« previous next »
Pages: [1]   Go Down

Author Topic: RB Communication LTD. = RBN?  (Read 7046 times)

0 Members and 1 Guest are viewing this topic.

March 08, 2008, 08:21:34 pm
Read 7046 times

JohnC

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1964
RB Communication LTD. = RBN?
Anybody know this company and if it is an alias of RBN?

The server 88.208.19.213/update.php?file=config.ini was previously a call home for Zlob.

Now it hosts rb-net.com (88.208.19.213).

Name Servers: nse.rb-net.com (88.208.21.90)
Name Servers: nsz.rb-net.com (209.8.44.148)

They are supposed to be an advertising and consulting company. The contact information they have on the site is as follows:
Quote
contacts:
Russia
phone: 8 800 200 2238
Moscow
phone: +7495 101 2238

Limassol, Cyprus
phone: +357 25 835605
fax: +357 25 760075
 

RB communication Ltd.
Panayides Building, 1 Chrysonthou Mylona Str.
Post address: P.O. Box 56675, 3309 Limassol, Cyprus
mail: info@rb-net.com


clickcashmoney.com (88.208.21.107) uses the same name servers as rb-net.com

The whois information for clickcashmoney uses PrivacyProtect, however it originally had the same information as the contact information for rb-net.com. So we know they are owned by the same company. And we know that clickcashmoney promotes Zlob. So could it just be a coincedence, that somebody paying clickcashmoney is affiliated with Zlob (we have seen before that legitimate advertising companies have promoted malware), or could it be that clickcashmoney is involved. I wouldn't like to jump to conclusions and make assumptions. Maybe this is just a single case, and that the traffic both incoming and outgoing is not coming from or going to bad sites normally.

risecash.com (206.161.125.178) risecash is also owned by rb-net.com

Hosts various sites, which appear to be legitimate, the only one that stands out, is a pharmaceuticals site:

Bdsm-castle-online.com
Bdsmforsale.com
Bdsmsponsor.com
Bizarrempeg.com
Bizarretop.com
Drugs-here.com
Femdomhere.com
Getspanking.com
Paytonfisting.com
Plantsexpert.com
Platinumbdsm.com
Rc-2257.com
Risecash.com
Risegalleries.com
Takecontent.com
Total-fishery.com
Totalfishery.com
Wildbizarre.com


nss.risecash.com (207.226.171.226)

Doesn't seem to be any suspicious activity at the sites hosted there:
Besttied.com
Bizareadultclub.com
Bizarreadultclub.com
Bondagehere.com
Dobdsm.com
Dofemdom.com
Easteuropeangirls.com
Easteuropiangirls.com
Femdomtime.com
Infemdom.com
Onthetree.com
Sexymodelscatalog.com
Logged
March 08, 2008, 08:59:52 pm
Reply #1

sowhat-x

  • Guest
Re: RB Communication LTD. = RBN?
Quote
clickcashmoney.com (88.208.21.107) uses the same name servers as rb-net.com
I also wouldn't like to jump quickly to assumptions,but well,
having said the above with the usual scheme of using PrivacyProtect...
and since both rb-net.com and clickcashmoney.com seem to appear in blocklists...
http://assiste.com.free.fr/p/hosts/listes/trapped.txt
http://www.mvps.org/winhelp2002/hosts.txt
Logged
Pages: [1]   Go Up
« previous next »