ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov

Evidence Menu:

Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov Index


Country: Ukraine
State:
So many Alex & Alexey spamming! Alex Blood tied to Pilot Holding & bbasafehosting.com long ago, then Alex Polyakov posted he owned them. Massive botnet and child-porn spam ring, also pharma, mortgage, and more. May work with Kuvayev and Yambo.


Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov SBL Listings History
Current SBL Listings
Archived SBL Listings

cooperation by Moniker.com registrar


http://forum.icann.org/lists/registrar/msg00073.html
------------------------------------------------------------
ICANN ICANN Email List Archives
[registrar]
<<< Chronological Index >>> <<< Thread Index >>>
AceOfDomains / Moniker is allowing known illegal spammers to operate

* To: Monte@xxxxxxxxxxxxxxxx, support@xxxxxxxxxxxxxxxx, registrar@xxxxxxxxx, abuse@xxxxxxxxx, accredit@xxxxxxxxx, registrar-info@xxxxxxxxx
* Subject: AceOfDomains / Moniker is allowing known illegal spammers to operate
* From: "Spam Killerz" <killspammerz@xxxxxxxxx>
* Date: Tue, 31 Oct 2006 11:14:55 -0500

Hello.
This marks at least the fourth time I or my colleagues have attempted to
contact your company about an illegal spammer who continues to abuse your
services. An archive of my last complete complaint to your company and ICANN
(among several others) is available here, searchable in the public domain:


http://forum.icann.org/lists/registrar/msg00070.html


Alex Polyakov is currently the #1 spammer on the renowned Spamhaus ROKSO
list


http://www.spamhaus.org/statistics/spammers.lasso


http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Alex%20Blood%20/%20Alexander%20Mosh%20/%20AlekseyB%20/%20Alex%20Polyakov
I receive spam from his minions for multiple products I never signed up for
on a daily basis, and almost all of them point to websites for which your
company is providing name servers.


The latest batch for Hoodialife:


allatimerecord.com
allthedaylog.com
allthetimelist.com
allthetimelog.com


Performing a whois on those accounts exposes their name servers, which
Polyakov rotates throughout the day:


whois allatimerecord.com


Registrant Contact:
Bulk Domain Registration
Paul Gregoire ()
+1.6132552162
Fax:
175 Montreal Road #304
Vanier, ONTARIO K1L 6E4
CA


That address is a strip club in Ottawa called "The Playmate Club."


http://www.stripclublist.com/c.asp?c=7773


The phone number is for the cellphone of a woman in Montreal who has no idea
who Paul Gregoire is.


There is no "#304". It's a strip club, not an apartment or office building.


Alex Polyakov has been using this (completely fake) contact info for many
years now.
Look at the name servers for allatimerecord.com:


ns1.certifiedmunkeys.com
ns2.certifiedmunkeys.com


Look who owns those:


whois ns1.certifiedmunkeys.com


Server Name: NS1.CERTIFIEDMUNKEYS.COM
IP Address: 58.20.162.238
Registrar: ACE OF DOMAINS, INC
Whois Server: whois.aceofdomains.com
Referral URL: http://www.aceofdomains.com


Here's another:


whois acrontyymsandit.com


Domain Name: ACRONTYYMSANDIT.COM
Registrar: BULKREGISTER, LLC.
Whois Server: whois.bulkregister.com
Referral URL: http://www.bulkregister.com
Name Server: NS2.ONLYTHESE.COM
Name Server: NS1.ONLYTHESE.COM
Status: REGISTRAR-LOCK
EPP Status: clientDeleteProhibited
EPP Status: clientTransferProhibited
EPP Status: clientUpdateProhibited
Updated Date: 26-Oct-2006
Creation Date: 21-Jul-2006
Expiration Date: 21-Jul-2007


Registrant Contact:
Bulk Domain Registration
Paul Gregoire (paulgreg@xxxxxxxxxx)
1-613-482-5333
Fax:
175 Montreal Road #304
Ottawa, Ontario K1L 6E4
CA


whois ns2.onlythese.com


Server Name: NS2.ONLYTHESE.COM
IP Address: 221.7.193.181
Registrar: ACE OF DOMAINS, INC
Whois Server: whois.aceofdomains.com
Referral URL: http://www.aceofdomains.com


Those two DNS servers (certifiedmunkeys.com and onlythese.com) are currently
responsible for tens of thousands of illegal spamvertised websites'
continued operation. Your company is aiding and abetting a known criminal.


Polyakov operates 100% illegally and is wanted in several countries for
fraud, money laundering and child pornography charges. He has been avoiding
arrest since August of 2003, and it appears that your company is supporting
him.


I recommend you shut down those domains and lock them. He has abused other
domain registrars for the past several months. eNom and Tucows specifically
have become extremely diligent at refusing his thousands of domain
registrations. Now it looks like he's moved on to your company.


I would hope that you would not want to be associated with this criminal or
his activities.


Since a lot of registrars are quite loose with their lockout procedures I
would like to be very specific about the recommended actions against this
malicious spammer:


Please lock out the domain zone files certifiedmunkeys.com and
onlythese.comfrom update and transfer by this criminal. Then set the
ns1 and ns2 address
resolutions to 0.0.0.0 to render them inactive.


It is very important that both steps be taken against both domains.


As I say: several other registrars are very diligent about stopping this
known criminal from continuing to profit from abusing their services.
Polyakov is counting on you to be slow about this so that he can keep
spamming and profitting. Don't let him do it.


I would recommend doing a thorough search against the abovementioned name
and address (Paul Gregoire, at 175 Montreal Rd.) and purge every one of
those domains from your hosting, as well as locking him out.
I appreciate your swift attention to this matter.


ICANN: Why are so many spam-supporting domain registrars still accdredited
by you and operating after years of this continued abuse? This is
unacceptable.


Sincerely,


concerned citizen
<<< Chronological Index >>> <<< Thread Index >>>


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK7168/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2017 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy