Login
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.
From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a Spamit), an invite-only community for Russian-speaking people in the businesses of sending spam and building botnets of infected computers to relay said spam. The Spamdot admins went by the nicknames Icamis (a.k.a. Ika), and Salomon (a.k.a. Sal).
Spamdot forum administrator “Ika” a.k.a. “Icamis” responds to a message from “Tarelka,” the botmaster behind the Rustock botnet. Dmsell said: “I’m actually very glad that I switched to legal spam mailing,” prompting Tarelka and Ika to scoff.
As detailed in my 2014 book, Spam Nation, Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock, Cutwail, Mega-D, Festi, Waledac, and Grum.
Icamis and Sal were in daily communications with these botmasters, via the Spamdot forum and private messages. Collectively in control over millions of spam-spewing zombies, those botmasters also continuously harvested passwords and other data from infected machines.
As we’ll see in a moment, Salomon is now behind bars, in part because he helped to rob dozens of small businesses in the United States using some of those same harvested passwords. He is currently housed in a federal prison in Michigan, serving the final stretch of a 60-month sentence.
But the identity and whereabouts of Icamis have remained a mystery to this author until recently. For years, security experts — and indeed, many top cybercriminals in the Spamit affiliate program — have expressed the belief that Sal and Icamis were likely the same person using two different identities. And there were many good reasons to support this conclusion.
For example, in 2010 Spamdot and its spam affiliate program Spamit were hacked, and its user database shows Sal and Icamis often accessed the forum from the same Internet address — usually from Cherepovets, an industrial town situated approximately 230 miles north of Moscow. Also, it was common for Icamis to reply when Spamdot members communicated a request or complaint to Sal, and vice versa.
Image: maps.google.com
Still, other clues suggested Icamis and Sal were two separate individuals. For starters, they frequently changed the status on their instant messenger clients at different times. Also, they each privately discussed with others having attended different universities.
KrebsOnSecurity began researching Icamis’s real-life identity in 2012, but failed to revisit any of that research until recently. In December 2023, KrebsOnSecurity published new details about the identity of “Rescator,” a Russian cybercriminal who is thought to be closely connected to the 2013 data breach at Target.
That story mentioned Rescator’s real-life identity was exposed by Icamis in April 2013, as part of a lengthy farewell letter Ika wrote to Spamdot members wherein Ika said he was closing the forum and quitting the cybercrime business entirely.
To no one’s shock, Icamis didn’t quit the business: He simply became more quiet and circumspect about his work, which increasingly was focused on helping crime groups siphon funds from U.S. bank accounts. But the Rescator story was a reminder that 10 years worth of research on who Ika/Icamis is in real life had been completely set aside. This post is an attempt to remedy that omission.
The farewell post from Ika (aka Icamis), the administrator of both the BlackSEO forum and Pustota, the successor forum to Spamit/Spamdot.
Icamis and Sal offered a comprehensive package of goods and services that any aspiring or accomplished spammer would need on a day-to-day basis: Virtually unlimited bulletproof domain registration and hosting services, as well as services that helped botmasters evade spam block lists generated by anti-spam groups like Spamhaus.org. Here’s snippet of Icamis’s ad on Spamdot from Aug. 2008, wherein he addresses forum members with the salutation, “Hello Gentlemen Scammers.”
We are glad to present you our services!
Many are already aware (and are our clients), but publicity is never superfluous.Domains.
– all major gtlds (com, net, org, info, biz)
– many interesting and uninteresting cctlds
– options for any topic
– processing of any quantities
– guarantees
– exceptionally low prices for domains for white and gray schemes (including any SEO and affiliate spam )
– control panel with balances and auto-registration
– all services under the Ikamis brand, proven over the years;)Servers.
– long-term partnerships with several [data centers] in several parts of the world for any topic
– your own data center (no longer in Russia ;)) for gray and white topics
– any configuration and any hardware
– your own IP networks (PI, not PA) and full legal support
– realtime backups to neutral sites
– guarantees and full responsibility for the services provided
– non-standard equipment on request
– our own admins to resolve any technical issues (services are free for clients)
– hosting (shared and vps) is also possibleNon-standard and related services.
– ssl certificates signed by geotrust and thawte
– old domains (any year, any quantity)
– beautiful domains (keyword, short, etc.)
– domains with indicators (any, for SEO, etc.)
– making unstable gtld domains stable
– interception and hijacking of custom domains (expensive)
– full domain posting via web.archive.org with restoration of native content (preliminary applications)
– any updates to our panels to suit your needs upon request (our own coders)All orders for the “Domains” sections and “Servers” are carried out during the day (depending on our workload).
For non-standard and related services, a preliminary application is required 30 days in advance (except for ssl certificates – within 24 hours).
Icamis and Sal frequently claimed that their service kept Spamhaus and other anti-spam groups several steps behind their operations. But it’s clear that those anti-spam operations had a real and painful impact on spam revenues, and Salomon was obsessed with striking back at anti-spam groups, particularly Spamhaus.
In 2007, Salomon collected more than $3,000 from botmasters affiliated with competing spam affiliate programs that wanted to see Spamhaus suffer, and the money was used to fund a week-long distributed denial-of-service (DDoS) attack against Spamhaus and its online infrastructure. But rather than divert their spam botnets from their normal activity and thereby decrease sales, the botmasters voted to create a new DDoS botnet by purchasing installations of DDoS malware on thousands of already-hacked PCs (at a rate of $25 per 1,000 installs).
As an affiliate of Spamdot, Salomon used the email address ad1@safe-mail.net, and the password 19871987gr. The breach tracking service Constella Intelligence found the password 19871987gr was used by the email address grichishkin@gmail.com. Multiple accounts are registered to that email address under the name Alexander Valerievich Grichishkin, from Cherepovets.
In 2020, Grichishkin was arrested outside of Russia on a warrant for providing bulletproof hosting services to cybercriminal gangs. The U.S. government said Grichishkin and three others set up the infrastructure used by cybercriminals between 2009 to 2015 to distribute malware and attack financial institutions and victims throughout the United States.
Those clients included crooks using malware like Zeus, SpyEye, Citadel and the Blackhole exploit kit to build botnets and steal banking credentials.
“The Organization and its members helped their clients to access computers without authorization, steal financial information (including banking credentials), and initiate unauthorized wire transfers from victims’ financial accounts,” the government’s complaint stated.
Grichishkin pleaded guilty to conspiracy charges and was sentenced to four years in prison. He is 36 years old, has a wife and kids in Thailand, and is slated for release on February 8, 2024.
The identity of Icamis came into view when KrebsOnSecurity began focusing on clues that might connect Icamis to Cherepovets (Ika’s apparent hometown based on the Internet addresses he regularly used to access Spamdot).
Historic domain ownership records from DomainTools.com reveal that many of the email addresses and domains connected to Icamis invoke the name “Andrew Artz,” including icamis[.]ws, icamis[.]ru, and icamis[.]biz. Icamis promoted his services in 2003 — such as bulk-domains[.]info — using the email address icamis@4host.info. From one of his ads in 2005:
Domains For Projects Advertised By Spam
I can register bulletproof domains for sites and projects advertised by spam(of course they must be legal). I can not provide DNS for u, only domains. The price will be:
65$ for domain[if u will buy less than 5 domains]
50$ for domain[more than 5 domains]
45$ for domain[more than 10 domains]
These prices are for domains in the .net & .com zones.
If u want to order domains write me to: icamis@4host.info
In 2009, an “Andrew Artz” registered at the hosting service FirstVDS.com using the email address icamis@4host.info, with a notation saying the company name attached to the account was “WMPay.” Likewise, the bulletproof domain service icamis[.]ws was registered to an Andrew Artz.
The domain wmpay.ru is registered to the phonetically similar name “Andrew Hertz,” at andrew@wmpay.ru. A search on “icamis.ru” in Google brings up a 2003 post by him on a discussion forum designed by and for students of Amtek, a secondary school in Cherepovets (Icamis was commenting from an Internet address in Cherepovets).
The website amtek-foreva-narod.ru is still online, and it links to several yearbooks for Amtek graduates. It states that the yearbook for the Amtek class of 2004 is hosted at 41.wmpay[.]com.
The yearbook photos for the Amtek class of 2004 are not indexed in the Wayback Machine at archive.org, but the names and nicknames of 16 students remain. However, it appears that the entry for one student — the Wmpay[.]com site administrator — was removed at some point.
In 2004, the administrator of the Amtek discussion forum — a 2003 graduate who used the handle “Grand” — observed that there were three people named Andrey who graduated from Amtek in 2004, but one of them was conspicuously absent from the yearbook at wmpay[.]ru: Andrey Skvortsov.
To bring this full circle, Icamis was Andrey Skvortsov, the other Russian man charged alongside Grichiskin (the two others who pleaded guilty to conspiracy charges were from Estonia and Lithuania). All of the defendants in that case pleaded guilty to conspiracy to engage in a Racketeer Influenced Corrupt Organization (RICO).
[Author’s note: No doubt government prosecutors had their own reasons for omitting the nicknames of the defendants in their press releases, but that information sure would have saved me a lot of time and effort].
Skvortsov was sentenced to time served, and presumably deported. His current whereabouts are unknown and he was not reachable for comment via his known contact addresses.
The government says Ika and Sal’s bulletproof hosting empire provided extensive support for a highly damaging cybercrime group known as the JabberZeus Crew, which worked closely with the author of the Zeus Trojan — Evgeniy Mikhailovich Bogachev — to develop a then-advanced strain of the Zeus malware that was designed to defeat one-time codes for authentication. Bogachev is a top Russian cybercriminal with a standing $3 million bounty on his head from the FBI.
The JabberZeus Crew stole money by constantly recruiting money mules, people in the United States and in Europe who could be enticed or tricked into forwarding money stolen from cybercrime victims. Interestingly, Icamis’s various email addresses are connected to websites for a vast network of phony technology companies that claimed they needed people with bank accounts to help pay their overseas employees.
Icamis used the email address tech@safe-mail.net on Spamdot, and this email address is tied to the registration records for multiple phony technology companies that were set up to recruit money mules.
One such site — sun-technology[.]net — advertised itself as a Hong Kong-based electronics firm that was looking for “honest, responsible and motivated people in UK, USA, AU and NZ to be Sales Representatives in your particular region and receive payments from our clients. Agent commission is 5 percent of total amount received to the personal bank account. You may use your existing bank account or open a new one for these purposes.”
In January 2010, KrebsOnSecurity broke the news that the JabberZeus crew had just used money mules to steal $500,000 from tiny Duanesburg Central School District in upstate New York. As part of his sentence, Skvortsov was ordered to pay $497,200 in restitution to the Duanesburg Central School District.
The JabberZeus Crew operated mainly out of the eastern Ukraine city of Donetsk, which was always pro-Russia and is now occupied by Russian forces. But when Russia invaded Ukraine in February 2022, the alleged leader of the notorious cybercrime gang — Vyacheslav Igoravich Andreev (a.ka. Penchukov) — fled his mandatory military service orders and was arrested in Geneva, Switzerland. He is currently in federal custody awaiting trial, and is slated to be arraigned in U.S. federal court tomorrow (Jan. 9, 2024). A copy of the indictment against Andreev is here (PDF).
Andreev, aka “Tank,” seen here performing as a DJ in Ukraine in an undated photo from social media.
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”
A copy of the passport for Denis Emelyantsev, a.k.a. Denis Kloster, as posted to his Vkontakte page in 2019.
First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device.
Customers could pay to rent access to a pool of proxies for a specified period, with costs ranging from $30 per day for access to 2,000 proxies, to $200 daily for up to 90,000 proxies.
Many of the infected systems were Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. Later in its existence, the RSOCKS botnet expanded into compromising Android devices and conventional computers.
In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet. But that action did not name any defendants.
Inspired by that takedown, KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Emelyantsev’s personal blog, where he went by the name Denis Kloster. The blog featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world,” and even included a group photo of RSOCKS employees.
“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
But by the time that investigation was published, Emelyantsev had already been captured by Bulgarian authorities responding to an American arrest warrant. At his extradition hearing, Emelyantsev claimed he would prove his innocence in an U.S. courtroom.
“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Emelyantsev told the Bulgarian court. “I am not a criminal and I will prove it in an American court.”
RSOCKS, circa 2016. At that time, RSOCKS was advertising more than 80,000 proxies. Image: archive.org.
Emelyantsev was far more than just an administrator of a large botnet. Behind the facade of his Internet advertising company based in Omsk, Russia, the RSOCKS botmaster was a major player in the Russian email spam industry for more than a decade.
Some of the top Russian cybercrime forums have been hacked over the years, and leaked private messages from those forums show the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted community where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the forum imploded in 2010.
A Google-translated version of the Rusdot spam forum.
Indeed, the very first mentions of RSOCKS on any Russian-language cybercrime forums refer to the service by its full name as the “RUSdot Socks Server.”
Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, Emelyantsev probably knows quite a bit about other top players in the botnet spam and malware community.
It remains unclear whether Emelyantsev made good on his promise to spill that knowledge to American investigators as part of his plea deal. The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of California, which has not responded to a request for comment.
Emelyantsev pleaded guilty on Monday to two counts, including damage to protected computers and conspiracy to damage protected computers. He faces a maximum of 20 years in prison, and is currently scheduled to be sentenced on April 27, 2023.
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.”
A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019.
On June 22, KrebsOnSecurity published Meet the Administrators of the RSOCKS Proxy Botnet, which identified Denis Kloster, a.k.a. Denis Emelyantsev, as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer.
A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog, which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.” Kloster’s blog even included a group photo of RSOCKS employees.
“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
The Bulgarian news outlet 24Chasa.bg reports that Kloster was arrested in June at a co-working space in the southwestern ski resort town of Bansko, and that the accused asked to be handed over to the American authorities.
“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Kloster reportedly told the Bulgarian court this week. “I am not a criminal and I will prove it in an American court.”
Launched in 2013, RSOCKS was shut down in June 2022 as part of an international investigation into the cybercrime service. According to the Justice Department, the RSOCKS botnet initially targeted Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers; later in its existence, the RSOCKS botnet expanded into compromising additional types of devices, including Android devices and conventional computers, the DOJ said.
The Justice Department’s June 2022 statement about that takedown cited a search warrant from the U.S. Attorney’s Office for the Southern District of California, which also was named by Bulgarian news outlets this month as the source of Kloster’s arrest warrant.
When asked about the existence of an arrest warrant or criminal charges against Kloster, a spokesperson for the Southern District said, “no comment.”
Update, Sept. 24, 9:00 a.m. ET: Kloster was named in a 2019 indictment (PDF) unsealed Sept. 23 by the Southern District court.
The employees who kept things running for RSOCKS, circa 2016. Notice that nobody seems to be wearing shoes.
24Chasa said the defendant’s surname is Emelyantsev and that he only recently adopted the last name Kloster, which is his mother’s maiden name.
As KrebsOnSecurity reported in June, Kloster also appears to be a major player in the Russian email spam industry. In several private exchanges on cybercrime forums, the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010.
Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, the defendant in this case probably knows quite a bit about other top players in the botnet spam and malware community.
A Google-translated version of the Rusdot spam forum.
Despite maintaining his innocence, Kloster reportedly told the Bulgarian judge that he could be useful to American investigators.
“America is looking for me because I have enormous information and they need it,” Kloster told the court, according to 24Chasa. “That’s why they want me.”
The Bulgarian court agreed, and granted his extradition. Kloster’s fiancee also attended the extradition hearing, and reportedly wept in the hall outside the entire time.
Kloster turned 36 while awaiting his extradition hearing, and may soon be facing charges that carry punishments of up to 20 years in prison.
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad who also runs the world’s top spam forum.
The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS.
According to a statement by the U.S. Department of Justice, RSOCKS offered clients access to IP addresses assigned to devices that had been hacked:
“A cybercriminal who wanted to utilize the RSOCKS platform could use a web browser to navigate to a web-based ‘storefront’ (i.e., a public web site that allows users to purchase access to the botnet), which allowed the customer to pay to rent access to a pool of proxies for a specified daily, weekly, or monthly time period. The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.”
The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums.
The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “Stanx,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator.
Verified was hacked twice in the past few years, and each time the private messages of all users on the forum were leaked. Those messages show that after being warned of his forum infraction, Stanx sent a private message to the Verified administrator detailing his cybercriminal bona fides.
“I am the owner of the RUSdot forum (former Spamdot),” Stanx wrote in Sept. 2016. “In spam topics, people know me as a reliable person.”
A Google-translated version of the Rusdot spam forum.
RUSdot is the successor forum to Spamdot, a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.
Stanx said he was a longtime member of several major forums, including the Russian hacker forum Antichat (since 2005), and the Russian crime forum Exploit (since April 2013). In an early post to Antichat in January 2005, Stanx disclosed that he is from Omsk, a large city in the Siberian region of Russia.
According to the cyber intelligence firm Intel 471, the user Stanx indeed registered on Exploit in 2013, using the email address stanx@rusdot.com, and the ICQ number 399611. A search in Google for that ICQ number turns up a cached version of a Vkontakte profile for a Denis “Neo” Kloster, from Omsk, Russia.
Cybersecurity firm Constella Intelligence shows that in 2017, someone using the email address istanx@gmail.com registered at the Russian freelancer job site fl.ru with the profile name of “Denis Kloster” and the Omsk phone number of 79136334444. Another record indexed by Constella suggests Denis’s real surname may in fact be “Emilyantsev” [Емельянцев].
That phone number is tied to the WHOIS registration records for multiple domain names over the years, including proxy[.]info, allproxy[.]info, kloster.pro and deniskloster.com.
A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019. It shows that in Oct. 2019, he obtained a visa from the American Embassy in Bangkok, Thailand.
The “about me” section of DenisKloster.com says the 35-year-old was born in Omsk, that he got his first computer at age 12, and graduated from high school at 16. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer.
According to Kloster’s blog, his first real job was running an “online advertising” firm he founded called Internet Advertising Omsk (“riOmsk“), and that he even lived in New York City for a while.
“Something new was required and I decided to leave Omsk and try to live in the States,” Kloster wrote in 2013. “I opened an American visa for myself, it was not difficult to get. And so I moved to live in New York, the largest city in the world, in a country where all wishes come true. But even this was not enough for me, and since then I began to travel the world.”
The current version of the About Me page on Kloster’s site says he closed his advertising business in 2013 to travel the world and focus on his new company: One that provides security and anonymity services to customers around the world. Kloster’s vanity website and LinkedIn page both list him as CEO of a company called “SL MobPartners.”
In 2016, Deniskloster.com featured a post celebrating three years in operation. The anniversary post said Kloster’s anonymity business had grown to nearly two dozen employees, most of whom were included in a group photo posted to that article (and some of whom Kloster thanked by their first names and last initials).
The employees who kept things running for RSOCKS, circa 2016.
“Thanks to you, we are now developing in the field of information security and anonymity!,” the post enthuses. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
Mr. Kloster did not respond to repeated requests for comment.
It’s not clear if the coordinated takedown targeting the RSOCKS botnet will be permanent, as the botnet’s owners could simply rebuild — and possibly rebrand — their crime machine. Based on the RSOCKS owner’s posts, that is exactly what they intend to do.
“RSocks ceases to exist,” wrote the Rsocks account on the BlackHatWorld forum on June 17. “But don’t worry. All the active plans and fund balances will be transferred to another service. Stay tuned. We will inform you about its name and all the details later.”
Rsocks told the BlackHatWorld community they would be back soon under a new name.
Malware-based proxy services like RSOCKS have struggled to remain competitive in a cybercrime market with increasingly sophisticated proxy services that offer many additional features. The demise of RSOCKS follows closely on the heels of VIP72[.]com, a competing proxy botnet service that operated for a decade before its owners pulled the plug on the service last year.
FreshRSS 