Jump to content

Looks like another black hat...


btech
 Share

Recommended Posts

http://www.spamcop.net/sc?id=z1997663001z2...317019b8a5e687z

It would seem that ISTANBUL-TELEKOM, who oversees 79.135.167.51 could be a black hat.

inetnum: 79.135.167.0 - 79.135.167.255

netname: ISTANBUL-TELEKOM

descr: ISTANBUL TELEKOM TR

country: TR

admin-c: ist1907-RIPE

tech-c: ist1907-RIPE

status: ASSIGNED PA

mnt-by: ist-tel-mnt

source: RIPE # Filtered

person: Istanbul Telecom IP Master

address: Hurriyet Cd. Tunel Sk. Istanbul

phone: +902122222222

e-mail: noc[at]istanbultelecom.net

nic-hdl: ist1907-RIPE

mnt-by: ist-tel-mnt

source: RIPE # Filtered

... but istanbultelecom.net was registered this year, through a registrar in China?

http://whois.domaintools.com/istanbultelecom.net

ICANN Registrar: BIZCN.COM, INC.

Created: 2008-02-06

Expires: 2010-02-06

Updated: 2008-04-11

Registrar Status: clientDeleteProhibited

Registrar Status: clientTransferProhibited

Name Server: NS1.ISTANBULTELECOM.NET (has 2 domains)

Name Server: NS2.ISTANBULTELECOM.NET

Whois Server: whois.bizcn.com

.. seems to me someone is operating a :ph34r: ... all of the reporting addresses bounce and it's been a hosting IP for 'dating' websites.

:angry:

Link to comment
Share on other sites

I agree looks like istanbultelecom.net is totally useless. Probably become owned by forces other than good.

inetnum: 79.135.167.0 - 79.135.167.255

netname: ISTANBUL-TELEKOM

But you could try this:

Information related to '79.135.160.0/19AS44097'

route: 79.135.160.0/19

descr: Sistemnet Telecom

origin: AS44097

mnt-by: Sistem-Net-MNT

changed: connectivity [at] sistemnet.co.uk

source: RIPE

Link to comment
Share on other sites

.. seems to me someone is operating a :ph34r: ... all of the reporting addresses bounce and it's been a hosting IP for 'dating' websites....
I believe bizcn.com is associated with our old adversary 厦门华商盛世网络有限公司 - "Xiamen Chinese businessman prosperous times network Limited company" according to BabelFish's translator. otherwise "Xiamen Chinese Entrepreneur Spirit Network Ltd." - a trifle hard to tell since registrars.cnnic.cn is taking a rest at the moment however http://www.bizcn.com/news?module=newsdetail&newsid=6834 seems to make it all quite clear :D.

Anyway, the Xiamen group is clealy abetting a phishing operation and goodness knows what else, has been doing so with no apparent check or hindrance for quite some time. It is hard to imagine that an activity of such scale, duration, visibility and clear criminality is unknown to either the provincial or the PRC governments - which, if so, might make cybercrime a real (actual or defacto) instrument of the policies of those august bodies. Which requires a darker shade than black for the hat description of bizcn.com and its stablemates. Welcome to the Asian century, longnoses. Yeah, yeah, "conspiracy theory", but ...

Link to comment
Share on other sites

  • 4 months later...
...route: 79.135.160.0/19

descr: Sistemnet Telecom

origin: AS44097

mnt-by: Sistem-Net-MNT

changed: connectivity [at] sistemnet.co.uk

source: RIPE

I'm seeing a *heck* of a proportion of my reports going to these people (websites, also for email drop boxes if I ever got around to sending reports about those). Guess their hat colour is of the darker kind too (else they're wondering why everybody hates them). Registrant "Non-UK Corporation", Sistemnet Telekom of Istanbul, registrar TUCOWS Inc.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...