How Megaphone burned on mobile subscriptions
For a long time, funny jokes have been told about paid mobile subscriptions to IoT devices.
With Picabu
Everyone understands that these subscriptions are not complete without the actions of mobile operators.
But mobile operators insist that these are suckers:
')
original
For many years, I have never picked up this infection, and even thought that people get this way because of their computer illiteracy. But I was wrong ...
Recently, having shared the Internet from Megaphone, I sat and quietly worked at the computer until a redirect occurred in Google when clicking on the next link
and I opened this window
Of course, I overcame professional interest.
I immediately realized that this is it! The very thing that people write about so often, and now they will try to dissolve me for money.
But it says nothing about paid subscriptions ...
Since I have 0 rubles on my phone’s account and there are no “credits of trust”, I clicked the “Continue” button.
There was a redirect to another page. The design is very similar to the first
An ordinary person will not focus on this and will think that the contents remain the same.
But the gray, barely noticeable text is completely different:
Subscribed! Of course, I immediately turned it off.
As most people think in such cases, I probably have a virus on my computer and he redirects me to the site of the content provider.
But in this case it is the Megaphone that makes the redirect using the same technology that redirects you in case of any Internet restrictions or wap-click is used. Unfortunately, I can’t say more precisely.
Such redirects are faced by corporate users:
I check who owns the domain, the site on which he wants to "dissolve":
How unexpected! Domain belongs to Megaphone!
And such a coincidence that the web server's ip also belongs to Megaphone
, - .
, - moy-m-portal.ru
, Citrix Netscaler, , , ID .
:
dnslytics.com/reverse-ip/31.173.34.226
dnslytics.com/reverse-ip/31.173.34.227
- …
2019 («created: 2019-03-20»)
, Google Chrome , :
, , !
, ( Kate Mobile) , ip IP. …
, ( , : moy-m-portal.ru ). , .
:
vk-vid.com/site/offer
, ! ?..
…
. - , , .
-, ! , , 159 . «» ! .
—
, .
, -…
200 000 35 . 100 000 . 3,5 …
— Megafon. , , ( YotaRussia ).
, «»
, , ?
P.S.: : .
With Picabu
Everyone understands that these subscriptions are not complete without the actions of mobile operators.
But mobile operators insist that these are suckers:
')
original
For many years, I have never picked up this infection, and even thought that people get this way because of their computer illiteracy. But I was wrong ...
Recently, having shared the Internet from Megaphone, I sat and quietly worked at the computer until a redirect occurred in Google when clicking on the next link
and I opened this window
Of course, I overcame professional interest.
I immediately realized that this is it! The very thing that people write about so often, and now they will try to dissolve me for money.
Small gray text box
The site contains materials in the following headings: audio jokes, videos, pictures, music, congratulations, useful articles, recipes, tips, interpretation of surnames, quotes and aphorisms, weather forecast.
But it says nothing about paid subscriptions ...
Since I have 0 rubles on my phone’s account and there are no “credits of trust”, I clicked the “Continue” button.
There was a redirect to another page. The design is very similar to the first
An ordinary person will not focus on this and will think that the contents remain the same.
But the gray, barely noticeable text is completely different:
By clicking on the "Continue" button you confirm your agreement with the connection to the vsewap.ru subscription and the Subscription Terms. Subscription price 35.0 rub. including VAT for 1 day. Payment is made from the main account. The service is provided by the content provider OOO Informpartner.I continue the experiment and press "Continue". SMS arrives ...
Subscribed! Of course, I immediately turned it off.
As most people think in such cases, I probably have a virus on my computer and he redirects me to the site of the content provider.
But in this case it is the Megaphone that makes the redirect using the same technology that redirects you in case of any Internet restrictions or wap-click is used. Unfortunately, I can’t say more precisely.
Such redirects are faced by corporate users:
I am looking for a place where the "legs" grow:
I check who owns the domain, the site on which he wants to "dissolve":
How unexpected! Domain belongs to Megaphone!
And such a coincidence that the web server's ip also belongs to Megaphone
nslookup truvpro.ru
Name: truvpro.ru
Address: 31.173.34.227
Name: truvpro.ru
Address: 31.173.34.226
inetnum: 31.173.32.0 - 31.173.39.255
netname: MF-MOSCOW-BBA-POOL-31-173-32
descr: Moscow Branch of OJSC MegaFon
role: Moscow Branch of PJSC <b>MegaFon Internet Center</b>, - .
, - moy-m-portal.ru
whois moy-m-portal.ru
% By submitting a query to RIPN's Whois Service
% you agree to abide by the following terms of use:
% www.ripn.net/about/servpol.html#3.2 (in Russian)
% www.ripn.net/about/en/servpol.html#3.2 (in English).
domain: MOY-M-PORTAL.RU
nserver: ns1.misp.ru.
nserver: ns2.misp.ru.
state: REGISTERED, DELEGATED, VERIFIED
org: North-West Branch of PJSC «MegaFon»
registrar: RU-CENTER-RU
admin-contact: www.nic.ru/whois
created: 2016-04-07T15:00:38Z
paid-till: 2020-04-07T15:00:38Z
free-date: 2020-05-08
source: TCI
Last updated on 2019-04-18T11:31:32Z
% By submitting a query to RIPN's Whois Service
% you agree to abide by the following terms of use:
% www.ripn.net/about/servpol.html#3.2 (in Russian)
% www.ripn.net/about/en/servpol.html#3.2 (in English).
domain: MOY-M-PORTAL.RU
nserver: ns1.misp.ru.
nserver: ns2.misp.ru.
state: REGISTERED, DELEGATED, VERIFIED
org: North-West Branch of PJSC «MegaFon»
registrar: RU-CENTER-RU
admin-contact: www.nic.ru/whois
created: 2016-04-07T15:00:38Z
paid-till: 2020-04-07T15:00:38Z
free-date: 2020-05-08
source: TCI
Last updated on 2019-04-18T11:31:32Z
ip, !
nslookup moy-m-portal.ru
Name: moy-m-portal.ru
Address: 31.173.34.227
Name: moy-m-portal.ru
Address: 31.173.34.226
Name: moy-m-portal.ru
Address: 31.173.34.227
Name: moy-m-portal.ru
Address: 31.173.34.226
, Citrix Netscaler, , , ID .
:
dnslytics.com/reverse-ip/31.173.34.226
dnslytics.com/reverse-ip/31.173.34.227
19!
arusav.ru
dmvasor.ru
mfprovas.ru
moy-m-portal.ru
mvpvas.ru
podpiskimf.ru
ppmprop.ru
pravvopros.ru
promfvas.ru
propodpiski.ru
propodpiskimf.ru
proprovas.ru
ropovasru.ru
savorpm.ru
truvpro.ru
vasmfpro.ru
vasmpro.ru
vaspromf.ru
vasprovp.ru
dmvasor.ru
mfprovas.ru
moy-m-portal.ru
mvpvas.ru
podpiskimf.ru
ppmprop.ru
pravvopros.ru
promfvas.ru
propodpiski.ru
propodpiskimf.ru
proprovas.ru
ropovasru.ru
savorpm.ru
truvpro.ru
vasmfpro.ru
vasmpro.ru
vaspromf.ru
vasprovp.ru
- …
2019 («created: 2019-03-20»)
, Google Chrome , :
, , !
, ( Kate Mobile) , ip IP. …
, ( , : moy-m-portal.ru ). , .
,
zvoook.com
Creation Date: 2019-02-18T07:32:00Z
Registrant Name: Protection of Private Person
Registrar: Registrar of domain names REG.RU LLC
yottupe.com
Creation Date: 2019-04-08T17:47:46Z
Registrant Name: Protection of Private Person
registrar: REGRU-RU
futod.space
Creation Date: 2019-03-26T23:01:18.0Z
Registrant Organization: Privacy Protection
registrar: REGRU-RU
vkusnopoedim.com
Creation Date: 2019-03-21T11:52:58Z
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person
zavcev.com
Creation Date: 2019-02-18T10:33:48Z
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person
MUSICA-YONTUBE.COM
Creation Date: 2019-03-11T12:41:40Z
Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
files-zilla.com
Creation Date: 2019-02-18T10:33:14Z
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person
Creation Date: 2019-02-18T07:32:00Z
Registrant Name: Protection of Private Person
Registrar: Registrar of domain names REG.RU LLC
yottupe.com
Creation Date: 2019-04-08T17:47:46Z
Registrant Name: Protection of Private Person
registrar: REGRU-RU
futod.space
Creation Date: 2019-03-26T23:01:18.0Z
Registrant Organization: Privacy Protection
registrar: REGRU-RU
vkusnopoedim.com
Creation Date: 2019-03-21T11:52:58Z
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person
zavcev.com
Creation Date: 2019-02-18T10:33:48Z
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person
MUSICA-YONTUBE.COM
Creation Date: 2019-03-11T12:41:40Z
Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
files-zilla.com
Creation Date: 2019-02-18T10:33:14Z
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person
:
- REG.RU
- -
- . . ( ).
35 «; — 150 ( ) 30 «»; . SMS- <>113 5151 «». C . «»: 8 800 500-25-43 ( ), e-mail: helpdesk@informpartner.com
vk-vid.com/site/offer
, ! ?..
…
. - , , .
-, ! , , 159 . «» ! .
—
, .
, -…
200 000 35 . 100 000 . 3,5 …
— Megafon. , , ( YotaRussia ).
, «»
nslookup zvoook.com
Name: zvoook.com
Address: 78.140.175.32
Name: zvoook.com
Address: 78.140.175.19
nslookup 78.140.175.19
19.175.140.78.in-addr.arpa name = webwap.org.
Address: 78.140.175.32
Name: zvoook.com
Address: 78.140.175.19
nslookup 78.140.175.19
19.175.140.78.in-addr.arpa name = webwap.org.
, , ?
P.S.: : .
Source: https://habr.com/ru/post/448530/
All Articles