Help - Search - Members - Calendar
Full Version: Looks like another black hat...
SpamCop Discussion > Discussions & Observations > SpamCop Lounge
btech
Jun 18 2008, 02:59 PM
http://www.spamcop.net/sc?id=z1997663001z2...317019b8a5e687z

It would seem that ISTANBUL-TELEKOM, who oversees 79.135.167.51 could be a black hat.

QUOTE

inetnum: 79.135.167.0 - 79.135.167.255
netname: ISTANBUL-TELEKOM
descr: ISTANBUL TELEKOM TR
country: TR
admin-c: ist1907-RIPE
tech-c: ist1907-RIPE
status: ASSIGNED PA
mnt-by: ist-tel-mnt
source: RIPE # Filtered

person: Istanbul Telecom IP Master
address: Hurriyet Cd. Tunel Sk. Istanbul
phone: +902122222222
e-mail: noc[at]istanbultelecom.net
nic-hdl: ist1907-RIPE
mnt-by: ist-tel-mnt
source: RIPE # Filtered


... but istanbultelecom.net was registered this year, through a registrar in China?

http://whois.domaintools.com/istanbultelecom.net

QUOTE
ICANN Registrar: BIZCN.COM, INC.
Created: 2008-02-06
Expires: 2010-02-06
Updated: 2008-04-11
Registrar Status: clientDeleteProhibited
Registrar Status: clientTransferProhibited
Name Server: NS1.ISTANBULTELECOM.NET (has 2 domains)
Name Server: NS2.ISTANBULTELECOM.NET
Whois Server: whois.bizcn.com


.. seems to me someone is operating a ph34r.gif ... all of the reporting addresses bounce and it's been a hosting IP for 'dating' websites.

mad.gif
Merlyn
Jun 18 2008, 04:23 PM
I agree looks like istanbultelecom.net is totally useless. Probably become owned by forces other than good.
inetnum: 79.135.167.0 - 79.135.167.255
netname: ISTANBUL-TELEKOM


But you could try this:
Information related to '79.135.160.0/19AS44097'

route: 79.135.160.0/19
descr: Sistemnet Telecom
origin: AS44097
mnt-by: Sistem-Net-MNT
changed: connectivity @ sistemnet.co.uk
source: RIPE
Farelf
Jun 18 2008, 08:12 PM
QUOTE(btech @ Jun 19 2008, 03:59 AM) *
.. seems to me someone is operating a ph34r.gif ... all of the reporting addresses bounce and it's been a hosting IP for 'dating' websites....
I believe bizcn.com is associated with our old adversary 厦门华商盛世网络有限公司 - "Xiamen Chinese businessman prosperous times network Limited company" according to BabelFish's translator. otherwise "Xiamen Chinese Entrepreneur Spirit Network Ltd." - a trifle hard to tell since registrars.cnnic.cn is taking a rest at the moment however http://www.bizcn.com/news?module=newsdetail&newsid=6834 seems to make it all quite clear biggrin.gif.

Anyway, the Xiamen group is clealy abetting a phishing operation and goodness knows what else, has been doing so with no apparent check or hindrance for quite some time. It is hard to imagine that an activity of such scale, duration, visibility and clear criminality is unknown to either the provincial or the PRC governments - which, if so, might make cybercrime a real (actual or defacto) instrument of the policies of those august bodies. Which requires a darker shade than black for the hat description of bizcn.com and its stablemates. Welcome to the Asian century, longnoses. Yeah, yeah, "conspiracy theory", but ...
Farelf
Nov 11 2008, 01:23 AM
QUOTE(Merlyn @ Jun 19 2008, 06:23 AM) *
...route: 79.135.160.0/19
descr: Sistemnet Telecom
origin: AS44097
mnt-by: Sistem-Net-MNT
changed: connectivity @ sistemnet.co.uk
source: RIPE
I'm seeing a *heck* of a proportion of my reports going to these people (websites, also for email drop boxes if I ever got around to sending reports about those). Guess their hat colour is of the darker kind too (else they're wondering why everybody hates them). Registrant "Non-UK Corporation", Sistemnet Telekom of Istanbul, registrar TUCOWS Inc.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.