UPDATE Aug 09, 2011

ZeuS MITM / webinjects located here:
http://send-ing.com/snl/ing.php
http://send-ing.com/snl/asn.php

$ dig +short send-ing.com
195.226.220.30

ZeuS backend controller:
http://aqua-fire.com/pmd/scripts/js_gate.php

$ dig +short aqua-fire.com
195.226.220.95
_____________________________________________

UPDATE Aug 05, 2011

ZeuS MITM / webinjects located here:
http://send-poste.com/pnl/ing.php
http://send-poste.com/pnl/asn.php

$ dig +short send-poste.com
195.226.220.30
_____________________________________________

Based on routing and network information, AS51354 appears to have
been set up in violation on RIPE regulations for the sole purpose
of cybercrime hosting.

inetnum: 195.226.220.0 - 195.226.220.255
netname: NET-VPNME
descr: Igor Vladimirovich Kanaev
country: UA
org: ORG-IVK1-RIPE
admin-c: IVK47-RIPE
tech-c: IVK47-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: VPNME-MNT
mnt-routes: VPNME-MNT
mnt-domains: VPNME-MNT
changed: hostmaster@ripe.net 20100728
source: RIPE

organisation: ORG-IVK1-RIPE
org-name: Igor Vladimirovich Kanaev
org-type: OTHER
descr: Igor Vladimirovich Kanaev
address: Russia, Suvorov city, Tula Region,
address: Kirovskaya str., 14, app. 110
phone: +79037492322
e-mail: ikanaev@yahoo.com
admin-c: IVK47-RIPE
tech-c: IVK47-RIPE
mnt-ref: VPNME-MNT
mnt-by: VPNME-MNT
changed: ikanaev@yahoo.com 20100719
source: RIPE

person: Igor Vladimirovich Kanaev
address: Russia, Suvorov city, Tula Region,
address: Kirovskaya str., 14, app. 110
phone: +79037492322
e-mail: ikanaev@yahoo.com
nic-hdl: IVK47-RIPE
mnt-by: VPNME-MNT
changed: ikanaev@yahoo.com 20100719
source: RIPE



aut-num: AS51354
as-name: VPNME-AS
descr: Igor Vladimirovich Kanaev
org: ORG-IVK1-RIPE
import: from AS47936 action pref=100; accept ANY
export: to AS47936 announce AS51354
import: from AS15645 action pref=50; accept AS-UAIX
export: to AS15645 announce AS51354
admin-c: IVK47-RIPE
tech-c: IVK47-RIPE
mnt-by: RIPE-NCC-END-MNT
mnt-by: VPNME-MNT
mnt-routes: VPNME-MNT
changed: hostmaster@ripe.net 20100729
source: RIPE

organisation: ORG-IVK1-RIPE
org-name: Igor Vladimirovich Kanaev
org-type: OTHER
descr: Igor Vladimirovich Kanaev
address: Russia, Suvorov city, Tula Region,
address: Kirovskaya str., 14, app. 110
phone: +79037492322
e-mail: ikanaev@yahoo.com
admin-c: IVK47-RIPE
tech-c: IVK47-RIPE
mnt-ref: VPNME-MNT
mnt-by: VPNME-MNT
changed: ikanaev@yahoo.com 20100719
source: RIPE

person: Igor Vladimirovich Kanaev
address: Russia, Suvorov city, Tula Region,
address: Kirovskaya str., 14, app. 110
phone: +79037492322
e-mail: ikanaev@yahoo.com
nic-hdl: IVK47-RIPE
mnt-by: VPNME-MNT
changed: ikanaev@yahoo.com 20100719
source: RIPE

To have record SBL97864 (195.226.220.0/24) removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to 195.226.220.0/24) needs to contact the SBL Team by email (use this link) to explain how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated). If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.

It is essential that emails to the SBL Team about this SBL listing include this exact ticket information in the email Subject:

If you are a representative of RIPE, you also need to see: Current Live RIPE SBL Listings