To whom MTS trusts its advertisement
A story happened to me. I went to the sutra (I hadn't drunk coffee yet) in the Gmail web interface, but I was redirected to some kind of porn:
The covers will be torn off in the second part, but for now ...
')
I was amazed. I looked at
Eyewear questions: gender and how old. And then they offer some old-fashioned iPad:
A strange number of iPads left, well, let's play again, click on the iPad. An undisguised scam begins:
The “rule”, “FAQ”, “cost” links ... none work.
I enter the phone from the bald (sorry, man 1232233!). And what do I see?
"MTS: Feel the lightness of a cheap divorce"
About all this I wrote on Habr and the first comment l0calh0st tore the covers. The whole thing was a
Fasten your seat belts and have a nice trip :-)
According to whois, gmai.com is already registered on the island of Nevis in the Caribbean. It is possible that somewhere here:
There are several servers and they are located in the Bahamas, in the states of Texas and Washington. In a word, in the USA. These servers issue redirects:
I wonder why for a simple redirect to fence the whole Apache with PHP? But we still see this setup. Moving along the redirect.
Zaregen domain somewhere near Gold Coast in eastern Australia :
They have one server and it is located in the same place where one of the gmai.com servers is located in the Bahamas (All the same city of Nassau):
It produces a simple
Zaregin in the same place in Australia.
And here are servers in Switzerland and the Netherlands ( Amsterdam ):
These servers are already responding in Russian (even if no language is indicated; apparently, they are designed only for Russian suckers), they give out a ton of cookies and they implement the whole scam. Although ... they use suspiciously familiar software: Apache / 2.2.3 (CentOS) and PHP / 5.1.6. Apparently the whole chain sets up one hand.
Well, in the end you fly to
Here everything is trite. It is done. Our native RU-CENTER-REG-RIPN says that it is OJSC Mobile TeleSystems. Not lying. Although everything is not without frills:
That is, in fact, this is not MTC, but some kind of Quantum Art.
It remains only to be surprised by what muddy ways MTS supplies its services.
And our journey ends ... sorry not Friday.
The covers will be torn off in the second part, but for now ...
')
I was amazed. I looked at
host gmail.com , everything seems to be beautiful. I looked at the dig - too ... Well, I think I need to read the mail, I will answer your questions.Eyewear questions: gender and how old. And then they offer some old-fashioned iPad:
A strange number of iPads left, well, let's play again, click on the iPad. An undisguised scam begins:
The “rule”, “FAQ”, “cost” links ... none work.
I enter the phone from the bald (sorry, man 1232233!). And what do I see?
"MTS: Feel the lightness of a cheap divorce"
And now exposing
About all this I wrote on Habr and the first comment l0calh0st tore the covers. The whole thing was a
gmai.com . The article began to minus godlessly and I removed it, but I still wanted to figure it out. And what did it turn out? To whom does MTS trust its advertisement?Fasten your seat belts and have a nice trip :-)
gmai.com
According to whois, gmai.com is already registered on the island of Nevis in the Caribbean. It is possible that somewhere here:
There are several servers and they are located in the Bahamas, in the states of Texas and Washington. In a word, in the USA. These servers issue redirects:
HTTP / 1.1 302 Found Date: Mon, 06 Aug 2012 05:06:20 GMT Server: Apache / 2.2.3 (CentOS) X-Powered-By: PHP / 5.1.6 Location: http://rediresense.com/?sov=gmai.com Content-Length: 0 Connection: close Content-Type: text / html; charset = UTF-8
I wonder why for a simple redirect to fence the whole Apache with PHP? But we still see this setup. Moving along the redirect.
rediresense.com
Zaregen domain somewhere near Gold Coast in eastern Australia :
They have one server and it is located in the same place where one of the gmai.com servers is located in the Bahamas (All the same city of Nassau):
It produces a simple
HTTP/1.1 200 OK and a document with a redirect through JavaScript.document.location = "http://the-awards-spot.com/?sov=173652&&id=cGiveaways2";
the-awards-spot.com
Zaregin in the same place in Australia.
And here are servers in Switzerland and the Netherlands ( Amsterdam ):
These servers are already responding in Russian (even if no language is indicated; apparently, they are designed only for Russian suckers), they give out a ton of cookies and they implement the whole scam. Although ... they use suspiciously familiar software: Apache / 2.2.3 (CentOS) and PHP / 5.1.6. Apparently the whole chain sets up one hand.
Well, in the end you fly to
moipodpiski.ssl.mts.ru
Here everything is trite. It is done. Our native RU-CENTER-REG-RIPN says that it is OJSC Mobile TeleSystems. Not lying. Although everything is not without frills:
moipodpiski.ssl.mts.ru is an alias for mtscluster.quantumart.ru. mtscluster.quantumart.com is an alias for netcluster.quantumart.com. netcluster.quantumart.ru has address 81.176.70.200
That is, in fact, this is not MTC, but some kind of Quantum Art.
It remains only to be surprised by what muddy ways MTS supplies its services.
And our journey ends ... sorry not Friday.
Source: https://habr.com/ru/post/149110/
All Articles