I see Mike V, Oleg, Mama L...seems to be targeted toward liberty-types...
If you know anybody on this list, warn them about this. It's either a computer that's been taken over or else an edress spoofing. In any case, they don't want to click on the link.
Probably going to be a lot more of this now, actually. My publisher also just got me to get a facebook account. I don't care much for it, at least so far, but he seems to think it will be important for marketing my book. We shall see.
That address belongs to someone I have been in contact with for a long time, "Bill Hicks", although I haven't heard from him recently. It makes me suspect he abandoned that email address and someone swiped it. I have other contacts that has happened to when they stopped using a particular email address.
That blogspot page will attempt to redirect you to http://jwige.ru/, which is the URL you don't want anyone to click (so don't visit it).
There is apparently no webserver running there, although the port is open. That suggests its designed only to collect information about you when you connect to it, however, it can't really do much of that. They can log an IP but that's it.
In fact several ports are open/filtered; the server is likely an infected windows machine. Since the webserver does not reply, perhaps a responsible sysadmin firewalled it off and is waiting for the actual owner to wipe the box clean.
PORT STATE SERVICE 22/tcp filtered ssh 80/tcp open http 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 1214/tcp filtered fasttrack 6346/tcp filtered gnutella 6699/tcp filtered napster 8080/tcp open http-proxy
The domain name is registered with what is probably an anonymizing email service.
I suppose anybody who speaks russian could give the number a call or try to look it up with a phone directory service.
whois jwige.ru % By submitting a query to RIPN's Whois Service % you agree to abide by the following terms of use: % http://www.ripn.net/about/servpol.html#3.2 (in Russian) % http://www.ripn.net/about/en/servpol.html#3.2 (in English).
Weird...
ReplyDeleteProbably going to be a lot more of this now, actually. My publisher also just got me to get a facebook account. I don't care much for it, at least so far, but he seems to think it will be important for marketing my book. We shall see.
That address belongs to someone I have been in contact with for a long time, "Bill Hicks", although I haven't heard from him recently. It makes me suspect he abandoned that email address and someone swiped it. I have other contacts that has happened to when they stopped using a particular email address.
ReplyDeleteThat blogspot page will attempt to redirect you to http://jwige.ru/, which is the URL you don't want anyone to click (so don't visit it).
ReplyDeleteThere is apparently no webserver running there, although the port is open. That suggests its designed only to collect information about you when you connect to it, however, it can't really do much of that. They can log an IP but that's it.
In fact several ports are open/filtered; the server is likely an infected windows machine. Since the webserver does not reply, perhaps a responsible sysadmin firewalled it off and is waiting for the actual owner to wipe the box clean.
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp open http
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1214/tcp filtered fasttrack
6346/tcp filtered gnutella
6699/tcp filtered napster
8080/tcp open http-proxy
The domain name is registered with what is probably an anonymizing email service.
I suppose anybody who speaks russian could give the number a call or try to look it up with a phone directory service.
whois jwige.ru
% By submitting a query to RIPN's Whois Service
% you agree to abide by the following terms of use:
% http://www.ripn.net/about/servpol.html#3.2 (in Russian)
% http://www.ripn.net/about/en/servpol.html#3.2 (in English).
domain: JWIGE.RU
nserver: ns1.jwige.ru. 202.144.10.90
nserver: ns2.jwige.ru. 218.67.78.181
state: REGISTERED, DELEGATED, UNVERIFIED
person: Private Person
phone: +7 4212 320405
e-mail: meteor@ppmail.ru
registrar: NAUNET-REG-RIPN
created: 2010.12.14
paid-till: 2011.12.14
source: TCI
Last updated on 2011.01.14 01:53:42 MSK/MSD
A host running its own nameservers suggests the offender works at a NOC, or is otherwise trying to run a self-contained operation of some kind.
I see my old email address on there. Thats interesting.
ReplyDelete