Sam,

Deepening your search:

aut-num:   AS57972
as-name:        Jingyun

jingyun.com IP 72.34.51.46 – it is owned by LIAN ZHIJIE of Organization GIGATON IDC INC with 171 domains

Address Gigaton: Dongyng, China – contact by whois@gidc.com

These websites with counterfeit products have as aim to steal credit card data; and Lian is one of the 40 thieves of Alibaba Group.

Ronald,

your specific dealings with Host Sailor or other ISP are, in the James Gannon, Brian Nisbet, Sander Steffann and Michele Neylon opinion, not relevant to this group... off list?

Marilson

From: anti-abuse-wg-request@ripe.net

Sent: Thursday, August 04, 2016 7:00 AM

To: anti-abuse-wg@ripe.net

Subject: anti-abuse-wg Digest, Vol 58, Issue 1

Send anti-abuse-wg mailing list submissions to
anti-abuse-wg@ripe.net

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
or, via email, send a message with subject or body 'help' to
anti-abuse-wg-request@ripe.net

You can reach the person managing the list at
anti-abuse-wg-owner@ripe.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of anti-abuse-wg digest..."

Today's Topics:

   1. The Reincarnation of a Bulletproof Hoster (Host Sailor, Ltd.)
      (Ronald F. Guilmette)
   2. Webexxpurts/Interconnects/FiberGrid/TurboVPS (Sam Cox)

----------------------------------------------------------------------

Message: 1
Date: Wed, 03 Aug 2016 13:42:53 -0700
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: anti-abuse-wg@ripe.net
Subject: [anti-abuse-wg] The Reincarnation of a Bulletproof Hoster
(Host Sailor, Ltd.)
Message-ID: <87114.1470256973@server1.tristatelogic.com>

I wouldn't want any of you to miss this, least of all Khalid Hemida... umm...
I mean "Khalid Cook"... by which I mean our own "Alexander Freeman", of
course:

http://krebsonsecurity.com/2016/08/the-reincarnation-of-a-bulletproof-hoster/

So what happens now Khalid? Are you going to stiff your customers and
your suppliers again when you shut down this time, you know, like you did
last time, when you were operating as "Santrex"?

Regards,
rfg

P.S. For those of you who are curious, AS60117 (Host Sailor, Ltd.) has
only two connections to the internet, i.e. AS43350 - NForce Entertainment
B.V. (NL) and AS9009 - M247 Ltd. (UK).

It probably wouldn't hurt anything if individuals on this list who have
an opinion on all this trensmitted that opinion to these two companies.
They may perhaps be unaware of the broad range of criminal activities
being facilitated by their customer, AS60117, Host Sailor, Ltd.

------------------------------

Message: 2
Date: Thu, 04 Aug 2016 01:33:36 +0200
From: Sam Cox <tech@ctu.pw>
To: anti-abuse-wg@ripe.net
Subject: [anti-abuse-wg] Webexxpurts/Interconnects/FiberGrid/TurboVPS
Message-ID: <E1bV5fM-0004LM-Sv@www-apps-1.ripe.net>
Content-Type: text/plain; charset="us-ascii"

I've been looking into these companies, who seem to specialise in hosting counterfeit goods websites such as these:

http://fcansw.org.au
http://toutaubagnecontrelalgv.fr

The ASNs involved seem to be these, but there may be further
http://bgp.he.net/AS57858#_whois
http://bgp.he.net/AS57972#_whois
http://bgp.he.net/AS60485#_whois

Further examples of the types of hosted sites
http://www.malwareurl.com/ns_listing.php?as=AS57858
http://www.malwareurl.com/ns_listing.php?as=AS57972
http://www.malwareurl.com/ns_listing.php?as=AS60485

Appears to be run by Mr. Arun Kumar / Deepak Mehta, likely out of Estonia
http://www.hostjury.com/reviews/turbovps

Anyone have any further information about these companies?

Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum

End of anti-abuse-wg Digest, Vol 58, Issue 1
********************************************