R01R01 is a registrar in Russia. Регистратор R01

R01.logo.jpg

Description of the Registrar[edit | edit source]

Registrar R01 - domain name registrar belonging to the group of companies "Hosting Community". The company became the first accredited registrar in the RU national domain and today offers a wide range of professional services, being one of the leaders in terms of the number of registered domains for .RU .SU and .рф.

Регистратор R01 — регистратор доменных имен, входящий в группу компаний Hosting Community. Компания стала первым аккредитованным регистратором в национальном домене RU и сегодня предоставляет широкий спектр профессиональных услуг, являясь одним из лидеров по количеству регистрируемых доменов .RU, .SU и .РФ.

Anti-Spam Position[edit | edit source]

Not defined

Official Position[edit | edit source]

Not defined

Actual Behavior[edit | edit source]

R01 is widely abused by the Russian EvaPharmacy fraud operation.

R01 ignores all requests to suspend illegal domains. Domains are only suspended at the expiry date.

R01 широко злоупотребляли Российской EvaPharmacy мошеннической операции.

R01 игнорирует все просьбы приостановить незаконные доменов. Домены только приостанавливается на срок годности.

Registrar responsiveness[edit source]

Showing all registrars including R01.RU LiveSite2014.jpg

Showing all registrars excluding R01.RU LiveMinors.jpg

Piechart showing the crime sponsoring contribution by each registrar.

RegPie.jpg

The comparison between this registrar and others can be seen on the graphs.

It shows how many domains have not been suspended by various registrars over the past year. The higher the column, the more domains are sponsored by the registrar.

Currently the most abused registrar is Russia's R01.ru. This registrar sponsors the vast majority (often over 60%) of the fraud domains used within the Eva Pharmacy group.

The second most abused registrar is Russia's REG.RU REG.RU at over 25%

The next most abused registrar is GKG GKG at 4%.

The next most abused registrar is The Netherlands' Hosting Concepts aka OpenProvider at 3%.

These are followed by Russia's ARDIS, India's PublicDomainRegistry PDR, China's CNOBIN, Canada's Tucows, and Pakistan's PakNIC.


Outside of Russia, most registrars have been quick to terminate the service contracts with these cyber-criminals upon seeing the obvious evidence of fraud.



Сравнение между этим регистратором и другие можно увидеть на графике.

Она показывает, сколько доменов не были приостановлены по различным регистраторам за прошедший год.

Чем выше столбец, тем больше доменов спонсируются регистратора.

В настоящее время наиболее распространенным регистраторы Индии Netlynx и России R01.ru и Naunet

Этих трех регистраторов спонсор подавляющее большинство мошеннических доменов, используемых в рамках Eva Pharmacy

Другие регистраторы были быстры, чтобы расторгнуть договоры на обслуживание с эти кибер-преступники, видя очевидные факты фальсификаций.

Нажмите на график чтобы увеличить ее.

Examples of domains used for fraud[edit | edit source]

Click on any heading for evidence of fraud.

Over 1,000 domains with false registrant information is listed at R01-RU_list

Common IP addresses[edit source]

A quick way to verify these sites is to examine the hosting addresses. Note that * items have been removed. Many compromised hosts used for this operation during September 2020 - May 2021 were located at these IPs.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Live
----
5.101.140.77 5.181.158.181 * 5.188.211.29 37.46.135.24 45.119.41.11
45.119.41.12 45.119.41.14 45.131.83.10 45.137.21.166 * 51.89.151.227
95.165.145.236 95.165.149.124 95.31.40.41 103.117.141.163 103.117.141.184
103.121.91.117 103.126.6.161 103.146.23.100 103.147.153.123 103.228.114.93
103.236.150.106 103.236.201.228 103.28.149.174 103.83.192.109 103.9.158.67
103.92.25.124 171.244.143.163 176.123.9.67 178.239.177.183 185.130.206.6
185.24.232.118 194.5.179.140 202.145.2.67 209.127.28.5



Removed
----------
5.187.52.10* 5.187.52.9* 5.253.62.111* 31.200.247.37* 45.125.65.102*
45.125.65.59* 45.86.163.7* 79.172.193.55* 79.172.193.56* 79.172.193.57*
79.172.193.58* 80.233.134.249* 82.199.101.248* 82.199.104.3* 84.15.139.143*
84.200.77.180* 85.254.72.7* 85.254.72.8* 85.254.72.9* 87.120.253.207*
87.120.253.209* 87.120.253.209* 89.105.221.81* 89.105.221.82* 89.105.221.83*
94.152.214.31* 95.84.156.191* 95.165.27.205* 103.86.48.69* 112.78.10.214*
119.59.123.55* 130.185.72.89* 141.98.10.137* 141.98.10.142* 146.247.49.105*
159.148.186.165* 159.148.186.238* 178.255.40.234* 179.43.149.28* 185.128.43.18*
185.128.43.20* 185.128.43.21* 185.128.43.22* 185.128.43.54* 185.140.249.133*
185.24.232.74* 185.24.232.76* 212.34.158.133* 212.34.158.134*

Where to contact the compromised hosting ISP:

Abuse contact for '5.2.88.0 - 5.2.89.255' is 'alvaro.montero@ipcore.com'
Abuse contact for '5.45.80.0 - 5.45.83.255' is 'abuse@ispiria.net'
Abuse contact for '5.181.158.0 - 5.181.158.255' is 'abuse@mivocloud.com'
Abuse contact for '5.133.12.16 - 5.133.12.16' is 'abuse@artnet.pl'
Abuse contact for '5.187.48.0 - 5.187.55.255' is 'abuse@artnet.pl'
Abuse contact for '5.253.60.0 - 5.253.63.255' is 'abuseto@adminvps.ru' (Removed)
Abuse contact for '27.124.80.0 - 27.124.95.255' is 'abuse@medialink.net.id'
Abuse contact for '31.200.247.0 - 31.200.247.255' is 'ripe@unelink.com'
Abuse contact for '45.86.163.0 - 45.86.163.255' is 'support@crowncloud.net'
Abuse contact for '45.125.65.0 - 45.125.65.255' is 'abuse@tele-asia.net'
Abuse contact for '51.89.148.0 - 51.89.151.255' is 'abuse@ovh.net'
Abuse contact for '79.172.193.0 - 79.172.193.255' is 'abuse@deninet.hu' (Removed)
Abuse contact for '80.233.134.0 - 80.233.134.255' is 'abuse@telia.lv'
Abuse contact for '82.199.104.0 - 82.199.107.254' is 'abuse@seven-sky.net'
Abuse contact for '84.15.136.0 - 84.15.143.255' is 'abuse@bi.lt'
Abuse contact for '84.200.77.0 - 84.200.77.255' is 'abuse@accelerated.de' (Removed)
Abuse contact for '85.254.72.0 - 85.254.72.255' is 'support@serveria.com'
Abuse contact for '87.120.253.0 - 87.120.253.255' is 'abuse@neterra.net'
Abuse contact for '89.105.192.0 - 89.105.223.255' is 'abusedesk@novoserve.com'
Abuse contact for '89.222.128.0 - 89.222.131.255' is 'abuse@netorn.net' 'abuse@netorn.ru'
Abuse contact for '93.119.104.0 - 93.119.105.255' is 'abuse@virtono.com'
Abuse contact for '94.152.0.0 - 94.152.255.255' is 'abuse@kei.pl'
Abuse contact for '94.156.175.0 - 94.156.175.255' is 'abuse@iws.co'
Abuse contact for '95.84.128.0 - 95.84.159.255' is 'abuse@rt.ru'
Abuse contact for '95.165.128.0 - 95.165.255.255' is 'abuse@spd-mgts.ru'
Abuse contact for '103.6.204.0 - 103.6.207.255' is 'yogie@redwhite.co.id'
Abuse contact for '103.9.156.0 - 103.9.159.255' is 'cuong.trinh@vnso.vn'
Abuse contact for '103.86.48.0 - 103.86.48.255' is 'abuse@bangmodhosting.com'
Abuse contact for '103.117.141.0 - 103.117.141.255' is 'abuse@casbay.com'
Abuse contact for '103.121.88.0 - 103.121.91.255' is 'tampd@bkns.vn'
Abuse contact for '103.126.6.0 - 103.126.7.255' is 'shazim@serverstack.in'
Abuse contact for '103.138.96.0 - 103.138.96.255' is 'hello@hostitsmart.in'
Abuse contact for '103.146.22.0 - 103.146.23.255' is 'duc@lanit.com.vn'
Abuse contact for '103.221.220.0 - 103.221.223.255' is 'hoanglong@azdigi.com'
Abuse contact for '103.236.201.0 - 103.236.201.255' is 'admin@idcloudhost.com'
Abuse contact for '111.90.128.0 - 111.90.159.255' is 'abuse@shinjiru.com.my'
Abuse contact for '112.78.0.0 - 112.78.15.255' is 'vanht@ods.vn'
Abuse contact for '130.185.72.0 - 130.185.72.255' is 'report@parspack.com'
Abuse contact for '119.59.96.0 - 119.59.127.255' is 'abuse@metrabyte.cloud'
Abuse contact for '141.98.10.0 - 141.98.10.255' is 'admin@serveroffer.lt'
Abuse contact for '146.247.49.0 - 146.247.49.255' is 'abuse@netcetera.co.uk'
Abuse contact for '159.148.186.0 - 159.148.186.255' is 'support@serveria.com'
Abuse contact for '171.224.0.0 - 171.255.255.255' is 'hm-changed@vnnic.vn'
Abuse contact for '176.123.0.0 - 176.123.11.255' is 'abuse@alexhost.com'
Abuse contact for '178.255.40.232 - 178.255.40.235' is 'abuse@artnet.pl'
Abuse contact for '179.43.149.0/26' is 'support@privatelayer.com'
Abuse contact for '180.131.144.0 - 180.131.147.255' is 'abuse@nawala.org'
Abuse contact for '185.24.232.0 - 185.24.232.255' is 'abuse@servebyte.com'
Abuse contact for '185.128.40.0 - 185.128.43.255' is 'abuse@rackend.net'
Abuse contact for '185.140.248.0 - 185.140.249.255' is 'contact@buzinessware.com'
Abuse contact for '185.183.104.0 - 185.183.104.255' is 'abuse@m247.ro'
Abuse contact for '202.145.0.0 - 202.145.3.255' is 'abuse@uninet.net.id'


Highest used IP addresses from November 2020 IPabuses.jpg

Where to send abuse complaints[edit | edit source]

Additional Contact Information[edit | edit source]

Applications, which can seriously affect the functionality of your services, are performed only by an authorized request. You can send an authorized request through section https://partner.r01.ru "Contact Us".

Sincerely, Department of Customer R01
(RU-CENTER Group)
Phone: +7 495 783-3-783
8800 775-37-83 (for Russian regions)
Fax: +7 (495) 930-88-00

Postal address[edit | edit source]

Headquarters: Moscow, Leningrad Prospect, 74, Building 4

Registration Information[edit | edit source]

Telephone and FAX[edit | edit source]

  • General +7 (495) 783-3-783
  • Regions 8 (800) 775-3-783


Related information[edit | edit source]

Pharmacy fraud operations

Affiliate program coordinator employing spammers

Sources for this article[edit | edit source]

Independent[edit | edit source]

InBoxRevenge Eva Pharmacy campaign

Rogues and Champions report

Interview[edit | edit source]

Corporate[edit | edit source]

http://r01.ru/

Community content is available under CC-BY-SA unless otherwise noted.