What the hell [spam - pochta.ru]

DrVirus · Post by **DrVirus** » 15 Jun 2009, 02:54

I found this on my spam box of gmail. I have never seen anything like this one before. And it says unknown sender. Anyone has any idea what the hell this thing is ??

Code: Select all

by node2.ks.pochta.ru with POCHTA.RU LMTP SERVER
id 2944392112-1180708564.299832
Fri, 01 Jun 2007 18:36:04 +0400
Received: from dsl51B7A6E7.pool.t-online.hu(dsl51b7a6e7.pool.t-online.hu [81.183.166.231])
by mx10.pochta.ru with POCHTA.RU MAILER
id 0x86c8f00-1180708564.241635
envelope-from www@postcard.ru
Fri, 01 Jun 2007 18:36:04 +0400
X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release
Received: from hillary.hit.ru (localhost [127.0.0.1])
by hillary.hit.ru (8.13.4/8.13.4) with ESMTP id IJH21culgbytt136
for <stelcom@rbcmail.ru>; Fri, 01 Jun 2007 13:27:58 -0200 (MSD)
(envelope-from www@hillary.hit.ru)
Received: (from www@localhost)
by hillary.hit.ru (8.13.4/8.13.4/Submit) id DAZM42lyjqiqnp063;
Fri, 01 Jun 2007 11:35:58 -0400 (MSD)
(envelope-from www)
Date: Fri, 01 Jun 2007 14:34:58 -0100 (MSD)
Message-Id: <20070500488.ER41msrqxhpq12@hillary.hit.ru>
Reply-To: stelcom@rbcmail.ru
Errors-To: stelcom@rbcmail.ru
From: "POSTCARD.RU" <www@postcard.ru>
To: stelcom@rbcmail.ru
Subject: =?Windows-1251?Q?=5Bpostcard=2Eru=5D_=E2=E0=EC_=EF=F0=E8=F8= EB=E0_=EE=F2?=
=?Windows-1251?Q?=EA=F0=FB=F2=EA=E0!?=
Precedence: special-delivery
Content-Type: text/html; charset=Windows-1251
Content-Transfer-Encoding: 7Bit
X-SpamTest-Categories: Formal Messages > Postcards; Internal-LGS
X-SpamTest-Envelope-From: www@postcard.ru
X-SpamTest-Formal: yes
X-SpamTest-Group-ID: 00000000
X-SpamTest-Info: Profiles 1107 [June 01 2007]
X-SpamTest-Method: none
X-SpamTest-Rate: 0
X-SpamTest-Status: Not detected
X-SpamTest-Status-Extended: formal
X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release

moudy · Post by **moudy** » 15 Jun 2009, 04:32

since you found it in your spam box, then logically speaking its SPAM

Post by **bad_brain** » 15 Jun 2009, 04:42

well, this is only the email header....possible that gmail skipped the email body because of protocol violations by the sender...

Post by **computathug** » 15 Jun 2009, 06:32

Moved to correct section

Post by **DNR** » 15 Jun 2009, 10:11

Data Dump by DNR

http://www.rbcmail.ru/

"rbcmail.ru is a domain controlled by three nameservers at pochta.ru. All of them are on different IP networks. Incoming mail for rbcmail.ru is handled by one mailserver also at pochta.ru. rbcmail.ru has one IP record. nm.ru, land.ru, smtp.ru, pop3.ru, front.ru and at least 21 other hosts share nameservers with this domain. nm.ru, lbn.ru, f50.ru, qip.ru, land.ru and at least 74 other hosts share mailservers with this domain. www.rbcmail.ru, ftp.rbcmail.ru, mv4r2.rbcmail.ru, sadsad.rbcmail.ru, msnpro6.rbcmail.ru and at least eleven other hosts are subdomains to this hostname. ru is a domain controlled by six nameservers. All of them are on different IP networks. "

06/15/09 11:55:10 dig www.rbcmail.ru @ ns1.pochta.ru
Dig www.rbcmail.ru@ns1.pochta.ru (195.239.111.189) ...
Authoritative Answer
Recursive queries supported by this server
Query for www.rbcmail.ru type=255 class=1
www.rbcmail.ru A (Address) 82.204.219.251
rbcmail.ru NS (Nameserver) ns1.pochta.ru
rbcmail.ru NS (Nameserver) ns2.pochta.ru
rbcmail.ru NS (Nameserver) ns3.pochta.ru
ns1.pochta.ru A (Address) 195.239.111.189
ns2.pochta.ru A (Address) 82.204.219.196
ns3.pochta.ru A (Address) 80.68.240.183

http://www.ripn.net/nic/whois/

domain: POCHTA.RU
type: CORPORATE
nserver: ns1.pochta.ru. 195.239.111.189
nserver: ns2.pochta.ru. 82.204.219.196
nserver: ns3.pochta.ru. 80.68.240.183
state: REGISTERED, DELEGATED
org: Ltd. "RBC Media"
phone: +7 495 3631111
fax-no: +7 495 3631111
e-mail: domain@hc.ru
e-mail: hosting@hc.ru
registrar: CENTROHOST-REG-RIPN

domain: RBCMAIL.RU
type: CORPORATE
nserver: ns1.pochta.ru.
nserver: ns2.pochta.ru.
nserver: ns3.pochta.ru.
state: REGISTERED, DELEGATED
org: Ltd. "RBC Media"
..

http://emailstuff.org/bl/

..
http://www.pochta.ru/?lng=en

pochta.ru, fromru.com, front.ru, hotbox.ru, hotmail.ru, krovatka.su, land.ru, mail15.com ... nm.ru, pisem.net, pochtamt.ru, pop3.ru, rbcmail.ru, smtp.ru

moudy · Post by **moudy** » 15 Jun 2009, 11:51

mystikblaze wrote:sender is from russia! watch out man them russians took out a whole countries electronics in a cyber attack

How could that be done ???

PopPooB · Post by **PopPooB** » 16 Jun 2009, 22:09

bad_brain wrote:well, this is only the email header....possible that gmail skipped the email body because of protocol violations by the sender...

Considering something exploited its code accidentally it might just got have thrown to him through the server to everyone did anyone else get it?

moudy · Post by **moudy** » 17 Jun 2009, 02:13

mystikblaze wrote:
moudy wrote:
mystikblaze wrote:sender is from russia! watch out man them russians took out a whole countries electronics in a cyber attack
How could that be done ???
I don't know why don't you email Russia cyberattack team? HAHA

nice one mystik

mystikblaze · Post by **mystikblaze** » 17 Jun 2009, 02:41

pas touché

moudy · Post by **moudy** » 17 Jun 2009, 03:35

mystikblaze wrote:pas touché

huh ???