btech Posted June 18, 2008 Share Posted June 18, 2008 http://www.spamcop.net/sc?id=z1997663001z2...317019b8a5e687z It would seem that ISTANBUL-TELEKOM, who oversees 79.135.167.51 could be a black hat. inetnum: 79.135.167.0 - 79.135.167.255 netname: ISTANBUL-TELEKOM descr: ISTANBUL TELEKOM TR country: TR admin-c: ist1907-RIPE tech-c: ist1907-RIPE status: ASSIGNED PA mnt-by: ist-tel-mnt source: RIPE # Filtered person: Istanbul Telecom IP Master address: Hurriyet Cd. Tunel Sk. Istanbul phone: +902122222222 e-mail: noc[at]istanbultelecom.net nic-hdl: ist1907-RIPE mnt-by: ist-tel-mnt source: RIPE # Filtered ... but istanbultelecom.net was registered this year, through a registrar in China? http://whois.domaintools.com/istanbultelecom.net ICANN Registrar: BIZCN.COM, INC. Created: 2008-02-06 Expires: 2010-02-06 Updated: 2008-04-11 Registrar Status: clientDeleteProhibited Registrar Status: clientTransferProhibited Name Server: NS1.ISTANBULTELECOM.NET (has 2 domains) Name Server: NS2.ISTANBULTELECOM.NET Whois Server: whois.bizcn.com .. seems to me someone is operating a ... all of the reporting addresses bounce and it's been a hosting IP for 'dating' websites. :angry: Link to comment Share on other sites More sharing options...
Merlyn Posted June 18, 2008 Share Posted June 18, 2008 I agree looks like istanbultelecom.net is totally useless. Probably become owned by forces other than good. inetnum: 79.135.167.0 - 79.135.167.255 netname: ISTANBUL-TELEKOM But you could try this: Information related to '79.135.160.0/19AS44097' route: 79.135.160.0/19 descr: Sistemnet Telecom origin: AS44097 mnt-by: Sistem-Net-MNT changed: connectivity [at] sistemnet.co.uk source: RIPE Link to comment Share on other sites More sharing options...
Farelf Posted June 19, 2008 Share Posted June 19, 2008 .. seems to me someone is operating a ... all of the reporting addresses bounce and it's been a hosting IP for 'dating' websites....I believe bizcn.com is associated with our old adversary 厦门åŽå•†ç››ä¸–网络有é™å…¬å¸ - "Xiamen Chinese businessman prosperous times network Limited company" according to BabelFish's translator. otherwise "Xiamen Chinese Entrepreneur Spirit Network Ltd." - a trifle hard to tell since registrars.cnnic.cn is taking a rest at the moment however http://www.bizcn.com/news?module=newsdetail&newsid=6834 seems to make it all quite clear . Anyway, the Xiamen group is clealy abetting a phishing operation and goodness knows what else, has been doing so with no apparent check or hindrance for quite some time. It is hard to imagine that an activity of such scale, duration, visibility and clear criminality is unknown to either the provincial or the PRC governments - which, if so, might make cybercrime a real (actual or defacto) instrument of the policies of those august bodies. Which requires a darker shade than black for the hat description of bizcn.com and its stablemates. Welcome to the Asian century, longnoses. Yeah, yeah, "conspiracy theory", but ... Link to comment Share on other sites More sharing options...
Farelf Posted November 11, 2008 Share Posted November 11, 2008 ...route: 79.135.160.0/19 descr: Sistemnet Telecom origin: AS44097 mnt-by: Sistem-Net-MNT changed: connectivity [at] sistemnet.co.uk source: RIPE I'm seeing a *heck* of a proportion of my reports going to these people (websites, also for email drop boxes if I ever got around to sending reports about those). Guess their hat colour is of the darker kind too (else they're wondering why everybody hates them). Registrant "Non-UK Corporation", Sistemnet Telekom of Istanbul, registrar TUCOWS Inc. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.