Colleagues,
Please find attached the draft minutes from the WG Session at RIPE87.
If you have any comments on the minutes, please email aa-wg-chair(a)ripe.net before the end of the first week of January.
In the meantime, I hope that those of you who take a break around this time of year have a good one, and I know I shall be trying very hard not to look at email for a couple of weeks!
Brian
Co-Chair, RIPE AA-WG
Brian Nisbet (he/him)
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
North Dock Two, 93-94 North Wall Quay, Dublin 1, D01 V8Y6
+35316609040 brian.nisbet(a)heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270
RIPE member Known Holdings Ltd operated by Krunoslav Begic set-up a fake entity called "SecuNET LLC" (AS208273) to host criminal enterprises.
You can see information on SecuNET here:
organisation: ORG-SI228-RIPE
org-name: SecuNET INC
country: SC
org-type: OTHER
descr: SecuNET - Security Services
remarks:
address: Global Gateway 8
address: Rue de la Perle
address: Mahe
address: Seychelles
e-mail: info(a)secunet.xyz
There is no such company named SecuNET INC registered at this address, or indeed in the Seychelles. The company has no website, no contact number and does not respond to the abuse email provided.
This is a repeat action by the perpetrator, the exact same process was reported July 15th 2019. https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2019-July/005264.html
Privacy Ukraine LLC was the fake company in the last report. You will notice this was reported July 2019 and SecuNET appeared in place a few weeks later.
There are only illegal websites hosted with AS208273. Example of the websites below:
These websites illegally scrape content from a well known site. Images and videos are captured without consent of either the model or the originating site. This entire automated process is in contrary to DMCA / International copyright laws.
Secondly, these images and screenshots exist for many years and it is not possible to request they are taken down. Neither Crypto Servers, SecuNET or any upstream provider acts upon abuse emails and offer no service to take these images down. None of these websites have any documented terms of service or privacy policy in place. This is in contrary to the right to be forgotten which exists as part of the GDPR.
In addition, and to provide some further context to this complaint. The websites in question above have totalled millions of takedown requests under Googles Transparency Reporting. For example, the first domain in the list below has had 1,277,213 URLs over 62,543 individual requests requested for delisting from Google Search results
https://transparencyreport.google.com/copyright/domains/camcaps.mehttps://transparencyreport.google.com/copyright/domains/teencamvideos.mehttps://transparencyreport.google.com/copyright/domains/camsexvideos.mehttps://transparencyreport.google.com/copyright/domains/nakedcams.mehttps://transparencyreport.google.com/copyright/domains/sweetcams.mehttps://transparencyreport.google.com/copyright/domains/nakedcamvideos.mehttps://transparencyreport.google.com/copyright/domains/hardcorecams.mehttps://transparencyreport.google.com/copyright/domains/fastimages.org
It is without question that SecuNET LLC, which operates AS208273 and facilitates the websites above is in violation of international law, DMCA and also the IANA and RIPE policies. In addition, they registered their ASN with RIPE using a fake company. They have a track record of this, and they do not respond to abuse.
Hello,
the IP 80.94.95.181 is endlessly (ie. brute-force) trying
to hack our emailserver by attempting to login as a user.
The login attempts of course fail, and we have blocked
that IP in the firewall.
But this IP still continues sending packets to our server,
eventhough his packets get dropped/rejected by our firewall.
This now of course constitutes a DoS attack.
10 days ago we filed an Abuse Report to the abuse address
given in the WHOIS database for this IP:
% Abuse contact for '80.94.95.0 - 80.94.95.255' is
'internethosting-ltd(a)yandex.ru'
But this hoster seems to ignore all Abuse Reports,
b/c researching this IP on the web shows that
it's a well known abuser IP and many people have
reported and complained about this IP. For example see this:
https://www.abuseipdb.com/check/80.94.95.181
So, what to do if the hoster is uncooperative, like in this case?
Where else to complain, what else to do?
Thx
U.Mutlu
admin & hostmaster
