AbdAllah Internet Hizmetleri (cybercrime hosting)

Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:

Try it for free!

AbdAllah Internet Hizmetleri (cybercrime hosting)

Russian Business Network study (PDF)
Progold Investments Fraud (bobbear.co.uk)
Some TurkTelekom IP Ranges Aren't Your Friends (securityzone.org)
RBN Rizing (securityzone.org)

Who is AbdAllah Internet Hizmetleri?
If you track spam, phishing, malware and other cybercrime then sooner or later you will come across illegal content or activity hosted on the following IP address range:

inetnum:        88.255.90.0 - 88.255.90.255
netname:        AbdAllah_Internet
descr:          AbdAllah Internet Hizmetleri
descr:          Etnografya Muze mevkii Kirazlik Mh. No:32 Rize
country:        tr
admin-c:        MAG87-RIPE
tech-c:         MAG87-RIPE
status:         assigned pa
mnt-by:         as9121-mnt
source:         RIPE # Filtered

person:         Mahmod AbdAllah el Gashmi
address:        AbdAllah Internet Hizmetleri
e-mail:         ipadmin@ahlen.biz
phone:          +90 543 3767728
remarks:        ------------------------------------------------------
remarks:        Routing and peering issues: ipadmin@ahlen.biz
remarks:        SPAM and Network security issues: abuse@ahlen.biz
remarks:        Customer support: ipadmin@ahlen.biz
remarks:        General information: ipadmin@ahlen.biz
remarks:        ------------------------------------------------------
nic-hdl:        MAG87-RIPE
mnt-by:         sistem-net-mnt
source:         RIPE # Filtered

% Information related to '88.255.0.0/16AS9121'

route:          88.255.0.0/16
descr:          TurkTelekom
origin:         AS9121
mnt-by:         AS9121-MNT
source:         RIPE # Filtered

According to well-known anti-spam site SpamHaus.org, "88.255.90.0/24 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Russian Business Network."

Russian Business Network (RBN) made headlines when it was exposed in a Wall Street Journal article by Brian Krebs on October 13, 2007. A few weeks later, three of the upstream providers pulled the plug on RBN and disabled routing for their address range. All traffic to and from their servers stopped on November 7, 2007 ("Controversial Russian Business Network drops offline", TheRegister, November 8, 2007)". At the time of the shutdown, there were already reports about equivalent addresses popping up in Turkey and Taiwan:

"RBN may find new upstream providers. In recent weeks, moreover, Trend Micro has seen equivalents of RBN pop up in Turkey and Taiwan," Trend Micro security researcher Feike Hacquebord notes.
TheRegister, November 8, 2007

Abdallah in Turkey is one such reincarnation of RBN. Take a look at the following domains, all hosted by Abdallah:

Spam domains in 88.255.90.0/24

magic-jackpot-cas.com 88.255.90.36 2007-09-16

euro-vip-casino.com 88.255.90.36 2007-09-16

royal-casino-vip.com 88.255.90.37 2007-09-18

sexrusfuck.com 88.255.90.138 2007-09-19

royal-cas-vip.com 88.255.90.37 2007-09-20

2400-usd-casino.com 88.255.90.36 2007-09-21

royalcasino-vip.com 88.255.90.37 2007-09-22

2400usd-casino.net 88.255.90.37 2007-09-22

eurocasino-vip.com 88.255.90.37 2007-09-23

sinlife.cn 88.255.90.138 2007-09-25

byron-consulting-group.com 88.255.90.50 2007-10-02

28-07.com 88.255.90.59 2007-10-03

28-07.net 88.255.90.59 2007-10-04

job-consults.org 88.255.90.226 2007-10-10

837-86.org 88.255.90.51 2007-10-10

expressdeal.biz 88.255.90.226 2007-10-13

cron.li 88.255.90.228 2007-10-16

crons.cc 88.255.90.228 2007-10-16

cronos.mn 88.255.90.228 2007-10-16

crinc.mn 88.255.90.228 2007-10-16

crinc.li 88.255.90.228 2007-10-17

ultrasmoke.cn 88.255.90.138 2007-10-18

supersmoke.cn 88.255.90.138 2007-10-18

globalsmoke.cn 88.255.90.138 2007-10-18

937-86.org 88.255.90.51 2007-10-18

cronco.li 88.255.90.226 2007-10-20

tradegroup-ha.com 88.255.90.226 2007-10-21

ha-tradegroup.com 88.255.90.226 2007-10-21

crinc.jp 88.255.90.226 2007-10-22

tradegroup-ha.net 88.255.90.226 2007-10-23

investmentcron.cn 88.255.90.226 2007-10-23

glb-soft.com 88.255.90.226 2007-10-24

croninv.cc 88.255.90.226 2007-10-25

cronis.cn 88.255.90.226 2007-10-26

crons.ac 88.255.90.226 2007-10-26

cronn.eu 88.255.90.226 2007-10-26

dkebooks.com 88.255.90.50 2007-10-26

cronoi.cc 88.255.90.226 2007-10-26

jieod.com 88.255.90.50 2007-10-28

midgejs.com 88.255.90.50 2007-10-28

crin.ac 88.255.90.226 2007-10-28

aoejf.com 88.255.90.50 2007-10-28

yseac.com 88.255.90.50 2007-10-29

kaserid.com 88.255.90.50 2007-10-29

crin.cc 88.255.90.226 2007-10-30

jekdoe.com 88.255.90.50 2007-10-30

ujeose.com 88.255.90.50 2007-10-30

masiwer.com 88.255.90.50 2007-10-30

reusiwe.com 88.255.90.50 2007-10-30

kaoeds.com 88.255.90.50 2007-10-30

iwoser.com 88.255.90.50 2007-10-31

planet0day.biz 88.255.90.212 2007-11-01

xeirod.com 88.255.90.50 2007-11-01

neusoas.com 88.255.90.50 2007-11-01

geoepd.com 88.255.90.50 2007-11-01

efuyr.com 88.255.90.50 2007-11-01

ziude.com 88.255.90.50 2007-11-01

polsenstanford.com 88.255.90.50 2007-11-02

heyud.com 88.255.90.50 2007-11-02

woqkr.com 88.255.90.50 2007-11-02

seiudr.com 88.255.90.50 2007-11-02

aosier.com 88.255.90.50 2007-11-03

dueor.com 88.255.90.50 2007-11-05

crins.ac 88.255.90.226 2007-11-07

verbespecially.com 88.255.90.3 2007-11-07

fivejoy.com 88.255.90.3 2007-11-07

riverwomen.com 88.255.90.3 2007-11-07

trianglesentence.com 88.255.90.3 2007-11-07

floorside.com 88.255.90.3 2007-11-07

developtail.com 88.255.90.3 2007-11-07

womanfinish.com 88.255.90.3 2007-11-07

alwaysfell.com 88.255.90.3 2007-11-07

differcollect.com 88.255.90.3 2007-11-07

goodalso.com 88.255.90.3 2007-11-08

kingbrought.com 88.255.90.3 2007-11-08

findcharacter.com 88.255.90.3 2007-11-08

chanceexpect.com 88.255.90.3 2007-11-08

beardictionary.com 88.255.90.3 2007-11-08

forwardfield.com 88.255.90.3 2007-11-08

tinydown.com 88.255.90.3 2007-11-08

jobwhether.com 88.255.90.3 2007-11-08

numeralcity.com 88.255.90.3 2007-11-08

cronin.jp 88.255.90.226 2007-11-08

equalcatch.com 88.255.90.3 2007-11-08

streamwho.com 88.255.90.3 2007-11-08

selectmonth.com 88.255.90.3 2007-11-08

propercame.com 88.255.90.3 2007-11-08

grewsoil.com 88.255.90.3 2007-11-08

townslip.com 88.255.90.3 2007-11-08

stationheavy.com 88.255.90.3 2007-11-08

charactereven.com 88.255.90.3 2007-11-09

milk0soft.com 88.255.90.26 2007-11-09

goldverb.com 88.255.90.2 2007-11-14

windowlisten.com 88.255.90.2 2007-11-14

bqgqnfc.cn 88.255.90.50 2007-11-16

wrbhnuw.cn 88.255.90.50 2007-11-16

a9da6.org 88.255.90.242 2007-11-18

04ccc408.org 88.255.90.242 2007-11-18

bdb7beb6.org 88.255.90.242 2007-11-18

scalespread.com 88.255.90.2 2007-11-20

thencloud.com 88.255.90.3 2007-11-22

figurespoke.com 88.255.90.3 2007-11-22

fullfraction.com 88.255.90.3 2007-11-22

propertytall.com 88.255.90.3 2007-11-22

beautyfig.com 88.255.90.3 2007-11-22

hadover.com 88.255.90.3 2007-11-22

followsalt.com 88.255.90.3 2007-11-22

staysay.com 88.255.90.3 2007-11-22

herexcept.com 88.255.90.3 2007-11-22

thanscore.com 88.255.90.3 2007-11-22

humanthus.com 88.255.90.3 2007-11-22

branchfelt.com 88.255.90.3 2007-11-22

areacountry.com 88.255.90.3 2007-11-22

meetduring.com 88.255.90.3 2007-11-22

movestood.com 88.255.90.3 2007-11-22

stillverb.com 88.255.90.3 2007-11-22

suggesteye.com 88.255.90.3 2007-11-22

preparebut.com 88.255.90.3 2007-11-22

hurrysound.com 88.255.90.3 2007-11-22

cookcompare.com 88.255.90.3 2007-11-22

0daycod.biz 88.255.90.212 2007-11-23

europeansmoke.cn 88.255.90.138 2007-11-26

sprybog.net 88.255.90.11 2007-11-26

taybaol.com 88.255.90.11 2007-11-26

polsenstanford.com 88.255.90.51 2007-11-02

bconsgroup.com 88.255.90.51 2007-12-04

Now it is up to Abdallah-upstream provider TTNet (TurkTelekom) to take action and remove connectivity.