Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Version 1.0.1<br />
RBN <strong>study</strong> – before and after<br />
David Bizeul<br />
Investigation and analysis<br />
A lot of information is available when you spend enough time to check public data. That’s precisely what can offer<br />
Whois services, DNS databases, forums, groups….<br />
1. Lookup, IP history, NS history and, registrar history<br />
This investigation has used a collection of basic tools:<br />
Lookup has allowed resolving the IP address associated with a domain name.<br />
Hosting history has been used to note the evolution of the domain.<br />
NS history and registrar history have been useful to add some useful information regarding a domain evolution.<br />
Some web services (such as Domaintools [ 36 ]) can provide such information to their clients.<br />
The following chart gives essential information:<br />
Domain IP history NS history Registrar history<br />
rbnnetwork.com 2006-06-08: 85.249.135.118<br />
2006-09-16:127.0.0.1<br />
2006-06-08: infobox.<strong>org</strong><br />
2006-09-06: rbnnetwork.com<br />
2006-06-07 eNom.com<br />
2006-08-16 China-Channel.com<br />
Akimon.com 2006-06-08: 85.249.135.118<br />
2007-03-17: None<br />
2006-06-09: infobox.<strong>org</strong><br />
2007-03-10: akimon.com<br />
2006-06-07 eNom.com<br />
2006-09-08 China-Channel.com<br />
Sbttel.com 2006-06-08: 85.249.135.118<br />
2006-09-16: 85.249.135.14<br />
2006-06-09: infobox.<strong>org</strong><br />
2006-12-08: sbttel.com<br />
2006-06-07 eNom.com<br />
2006-09-08 China-Channel.com<br />
Nevacon.net 2006-09-22: 85.249.135.37<br />
2006-11-10:127.0.0.1<br />
2007-09-30: 209.85.84.167<br />
2006-09-22: infobox.<strong>org</strong><br />
2006-11-10: nevacon.net<br />
2007-09-26:onlinenic.net<br />
2006-11-09 China-Channel.com<br />
Infobox.<strong>org</strong> 2006-07-22: 85.249.134.34<br />
2007-10-21: None<br />
2003-11-16: Infobox.<strong>org</strong><br />
2007-09-15:nameservices.com<br />
There are similarities on these domains:<br />
• They have been using 85.249.134.0/23 extensively to host their websites. This IP address range is<br />
owned by Datapoint which is the global hosting service for RBN affiliates front websites. As we’ll see in<br />
the next part, Datapoint also relates to Infobox.<br />
• Some domains have made a recent change; they now prefer to resolve on nothing instead of having<br />
many security researchers looking for information on them.<br />
• eNom has been used as a registrar for a long time but RBN now prefer to use China-Channel services.<br />
As we’ll see later, this service offer anonym records for registrants.<br />
This part only can bring enough evidence that all these entities are closely tied since the data are similar too much to be<br />
managed by different persons.<br />
36 www.domaintools.com<br />
27
Change language