IP Block wirh no contact details
Hello! How is such a 'whois' handled by RIPE: inetnum: 84.22.127.40 - 84.22.127.47 address: Customer did not enter their own contact details yet see also: http://www.spamhaus.org/sbl/query/SBL99505 'Spammer & cybercriminal hosting (escalation)' http://www.spamhaus.org/sbl/query/SBL154878 'illegal pharma botnet spammer hosting' So this block seems to be used since October 2011 for cybercriminal activities and has no real contact details yet in whois database? Best regards, - Karl-Josef Ziegler
The complete AS is strange: http://www.c-sirt.org/reputationindex?asn=34109 Rgds, Thorsten Am 23.09.2012 um 14:53 schrieb Karl-Josef Ziegler:
Hello!
How is such a 'whois' handled by RIPE:
inetnum: 84.22.127.40 - 84.22.127.47
address: Customer did not enter their own contact details yet
see also:
http://www.spamhaus.org/sbl/query/SBL99505 'Spammer & cybercriminal hosting (escalation)'
http://www.spamhaus.org/sbl/query/SBL154878 'illegal pharma botnet spammer hosting'
So this block seems to be used since October 2011 for cybercriminal activities and has no real contact details yet in whois database?
Best regards,
- Karl-Josef Ziegler
-- Thorsten Kraft cyscon GmbH Poststraße 9 · DE-40213 Düsseldorf http://www.cyscon.de Amtsgericht Düsseldorf / HRB 66749 Geschäftsführung: Thorsten Kraft, Thomas Wolf
On Sun, 23 Sep 2012 15:07:33 +0200 Thorsten Kraft <tkraft@cyscon.de> wrote:
The complete AS is strange: http://www.c-sirt.org/reputationindex?asn=34109
not only the AS, but the whole 84.22.96.0/19 seems to be "registered" to this "placeholder" handle: https://apps.db.ripe.net/search/query.html?searchtext=84.22.96.0%2F19&flags=M or to: https://apps.db.ripe.net/search/query.html?searchtext=CBMT1-RIPE&inverse=ADMIN_C%3BTECH_C what is this? i don't even... -mh
cb3rob is sven olaf kamphuis, who you can see around on nanog mostly because he hosts the piratebay, but there's other funniness around as this thread says. Spamhaus lists 30 entries on cb3rob - most if not all for crimeware. http://www.spamhaus.org/sbl/listings/cb3rob.net --srs On Monday, September 24, 2012, Michael Horn wrote:
On Sun, 23 Sep 2012 15:07:33 +0200 Thorsten Kraft <tkraft@cyscon.de <javascript:;>> wrote:
The complete AS is strange: http://www.c-sirt.org/reputationindex?asn=34109
not only the AS, but the whole 84.22.96.0/19 seems to be "registered" to this "placeholder" handle:
https://apps.db.ripe.net/search/query.html?searchtext=84.22.96.0%2F19&flags=M or to:
https://apps.db.ripe.net/search/query.html?searchtext=CBMT1-RIPE&inverse=ADMIN_C%3BTECH_C what is this? i don't even...
-mh
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Mon, 24 Sep 2012 15:48:45 +0530 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
mostly because he hosts the piratebay
now that would be new to me. i thought that tpb has been residing behind port80 (or what their name is these days) and portlane for quite a while. -mh
Used to host tpb I mean, before they got booted off by a court order and moved in 2011 http://gigaom.com/video/the-pirate-bay-forced-offline-trading-continues/ On Monday, September 24, 2012, Michael Horn wrote:
On Mon, 24 Sep 2012 15:48:45 +0530 Suresh Ramasubramanian <ops.lists@gmail.com <javascript:;>> wrote:
mostly because he hosts the piratebay
now that would be new to me. i thought that tpb has been residing behind port80 (or what their name is these days) and portlane for quite a while.
-mh
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Or as this /. post claims (please add salt to taste), because tpb themselves bailed on cb3rob http://slashdot.org/submission/1239394/Pirate-Bay-Abandons-Cyberbunker-ISP --srs On Monday, September 24, 2012, Suresh Ramasubramanian wrote:
Used to host tpb I mean, before they got booted off by a court order and moved in 2011
http://gigaom.com/video/the-pirate-bay-forced-offline-trading-continues/
On Monday, September 24, 2012, Michael Horn wrote:
On Mon, 24 Sep 2012 15:48:45 +0530 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
mostly because he hosts the piratebay
now that would be new to me. i thought that tpb has been residing behind port80 (or what their name is these days) and portlane for quite a while.
-mh
-- Suresh Ramasubramanian (ops.lists@gmail.com <javascript:_e({}, 'cvml', 'ops.lists@gmail.com');>)
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Michael Horn wrote: [...]
what is this? i don't even...
I am wondering: was this "forged use" of the NCC's hostmaster "identity"? inetnum: 84.22.100.0 - 84.22.100.255 netname: A84-22-100-0 descr: Republic CyberBunker National Network 100 admin-c: CBMT1-RIPE tech-c: CBMT1-RIPE country: AQ <------- Antarctica :-) status: ASSIGNED PA mnt-by: MNT-CB3ROB mnt-lower: MNT-CB3ROB mnt-routes: MNT-CB3ROB changed: hostmaster@ripe.net 20120831 <------------------------ source: RIPE
-mh
Wilfried
On 23/09/2012 14:53, Karl-Josef Ziegler wrote:
Hello!
How is such a 'whois' handled by RIPE:
inetnum: 84.22.127.40 - 84.22.127.47
address: Customer did not enter their own contact details yet
see also:
http://www.spamhaus.org/sbl/query/SBL99505 'Spammer & cybercriminal hosting (escalation)'
http://www.spamhaus.org/sbl/query/SBL154878 'illegal pharma botnet spammer hosting'
So this block seems to be used since October 2011 for cybercriminal activities and has no real contact details yet in whois database?
If you look at this assignment and it's parent allocation object and all the maintainers, they all point the "admin-c:" and "tech-c:" to self referencing ROLE objects with minimal contact details. The only references to PERSON objects are in the ORGANISATION object referenced in the allocation object. The issue of self referencing ROLE objects and if there should always be a PERSON object at the end of the chain of references was brought up very recently on this list. Currently the syntax and business rules allow this for any user input data. There was some discussion but no conclusion. Regards Denis Walker Business Analyst RIPE NCC Database Group
Best regards,
- Karl-Josef Ziegler
participants (6)
-
Denis Walker -
Karl-Josef Ziegler -
Michael Horn -
Suresh Ramasubramanian -
Thorsten Kraft -
Wilfried Woeber