Sam, Deepening your search: aut-num: AS57972 as-name: Jingyun jingyun.com IP 72.34.51.46 – it is owned by LIAN ZHIJIE of Organization GIGATON IDC INC with 171 domains Address Gigaton: Dongyng, China – contact by whois@gidc.com These websites with counterfeit products have as aim to steal credit card data; and Lian is one of the 40 thieves of Alibaba Group. Ronald,your specific dealings with Host Sailor or other ISP are, in the James Gannon, Brian Nisbet, Sander Steffann and Michele Neylon opinion, not relevant to this group... off list? Marilson From: anti-abuse-wg-request@ripe.net Sent: Thursday, August 04, 2016 7:00 AM To: anti-abuse-wg@ripe.net Subject: anti-abuse-wg Digest, Vol 58, Issue 1 Send anti-abuse-wg mailing list submissions to anti-abuse-wg@ripe.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.ripe.net/mailman/listinfo/anti-abuse-wg or, via email, send a message with subject or body 'help' to anti-abuse-wg-request@ripe.net You can reach the person managing the list at anti-abuse-wg-owner@ripe.net When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..." Today's Topics: 1. The Reincarnation of a Bulletproof Hoster (Host Sailor, Ltd.) (Ronald F. Guilmette) 2. Webexxpurts/Interconnects/FiberGrid/TurboVPS (Sam Cox) ---------------------------------------------------------------------- Message: 1 Date: Wed, 03 Aug 2016 13:42:53 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] The Reincarnation of a Bulletproof Hoster (Host Sailor, Ltd.) Message-ID: <87114.1470256973@server1.tristatelogic.com> I wouldn't want any of you to miss this, least of all Khalid Hemida... umm... I mean "Khalid Cook"... by which I mean our own "Alexander Freeman", of course: http://krebsonsecurity.com/2016/08/the-reincarnation-of-a-bulletproof-hoster... So what happens now Khalid? Are you going to stiff your customers and your suppliers again when you shut down this time, you know, like you did last time, when you were operating as "Santrex"? Regards, rfg P.S. For those of you who are curious, AS60117 (Host Sailor, Ltd.) has only two connections to the internet, i.e. AS43350 - NForce Entertainment B.V. (NL) and AS9009 - M247 Ltd. (UK). It probably wouldn't hurt anything if individuals on this list who have an opinion on all this trensmitted that opinion to these two companies. They may perhaps be unaware of the broad range of criminal activities being facilitated by their customer, AS60117, Host Sailor, Ltd. ------------------------------ Message: 2 Date: Thu, 04 Aug 2016 01:33:36 +0200 From: Sam Cox <tech@ctu.pw> To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Webexxpurts/Interconnects/FiberGrid/TurboVPS Message-ID: <E1bV5fM-0004LM-Sv@www-apps-1.ripe.net> Content-Type: text/plain; charset="us-ascii" I've been looking into these companies, who seem to specialise in hosting counterfeit goods websites such as these: http://fcansw.org.au http://toutaubagnecontrelalgv.fr The ASNs involved seem to be these, but there may be further http://bgp.he.net/AS57858#_whois http://bgp.he.net/AS57972#_whois http://bgp.he.net/AS60485#_whois Further examples of the types of hosted sites http://www.malwareurl.com/ns_listing.php?as=AS57858 http://www.malwareurl.com/ns_listing.php?as=AS57972 http://www.malwareurl.com/ns_listing.php?as=AS60485 Appears to be run by Mr. Arun Kumar / Deepak Mehta, likely out of Estonia http://www.hostjury.com/reviews/turbovps Anyone have any further information about these companies? Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum End of anti-abuse-wg Digest, Vol 58, Issue 1 ********************************************