ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
ZYZTM Research Division

Evidence Menu:

ZYZTM Research Division Index


Country: Germany
State:
Involved in hosting several known spammers & cybercriminals. Claims to be in the Netherlands, but traces to Germany. Uses the name/alias "Jose Obrien".


ZYZTM Research Division SBL Listings History
Current SBL Listings
Archived SBL Listings

Cybercrime hosting in 91.209.12.0/24 range


SBL203551 91.209.12.114 a2b-internet.com 2013-11-12 Malware botnet controller @91.209.12.114
SBL202971 91.209.12.133 a2b-internet.com 2013-11-05 Spammer DNS server @91.209.12.133
SBL202966 91.209.12.138 a2b-internet.com 2013-11-06 Blackhat SEO spammer service @91.209.12.138
SBL202761 91.209.12.102/31 a2b-internet.com 2014-01-13 Spammer hosting: botmasterlabs.net
SBL202760 91.209.12.66 a2b-internet.com 2013-11-07 Fake drug server: erectiemiddelenshop.nl
SBL202759 91.209.12.0/24 a2b-internet.com 2014-07-02 James Carner / eHygienics ZYZTM & BotmasterLabs.Net & other spammers
SBL202575 91.209.12.137 a2b-internet.com 2013-11-02 Blackhat SEO spammer service @91.209.12.137
SBL202501 91.209.12.116 a2b-internet.com 2013-11-02 Malware botnet controller @91.209.12.116
SBL200968 91.209.12.125 a2b-internet.com 2013-10-19 Spamvertised website hosting
SBL198074 91.209.12.79 a2b-internet.com 2013-10-21 Chuck An / iomega iomegaone.com
SBL154882 91.209.12.1 tinet.net 2012-11-29 Feed to CB3ROB (AS30890) & IDEAR4BUSINESS (AS12327) >>> AS3257
SBL105803 91.209.12.0/24 cb3rob.net 2013-06-12 Suspect block, related to: AS34109/AS51787 (CB3ROB)

_________________________________

eg:

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 91.209.12.114 on port 3300 TCP:
$ telnet 91.209.12.114 3300
Trying 91.209.12.114...
Connected to 91.209.12.114.
Escape character is '^]'

$ nslookup 91.209.12.114
a114-12-209-91.zyztm.com

Other malicious domain names hosted on this IP address:
dq.xyzproxies1123.ru 91.209.12.114
dq.xxyzabsproxies.com 91.209.12.114

Referencing malware binaries:
4029b92b86cb5442af67f8c0d2754431 - AV detection: 10/46 (21.74%)
5768efe1a85733d51d5ccbaf17201cc3 - AV detection: 15/46 (32.61%)
d07cd9c885edf585dbd1d1009ee07457 - AV detection: 41/46 (89.13%)
e2d780caf7e1ad4327bdc95e5a37cac3 - AV detection: 26/47 (55.32%)

________________________

inetnum: 91.209.12.0 - 91.209.12.255
netname: ZYZTM
descr: ZYZTM Research Division #10 B.V.
country: NL
org: ORG-ZR3-RIPE
admin-c: ZYRE1-RIPE
tech-c: ZYXE1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: ZYZTM-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: ZYZTM-MNT
mnt-domains: ZYZTM-MNT
source: RIPE # Filtered

organisation: ORG-ZR3-RIPE
org-name: ZYZTM Research Division #10 B.V.
org-type: OTHER
address: Apeldoornseweg 53
address: NL-8172 EH
address: Vaassen
address: The Netherlands
e-mail: hostmaster@zyztm.com
mnt-ref: ZYZTM-MNT
mnt-by: ZYZTM-MNT
source: RIPE # Filtered

role: ZYZTM NOC
address: ZYZTM Research Division #10 B.V.
address: Apeldoornseweg 53
address: NL-8172 EH
address: Vaassen
address: The Netherlands
mnt-by: ZYZTM-MNT
e-mail: hostmaster@zyztm.com
admin-c: ZYXE1-RIPE
tech-c: ZYRE1-RIPE
nic-hdl: ZYRE1-RIPE
source: RIPE # Filtered

person: Ing H.J. Xennt
address: ZYZTM Research #10 B.V.
address: Apeldoornseweg 53
address: NL-8172 EH
address: Vaassen
address: The Netherlands
mnt-by: ZYZTM-MNT
e-mail: xennt@zyztm.com
phone: +31 113 323330
nic-hdl: ZYXE1-RIPE
source: RIPE # Filtered

% Information related to '91.209.12.0/24AS34109'

route: 91.209.12.0/24
descr: ZYZTM-ROUTE
origin: AS34109
mnt-by: ZYZTM-MNT
source: RIPE # Filtered
_______________
_______________________________________


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK10683/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy