Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
news.admin.net-abuse.email
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
More about Phorm and the Russian connection.
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   1 message - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Chris U  
View profile  
 More options Mar 14 2008, 4:25 pm
Newsgroups: news.admin.net-abuse.email
From: Chris U <pressedp...@nojunk.blyueyonder.co.uk>
Date: Fri, 14 Mar 2008 20:25:28 GMT
Local: Fri, Mar 14 2008 4:25 pm
Subject: More about Phorm and the Russian connection.
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
More about Phorm and the Russian connection.

In response to this message posted in a VM forum

This is again related to the new kid on block claiming to provide
targeted ads' onto users desktops when they do a search online, they
are named Phorm.
The  CEO of Phorm admits he has a team of Russian coders.

The postal address of Phorm in Russia is the same that for JSC Hosting
Telesystems who it seems have been linked a Phishing site some time
ago.

Posted by Pete

Hi all,

I've been seeing lots of hits from Russia on Dephormation.org.uk from
IP
address 78.110.48.130. Badphorm.org.uk is getting the same.

Who is turns this up,
========================
person: Anton Nekhoroshih address: JSC Hosting Telesystems address:
Moscow,
Pavlovskay 27/29 abuse-mailbox: ab...@ht-systems.ru phone: +7 495
3633310
fax-no: +7 495 3633310 nic-hdl: AN500-RIPE mnt-by: HTS-MNT-RIPE
source: RIPE
# Filtered

person: Stanislav Sedov address: 115093, Pavlovskaya street, 27/29,
Moscow,
Russian Federation address: Hosting Telesystems remarks: Mobile phone
(GSM)
phone: +7 916 8492023 remarks: Work phone phone: +7 495 3633310
fax-no: +7
495 3633310
========================

Phorms Russian address is below, also in 27 Pavlovskaya Street.
Actually
*the same building* in the same street as JSC Hosting Telesystems.

========================
Moscow, Russia
Phorm / AIS
27 Pavlovskaya Street
Moscow, 115093
Russia
========================

Now, Google JSC Hosting Telesystems, and look through the pages of
links
returned. Draw your own conclusions (I'm not suggesting either
pro/con).

This could be co-incidental thing, but more eyes might make more sense
of
it.

Anyone able to turn anything up that would link Phorm directly to JSC
Hosting Telesystems? Or the scam sites Google identified?

Or conversely, anyone able to positively exclude a link between them?
Or
confirm whether JSC are just very unlucky hosting providers?

thanks,
Pete.

Completewhois gives this result/

Unknown domain: 78.110.48.130
[IPv4 whois information for 78.110.48.130 ]
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Information related to '78.110.48.0 - 78.110.55.255'

inetnum:        78.110.48.0 - 78.110.55.255
netname:        RU-HT-SYSTEMS
descr:          Hosting Telesystems network
country:        RU
admin-c:        AN500-RIPE
admin-c:        ST4096-RIPE
tech-c:         ST4096-RIPE
status:         ASSIGNED PA
mnt-by:         HT-SYSTEMS-MNT-RIPE
mnt-lower:      HT-SYSTEMS-MNT-RIPE
changed:        s...@FreeBSD.org 20080211
source:         RIPE

person:         Anton Nekhoroshih
address:        JSC Hosting Telesystems
address:        Moscow, Pavlovskay 27/29
abuse-mailbox:  ab...@ht-systems.ru
phone:          +7 495 3633310
fax-no:         +7 495 3633310
e-mail:         an...@ht-systems.ru
nic-hdl:        AN500-RIPE
mnt-by:         HTS-MNT-RIPE
source:         RIPE
changed:        s...@FreeBSD.org 20070712

person:         Stanislav Sedov
address:        115093, Pavlovskaya street, 27/29, Moscow, Russian
Federation
address:        Hosting Telesystems
e-mail:         s...@FreeBSD.org
e-mail:         s...@ht-systems.ru
remarks:        Mobile phone (GSM)
phone:          +7 916 8492023
remarks:        Work phone
phone:          +7 495 3633310
fax-no:         +7 495 3633310
remarks:        XMPP: sse...@jabber.ru
remarks:        IRC: stass @ EFNet, RusNet, FreeNode
remarks:        WWW: http://www.springdaemons.com/
remarks:        WWW: http://people.FreeBSD.org/~stas/
remarks:        PGP: http://people.FreeBSD.org/~stas/stas.key.asc
remarks:        Fingerprint: F21E D6CC 5626 9609 6CE2  A385 2BF5 5993
EB26 9581
nic-hdl:        ST4096-RIPE
mnt-by:         SPRINGDAEMONS-MNT-RIPE
changed:        s...@FreeBSD.org 20070106
source:         RIPE

% Information related to '78.110.48.0/20AS31240'

route:          78.110.48.0/20
descr:          JSC Hosting Telesystems route object
origin:         AS31240
mnt-by:         HT-SYSTEMS-MNT-RIPE
changed:        an...@ht-systems.ru 20070813
source:         RIPE

[DNS Information on 78.110.48.130]
Whois Domain Lookup on ip 78.110.48.130 has been requested but failed
DNS Error while getting PTR record for ip

[OTHER (whois.radb.net) whois information for 78.110.48.130 ]
[whois.radb.net]
route:          78.110.48.0/20
descr:          JSC Hosting Telesystems route object
origin:         AS31240
mnt-by:         HT-SYSTEMS-MNT-RIPE
changed:        an...@ht-systems.ru 20070813
source:         RIPE

[DNS information for 78.110.48.130 ]
; <<>> DiG 9.3.1 <<>> +trace 78.110.48.130
;; global options:  printcmd
.                       482057  IN      NS      c.root-servers.net.
.                       482057  IN      NS      d.root-servers.net.
.                       482057  IN      NS      e.root-servers.net.
.                       482057  IN      NS      f.root-servers.net.
.                       482057  IN      NS      g.root-servers.net.
.                       482057  IN      NS      h.root-servers.net.
.                       482057  IN      NS      i.root-servers.net.
.                       482057  IN      NS      j.root-servers.net.
.                       482057  IN      NS      k.root-servers.net.
.                       482057  IN      NS      l.root-servers.net.
.                       482057  IN      NS      m.root-servers.net.
.                       482057  IN      NS      a.root-servers.net.
.                       482057  IN      NS      b.root-servers.net.
;; Received 500 bytes from 64.68.0.213#53(64.68.0.213) in 1 ms

.                       86400   IN      SOA     A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2008031301 1800 900 604800 86400
;; Received 106 bytes from 192.33.4.12#53(c.root-servers.net) in 30 ms

; <<>> DiG 9.3.1 <<>> +trace 78.110.48.130 +trace
;; global options:  printcmd
.                       482057  IN      NS      b.root-servers.net.
.                       482057  IN      NS      c.root-servers.net.
.                       482057  IN      NS      d.root-servers.net.
.                       482057  IN      NS      e.root-servers.net.
.                       482057  IN      NS      f.root-servers.net.
.                       482057  IN      NS      g.root-servers.net.
.                       482057  IN      NS      h.root-servers.net.
.                       482057  IN      NS      i.root-servers.net.
.                       482057  IN      NS      j.root-servers.net.
.                       482057  IN      NS      k.root-servers.net.
.                       482057  IN      NS      l.root-servers.net.
.                       482057  IN      NS      m.root-servers.net.
.                       482057  IN      NS      a.root-servers.net.
;; Received 500 bytes from 64.68.0.213#53(64.68.0.213) in 1 ms

.                       86400   IN      SOA     A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2008031301 1800 900 604800 86400
;; Received 106 bytes from 192.228.79.201#53(b.root-servers.net) in 17
ms

[OTHER (whois.cyberabuse.org) whois information for 78.110.48.130 ]
[ Informations about 78.110.48.130 ]
 IP range     :    78.110.48.0 - 78.110.55.255
 Infos        :    Hosting Telesystems network
 Country      :    Russian Federation (RU)
 Source       :    RIPE

[OTHER (rbl.completewhois.com) whois information for 78.110.48.130 ]
 Listed in country-rirdata: RU -  Russian Federation

[OTHER (riswhois.ripe.net) whois information for 78.110.48.130 ]
[riswhois.ripe.net]
% This is RIPE NCC's Routing Information Service
% whois gateway to collected BGP Routing Tables
% IPv4 or IPv6 address to origin prefix match
%
% For more information visit http://www.ripe.net/ris/riswhois.html

route:        0.0.0.0/1
origin:       AS3303
descr:        SWISSCOM Swisscom (Switzerland) Ltd
lastupd-frst: 2008-03-12 20:52Z  193.203.0.139@rrc05
lastupd-last: 2008-03-12 20:52Z  193.203.0.139@rrc05
seen-at:      rrc05
num-rispeers: 1
source:       RISWHOIS

route:        78.110.48.0/20
origin:       AS31240
descr:        OLD-HT-SYSTEMS-AS JSC Hosting Telesystems autonomous
system
lastupd-frst: 2008-02-08 17:16Z  168.209.255.123@rrc00
lastupd-last: 2008-03-14 07:35Z  195.66.224.193@rrc01
seen-at:
rrc00,rrc01,rrc02,rrc03,rrc04,rrc05,rrc06,rrc07,rrc10,rrc11,rrc12,rrc13,rrc 14,rrc15,rrc16
num-rispeers: 127


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google