WingNews logo WingNews
top | item 10594112

ISIS darknet site is Wordpress hosted in Amsterdam

5 points| rolandboon | 10 years ago |krypt3ia.wordpress.com

2 comments

order

jacquesm|10 years ago

That's a pretty thin bit of evidence. A simple traceroute tells a different story.

  traceroute -n 185.92.223.209
  traceroute to 185.92.223.209 (185.92.223.209), 30 hops max, 60 byte packets
   1  192.168.178.1  0.234 ms  0.256 ms  0.347 ms
   2  * * *
   3  213.51.189.185  28.455 ms  28.474 ms  28.465 ms
   4  213.51.158.2  28.555 ms  28.442 ms  28.535 ms
   5  * * *
   6  84.116.136.2  28.556 ms 84.116.134.69  40.941 ms  40.837 ms
   7  80.249.208.36  40.916 ms  12.764 ms  20.108 ms
   8  81.20.72.122  163.443 ms  225.328 ms  237.616 ms
   9  108.61.198.3  20.033 ms  24.019 ms  11.429 ms
  10  185.92.223.209  15.245 ms  16.994 ms  16.989 ms
Confirmed by a simple whois on the /16:

whois 185.92.0.0 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf

  % Note: this output has been filtered.
  %       To receive output for a database update, use the "-B" flag.

  % Information related to '185.92.0.0 - 185.92.0.255'

  % Abuse contact for '185.92.0.0 - 185.92.0.255' is 'abuse@isimkayit.com'

  inetnum:        185.92.0.0 - 185.92.0.255
  geoloc:         40.76573368922964 29.789603054523468
  netname:        Isim-Kayit-Bilisim
  descr:          Isim Kayit Bilisim
  country:        TR
  admin-c:        KK5679-RIPE
  tech-c:         KK5679-RIPE
  status:         ASSIGNED PA
  mnt-by:         isimkayit
  created:        2015-03-30T16:37:54Z
  last-modified:  2015-03-30T16:46:06Z
  source:         RIPE # Filtered

  person:         Kadir Kurt
  abuse-mailbox:  abuse@isimkayit.com
  address:        Esentepe Mah. Agadere Cad. NO:75 Kat:1 Korfez/Kocaeli
  phone:          +908502903344
  nic-hdl:        KK5679-RIPE
  mnt-by:         isimkayit
  created:        2015-03-13T13:57:32Z
  last-modified:  2015-03-30T13:04:37Z
  source:         RIPE # Filtered

  % Information related to '185.92.0.0/24As43260'

  route:          185.92.0.0/24
  descr:          Isim Kayit Bilisim ve Web Hosting Hizmetleri
  origin:         As43260
  mnt-by:         isimkayit
  created:        2015-03-16T14:52:59Z
  last-modified:  2015-06-26T07:29:03Z
  source:         RIPE # Filtered
  remarks:        Sirketimiz, ilgili kanun geregi, "YER SAGLAYICI" konumundadir.
  remarks:        Olusturulan icerikler musterilerin kontrol ve yonetimindeki web sunucularindan yapilmaktadir.
  remarks:        Kanun No. 5651 - MADDE 5(1) Yer saglayici, yer sagladigi icerigi kontrol etmek veya
  remarks:        hukuka aykiri bir faaliyetin soz konusu olup olmadigini arastirmakla yukumlu degildir.

  % This query was served by the RIPE Database Query Service version 1.82 (DB-2)
So my money would be on the host residing in Turkey.

gloves|10 years ago

Cracking work!