ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Mihail Fortis

Evidence Menu:

Mihail Fortis Index


Country: Estonia
State:
Aka "maili.ee" and "Logpartner OÜ". This spammer switches their company name every few months. Estonian B2B spammer for hire that spams mostly people in the Baltics and surrounding countries. Obtains service on VPS and cloud hosting providers using a large number of borrowed or forged identities.


Mihail Fortis SBL Listings History
Current SBL Listings
Archived SBL Listings

Main Information


Mihail Fortis is an alias/sock puppet name for an Estonian B2B marketer who spams on behalf of himself and small business customers, primarily in Estonia and Finland. Spam is targeted to Estonian and Finnish email addresses, with ignificant spam activity also in Latvia, Lithuania, and the Scandinavian peninsula. Fortis manages to send a great deal of unsolicited bulk email to our spamtraps for an organization that spams primarily in languages spoken by only a few million people.

This spammer has operated under several business names, most recently Logpartner OÜ. The pattern appears to be to register a new business name every six months or so, allowing the previous business to go bankrupt with unpaid bills and tax delinquencies. Previous business names have included Line Transport OÜ, Arendame OÜ, and Saiake OÜ.

The domain maili.ee remains appears to be Fortis's main business domain. Fortis also either owns or effectively controls a number of .EE domains for various businesses, many of them offering business or personal training. For sending spam, throwaway domains are registered and changed frequently, usually in whichever TLD is cheapest at that time. In late 2017 the preferred TLD is .XYZ, and most domains are registered with Russian Registrar Reg.ru, using Whois Privacy.

Fortis uses a variety of names and contact information to sign up for IP space, most recently Алексей Георгиевич Мокров (Alexey Georgievich Mokrov) <mokrov@mail.ru>. As of 2017 Fortis favors Russian VPS providers, but can appear on any VPS provider which provides cheap VPS service with automated provisioning that has inadequate security checks in place.

Fortis usually pays for VPS servers using the Russia-based Webmoney service (wmtransfer.com), often called Russia's Paypal.

Fortis uses a large number of names to register the domains that he spams from. Originally he used "Mihail Fortis" for domain registrations. Later he used several other other names, some aliases and some belonging to actual persons that register domains on his behalf. As of about a year ago, Fortis started registering domains with Whois Privacy services, especially Reg.ru.

Most Fortis spam is sent under a personal name rather than a business name, although certain "fronts" used to register domains recently have had businesses associated with them.

In the past Fortis nameservers as shown in Whois records for were often stale or did not exist, and IP ranges that sent spam did not have rDNS. In January 2016 Fortis changed some of its methods, probably because email from their IPs and domains was widely blocked. At that time, IPs and domains usually had proper configuration for sending email. More recently, Fortis has returned to sending from IP addresses with no rDNS.

The name "Mihail Fortis" shares a postal address with one "Alexei Petrov" (a Russian name), sometimes known of as "Aleksejs Burovs" (the Latvian equivalent). We are not certain whether Petrov/Burovs is an alternate identity or a different person. The name "Mihail Fortis" has also been associated with at least two business names found in the Estonian Business Registry: Euro Marketing OÜ and Scanman Grupp OÜ. Both of these businesses had poor or no reputations, as have other Fortis-associated businesses, but we have found no direct link between them and his spamming activities.

Fortis normally uses hosting in Russia, although it has been known to use hosting in Latvia, Byleorussia, Germany, the Czech Republic, and Sweden as well. It sometimes abuses free redirectors (among them bit.do, bit.ly, and ow.ly) to mask the links in his spam URIs. It seems to go back and forth between spamming very dirty lists and attempting to listwash so that it doesn't hit as many spamtraps.

What Spamhaus has not seen is any indication that Fortis has ever attempted to gain permission from the recipients of its bulk email.

=====

MAIN BUSINESS INFORMATION:

http://maili.ee

FORMER BUSINESS:

Saiake OÜ

Arendame OÜ

tammsaare tee 59-66,
13416 Tallinn
Harju maakond
Eesti Vabariik (Estonia)

+372.5839-5564
parimadpakkumised@gmail.com

Raua tn 1
Kesklinna linnaosa
10124 Tallinn
Harju maakond
Eesti Vabariik (Estonia)

+372.5839-5564
parimadpakkumised@gmail.com

http://maili.ee

=====

MOST COMMON DOMAIN REGISTRATION INFORMATION:

Mihail Fortis

Kreenholmi 14-24
20104 Narva
Ida-virumaa
Estonia

Telephone: +372.58395564
Fax: +372.58395564

Email Addresses:
fortunitos@gmail.com (domain registration)
aleksei.petrov@myself.com (forum posts)

=====

OTHER BUSINESSES:

Euro Marketing OÜ (contact email: aleksei.petrov@myself.com):
https://www.inforegister.ee/ru/12601845-EURO-MARKETING-OU
http://www.teatmik.ee/ru/info/12601845-EURO-MARKETING-O%C3%9C
https://infopank.ee/ettevote/152315/euro-marketing

Scanman Grupp OÜ (contact email: fortunitos@gmail.com):
https://www.inforegister.ee/en/12715187-SCANMAN-GRUPP-OU
http://www.teatmik.ee/ru/info/12715187-Scanman-Grupp-O
https://www.infopank.ee/ettevote/136068/scanman-grupp

=====

ALIASES USED FOR DOMAIN REGISTRATIONS OR TO OBTAIN SERVICE:

Aivar Tihamets
Kangelaste prospekt 5-3
20305 Narva
Ida-virumaa
Estonia

+7.4957253170
reply@kodulehe.top

Aleksandr Primakov
parimadpakkumised@gmail.com
info@maili.ee

Aleksandr Trubin
Slavjanskii bulvar 12-4
121352 Moscow
Russian Federation

+7.4957547745
vastus@ariinfo.eu

Daniil Alexandrovich Malinkov
Данил Александрович Маликов
malikov@iname.com

Milvi Langberg
Uus-Aduri 7
74637 Allika kula
Kuusalu vald
Estonia

+7.4957279999
return@uusinfo.top

Moonika Lensberg
Lensberg LCC
Vikerlase tanav 13
13616 Tallinn
Harjumaa
Estonia

+3.5635-6229
+3.5635-6229
bestpost@post.com

Triinu Vats
AAA Omnikum LCC
Jaan Korti 15-3
13523 Tallinn
Harjumaa
Estonia

+372.5553-4365
+372.5553-4365
triinu.vats@gmail.com

=====

UNSORTED URLs:

"Alexei Petrov":
https://who.is/whois-ip/ip-address/46.22.212.23

"Alexei Petrov" posts job for translator to translate letters from
Latvian to Russian:
http://atwork.lv/projects/138/

"Aleksejs Burovs" businesses listing:
https://infopank.ee/isik/158752/aleksejs-burovs

Photo of Flats at Fortis' postal address:
http://www.kv.ee/idavirumaa-narva-kreenholmi-24-2-tuba-55-korteriom-2657110.html

Saiake OÜ:
https://infopank.ee/ettevote/262069/saiake
https://www.e-krediidiinfo.ee/12952266-SAIAKE%20O%C3%9C


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK11428/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2017 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy