ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Ruslan Ibragimov / send-safe.com

Evidence Menu:

Ruslan Ibragimov / send-safe.com Index


Country: Russian Federation
State:
Stealth spamware creator. One of the larger criminal spamming operations around. Runs a CGI mailer on machines in Russia and uses hijacked open proxies and virus infected PCs to flood the world with spam.


Ruslan Ibragimov / send-safe.com SBL Listings History
Current SBL Listings
Archived SBL Listings

"Dmitry Sidorov" : spamlog.ru / RUSSIAN-HOSTING.COM


"Dmitry Sidorov" appears in many send-safe SBL records. Either Ruslan himself or a close partner.

ICQ: 715430
urist@seznam.cz
spamlog.ru
Ruslan E Sviridov
mr_bin@inbox.ru
mailpr2004@netscape.net
spaming@hot.ee
(095) 773-98-42
e-mail: spaming@emailacc.com

=====================================================
Russians selling "bullet-proof" spam hosting in Thailand.

Moved operations to 203.147.62.137 on ji-net.com (Thailand) on 2006-10-19 after getting hosting removed from rtcomm.ru.

...................................................
http://www.spamlog.ru/ (Translated from russian):

"Mass e-mail the distribution
More than five years we professionally with the mass e-mail by distributions on the electronic mail, by advance and by the spinup of any goods and services. "

:: [25.01/2006] - new proposal on the Spam- hosting. Now we allow Dedicated server (Bullet proof). Are so introduced resselerskiye akkaunty.

:: [25.11/2006] - continues the assignment of services to spam of hosting for your project.Ignoring complaints of the conducted distributions. Unlimited traffic, not limited locally on the disk. Everything is switch oned!


ICQ: 715430
support@spamlog.ru
....................................................


(as of 2006-10-19):
--
www.spamlog.ru. IN A 203.147.62.137
spamlog.ru. IN NS ns2.comrus.net.
spamlog.ru. IN NS ns1.comrus.net.
ns1.comrus.net. IN A 203.147.62.137
ns2.comrus.net. IN A 82.146.36.183

--
comrus.net. IN A 203.147.62.137


--
ns1.comrus.net A 203.147.62.137

found 11 domain entrys on NS: ns1.comrus.net
easyfxgold.com A 203.147.62.137
prosper-life.com A 203.147.62.137
goinbusiness.st A 203.147.62.137
humorilla.ru A 203.147.62.137
BUYLOWRATE.INFO. A 203.147.62.137
HANDYEMPFANG.COM. A 203.147.62.137
LOWRATEIT.INFO. A 203.147.62.137
MYREEFTANKS.INFO. A 203.147.62.137
SAPHIRE-OFFER.BIZ. A 203.147.62.137
SIMSAVESIM.COM. A 203.147.62.137
SUPER-MOBILE-WORLD.NET. A 203.147.62.137



--
[whois.ripn.net]
domain: SPAMLOG.RU
type: CORPORATE
nserver: ns1.comrus.net.
nserver: ns2.comrus.net.
state: REGISTERED, DELEGATED
person: Dmitry S Agienko
phone: +7 916 3808694
e-mail: agdm79@mail.ru
registrar: RUCENTER-REG-RIPN
created: 2003.04.10
paid-till: 2007.04.10
source: TC-RIPN



--
[whois.nic.ru]
Domain name: COMRUS.NET
Name Server: ns1.comrus.net 203.147.62.137
Name Server: ns2.comrus.net 82.146.36.183
Creation Date: 2006.03.08
Updated Date: 2006.04.03
Expiration Date: 2007.03.08
Status: DELEGATED
Registrant ID: CTXBSCE-RU
Registrant Name: OOO ONIKS
Registrant Organization: OOO ONIKS
Registrant Street1: 3 Lusinovskiy, 3A-3.
Registrant City: Moscow
Registrant State: Moscow area
Registrant Postal Code: 117049
Registrant Country: RU
Administrative, Technical Contact
Contact ID: CTXBSCE-RU
Contact Name: OOO ONIKS
Contact Organization: OOO ONIKS
Contact Street1: 3 Lusinovskiy, 3A-3.
Contact City: Moscow
Contact State: Moscow area
Contact Postal Code: 117049
Contact Country: RU
Contact Phone: +7 916 6069032
Contact Fax: +7 916 6069032
Contact E-mail: oniks_2006@mail.ru

--
[whois.nic.ru]
Domain name: PROSPER-LIFE.COM
Name Server: ns1.comrus.net
Name Server: ns2.comrus.net
Creation Date: 2006.01.13
Updated Date: 2006.08.01
Expiration Date: 2007.01.13
Status: DELEGATED
Registrant ID: PLQ9HTI-RU
Registrant Name: Ruslan E Sviridov <----NOTE****
Registrant Organization: Ruslan E Sviridov
Registrant Street1: Yaroslavskoe shosse, 4-110
Registrant City: Pushkino
Registrant State: Moscow area
Registrant Postal Code: 141200
Registrant Country: RU
Administrative, Technical Contact
Contact ID: PLQ9HTI-RU
Contact Name: Ruslan E Sviridov
Contact Organization: Ruslan E Sviridov
Contact Street1: Yaroslavskoe shosse, 4-110
Contact City: Pushkino
Contact State: Moscow area
Contact Postal Code: 141200
Contact Country: RU
Contact Phone: +7 916 3808496
Contact Fax: +7 916 3808496
Contact E-mail: mr_bin@inbox.ru


---------------------
NOTE: "Ruslan E Sviridov" aka "Dmitry Sidorov" is Ruslan Ibragimov. (See info further down)



=======================================================
From spamlog.ru:
ICQ: 715430 support@spamlog.ru

several good google hits on ICQ 715430:
http://www.google.com/search?hl=en&q=ICQ%3A+715430&btnG=Google+Search

--
info provided on http://www.comedyzine.com/spam.shtml:
urist@seznam.cz
ICQ: 715430

--
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/80758
delete@emailacc.com
ICQ: 715430
E-mail: spaming@emailacc.com

--
http://www.telesys.ru/wwwboards/mcontrol/625/messages/29785.shtml
spaming@hot.ee

--
http://www.telesys.ru/wwwboards/mcontrol/625/messages/29784.shtml
mailpr2004@netscape.net

--
http://pyva.net/collect/spam/prodigy2.html
Date: Mon, 04 Aug 2003 10:00:48 +0000
From:   <rambler-rr@rambler.ru>
Subject:    
To: [...]

  " "  
e-mail   :

     :)
4 000 000  !

(095) 773-98-42

e-mail: spaming@emailacc.com
Icq 715430.


--


__________________________________________________________________
===================================================================
previous SBL38069 when they were hosted on RTCOMM.RU from Feb-Oct 2006: (removed 2006-10-19):

............................
SBL38069 81.176.78.130/32
Subject: Phishing injection source, spaming.ru, househost.ru, etc

--
TCP stream analysis of a virus-infected/trojaned PC reveals that it is being hijacked on proprietary high ports from the spammers illegal proxy-mailing server on 81.176.78.130

i.e. the listed IP is hijacking virus-infected PCs on proxy ports
[Listed IP]---SOCKS--->[Infected PC]---SMTP--->[Recipient]

Other domains on this IP show a spam-for-hire service in operation
.
1. doska.biz IP: 63.247.72.130
2. househost.ru IP: 63.247.72.130
3. rostov.net IP: 63.247.72.130
4. spaming.ru IP: 63.247.72.130
5. spamlog.ru IP: 63.247.72.130
6. swan-swan.ru IP: 63.247.72.130
7. second-citizenship.com IP: 63.247.72.130
8. sportmashina.com IP: 63.247.72.130

--
From http://www.spamlog.ru/ :
"Bulk email distribution (sending), spam hosting, bulk posting to message boards and catalogs (search engines, they probably mean), position (job) in Yandekse, (all sorts of) mass distributions, spam distribution (sending)."


--
Sample phish spam payload extracted from an infected PC being proxy-hijacked from 63.247.72.130:
..................................................
Date: Sun, 19 Feb 2006 08:xx:xx -0000
Subject: Wells Fargo Online Important Notice

[...snip...]
<H2 class=subhead>Wells Fargo Online Important Notice February
16, 2006<BR><BR>&nbsp;</H2> <OL>Dear Online Customer,<BR><BR>As
part of our security measures, we regularly screen activity in
the Wells Fargo Online Banking system. We recently noticed the
following issue on your account. A recent review of your account
determined that we require some additional informati on from you
in order to provide you with secure service. ID Number:
[...snip...]. For your protection, we have limited access to
your account until additional security measures can be
completed. We apologize for any inconvenience this may cause.
Please log in to Wells Fargo Online Banking system to restore
your account access as soon as possible.<BR><BR>You must click
the link below and log in Wells Fargo Online Banking page to
complete the verification process.<BR><BR><A
href="http://petitoie.com/PUBLICATION/wellsfargo/index.html"
target=_blank alt="">https://online.wellsfargo.com/signon</A><BR><BR>
[...snip...]
..................................................


--
domain: SPAMLOG.RU
type: CORPORATE
nserver: ns1.russian-hosting.com.
nserver: ns2.russian-hosting.com.
state: REGISTERED, DELEGATED
person: Dmitry S Agienko
phone: +7 916 3808694
e-mail: agdm79@mail.ru
registrar: RUCENTER-REG-RIPN
created: 2003.04.10
paid-till: 2006.04.10
source: TC-RIPN




--
domain: SPAMING.RU
type: CORPORATE
nserver: ns1.househost.ru.
nserver: ns2.househost.ru.
state: REGISTERED, DELEGATED
person: Ruslan E Sviridov
phone: +7 916 3808496
fax-no: +7 916 3808496
e-mail: nic.ru@post.cz
registrar: RUCENTER-REG-RIPN
created: 2003.12.24
paid-till: 2006.12.24
source: TC-RIPN


--
Bingo - "Dmitry Sidorov" / "Ruslan Sidorov" is Ruslan Ibragimov:

[whois.nic.ru]
Domain name: RUSSIAN-HOSTING.COM
Name Server: ns1.russian-hosting.com 202.142.213.35
Name Server: ns2.russian-hosting.com 82.146.35.244
Creation Date: 2005.06.23
Updated Date: 2005.07.09
Expiration Date: 2006.06.23
Status: DELEGATED
Registrant ID: PLQ9HTI-RU
Registrant Name: Ruslan E Sviridov
Registrant Organization: Ruslan E Sviridov
Registrant Street1: Yaroslavskoe shosse, 4-110
Registrant City: Pushkino
Registrant State: Moscow area
Registrant Postal Code: 141200
Registrant Country: RU
Administrative, Technical Contact
Contact ID: PLQ9HTI-RU
Contact Name: Ruslan E Sviridov
Contact Organization: Ruslan E Sviridov
Contact Street1: Yaroslavskoe shosse, 4-110
Contact City: Pushkino
Contact State: Moscow area
Contact Postal Code: 141200
Contact Country: RU
Contact Phone: +7 916 3808496
Contact Fax: +7 916 3808496
Contact E-mail: nic.ru@post.cz


Related URLs

Google hits on ICQ: 715430:
http://www.google.com/search?hl=en&q=ICQ%3A+715430&btnG=Google+Search


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK7090/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy