 Aug 2014
Posts: 220
Location: Bremerton, WA

PostPosted: Tue May 26, 2009 6:53 pm    Post subject: Cyrillic Spam, Runssian Spam Reply with quote

mail info listed as,

Return-Path: <glebgermanovich@r-sharma.com>
Authentication-Results: mta548.mail.mud.yahoo.com from=r-sharma.com; domainkeys=neutral (no sig); from=r-sharma.com; dkim=neutral (no sig)
Received: from 89.111.165.76 (HELO hakeemtm.mdp2.net) (89.111.165.76) by mta548.mail.mud.yahoo.com with SMTP; Mon, 25 May 2009 21:08:58 -0700
Received: from rev-net-0dcq-0165-01m9-01nalu3o.mtb ([10.84.166.153]) by hakeemtm.mdp2.net () with ESMTP id 8F8F5721EB for <jeffhyde2@yahoo.com>;Tue, 26 May 2009 08:06:41 +0400
From: Gleb Germanovich <glebgermanovich@r-sharma.com>
Subject: =?Windows-1251?B?y+Dj5fD8IOTr/yDk5fLl6SDt4CDr5fLu?=
Date: Tue, 26 May 2009 08:06:41 +0400
Message-ID: <4050731021.20090526080641@r-sharma.com>
Importance: Normal
Sensitivity: Company-Confidential
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_0022_0FFDBE95.27730E1E"
Content-Length: 9683

The following IP info checked on DNS Stuff reveals this,

----------------------------------------------------------

inetnum: 89.111.128.0 - 89.111.191.255
netname: RU-GPT-20060426
descr: Garant-Park-Telecom, Ltd.
country: RU
org: ORG-GL15-RIPE
admin-c: PAN-RIPE
admin-c: PBV-RIPE
tech-c: PBV-RIPE
notify: routing@gpt.ru
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS5537-MNT
mnt-routes: AS5537-MNT
mnt-domains: AS5537-MNT
changed: hostmaster@ripe.net 20060426
changed: bitbucket@ripe.net 20071112
source: RIPE

organisation: ORG-GL15-RIPE
org-name: Garant-Park-Telecom, Ltd.
org-type: LIR
address: Garant-Park-Telecom, Ltd
Alexander Panov
Moscow State University
Office 919, Building 9, Science Park MSU Vorobjevy Gory
119992 Moscow
RUSSIAN FEDERATION
phone: +7 495 7833783
fax-no: +7 495 9308800
e-mail: routing@gpt.ru
admin-c: PAN-RIPE
admin-c: PBV-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: AS5537-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20050429
changed: bitbucket@ripe.net 20051214
changed: bitbucket@ripe.net 20060425
changed: hostmaster@ripe.net 20060426
changed: bitbucket@ripe.net 20060426
changed: bitbucket@ripe.net 20060505
changed: bitbucket@ripe.net 20060808
changed: bitbucket@ripe.net 20070319
changed: bitbucket@ripe.net 20070330
changed: bitbucket@ripe.net 20070813
changed: bitbucket@ripe.net 20070829
changed: bitbucket@ripe.net 20071107
changed: bitbucket@ripe.net 20071107
changed: bitbucket@ripe.net 20071107
changed: bitbucket@ripe.net 20071120
changed: bitbucket@ripe.net 20090202
source: RIPE

person: Alexander V Panov
address: MSU, Science Park, Garant-Park-Telecom
address: Moscow
address: Russia
remarks: phone: +7 095 7898207
phone: +7 495 7898207
remarks: fax-no: +7 095 9308800
fax-no: +7 495 9308800
e-mail: panov@parkline.ru
nic-hdl: PAN-RIPE
mnt-by: PAN1-RIPE-MNT
changed: panov@parkline.ru 20030314
source: RIPE
remarks: modified for Russian phone area changes
changed: ripe-dbm@ripe.net 20051216

person: Pavel B. Vasiliev
address: Lenin's Hills, 6
address: Moscow, Russian Federation
phone: +7 916 6958244
remarks: SMS: +7 916 6958244
phone: +7 495 7833783
e-mail: pavel@gpt.ru
e-mail: pavel@parkline.ru
e-mail: pavel@pavel.su
e-mail: p.vasiliev@gpt.ru
remarks: Skype: pavel.su
remarks: http://pavel.su
remarks: http://lookinglass.org
nic-hdl: PBV-RIPE
mnt-by: AS5537-MNT
source: RIPE
changed: p.vasiliev@gpt.ru 20071106

% Information related to '89.111.160.0/20AS5537'

route: 89.111.160.0/20
descr: GPT-2 route object
origin: AS5537
mnt-by: AS5537-MNT
source: RIPE
changed: pavel@gpt.ru 20080204

% Information related to '89.111.164.0/23AS5537'

route: 89.111.164.0/23
descr: MDP2 temp route object
remarks: -----------------------------
remarks: Abuse and any spam issues:
remarks: abuse@mdp2.net, tim@gpt.ru
remarks: -----------------------------
origin: AS5537
mnt-by: AS5537-MNT
source: RIPE
changed: pavel@gpt.ru 20080204

After Searching the culprit parkline.ru that seems to be the spam sender doamin on google one site's DNS service using the NS Records on this Russian DNS Check site RU TLD: Registration and Delegation Statistics reveals more than just what is wrong with LiveJournal's Move to a Russian server here is the details,

----------------------------------------------------------
Domains were transfered from ns.parkline.ru.

Reciepient Domain
ns1.livejournal.ru. LJ
ns2.livejournal.ru. LJ
ns4.nic.ru. LJ
ns8.nic.ru. LJ
ns1.1gb.ru. SITEMARKET <---- Spam Source linked?
ns2.1gb.ru. SITEMARKET <---- Spam Source linked?

After more serching on 1gb.ru, it happened to be linked to a report issued by the site named darkmessiah.com, the site reveals this infomation about 1gb.ru,

[whois.nic.ru]
% By submitting a query to RU-CENTER's Whois Service
% you agree to abide by the following terms of use:
% http://www.nic.ru/about/servpol.html (in Russian)
% http://www.nic.ru/about/en/servpol.html (in English).

Domain name: STEINERSJEWELLERY.COM
Name Server: ns1.1gb.ru
Name Server: ns2.1gb.ru
Creation Date: 2008.07.29
Expiration Date: 2009.07.29

Status: DELEGATED

Registrant ID: T0OXJCZ-RU
Registrant Name: Petr S Sokolov
Registrant Organization: Petr S Sokolov
Registrant Street1: Moskva
Registrant City: Moskva
Registrant State: Moskva
Registrant Postal Code: 010010
Registrant Country: RU

Administrative, Technical Contact
Contact ID: T0OXJCZ-RU
Contact Name: Petr S Sokolov
Contact Organization: Petr S Sokolov
Contact Street1: Moskva
Contact City: Moskva
Contact State: Moskva
Contact Postal Code: 010010
Contact Country: RU
Contact Phone: +74952242394
Contact E-mail: acmilanbf2@gmail.com

Registrar: ANO Regional Network Information Center dba RU-CENTER

and this domain is a host of, fake job postings and job scams(many in Cyrillic form), a new theme that seems to now be a beggening of spammers are trying to use, and with Livejournal's Russian site caught in the crossfire of a spam domain from parkline.ru, this puts every server on LiveJournal.com in the US at risk for these kind of spam scams also, not just LJ's Russian site.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group