ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Ruslan Ibragimov / send-safe.com

Evidence Menu:

Ruslan Ibragimov / send-safe.com Index


Country: Russian Federation
State:
Stealth spamware creator. One of the larger criminal spamming operations around. Runs a CGI mailer on machines in Russia and uses hijacked open proxies and virus infected PCs to flood the world with spam.


Ruslan Ibragimov / send-safe.com SBL Listings History
Current SBL Listings
Archived SBL Listings

send-safe hosting entirely on zombies


Unable to retain stable hosting on even the darkest-hatted networks, Send-Safe now turns to hosting entirely on zombie'd peecees, DNS and HTTP on dynamic broadband IPs, sometimes known as the "mushrooms software" exploit. Of course, the place which could most easily stop this outrageous criminal behaviour is:

[whois.joker.com]

domain: send-safe.com
organization: Ibragimov Ruslan
email: ssdomain@rambler.ru
address: 12 Krasnokazarmennaya
city: Moscow
state: --
postal-code: 111250
country: RU
phone: +7.9177509211
admin-c: ssdomain@rambler.ru#0
tech-c: ssdomain@rambler.ru#0
billing-c: basaev@gmail.com#0
nserver: nsa5.stuffnz.com
nserver: nsa6.stuffnz.com
status: lock
created: 2001-11-14 04:31:54 UTC
modified: 2005-08-22 08:34:21 UTC
expires: 2006-11-14 04:31:54 UTC
source: joker.com live whois service
query-time: 0.060269
db-updated: 2005-08-26 04:59:34




> >$ dig @24.17.166.32 www.send-safe.com
> >[...]
> >
> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18630
> >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >
> >[...]
> >
> >;; ANSWER SECTION:
> >www.send-safe.com. 43200 IN A 24.17.166.32




$ dig send-safe.com a

; <<>> DiG 9.2.4 <<>> send-safe.com a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14978
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;send-safe.com. IN A

;; ANSWER SECTION:
send-safe.com. 43200 IN A 219.11.40.37

;; AUTHORITY SECTION:
send-safe.com. 172800 IN NS nsa5.stuffnz.com.
send-safe.com. 172800 IN NS nsa6.stuffnz.com.

;; ADDITIONAL SECTION:
nsa5.stuffnz.com. 172800 IN A 219.11.40.37
nsa6.stuffnz.com. 172800 IN A 221.88.4.15

;; Query time: 846 msec
;; SERVER: default
;; WHEN: Fri Aug 26 2005
;; MSG SIZE rcvd: 138



$ host 219.11.40.37
37.40.11.219.in-addr.arpa domain name pointer YahooBB219011040037.bbtec.net.



$ dig @221.88.4.15 send-safe.com ns

; <<>> DiG 9.2.4 <<>> @221.88.4.15 send-safe.com ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37725
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5

;; QUESTION SECTION:
;send-safe.com. IN NS

;; ANSWER SECTION:
send-safe.com. 187200 IN NS 218.3.30.70.IN-ADDR.ARPA.
send-safe.com. 212400 IN NS 15.4.88.221.IN-ADDR.ARPA.
send-safe.com. 198000 IN NS 98.166.37.69.IN-ADDR.ARPA.
send-safe.com. 208800 IN NS 24.62.90.84.IN-ADDR.ARPA.
send-safe.com. 212400 IN NS 12.120.60.68.IN-ADDR.ARPA.

;; ADDITIONAL SECTION:
218.3.30.70.IN-ADDR.ARPA. 43200 IN A 70.30.3.218
15.4.88.221.IN-ADDR.ARPA. 43200 IN A 221.88.4.15
98.166.37.69.IN-ADDR.ARPA. 43200 IN A 69.37.166.98
24.62.90.84.IN-ADDR.ARPA. 43200 IN A 84.90.62.24
12.120.60.68.IN-ADDR.ARPA. 43200 IN A 68.60.120.12

;; Query time: 213 msec
;; SERVER: 221.88.4.15#53(221.88.4.15)
;; WHEN: Fri Aug 26 2005
;; MSG SIZE rcvd: 255



$ host 70.30.3.218
218.3.30.70.in-addr.arpa domain name pointer CPE000c7601faae-CM00e06f163fd4.cpe.net.cable.rogers.com.
$ host 221.88.4.15
15.4.88.221.in-addr.arpa domain name pointer YahooBB221088004015.bbtec.net.
$ host 69.37.166.98
98.166.37.69.in-addr.arpa domain name pointer 69.37.166.98.adsl.snet.net.
$ host 84.90.62.24
Host 24.62.90.84.in-addr.arpa not found: 3(NXDOMAIN)
$ host 68.60.120.12
12.120.60.68.in-addr.arpa domain name pointer pcp0010306595pcs.macmb101.mi.comcast.net.




The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK5500/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy