WhoIs (AS34109) cb3rob.net aka CYBERBUNKER?

Based on the recent comment posted below, it is compelling to provide some perspectives as to how we dotted the lines to Cyberbunker.com.

To begin with, the website http://potentialpredators.com caught our attention and we begun an investigative online monitoring and reporting of site.

http://scamfraudalert.org/2012/09/20/whois-potential-predators-www-potentialpredators-com/

The site operators immediately engaged in a series of scam tactics including name changes

http://PredatorsWatch.com The Leading Predators Watch Site on the Net and movement of sites to various hosts.
Below are some of the sites erected to discredit scamFRAUDalert and detract online vistors.

  1. https://www.youtube.com/watch?v=qUvqoM9ZDTY
  2. Better Business Bureau – Disconnected Phone number: A 866 number SFA perviously owned and had disconnected:
  3. A site we are suspicious of is the DatingJudge.com
  4. Isiah Factor – FOX NEWS REPORTER

Cyberbunker ended up hosting site. Based on researched work we done online, we had knowledge of cyberbunker operations. This web host provide a SAFE HAVEN FOR CYBERCRIMINALS.

This is a very powerful and dangerous group of individuals and in our opinion, they should not be taken lightly.

predatorswatch

cyberbunker

cyberbunker2

AS34109
AS51787
CB3ROB LTD.
CB3ROB LTD. & Co. KG
CyberBunker and affiliates

Address lookup
lookup failed http://www.cb3rob.net

Could not find an IP address for this domain name.
Domain Whois record

Queried whois.internic.net with “dom cb3rob.net”…

Domain Name: CB3ROB.NET
Registrar: CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com

Name Server: NS1.CB3ROB.NET
Name Server: NS2.CB3ROB.NET

Status: clientHold
Updated Date: 21-mar-2013
Creation Date: 04-jan-1999
Expiration Date: 04-jan-2016

Last update of whois database: Fri, 07 Mar 2014 15:27:56 UTC
Queried whois.joker.com with “cb3rob.net”…

Domain Name: cb3rob.net
Registry Domain ID: 5161181_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.joker.com
Registrar URL: http://joker.com/

Updated Date: 2013-03-21T08:35:20Z
Creation Date: 1999-01-04T00:00:00Z

Registrar Registration Expiration Date: 2016-01-04T05:00:00Z
Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com
Registrar IANA ID: 113
Registrar Abuse Contact Email: abuse@joker.com
Registrar Abuse Contact Phone: +49.21186767447
Domain Status: clientHold

Registry Registrant ID: CNET-584239
Registrant Name: CB3ROB Hostmaster
Registrant Organization: CB3ROB Ltd. & Co. KG
Registrant Street: Koloniestrasse 34
Registrant City: BERLIN
Registrant Postal Code: D-13359
Registrant Country: DE
Registrant Phone: +31.878747479
Registrant Email: hostmaster@cb3rob.net

Registry Admin ID: CNET-73324
Admin Name: CB3ROB Hostmaster
Admin Organization: CB3ROB Ltd. & Co. KG
Admin Street: Koloniestrasse 34
Admin City: BERLIN
Admin Postal Code: D-13359
Admin Country: DE
Admin Phone: +31.878747479
Admin Email: hostmaster@cb3rob.net

Registry Tech ID: CNET-73324
Tech Name: CB3ROB Hostmaster
Tech Organization: CB3ROB Ltd. & Co. KG
Tech Street: Koloniestrasse 34
Tech City: BERLIN
Tech Postal Code: D-13359
Tech Country: DE
Tech Phone: +31.878747479
Tech Email: hostmaster@cb3rob.net

Name Server: ns1.cb3rob.net 84.22.96.10 2a02:880:0:a::1337
Name Server: ns2.cb3rob.net 84.22.97.10 2a02:880:0:b::1337
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-03-07T15:28:29Z <<<
Query Time: 0.012433
Query Source: 64.79.168.170
WHOIS Source: joker.com live whois service

Related Article:

  1. KrebsnonSccurity – Cyberbunker.com
  2. Dynamoo’s Blog – A Champion of Free Speech or A Spammer?

4 thoughts on “WhoIs (AS34109) cb3rob.net aka CYBERBUNKER?

  1. SFA Reporter says:

    Address lookup
    canonical name predatorswatch.com.
    aliases
    addresses 176.74.176.178
    Domain Whois record

    Queried whois.internic.net with “dom predatorswatch.com”…

    Domain Name: PREDATORSWATCH.COM
    Registrar: ENOM, INC.
    Whois Server: whois.enom.com
    Referral URL: http://www.enom.com
    Name Server: BUY.INTERNETTRAFFIC.COM
    Name Server: SELL.INTERNETTRAFFIC.COM
    Status: clientTransferProhibited
    Updated Date: 12-feb-2014
    Creation Date: 09-nov-2012
    Expiration Date: 09-nov-2014

    Last update of whois database: Fri, 07 Mar 2014 15:45:25 UTC
    Queried whois.enom.com with “predatorswatch.com”…

    Domain Name: PREDATORSWATCH.COM
    Registry Domain ID: 1758177351_DOMAIN_COM-VRSN
    Registrar WHOIS Server: whois.enom.com
    Registrar URL: http://www.enom.com
    Updated Date: 2014-02-24 17:34:21Z
    Creation Date: 2012-11-09 14:23:33Z
    Registrar Registration Expiration Date: 2014-11-09 14:23:33Z
    Registrar: ENOM, INC.
    Registrar IANA ID: 48
    Registrar Abuse Contact Email: abuse@enom.com
    Registrar Abuse Contact Phone: +1.425-274-4500

    Domain Status: clientTransferProhibited

    Registry Registrant ID:
    Registrant Name: WHOIS AGENT
    Registrant Organization: WHOIS PRIVACY PROTECTION SERVICE, INC.
    Registrant Street: PO BOX 639
    Registrant Street: C/O PREDATORSWATCH.COM
    Registrant City: KIRKLAND
    Registrant State/Province: WA
    Registrant Postal Code: 98083
    Registrant Country: US
    Registrant Phone: +1.4252740657
    Registrant Phone Ext:
    Registrant Fax: +1.4259744730
    Registrant Fax Ext:
    Registrant Email: DGKXBLWHLB@WHOISPRIVACYPROTECT.COM

    Registry Admin ID:
    Admin Name: WHOIS AGENT
    Admin Organization: WHOIS PRIVACY PROTECTION SERVICE, INC.
    Admin Street: PO BOX 639
    Admin Street: C/O PREDATORSWATCH.COM
    Admin City: KIRKLAND
    Admin State/Province: WA
    Admin Postal Code: 98083
    Admin Country: US
    Admin Phone: +1.4252740657
    Admin Phone Ext:
    Admin Fax: +1.4259744730
    Admin Fax Ext:
    Admin Email: DGKXBLWHLB@WHOISPRIVACYPROTECT.COM

    Registry Tech ID:
    Tech Name: WHOIS AGENT
    Tech Organization: WHOIS PRIVACY PROTECTION SERVICE, INC.
    Tech Street: PO BOX 639
    Tech Street: C/O PREDATORSWATCH.COM
    Tech City: KIRKLAND
    Tech State/Province: WA
    Tech Postal Code: 98083
    Tech Country: US
    Tech Phone: +1.4252740657
    Tech Phone Ext:
    Tech Fax: +1.4259744730
    Tech Fax Ext:
    Tech Email: DGKXBLWHLB@WHOISPRIVACYPROTECT.COM

    Name Server: BUY.INTERNETTRAFFIC.COM
    Name Server: SELL.INTERNETTRAFFIC.COM
    DNSSEC: unSigned
    URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
    Last update of WHOIS database: 2014-02-24 17:34:21Z

    Network Whois record

    Queried whois.ripe.net with “-B 176.74.176.178″…

    % Information related to ‘176.74.176.160 – 176.74.176.191’

    % Abuse contact for ‘176.74.176.160 – 176.74.176.191’ is ‘abuse@peer1.com’

    inetnum: 176.74.176.160 – 176.74.176.191
    netname: SchillingAviation
    descr: Schilling Aviation
    country: GB
    org: ORG-PNEL1-RIPE
    admin-c: NOC116-RIPE
    tech-c: NOC116-RIPE
    status: ASSIGNED PA
    mnt-domains: PNE-NETADMIN-MNT
    mnt-by: PNE-NETADMIN-MNT
    source: RIPE
    changed: net-admin@peer1.net 20120514

    organisation: ORG-PNEL1-RIPE
    org-name: Peer 1 Network Enterprises Limited
    org-type: LIR
    address: Peer 1 Network Inc. 1000-555 West Hastings Street V6B 4N5 Vancouver Canada
    phone: +16046837747
    fax-no: +16046834634
    e-mail: support@peer1.com
    mnt-ref: RIPE-NCC-HM-MNT
    mnt-ref: PNE-NETADMIN-MNT
    mnt-by: RIPE-NCC-HM-MNT
    changed: hostmaster@ripe.net 20090408
    changed: bitbucket@ripe.net 20090409
    changed: bitbucket@ripe.net 20090409
    changed: bitbucket@ripe.net 20090415
    changed: bitbucket@ripe.net 20091012
    changed: bitbucket@ripe.net 20091214
    changed: bitbucket@ripe.net 20100222
    changed: bitbucket@ripe.net 20100817
    changed: bitbucket@ripe.net 20100906
    changed: bitbucket@ripe.net 20100908
    changed: bitbucket@ripe.net 20100929
    changed: bitbucket@ripe.net 20110209
    changed: bitbucket@ripe.net 20110503
    changed: bitbucket@ripe.net 20110504
    changed: bitbucket@ripe.net 20110504
    changed: bitbucket@ripe.net 20110512
    changed: bitbucket@ripe.net 20110513
    changed: bitbucket@ripe.net 20110519
    changed: bitbucket@ripe.net 20110524
    changed: bitbucket@ripe.net 20120427
    changed: bitbucket@ripe.net 20120516
    changed: bitbucket@ripe.net 20120516
    changed: bitbucket@ripe.net 20120522
    changed: bitbucket@ripe.net 20120627
    changed: bit-bucket@ripe.net 20130405
    changed: bit-bucket@ripe.net 20130405
    abuse-c: PE1
    source: RIPE

    person: Peer 1 Support
    address: Suite 1000 – 555 West Hastings St.
    address: Vancouver
    address: British Columbia
    address: Canada
    phone: +6044842588
    e-mail: support@peer1.com
    nic-hdl: NOC116-RIPE
    mnt-by: PNE-NETADMIN-MNT
    source: RIPE
    changed: lenticknap@peer1.com 20130405

    % This query was served by the RIPE Database Query Service version 1.71 (WHOIS1)

    DNS records

    DNS query for 178.176.74.176.in-addr.arpa returned an error from the server: NameError
    name class type data time to live
    predatorswatch.com IN A 176.74.176.178 300s (00:05:00)
    predatorswatch.com IN NS buy.internettraffic.com 86400s (1.00:00:00)
    predatorswatch.com IN NS sell.internettraffic.com 86400s (1.00:00:00)

    — end —

  2. UK Education says:

    Be extremely caution, there are a bunch of scammers that control huge amount of domains that are vitally dangerous. I personally met them accidentally and then all started to happen with me. If someone is really too much affected with them and has legal evidence, please get in touch with me on osdc@outlook.com.

  3. SFA Reporter says:

    Address lookup

    lookup failed cb3rob.net
    Could not find an IP address for this domain name.
    Domain Whois record

    Queried whois.internic.net with “dom cb3rob.net”…

    Domain Name: CB3ROB.NET
    Registrar: CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM
    Whois Server: whois.joker.com
    Referral URL: http://www.joker.com
    Name Server: NS1.CB3ROB.NET
    Name Server: NS2.CB3ROB.NET
    Status: clientHold
    Updated Date: 21-mar-2013
    Creation Date: 04-jan-1999
    Expiration Date: 04-jan-2016

    Last update of whois database: Sat, 03 Jan 2015 22:52:12 GMT
    Queried whois.joker.com with “cb3rob.net”…

    Domain Name: cb3rob.net
    Registry Domain ID: 5161181_DOMAIN_NET-VRSN
    Registrar WHOIS Server: whois.joker.com
    Registrar URL: http://joker.com/

    Updated Date: 2013-03-21T08:35:20Z
    Creation Date: 1999-01-04T00:00:00Z

    Registrar Registration Expiration Date: 2016-01-04T05:00:00Z
    Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com

    Registrar IANA ID: 113
    Registrar Abuse Contact Email: abuse@joker.com
    Registrar Abuse Contact Phone: +49.21186767447

    Domain Status: clientHold

    Registry Registrant ID:
    Registrant Name: CB3ROB Hostmaster
    Registrant Organization: CB3ROB Ltd. & Co. KG
    Registrant Street: Koloniestrasse 34
    Registrant City: BERLIN
    Registrant Postal Code: D-13359
    Registrant Country: DE
    Registrant Phone: +31.878747479
    Registrant Email: hostmaster@cb3rob.net

    Registry Admin ID:
    Admin Name: CB3ROB Hostmaster
    Admin Organization: CB3ROB Ltd. & Co. KG
    Admin Street: Koloniestrasse 34
    Admin City: BERLIN
    Admin Postal Code: D-13359
    Admin Country: DE
    Admin Phone: +31.878747479
    Admin Email: hostmaster@cb3rob.net

    Registry Tech ID:
    Tech Name: CB3ROB Hostmaster
    Tech Organization: CB3ROB Ltd. & Co. KG
    Tech Street: Koloniestrasse 34
    Tech City: BERLIN
    Tech Postal Code: D-13359
    Tech Country: DE
    Tech Phone: +31.878747479
    Tech Email: hostmaster@cb3rob.net

    Name Server: ns1.cb3rob.net 84.22.96.10 2a02:880:0:a::1337
    Name Server: ns2.cb3rob.net 84.22.97.10 2a02:880:0:b::1337
    DNSSEC: unsigned
    URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
    >>> Last update of WHOIS database: 2015-01-03T22:52:18Z <<<

    Query Time: 0.138184
    Query Source: 63.134.201.222
    WHOIS Source: joker.com live whois service

  4. SFA Reporter says:

    On Saturday, 25 August 2012 12:08 -0700,
    in article W7WdnXbhZMEDv6TNnZ2dnUVZ_sKXn…@earthlink.com

    Thane <m…@ix.netcom.com> wrote:
    David Ritz wrote:
    On Saturday, 25 August 2012 11:14 -0700, in article
    MPG.2aa28ff0cedf7195989…@news.aioe.org
    Jessica m…@privacy.net
    wrote:
    The Payload site in the spam is http://pharmacymedicinegroup.com which resolves to 84.22.127.43
    WHOIS tells me less than nothing and traceroute times out yet the
    page still manages to display itself. Anyone know who is hosting
    these criminals today?

    CB3ROB-CYBERBUNKER, known for spammer & cybercriminal hosting:
    Already blacklisted URIBL and others.

    pharmacymedicinegroup.com.dbl.spamhaus.org descriptive text
    “http://www.spamhaus.org/query/dbl?domain=pharmacymedicinegroup.com”
    pharmacymedicinegroup.com.multi.uribl.com descriptive text
    “Blacklisted, see
    http://lookup.uribl.com/?domain=pharmacymedicinegroup.com
    pharmacymedicinegroup.com.multi.surbl.org descriptive text “Blocked,
    pharmacymedicinegroup.com on lists [jp][ws], See:
    http://www.surbl.org/lists.html

    – —
    David Ritz <dr…@mindspring.com>
    Be kind to animals; kiss a shark.

    Information related to ‘84.22.96.0 – 84.22.127.255’

    inetnum: 84.22.96.0 – 84.22.127.255
    netname: NL-CB3ROB-20040921
    descr: CB3ROB Ltd. & Co. KG
    country: DE
    org: ORG-CA76-RIPE
    admin-c: CBRC1-RIPE
    tech-c: CBRC1-RIPE
    status: ALLOCATED PA
    mnt-by: RIPE-NCC-HM-MNT
    mnt-lower: MNT-CB3ROB
    mnt-domains: MNT-CB3ROB
    mnt-routes: MNT-CB3ROB
    source: RIPE # Filtered

    organisation: ORG-CA76-RIPE
    org-name: CB3ROB Ltd. & Co. KG
    org-type: LIR
    address: CB3ROB Ltd. & Co. KG
    Hostmaster
    Koloniestrasse 34
    D-13359 BERLIN
    GERMANY
    phone: +31878747479
    fax-no: +31878747479
    admin-c: CBRC1-RIPE
    admin-c: CBAB1-RIPE
    admin-c: ZYXE1-RIPE
    admin-c: CBSK1-RIPE
    admin-c: CBYT1-RIPE
    mnt-ref: RIPE-NCC-HM-MNT
    mnt-ref: MNT-CB3ROB
    mnt-by: RIPE-NCC-HM-MNT
    source: RIPE # Filtered

    role: CB3ROB Hostmaster
    address: CB3ROB Ltd. & Co. KG
    address: Koloniestrasse 34
    address: D-13359
    address: BERLIN
    address: Germany
    mnt-by: MNT-CB3ROB
    phone: +31 87 8747479
    admin-c: CBRC1-RIPE
    tech-c: CBRC1-RIPE
    nic-hdl: CBRC1-RIPE
    source: RIPE # Filtered

    % Information related to ‘84.22.96.0/19AS34109’

    route: 84.22.96.0/19
    descr: R84-22-96-0
    origin: AS34109
    mnt-by: MNT-CB3ROB
    source: RIPE # Filtered

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s