{"id":152,"date":"2006-03-06T09:07:00","date_gmt":"2006-03-06T18:07:00","guid":{"rendered":"http:\/\/www.evardsson.com\/blog\/2006\/03\/06\/spamming-for-script-kiddies\/"},"modified":"2007-03-03T11:42:15","modified_gmt":"2007-03-03T20:42:15","slug":"spamming-for-script-kiddies","status":"publish","type":"post","link":"https:\/\/www.evardsson.com\/blog\/2006\/03\/06\/spamming-for-script-kiddies\/","title":{"rendered":"Spamming for script-kiddies"},"content":{"rendered":"<p>Well, this has got to be the most annoying piece of spam I have received recently. It seems that now even the crack-scripting community is using spam to advertise their &#8220;services.&#8221; I have included a copy of the email &#8211; the more disturbing items I have emphasized in bold. The email:<\/p>\n<blockquote><p>From: noreply-52@ww-nn.web-hack.ru<br \/>\nBcc:<br \/>\nReturn-Path:  noreply-52@ww-nn.web-hack.ru<br \/>\nX-OriginalArrivalTime: 06 Mar 2006 13:36:47.0450  (UTC)<br \/>\nFILETIME=410ABA0:01C64123]<br \/>\nDate: 6 Mar 2006 04:36:47 -0900<br \/>\nDear Sir\/Madam, Hello!<br \/>\nWe  are internet hackers crew &#8211; Web-hack. We propose you for sale some interesting  things: &#8211; private exploits &#8211; http:\/\/forum.web-hack.ru &#8211; <strong>stolen credit cards and  bank accounts<\/strong> &#8211; http:\/\/forum.web-hack.ru &#8211; <strong>we infect users pc&#8217;s with your trojan  for low prices (10000 infected pc&#8217;s for 25$)<\/strong> &#8211; http:\/\/forum.web-hack.ru &#8211;  bulletproof domains and hosting &#8211; http:\/\/forum.web-hack.ru Best offer &#8211;  bulletproof domain + hosting =0 usd\/week. You can use this hosting for any  scam\/fraud and nobody will close it! For more information look at &#8211;  http:\/\/forum.web-hack.ru P.S. We are registering bulletproof domains on our  partner site http:\/\/www.r01.ru\/ there we have &#8220;our&#8221; people to guarantee  stability of our domains and hosting so any organization like spamhaus.org  cannot down our hosting and domains. <strong>We are now spaming 5 000 000 people<\/strong> look  out the domain is alive as always and never gonna be down !! Please go and order  our services at: http:\/\/forum.web-hack.ru Msg-ID: 12543<\/p><\/blockquote>\n<p>Whois:<\/p>\n<p>forum.web-hack.ru<br \/>\nww-nn.web-hack.ru<\/p>\n<p>217.107.217.167<br \/>\n217.107.217.168<\/p>\n<p>OrgName:    RIPE Network Coordination Centre<br \/>\nAddress:       P.O. Box 10096<br \/>\nCity:          Amsterdam<br \/>\nStateProv:<br \/>\nPostalCode:    1001EB<br \/>\nCountry:       NL<br \/>\nComment:<br \/>\nRegDate:<br \/>\nUpdated:       2004-12-13<br \/>\nOrgID:      RIPE<br \/>\nAddress:    P.O. Box 10096<br \/>\nCity:       Amsterdam<br \/>\nStateProv:<br \/>\nPostalCode: 1001EB<br \/>\nCountry:    NL<\/p>\n<p>ReferralServer: whois:\/\/whois.ripe.net:43<\/p>\n<p>NetRange:   217.0.0.0 &#8211; 217.255.255.255<br \/>\nCIDR:       217.0.0.0\/8<br \/>\nNetName:    217-RIPE<br \/>\nNetHandle:  NET-217-0-0-0-1<br \/>\nParent:<br \/>\nNetType:    Allocated to RIPE NCC<br \/>\nNameServer: NS-PRI.RIPE.NET<br \/>\nNameServer: NS3.NIC.FR<br \/>\nNameServer: SUNIC.SUNET.SE<br \/>\nNameServer: NS-EXT.ISC.ORG<br \/>\nNameServer: SEC1.APNIC.NET<br \/>\nNameServer: SEC3.APNIC.NET<br \/>\nNameServer: TINNIE.ARIN.NET<br \/>\nComment:    These addresses have been further assigned to users in<br \/>\nComment:    the RIPE NCC region. Contact information can be found in<br \/>\nComment:    the RIPE database at http:\/\/www.ripe.net\/whois<br \/>\nRegDate:    2000-06-05<br \/>\nUpdated:    2005-07-27<\/p>\n<p># ARIN WHOIS database, last updated 2006-03-05 19:10<br \/>\n# Enter ? for additional hints on searching ARIN&#8217;s WHOIS database.<\/p>\n<p>www.r01.ru<\/p>\n<p>195.24.65.17<\/p>\n<p>% This is the RIPE Whois query server #2.<br \/>\n% The objects are in RPSL format.<\/p>\n<p>% Information related to &#8216;195.24.64.0 &#8211; 195.24.71.255&#8217;<\/p>\n<p>inetnum:      195.24.64.0 &#8211; 195.24.71.255<br \/>\nnetname:      PARKLINE-1<br \/>\ndescr:        Garant-Park-Telecom<br \/>\ndescr:        Science Park, MSU<br \/>\ndescr:        Lebedeva St., Leninskie Gory<br \/>\ndescr:        Moscow 119899, Russia<br \/>\ncountry:      RU<br \/>\nadmin-c:      PAN-RIPE<br \/>\ntech-c:       PAN-RIPE<br \/>\nstatus:       ASSIGNED PI<br \/>\nmnt-by:       PAN1-RIPE-MNT<br \/>\nmnt-by:       RIPE-NCC-HM-PI-MNT<br \/>\nmnt-lower:    RIPE-NCC-HM-PI-MNT<br \/>\nmnt-routes:   PAN1-RIPE-MNT<br \/>\nsource:       RIPE # Filtered<\/p>\n<p>person:         Alexander V Panov<br \/>\naddress:        MSU, Science Park, Garant-Park-Telecom<br \/>\naddress:        Moscow<br \/>\naddress:        Russia<br \/>\nremarks:        phone:        +7 095 7898207<br \/>\nphone:          +7 495 7898207<br \/>\nremarks:        fax-no:          +7 095 9308800<br \/>\nfax-no:            +7 495 9308800<br \/>\ne-mail:         panov@parkline.ru<br \/>\nnic-hdl:        PAN-RIPE<br \/>\nmnt-by:         PAN1-RIPE-MNT<br \/>\nsource:         RIPE # Filtered<br \/>\nremarks:        modified for Russian phone area changes<\/p>\n<p>% Information related to &#8216;195.24.64.0\/21AS25537&#8217;<\/p>\n<p>route:        195.24.64.0\/21<br \/>\ndescr:        Garant-Park Telecom Block 3<br \/>\ndescr:        Science Park, Moscow State University<br \/>\ndescr:        Lenin&#8217;s Hills, Moscow, Russia<br \/>\norigin:       AS25537<br \/>\nmnt-by:       PAN1-RIPE-MNT<br \/>\nsource:       RIPE # Filtered<\/p>\n<p>Definitely ones to watch for in your log files.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Well, this has got to be the most annoying piece of spam I have received recently. It seems that now even the crack-scripting community is using spam to advertise their &#8220;services.&#8221; I have included a &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[147],"class_list":["post-152","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pxT7i-2s","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/posts\/152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/comments?post=152"}],"version-history":[{"count":0,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/posts\/152\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/media?parent=152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/categories?post=152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/tags?post=152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}