Russian Business Network study - bizeul.org

More documents

Recommendations

Info

Version 1.0.1 RBN study – before and after David Bizeul person: Vladimir E Kuznetsov phone: +7 812 9000333 fax-no: +7 812 3232323 e-mail: vk@infobox.ru registrar: R01-REG-RIPN sbttel.com Whois history in 2006-10-23 Registrar: ONLINENIC, INC. Registrant: Nikolay Ivanov rbnetwork@inbox.ru +1.12127367465 RBN 555 8-th Ave #1001 New York, NY 10018,-,- - Domain servers in listed order: ns1.infobox.org ns2.infobox.org Whois history in 2007-01-31 silvernet.ru Registrar: domain: SILVERNET.RU nserver: ns1.silvernet.ru. 85.249.73.3 nserver: ns2.silvernet.ru. 85.249.74.3 state: REGISTERED, DELEGATED person: Pavel A Sokolov phone: +7 812 3950269 phone: +7 911 2115314 fax-no: +7 812 3960269 e-mail: sokol@silvernet.ru e-mail: vovan@silvernet.ru e-mail: sales@silvernet.ru registrar: RUCENTER-REG-RIPN Whois history in 2006-09-19 akimon.com Registrar: ONLINENIC, INC. Registrant: Nikolay Ivanov rbnetwork@inbox.ru +1.12127367465 RBN 555 8-th Ave #1001 34
Version 1.0.1 New York, NY 10018,-,- - RBN study – before and after David Bizeul Domain servers in listed order: ns1.infobox.org ns2.infobox.org All affiliates domain names have been checked using whois history and it’s interesting to observe that rbnnetwork.com, nevacon.net, akimon.com, sbttel.com, 4user.net, 4stat.org and eexhost.com are now all using Absolutee services for anonymizing whois data. Of course, absolute.com seems to be used for nothing good as you can see here [ 41 ]. There are many user reporting malware or financial fraud relating to domains registered with Absolutee services. 6. Information correlation and assumptions At this step of the study, general assumptions can be exposed with collected and analyzed evidences. • RBN team possess and use the following domains: rbnnetwork.com, nevacon.net, akimon.com and sbttel.com • Most of RBN core affiliates have progressively blurred their public information so that it can’t be analyzed easily. They use anonymizer services to do that. • Most of RBN core affiliates have decided to redirect their websites to localhost address in order to prevent security companies to investigate on their activities. • RBN uses Datapoint/Infobox as a hosting and name service provider. Datapoint and Infobox may be the same company. • Some people can be identified as being strongly involved into RBN activities. 41 http://www.google.com/search&q=absolutee.com 35
Page 1 and 2: Russian Business Network study Vers
Page 3 and 4: Version 1.0.1 RBN study - before an
Page 33: Version 1.0.1 New York,NY,US 10019
Page 41 and 42: Version 1.0.1 City map RBN study -
Page 47 and 48: Version 1.0.1 Filtering bad network
Page 53 and 54: Version 1.0 David Bizeul RBN study

Russian Business Network study - bizeul.org

Create successful ePaper yourself

Delete template?

Save as template?