I get a lot of spam. Predictably much of it Russian bride related. However, these clowns are spamming one of our site addresses.
Not just the odd one either. I am getting several a day from all different addresses. But they all point to the same site: dateritme.ru
So, it narked me off deleting this crap (which passes the spam filters incidentally) and I spent 5 minutes researching them.
Here is another one I got just now:
Hello dear, do you remember how we communicated with you? Long ago you could not see, I am Marina – with Russia, do you remember me? “Come to my page – let’s talk, I’m waiting!dateritme.ru
Rocket science it isn’t. But, it is worth noting for the benefit of Googlers.
So here is the data:
Header Analysis Quick ReportOriginating IP: 188.8.131.52Originating ISP: Hostway Deutschland GmbHCity: n/aCountry of Origin: Germany
It appears to come from Germany, but in there also is this IP in the headers: 184.108.40.206 which originates in Iran. Neither IP shows a city, so I am thinking they are likely just spamming proxies.
The reply email address is: firstname.lastname@example.org – again German. The domain keller-verlag.de traces to this:
Domain: keller-verlag.deNserver: ns1.s-dns.deNserver: ns2.s-dns.deStatus: connectChanged: 2008-02-12T22:13:29+01:00[Tech-C]Type: PERSONName: Edeltraud KreftAddress: THUECOM Medien GmbHAddress: Zittauer Str. 30PostalCode: 99091City: ErfurtCountryCode: DEPhone: +49 361 730 8800Fax: +49 361 730 8820Email:Changed: 2001-10-05T19:18:36+02:00[Zone-C]Type: PERSONName: Edeltraud KreftAddress: THUECOM Medien GmbHAddress: Zittauer Str. 30PostalCode: 99091City: ErfurtCountryCode: DEPhone: +49 361 730 8800Fax: +49 361 730 8820Email: email@example.com[/quote]The domain dateritme.ru only gives us this:[quote]domain: DATERITME.RUnserver: ns1.reg.ru.nserver: ns2.reg.ru.state: REGISTERED, DELEGATED, UNVERIFIEDperson: Private Persone-mail: firstname.lastname@example.org: REGRU-REG-RIPNcreated: 2011.10.15paid-till: 2012.10.15source: TCI
That is a commercial site pretending to be a private individual.
The site dateritme.ru is hosted in Turkey at 220.127.116.11
The name “audrawajmi” doesn’t sound either Russian or German. Turkish or Iranian? Maybe. So dateritme.ru is a Russian domain, with the owners ID falsely withheld, hosted in Turkey, likely operated from Germany by Turks or Iranians.
Not the best place to seek out a Russian wife methinks!