Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: JohnC on September 03, 2008, 05:08:14 pm

Title: EstDomains clearing up the shit
Post by: JohnC on September 03, 2008, 05:08:14 pm
Any domains registered through EstDomains which are on the MDL they are contacting customers telling them they need to clean their sites or they will cancel the domain. In the last two days I have had various requests to remove domains. Whether or not these domains are only being cleaned temporarily to be removed from the MDL and will then go back to hosting/directing users to malware I am unaware.

Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 03, 2008, 05:28:26 pm
Ehmm...not really sure if I understood the above correctly...
you mean that EstDomains itself told it's clients to start clean up the crap,
and their now trying to convince you to do so?   ???
Or just that malware authors/estdomains clients do it by themselves,
as a temporary defensive mechanism?
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 03, 2008, 05:30:52 pm
I normally only get requests to remove domains which are RFIs and that kind of thing which have been cleaned.

The last couple of days I have gotten a lot of other requests, one said that his registrar gave him seven days to clean it up. Another guy asked me if I could CC the email back to notify@estdomains.com
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 03, 2008, 05:38:41 pm
I'm really confused. I thought that Estdomains is related to Atrivo and a source of evil. :-\
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 03, 2008, 05:41:05 pm
This is what I don't understand. Why are they contacting their customers and asking them to clean their sites?
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 03, 2008, 05:41:54 pm
Guys,check this out now...seems they're in the process of somehow starting a 'new round'...
at the moment (temporarily?) removing at least some of the already spotted 'in the wild' domains:
http://www.malwaredomainlist.com/forums/index.php?topic=2149.msg5221#msg5221
At least that's what I understand myself,it can't be a complete coincidence...
Few well-known members/friends have already replied in the WashingtonPost article from what I see...
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 03, 2008, 05:57:56 pm
Personal opinion,maybe I'm wrong on this,maybe not...
Do NOT remove anything hosted in RBN netblocks for the time being,
no matter if domains get temporarily cleaned/shut down -> to HELL with all of them.

If they are indeed legitimate webmasters with no malicious intentions whatsoever,
well then,they should choose different web space providers -> simple as that,heh...
Hope to hear other people's opinion on this matter...
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 03, 2008, 06:00:53 pm
I've still got stuff from 81.95.149 which I hadn't cleaned out, just incase the domains come back with new IPs :)
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 03, 2008, 06:10:55 pm
Link taken from the (currently) last comment over at WashingtonPost's article...
http://msmvps.com/blogs/hostsnews/archive/2008/09/03/1646589.aspx
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 03, 2008, 06:37:15 pm
I've got a ton of Est related domains in hpHosts, including a few that were found within the last 48 hours.

I'm pretty sure there's a site monitoring Est NS's, but can't find the ref atm :(
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 03, 2008, 07:12:56 pm
Maybe there is a relation between this activities and the astonishing high number of users from August 26,
what never happened before at this dimension.

 Most Online Ever: 320 (August 26, 2008, 09:07:15 PM)
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 03, 2008, 07:26:00 pm
The WashingtonPost article is dated two days later,August 28,who knows...
Personally,I've came to the conclusion that the hit stats counter must been b0rked,ha-ha...
because it says 'Most Online Ever: 320'...but at the same moment...only 237 Members in total?  ;D
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 03, 2008, 07:34:30 pm
users online doesn't mean members online. users can be guests.
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 03, 2008, 07:36:26 pm
I think a large amount were Yahoo search engine crawlers. They have a large amount on the site at a time, and with unique IPs mostly.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 03, 2008, 07:43:42 pm
Heh,that's funny...imagine that i didn't knew that...
until now,i thought it was tracking / displaying in public,
only the number of maximum logged-in members...  ::)
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 03, 2008, 08:27:38 pm
http://www.umaxforum.com/showthread.php?t=29510
http://www.master-x.com/forum/topics/108213/
http://www.domenforum.net/showthread.php?t=54514
http://www.gofuckbiz.com/showthread.php?t=4085

This one makes me curious: http://forums.acenet-inc.net/Private/showthread.php?t=2454

Private forum at a hosting company.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 03, 2008, 09:15:31 pm
http://www.google.com/translate?langpair=ru|en&u=http://www.master-x.com/forum/topics/108213/page/75/

The point where the Esthost representative refers to MDL,
and the act of de-listing the domains during the next update...
don't know,but something certainly didn't felt ok inside me there...
URIBL didn't even bothered replying back to them:
that seems to have hurted them,and I think that maybe that's the very best choice...
Why even bother start conversations with these lamers...i doubt anyone else out there has...
just let them run with no place to hide...or better said,with no place to be hosted...
Title: Re: EstDomains clearing up the shit
Post by: TeMerc on September 04, 2008, 03:04:50 am
Here is the latest:
http://go.theregister.com/feed/www.theregister.co.uk/2008/09/03/directi_strikes_back/

I still say we can't trust them. You know they're gonna get another setup in place all too quick.

But time will tell, as I commented in that article.

But for as long as they-Atrivo\Inhoster\Intercage\Est and whoever else have been doing bad on the Net, it will take forever before anyone trusts any parties involved in any of that if ever.

I know I'm no easy push over for this type of outright criminal behavior. Far as I'm concerned they can just drop off the Earth and never return.
Title: Re: EstDomains clearing up the shit
Post by: CM_MWR on September 04, 2008, 06:41:59 am
This explains the surge of XPA2008 everywhere for the last 3 to 4 weeks.

Notice that has let up a bit now.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 04, 2008, 12:27:30 pm
Heh,just got a possible idea about the number of visitors at 26 Aug...articled dated 24 August:  ;)
http://www.sudosecure.net/archives/228

PS:Seen that now cjeremy?So let me not hear you complaining again,
that I'm supposedly the only regular reader there,ha-ha...  :D
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 04, 2008, 03:08:34 pm
http://www.prweb.com/releases/2008/9/prweb1281234.htm (http://www.prweb.com/releases/2008/9/prweb1281234.htm) ;)
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 06, 2008, 03:05:24 am
http://www.avertlabs.com/research/blog/index.php/2008/09/04/the-darksides-domains/
http://www.theregister.co.uk/2008/09/03/directi_strikes_back/
Most of the important news/links can be found via Knujon's site though...

PS:In the very first phrase / beginning of the McAfee article,
do note the part where they make fun of Microsoft,he-he...excellent sense of humour!  ;D
Quote
(and whilst Terry is dancing in doorways)
Title: Re: EstDomains clearing up the shit
Post by: CM_MWR on September 07, 2008, 10:06:58 am
Subject: InterCage, Inc. (NOT Atrivo)
To: NANOG@NANOG.ORG


Hello Everyone,

Good morning.
Seeing the activity in regards to our company here at NANOG, I believe
this is the most reasonable and responsible place to respond to the
current issues on our network. We hope to obtain non-bias opinion's
and good honest and truthful information from the users here.

Being that there are much larger operators here then us, what kind of
insight can you give to the issues that have arisen?

We've near completely removed (completion monday 09/08/08) Hostfresh
from our network. 2 of their /24's have been removed:
58.65.238.0/24 dropped
58.65.239.0/24 dropped
The machine's they leased from us have been canceled.

What do you suggest for the next move?

Thank you for your time. Have a great day.

---
Russell M.
InterCage, Inc.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 07, 2008, 10:33:53 am
Heh,58.65.239.x...this one had filled 10 pages in the list...  :(

http://mailman.nanog.org/pipermail/nanog/2008-September/003645.html
http://mailman.nanog.org/pipermail/nanog/2008-September/subject.html#3630
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 07, 2008, 07:20:29 pm
By request this thread has been made public.
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 09, 2008, 01:38:06 pm
Hi to everybody.
I'm writing on behalf of the EstDomains, Inc and I would like to explain the situation.
We really are in the middle of the total clean-up. We ask every possibly problematic customer to transfer out or make their best to remove themselves from different kinds of anti-abuse listings, in case their projects are legit.
As for the real problematic customers - we suspend them. Suspend totally, including their domains, accounts, look for connections to other accounts and so on.
We would really like to perform this total clean-up, but we need some support as well. Guys, stop accusing us please. You'll definitely see we aren't as bad as you think. We need your support and, even more important, your reports. At the moment, there is about 270,000 domains registered through us and we can't investigate the activity of each of them, so in case you do have any information about any of the domain name being involved in some shady activity, we'll really appreciate if you forward it to us.
Thank you!
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 09, 2008, 07:38:17 pm
EstDomains: A Sordid History and a Storied CEO
http://voices.washingtonpost.com/securityfix/2008/09/estdomains_a_sordid_history_an.html?hpid=sec-tech (http://voices.washingtonpost.com/securityfix/2008/09/estdomains_a_sordid_history_an.html?hpid=sec-tech)

A Superlative Scam and Spam Site Registrar
http://voices.washingtonpost.com/securityfix/2008/09/estdomains.html?nav=rss_blog
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 09, 2008, 07:46:24 pm
Quote
As for the real problematic customers - we suspend them.
One has certainly to wonder if only the customers themselves are the 'problematic' ones...

Quote
We would really like to perform this total clean-up...
We've noticed that EstDomains representatives have already requested people,
in various well-known security related forums/projects,
to provide them with names of well-known malware domains to 'clean' them out...
Since you're in the SEO business,I would assume you're quite familiar with scripting...
thereby,the following queries will probably be a good starting point...

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=estdomains+site:www.siteadvisor.com
1470 results...

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=estdomains+site:hosts-file.net
331 results...

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=estdomains+site:www.castlecops.com
282 results...
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 09, 2008, 07:56:28 pm
Guys, stop accusing us please

We don't accuse anyone. All what we do is collecting facts, facts about malware spreading domains.
And you have a lot of them.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 09, 2008, 08:01:33 pm
...and maybe an even faster way to clean up most of the crap at once...
Just script whois queries against the domains listed in the following two blocklists,
then grep for the matches that got returned...

http://hosts-file.net/?s=Download
http://malwaredomains.com/?page_id=66
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 10, 2008, 01:43:22 am
Okie, I finally got some time to go through the hpHosts DB .... the following all have WhoIs records matching;

EstDomains
est domains
est host

Code: [Select]
1. 0no0.com
2. 0scan.com
3. 3pigs.info
4. 51234.com
5. 60pictures.com
6. 70pictures.com
7. 777top.com
8. 80pictures.com
9. 8teenies.com
10. 90pictures.com
11. 911hits.com
12. 911promotion.com
13. ads4links.com
14. adswap.com
15. adultdollars.net
16. advenet.com
17. adwareaway.net
18. adware-free.com
19. allertaminacce.com
20. allnylonsex.org
21. allsearch.us
22. alprazolam-xanax.com
23. amateurcum.org
24. amateursvideo.biz
25. anathema.biz
26. angelina-jolie-doing-it.info
27. angelsvids.com
28. anja18.com
29. antispyspider.us
30. antispyware2008.org
31. antispyware-2008buy.com
32. antispyware-review.info
33. antivir2008.us
34. antivirus2008pro.info
35. antivirus-2008pro.info
36. antivirus2008-pro.info
37. antivirus2008pro.org
38. antivirus-2008pro.org
39. antivirus2008pro-download.info
40. antivirus2009.org
41. antivirus-scanner.com
42. antivirussofware2008.com
43. art-xxx.com
44. as2008rep.com
45. asianzilla.com
46. atomwire.com
47. atubez.info
48. avatarcash.com
49. babe5.com
50. bassfishingzone.com
51. bedreigingsmonitoor.com
52. bestporntgp.org
53. bettinghall.com
54. bigboobsmovies.info
55. binrev.com
56. blac.us
57. blackholedown.com
58. bortmedvirus.com
59. britney-spears-jerking.info
60. bukkakereport.com
61. bzzzzz.org
62. candyvid.com
63. cannotfind.net
64. catalog-tour.ru
65. cbproads.com
66. celebritypicturesarchive.com
67. celebrity-pictures-world.com
68. clickheretoenter.com
69. corporategurus.com
70. cpa4.org
71. d8t.info
72. darklovin.com
73. delicacysex.com
74. deltapub.net
75. demoxi.com
76. desktopia.com
77. destroypcvirus.com
78. diddylicious.com
79. djfuck.net
80. dnano.info
81. dnswebpage.com
82. dont-miss-it.com
83. easyinvestment.info
84. easysearchbar.com
85. eliteidentity.com
86. enginenetwork.com
87. eroticfuckers.com
88. everydaysexygirls.com
89. explorerdestroyer.com
90. extrabigboobs.com
91. felixtorresycia.com
92. filecatchers.com
93. filescheck-list303.com
94. footster.net
95. foto-toys-oggetti.com
96. freebannercredits.com
97. freebigboobs.info
98. freebondagecentral.com
99. free-hit.com
100. freehostx.com
101. freesex-movies.info
102. freesexyhouse.com
103. freesoftportal.com
104. free-virgin-pic.com
105. freevisits.com
106. free-xxx-porn.org
107. freeyaho.com
108. friendslinks.info
109. fromthecockpit.com
110. ftpglobal.com
111. fuckedolder.com
112. full-degradation.com
113. furison.info
114. gamebranders.com
115. ganonstower.com
116. getmoretraffic.com
117. getunder50.com
118. ggl.com
119. ghostwritten.com
120. giftaroo.com
121. giftbox.com
122. gmldev.org
123. googlejobssearch.info
124. grandsupertds.info
125. green-teens.com
126. gsmhosting.com
127. halle-berry-anal-action.org
128. hard-core-xxx.com
129. harddiskvakt.com
130. hentaiphoto.org
131. herass.org
132. heyboy.us
133. home-porn.net
134. hostpinoy.info
135. hostsfile.info
136. hotelbaikal.com
137. hotsexb.com
138. hottesthost.com
139. hottesthosts.com
140. hotvid44.com
141. howtogurus.com
142. icewarezworld.org
143. idi.net
144. imagefap.com
145. immobilien-paraguay.com
146. installtemplates.com
147. internetscanner2009.com
148. introgirls.com
149. ip-messenger.com
150. istorepics.com
151. itopsites.com
152. jamminweb.com
153. janarocks.com
154. jjclix.com
155. joinhomebusiness.com
156. jupiterhosting.com
157. katie-holmes-touching-her-boobs.info
158. keres.info
159. killbillsbrowser.com
160. kissmejamie.com
161. kopythian.com
162. ky4a.info
163. la34.info
164. lakebaikal.info
165. lake-baikal.info
166. lamakalla.com
167. lamodano.info
168. latintee.com
169. leslickers.com
170. lucky-home.org
171. mabou.org
172. mafna.info
173. massivepublicity.com
174. maturesexmovies.info
175. mature-videos.org
176. minigirls.biz
177. movies-xxx.us
178. msnguard.cc
179. msnss.com
180. my-data-team.com
181. myfijifriends.com
182. myseasilver.com
183. myteenpix.com
184. n2teens.com
185. nadadevirus.com
186. nagualhosting.com
187. naturanea.com
188. ndsimeon2.org
189. newsguide.us
190. ngenuity.com
191. no-adware.com
192. no-adware.net
193. nowayvirus.com
194. nude-celebs-online.com
195. nude-teacher.com
196. oldermature.org
197. oneclickchicks.com
198. oneclicksearches.com
199. oreware.com
200. otelix.biz
201. ourmoviez.info
202. partnerpal.com
203. pcdocpro.com
204. pcxmanual.com
205. peachydream.com
206. pereulok.net
207. piassa.biz
208. pictures1.net
209. pictures-and-galleries.com
210. plumprumps.org
211. pmsgalleries.com
212. popular-screen-savers.com
213. popvids.info
214. porn-host.org
215. pornokopec.com
216. porno-sample.com
217. pornsamateur.com
218. porn-samples.com
219. porn-server.org
220. pornstarpage.org
221. porn-teacher.com
222. porn-teen-pic.com
223. porntubj.com
224. preventsuicidenow.com
225. promotingyoursite.com
226. protectingtool.com
227. protejaseudrive.com
228. protezionesoft.com
229. proxycity.com
230. prozvon.info
231. pstats.com
232. qchits.com
233. qck.cc
234. qualitysleaze.com
235. queens-of-sex.com
236. queerbanner.com
237. rapidteam.net
238. ratemyurl.com
239. readytoretail.com
240. real-biz.com
241. registrydefender.com
242. resonext.com
243. resourcerank.us
244. reversephoneonline.com
245. room-adult.com
246. search-climbers.net
247. search-town.info
248. segra.org
249. seivomerutam.info
250. sexbane.com
251. sexclicks.info
252. sex-everyday.com
253. sex--free.com
254. sex-here.biz
255. sex-mix.info
256. sex--x.com
257. sexygirlfriends.org
258. sexy-teacher.net
259. showavailable.com
260. singleasian.org
261. sluttylatina.com
262. snowpornmovies.com
263. soft-best-maxi.com
264. sonicsearch.net
265. spybreaker.com
266. spywareboards.com
267. spyware-remove.com
268. spyxpress.com
269. stadtinfo.org
270. starvid.info
271. stoltbeskyttelse.com
272. surfing4dollar.com
273. systemantiviruspro.com
274. tech-directory.net
275. tech-pro.net
276. tedandfran.com
277. teensonline.us
278. teentop.org
279. thefreespeechstore.com
280. thewhitsundays.com
281. the-young-sex.com
282. topmuzika.com
283. top-teen-sex.com
284. triebstark.com
285. turkseventatil.com
286. turobot.com
287. uknova.com
288. ultragallery.com
289. umaxppc.com
290. umax-ppc.com
291. umaxppc.net
292. umax-ppc.net
293. umaxse.com
294. umax-se.com
295. umaxse.net
296. umaxse.org
297. umaxsearch-ppc.com
298. umax-search-ppc-se.com
299. umaxsearch-ppc-se.com
300. umaxsearch-se.com
301. umax-search-search-engine.com
302. uncensored-p0rn.info
303. universal-video-codec.info
304. uploadurl.com
305. usefulpages.org
306. v74.org
307. v84.org
308. videoid.info
309. virgin-sexy.com
310. viruseffaceur.com
311. virusfighter4u.com
312. voipfoneuserforum.com
313. voyeur-images.org
314. watchsearch.org
315. weekly-teens.com
316. west-video-lesbian.info
317. wholesalepcstuff.com
318. wildteenvids.com
319. wildwestdomains.com
320. winantivirus2008.org
321. windows-antispyware-2008.com
322. winsite.com
323. wolvesnflowers.com
324. womanoftheblues.com
325. worldofporn.us
326. x-moms.biz
327. xoxota.org
328. xq1.net
329. x-wallpapers.com
330. xxx-pics.biz
331. xxx-pics.us
332. yaporn.net
333. yesfree.com
334. young-erotic.com
335. youpornztube.biz
336. youtube-xxx.info
337. zaye.biz
338. zfast.org
******************************************************
338 Found
******************************************************

Note, this list only includes those domains that I've got a WhoIs record cached for ...... there are still thousands of domains in the database, that I don't have a WhoIs record cached for.
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 10, 2008, 01:57:45 am
I'm running through the list now, to see which one's resolve and which don't.
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 10, 2008, 02:11:52 am
Seems there's quite a few still resolving;

http://hosts-file.net/misc/EstDomains_-_hpObserver_Results.html
Title: Re: EstDomains clearing up the shit
Post by: elex on September 10, 2008, 02:13:12 pm
a lot of domain in list with registrar WILDWESTDOMAINS.com  it is not ESTDOMAINS.com.

they have much more domains in that list.
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 10, 2008, 02:14:28 pm
Hey.
2MysteryFCM - thank you, your information was very useful. We have immediately put these domain names to the suspend queue:
heyboy.us
antispyspider.us
antispyware2008.org
antispyware-2008buy.com
antispyware-review.info
antivir2008.us
antivirus2008pro.info
antivirus-2008pro.info
antivirus2008-pro.info
antivirus2008pro.org
antivirus-2008pro.org
antivirus2008pro-download.info
antivirus-scanner.com
as2008rep.com
bestporntgp.org
googlejobssearch.info
hotvid44.com
internetscanner2009.com
mabou.org
mature-videos.org
seivomerutam.info
systemantiviruspro.com
winantivirus2008.org
youtube-xxx.info
zfast.org
icewarezworld.org
v74.org
v84.org
allsearch.us
lamodano.info
3pigs.info
cpa4.org
ky4a.info
amateursvideo.biz
youpornztube.biz
room-adult.com
home-porn.net
freesoftportal.com
antivirussofware2008.com

They will stop working in a couple of hours.
The domains, which are obviously suspicious, but which are not registered through us (mainly they are registered through Wild West Domains):
0scan.com
queens-of-sex.com
universal-video-codec.info
virusfighter4u.com
bettinghall.com
candyvid.com
d8t.info
search-climbers.net
easysearchbar.com
adware-free.com
no-adware.net
70pictures.com
80pictures.com
pictures-and-galleries.com
the-young-sex.com
young-erotic.com
spywareboards.com
oneclicksearches.com
tech-pro.net
freebondagecentral.com
nude-celebs-online.com
adwareaway.net
joinhomebusiness.com
pornokopec.com
spyware-remove.com
n2teens.com
peachydream.com


As for the others - the investigation is still in progress, there is a lot of domains in question. Could you give me your email please? I'd like to ask several questions regarding several domains, which I was not able to find any information about.
In case you don't want to publish your email here - could you send me an email to kokach@estdomains.com?
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 10, 2008, 05:07:19 pm
E-mail sent ....
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 10, 2008, 05:17:50 pm
Code: [Select]
0scanner.com
404dnserror.com
aboutadultsex.com
adprotect.com
adultan.com
adultbookings.com
adultfilmsite.com
adultmovieplus.com
adultsexcar.com
adultsper.com
adultstarworld.com
adultvideodot.com
adultzoneworld.com
alivegirls.com
all1count.net
alltruesoftware.com
anti-virus-pro.com
antispy2008.net
antispyware-reviews.biz
antispywaredeluxe.com
antivir911.com
antivirgear.com
antivirus-2009-pro.com
antivirus-download-2008.net
antivirusgold.com
antivirusol.com
anvi-scanner.com
aprotectedpage.com
asecureboard.com
avourlinks.com
avsystemcare.com
azureteens.com
bestdailymovies.com
bestoemsoft.com
bestpornoworld.com
bestsecurityguide.com
center-porn.com
checksystem-online.com
clearantispyware.com
clipsforadults.com
clubxxxvideo.com
codec-scan.com
codecaddon.com
codecfeature.com
codecname.com
codecplus.com
codecportal.com
cool-downloadz.net
crazyhardpics.com
cruiseporn.com
cutadult.com
dabestdomain.info
dailyxvids.com
dentsu-inc.com
deuscleaneronline.com
dontgetporn.com
downloadcontrol.com
dvdsmovies.net
dvdsvideos.net
engine-ticket.com
engineadult.net
enom.com
expressantivirus2009.com
extasycodec.com
extremescatporn.com
fabulous.com
fastsoftdownloads.com
filescheck-list303.com
findadultsex.com
free3xmovies.com
freeimageheaven.com
freevideohub.com
fun-ticket.net
funnyfilmproduction.com
funxxxporn.com
galleryclick.net
gallerypictures.net
gettotalsec2008.com
givegate.com
gmkvideo.com
gocodec.com
golden-portal.com
google-software.org
greatadultvideo.com
greatcodec.com
hardcorevideosite.com
helpticket.net
hostit.liveadulthost.com
hotelcodec.com
hotxxxadult.com
hqcodec.com
hugefreevids.com
hugevideoszone.com
huytegygle.com
ia-payment.com
ia-scan-pro.com
icodecpack.com
ie-searchengine.com
iesafetypage.com
inc-codec.com
interweavetech.com
ispfiltersporn.com
itsgo.com
lilasite.com
liveantispy.net
livesecuritycenter.com
loweradult.com
magicppc.com
medcodec.com
mediasportal.com
mega-adult.com
moviesdvds.net
mscodec.com
msscanner.com
my-pretty.com
nakedpornstars.net
name-services.com
name-ticket.net
nameservicedirect.com
needupdate.com
net-codec.com
network-ticket.com
newmediadriver.com
online-sercher.com
online-srch.com
onlineupgradesoft.com
onlyfreepornvideos.com
onscan2008.com
page-ticket.com
perfectedsecurity.com
pilotcodec.com
play-ticket.com
playcontact.com
playhardmovie.com
playjust.com
playxvideo.com
playxxxvideo.net
plus-codec.com
popular-ticket.com
porn-abc.com
porn-contact.com
porn-global.net
porn-go.net
porn-group.net
porn-party.net
porn-play.net
porn-plus.net
porn-power.net
porn-room.net
pornabout.com
porndrive.net
pornhelp.net
pornissex.com
pornname.net
pornoexit.com
pornsexcafe.com
porntimeguide.com
porntubefilms.com
porntubesite.com
pornxxxfilm.com
privacy-scanner.com
protectionssoft.com
shefeltsmall.com
siteticket.net
softwaredesign6.com
softwarereferral.com
spicycodec.com
spyguarder.com
spylocked.com
spyshredderscanner.com
spywall.net
spywarequake.com
starvideosproduction.com
stephieporn.com
strcodec.com
sunlovegalz.com
superadultfriend.com
superliveporn.com
superporncity.com
sureadult.com
syserrors.com
sysguardsite.net
sysnetsecurity.com
sysnetsecurity.net
sysprotectionpage.com
sysprotectionpage.net
syssecuritysite.com
syssecuritysite.net
systemsecurityindex.com
systemupdates.net
teenporntop.com
theadulteye.com
theantivirusscan.com
thebdsmvideos.com
thecleanersystem.com
thefilmxxx.com
theguardservices.com
thesecuritypages.com
thesecuritytest.com
thespybotpromo.com
thespyguard.com
theuptodatesafety.com
theuptodatesecurity.com
todaysbestvideo.com
todaywarnings.com
toppornclips.com
topvidsonline.com
totalcodec.com
totalsecuredownload.com
trustedantivirus.com
tubeprivate.net
tv-codec.com
tv-codecs.com
tvs-codec.com
tvscodec.com
udefender.com
updateyoursystem.com
usbestporn.com
useticket.com
vac-soft.com
vacwebsoft.com
vccodec.com
virtual-ticket.net
virus-online-scanz.com
virusburst.com
virusprotectionproonline.com
virusprotectpro.biz
vivacodec.com
warningiepage.com
warningmessage.com
watchnenjoy.com
win-xp-antivir-hqscanner.com
windowsxp-privacy.net
worldbestadult.com
wsexi.com
x-ratedclips.com
x-traffic.biz
xp-licensingpages.com
xp-vista-update.net
xpds1.com
xspy-shredder.com
xxxadultgold.com
xxxallvideo.com
xxxmovietour.com
xxxteenfilm.com
xxxzonevideo.com
zero-codec.com

247 domains -> currently all of them resolvable.
Maybe some of them where already mentioned above.
And no,at least personally,I'm certainly not gonna use any 'ticket' system that EstDomains might have...
You all know how to scrape through data returned from blocklists and whois,isn't it so?  ;)
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 10, 2008, 05:40:54 pm
I've modified the query I wrote and;

Code: [Select]
1. 0no0.com
2. 3pigs.info
3. 51234.com
4. 60pictures.com
5. 70pictures.com
6. 777top.com
7. 80pictures.com
8. 8teenies.com
9. 90pictures.com
10. 911hits.com
11. 911promotion.com
12. ads4links.com
13. adswap.com
14. adultdollars.net
15. advenet.com
16. adwareaway.net
17. adware-free.com
18. allertaminacce.com
19. allnylonsex.org
20. allsearch.us
21. alprazolam-xanax.com
22. amateurcum.org
23. amateursvideo.biz
24. anathema.biz
25. angelina-jolie-doing-it.info
26. angelsvids.com
27. anja18.com
28. antispyspider.us
29. antispyware2008.org
30. antispyware-2008buy.com
31. antispyware-review.info
32. antivir2008.us
33. antivirus2008pro.info
34. antivirus-2008pro.info
35. antivirus2008-pro.info
36. antivirus2008pro.org
37. antivirus-2008pro.org
38. antivirus2008pro-download.info
39. antivirus2009.org
40. antivirus-scanner.com
41. antivirussofware2008.com
42. art-xxx.com
43. as2008rep.com
44. asianzilla.com
45. atomwire.com
46. atubez.info
47. avatarcash.com
48. babe5.com
49. bassfishingzone.com
50. bedreigingsmonitoor.com
51. bestporntgp.org
52. bettinghall.com
53. bigboobsmovies.info
54. binrev.com
55. blac.us
56. blackholedown.com
57. bortmedvirus.com
58. britney-spears-jerking.info
59. bukkakereport.com
60. bzzzzz.org
61. candyvid.com
62. cannotfind.net
63. cbproads.com
64. celebritypicturesarchive.com
65. celebrity-pictures-world.com
66. clickheretoenter.com
67. corporategurus.com
68. cpa4.org
69. darklovin.com
70. delicacysex.com
71. deltapub.net
72. demoxi.com
73. desktopia.com
74. destroypcvirus.com
75. diddylicious.com
76. djfuck.net
77. dnano.info
78. dnswebpage.com
79. dont-miss-it.com
80. easysearchbar.com
81. eliteidentity.com
82. enginenetwork.com
83. eroticfuckers.com
84. everydaysexygirls.com
85. explorerdestroyer.com
86. extrabigboobs.com
87. felixtorresycia.com
88. filecatchers.com
89. filescheck-list303.com
90. footster.net
91. foto-toys-oggetti.com
92. freebannercredits.com
93. freebigboobs.info
94. free-hit.com
95. freehostx.com
96. freesex-movies.info
97. freesexyhouse.com
98. freesoftportal.com
99. free-virgin-pic.com
100. freevisits.com
101. free-xxx-porn.org
102. freeyaho.com
103. friendslinks.info
104. fromthecockpit.com
105. ftpglobal.com
106. fuckedolder.com
107. full-degradation.com
108. furison.info
109. gamebranders.com
110. ganonstower.com
111. getmoretraffic.com
112. getunder50.com
113. ggl.com
114. ghostwritten.com
115. giftaroo.com
116. giftbox.com
117. grandsupertds.info
118. green-teens.com
119. gsmhosting.com
120. halle-berry-anal-action.org
121. hard-core-xxx.com
122. harddiskvakt.com
123. hentaiphoto.org
124. herass.org
125. heyboy.us
126. home-porn.net
127. hotelbaikal.com
128. hotsexb.com
129. hotvid44.com
130. howtogurus.com
131. icewarezworld.org
132. idi.net
133. imagefap.com
134. immobilien-paraguay.com
135. installtemplates.com
136. internetscanner2009.com
137. introgirls.com
138. ip-messenger.com
139. istorepics.com
140. itopsites.com
141. jamminweb.com
142. janarocks.com
143. jjclix.com
144. joinhomebusiness.com
145. jupiterhosting.com
146. katie-holmes-touching-her-boobs.info
147. keres.info
148. killbillsbrowser.com
149. kissmejamie.com
150. kopythian.com
151. ky4a.info
152. la34.info
153. lamakalla.com
154. lamodano.info
155. latintee.com
156. leslickers.com
157. lucky-home.org
158. mabou.org
159. mafna.info
160. massivepublicity.com
161. maturesexmovies.info
162. mature-videos.org
163. minigirls.biz
164. movies-xxx.us
165. msnguard.cc
166. msnss.com
167. my-data-team.com
168. myfijifriends.com
169. myseasilver.com
170. myteenpix.com
171. n2teens.com
172. nadadevirus.com
173. nagualhosting.com
174. naturanea.com
175. ndsimeon2.org
176. newsguide.us
177. ngenuity.com
178. no-adware.com
179. no-adware.net
180. nowayvirus.com
181. nude-celebs-online.com
182. nude-teacher.com
183. oldermature.org
184. oneclickchicks.com
185. oneclicksearches.com
186. oreware.com
187. ourmoviez.info
188. partnerpal.com
189. pcdocpro.com
190. pcxmanual.com
191. peachydream.com
192. pereulok.net
193. piassa.biz
194. pictures1.net
195. pictures-and-galleries.com
196. plumprumps.org
197. pmsgalleries.com
198. popular-screen-savers.com
199. popvids.info
200. porn-host.org
201. pornokopec.com
202. porno-sample.com
203. porn-samples.com
204. pornstarpage.org
205. porn-teacher.com
206. porn-teen-pic.com
207. porntubj.com
208. preventsuicidenow.com
209. promotingyoursite.com
210. protectingtool.com
211. protejaseudrive.com
212. protezionesoft.com
213. proxycity.com
214. prozvon.info
215. pstats.com
216. qchits.com
217. qck.cc
218. qualitysleaze.com
219. queens-of-sex.com
220. queerbanner.com
221. rapidteam.net
222. ratemyurl.com
223. readytoretail.com
224. real-biz.com
225. registrydefender.com
226. resonext.com
227. resourcerank.us
228. reversephoneonline.com
229. room-adult.com
230. search-climbers.net
231. search-town.info
232. segra.org
233. seivomerutam.info
234. sexbane.com
235. sexclicks.info
236. sex-everyday.com
237. sex--free.com
238. sex-here.biz
239. sex-mix.info
240. sex--x.com
241. sexygirlfriends.org
242. sexy-teacher.net
243. showavailable.com
244. singleasian.org
245. sluttylatina.com
246. snowpornmovies.com
247. soft-best-maxi.com
248. sonicsearch.net
249. spybreaker.com
250. spywareboards.com
251. spyware-remove.com
252. spyxpress.com
253. stadtinfo.org
254. starvid.info
255. stoltbeskyttelse.com
256. surfing4dollar.com
257. systemantiviruspro.com
258. tech-directory.net
259. tech-pro.net
260. tedandfran.com
261. teensonline.us
262. teentop.org
263. thefreespeechstore.com
264. thewhitsundays.com
265. the-young-sex.com
266. topmuzika.com
267. top-teen-sex.com
268. triebstark.com
269. turkseventatil.com
270. turobot.com
271. uknova.com
272. umaxppc.com
273. umax-ppc.com
274. umaxppc.net
275. umax-ppc.net
276. umaxse.com
277. umax-se.com
278. umaxse.net
279. umaxsearch-ppc.com
280. umax-search-ppc-se.com
281. umaxsearch-ppc-se.com
282. umaxsearch-se.com
283. umax-search-search-engine.com
284. uncensored-p0rn.info
285. uploadurl.com
286. usefulpages.org
287. v74.org
288. v84.org
289. videoid.info
290. virgin-sexy.com
291. viruseffaceur.com
292. voipfoneuserforum.com
293. voyeur-images.org
294. watchsearch.org
295. weekly-teens.com
296. west-video-lesbian.info
297. wholesalepcstuff.com
298. wildteenvids.com
299. wildwestdomains.com
300. winantivirus2008.org
301. winsite.com
302. wolvesnflowers.com
303. womanoftheblues.com
304. worldofporn.us
305. x-moms.biz
306. xoxota.org
307. xq1.net
308. x-wallpapers.com
309. xxx-pics.biz
310. xxx-pics.us
311. yaporn.net
312. yesfree.com
313. young-erotic.com
314. youpornztube.biz
315. zaye.biz
316. zfast.org
******************************************************
316 Found
******************************************************
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 10, 2008, 06:16:52 pm
...here's a quick'n'dirty made list that includes both the ones I've posted previously,
and also,quite a lot which appear to not resolve at the moment...
 
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 11, 2008, 12:24:19 am
Plus few more crap (about 100 domains) that I've digged from my logs here...
Code: [Select]
0bucksforpornmovie.com
5foot.net
adminkos.net
adsraise.com
adszedo.com
adtds2.promoplexer.com
adultvideos4all.com
all-videos-home.com
amateur.niche-planet.com
antispystorm2008.com
anvi-scanner.com
ass-sex.groupxxxvideo.com
axpdefender08.com
axpfixer.com
big-black-cocks.groupxxxvideo.com
big-nipples.groupxxxvideo.com
buycheaplevitra.net
cheapcanadianpharmacy.net
cheapest-cialis.com
digitalroute69.com
dl.internetsecuritydeluxe.com
doctor-antivirus.com
double-fisting.groupxxxvideo.com
download.privacy-kit.com
easyspywarecleaner.com
fastwebway.com
gay-ass.groupxxxvideo.com
girl-naked.groupxxxvideo.com
google-analystyc.com
groupxxxvideo.com
handmadeclips.com
hentai-videos.groupxxxvideo.com
imunizator.com
incestmovs.net
indian-pharmacy.net
indianonlinepharmacy.net
indianpharmacyonline.biz
indiapharmacyonline.com
infectionscanner.com
infestop.com
ini7.com
ladyxxxworld.com
levetra.net
malwaremonitor.com
malwareprotector08.com
malwareray.com
malwarewiped.com
mexican-online-pharmacy.net
onlinemedshop.com
openadstream.net
pc-antispy.com
pc-cleanpro.com
pcprotectioncenter2008.com
penises.groupxxxvideo.com
pest-patrol.com
pillsforhealth.net
pointroll-ads.com
privacy-watcher.com
pussy-fingering.groupxxxvideo.com
qualitytablets.com
red-caviar-kamchatka.com
scanner.anvi-scanner.com
scanner.vav-scan.com
screensavefreehost.mymoneydomain.net
sexy-naked-girls.groupxxxvideo.com
spy-rid.com
spyguard-scanner.com
spymaxx.com
stat.axpfixer.com
tds.promoplexer.com
thespybotpromo.com
toksikoza.net
trackads.net
traffoman.com
traffomer.com
trueffect-cdn.com
truemaybe.com
twocash.net
tyfiji.com
unicastads.com
vebalo.com
vejyqy.com
viagraeuro.com
vipantispy.com
vipantispyware.com
vybylo.com
wamuvi.com
watchnenjoy.com
webspyshield.com
wifype.com
win-antivir-2008.com
winantiviruspro.net
windows-scanner.com
winxprotector.com
xlguarder.com
xxxgirlsgirls.com
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 11, 2008, 02:53:26 am
And with a bit more digging,35 more domains...
Code: [Select]
antispydeluxe.com
antispystorm.com
antispystorm2008.com
antispywaredeluxe.com
antivirusxp-2008.net
avicodec.net
batoho.com
dumaki.com
easyspywarecleaner.com
fumuni.com
gnusmu.com
guard-center.com
hero-codec.com
highratedmp3.com
homuka.com
hrumst.com
gothotvidtosee.com
imagesaccess.com
myveryprivatevid.com
teens.niche-planet.com
yebanulisohuenno.com
infestop.com
liveantispy.com
liveprotection.net
no-4um.com
online-guard.net
rast4u.com
semrua.com
sex-fa.com
spymaxx.com
stat.antivirusxp-2008.net
trum4u.com
tuffik.com
uramim.com
wupiwy.com
xuxeka.com
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 11, 2008, 01:10:45 pm
sowhat-x:
Regarding the domains from your last two posts.
There was 111 domains total.
3 of them registered through another registrar.
1 of them has already been suspended at the moment of your report
I put the rest to the suspend queue. The domains are:
Code: [Select]
red-caviar-kamchatka.com
antispydeluxe.com
adminkos.net
traffomer.com
spyguard-scanner.com
thespybotpromo.com
xlguarder.com
incestmovs.net
doctor-antivirus.com
axpdefender08.com
axpfixer.com
easyspywarecleaner.com
infestop.com
malwareprotector08.com
spy-rid.com
antivirusxp-2008.net
easyspywarecleaner.com
infestop.com
winxprotector.com
adultvideos4all.com
fastwebway.com
infectionscanner.com
avicodec.net
all-videos-home.com
0bucksforpornmovie.com
vipantispy.com
vipantispyware.com
twocash.net
homuka.com
dumaki.com
rast4u.com
semrua.com
tuffik.com
batoho.com
no-4um.com
tyfiji.com
vejyqy.com
vybylo.com
wamuvi.com
wifype.com
gnusmu.com
hrumst.com
fumuni.com
uramim.com
sex-fa.com
xuxeka.com
trum4u.com
wupiwy.com
ini7.com
imunizator.com
adszedo.com
antispywaredeluxe.com
trueffect-cdn.com
trackads.net
unicastads.com
pointroll-ads.com
adsraise.com
webspyshield.com
openadstream.net
toksikoza.net
pc-antispy.com
pc-cleanpro.com
winantiviruspro.net
guard-center.com
liveantispy.com
liveprotection.net
online-guard.net
watchnenjoy.com
highratedmp3.com
buycheaplevitra.net
cheapest-cialis.com
levetra.net
handmadeclips.com
imagesaccess.com
antispystorm2008.com
pcprotectioncenter2008.com
spymaxx.com
antispystorm2008.com
spymaxx.com
malwaremonitor.com
google-analystyc.com
malwareray.com
malwarewiped.com
pest-patrol.com
digitalroute69.com
indian-pharmacy.net
indianonlinepharmacy.net
indianpharmacyonline.biz
indiapharmacyonline.com
mexican-online-pharmacy.net
cheapcanadianpharmacy.net
qualitytablets.com
viagraeuro.com
traffoman.com
vebalo.com
groupxxxvideo.com
gothotvidtosee.com
myveryprivatevid.com
yebanulisohuenno.com
win-antivir-2008.com
privacy-watcher.com
anvi-scanner.com
onlinemedshop.com
pillsforhealth.net
5foot.net
ladyxxxworld.com
xxxgirlsgirls.com

Your list.txt contained 518 domains.
155 of them are registered through another registrar
237 of them were inactive (either suspended or deleted) at the moment of your report
I put the rest to the suspend queue. The domains are:
Code: [Select]
alivegirls.com
asecuritynotice.com
protectionwarn.com
windowzscanner.com
favourlinks.com
xpds1.com
aboutadultsex.com
adultan.com
adultbookings.com
adultfilmsite.com
adultmovieplus.com
adultsexcar.com
adultsper.com
adultstarworld.com
adultvideodot.com
adultzoneworld.com
center-porn.com
clubxxxvideo.com
cruiseporn.com
cutadult.com
dontgetporn.com
engineadult.net
findadultsex.com
funxxxporn.com
galleryclick.net
gallerypictures.net
greatadultvideo.com
hardcorevideosite.com
hotxxxadult.com
ispfiltersporn.com
loweradult.com
mega-adult.com
playhardmovie.com
playxvideo.com
playxxxvideo.net
porn-abc.com
porn-contact.com
porn-global.net
porn-go.net
porn-group.net
porn-party.net
porn-play.net
porn-plus.net
porn-power.net
porn-room.net
pornabout.com
porndrive.net
pornhelp.net
pornissex.com
pornname.net
pornsexcafe.com
porntimeguide.com
pornxxxfilm.com
stephieporn.com
superadultfriend.com
superliveporn.com
superporncity.com
sureadult.com
teenporntop.com
theadulteye.com
usbestporn.com
worldbestadult.com
worldbestadult.com
xxxadultgold.com
xxxallvideo.com
xxxmovietour.com
xxxteenfilm.com
xxxzonevideo.com
extremescatporn.com
thespyguard.com
contentlocker.net
moviecodec.net
siteticket.net
tvcodec.com
antiverminser.net
antiverminspro.net
antivirgear.com
spydawn.com
spyheal.com
spywarequake.com
virusprotectpro.biz
porntubesite.com
livesecuritycenter.com
windows-privacy-protection.com
spyguarder.com
bestdailymovies.com
onlyfreepornvideos.com
selectpornvids.com
virusprotectionproonline.com
antivirus-2008-pro.com
antivirus-2008-pro.info
antivirus-2008-pro.net
antivirus-2008-pro.org
antivirus-2008pro.com
antivirus-2008pro.info
antivirus-2008pro.net
antivirus2008pro.com
antivirus2008pro.info
antivirus2008pro.net
funnyfilmproduction.com
funnysuperxxx.com
starsuperxxx.com
starvideosproduction.com
thebestsuperxxx.com
thefilmxxx.com
vac-soft.com
vacwebsoft.com
vacwebsoft.com
videowebsoft.com
websoft-a.com
websoft-b.com
removal-tool.com
anti-virus-pro.com
privacy-scanner.com
malwarebellagreement.com
spyshredderscanner.com
xmalwarealarm.com
xspy-shredder.com
golden-portal.com
antispyware-reviews.biz
aprotectedpage.com
antivirusgold.com
antivirus2008-pro.info
antivirus2008pro-download.info
dentsu-inc.com
google-software.org
softwaredesign6.com
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 11, 2008, 01:11:54 pm
MysteryFCM: your last (modified) list contained 316 domains
209 of them are registered through another registrar
44 of them were suspended at the moment of your report
And there are 3 domain names in question. I was not able to locate any illegal activity on them. Could you please give me some more information about them?
These are: xxx-pics.us, free-xxx-porn.org and sex-mix.info.
I put the rest to the suspend queue. The domains are:
Code: [Select]
bzzzzz.org
atubez.info
ourmoviez.info
antivirus2008-pro.info
antivirus2008pro-download.info
angelina-jolie-doing-it.info
britney-spears-jerking.info
halle-berry-anal-action.org
katie-holmes-touching-her-boobs.info
teentop.org
segra.org
videoid.info
resourcerank.us
sexclicks.info
dnano.info
bigboobsmovies.info
freebigboobs.info
freesex-movies.info
maturesexmovies.info
stadtinfo.org
0no0.com
popvids.info
starvid.info
west-video-lesbian.info
uncensored-p0rn.info
la34.info
antivirus2008pro.info
antivirus-2008pro.info
filescheck-list303.com
voyeur-images.org
yaporn.net
grandsupertds.info
mafna.info
minigirls.biz
kopythian.com
prozvon.info
allnylonsex.org
amateurcum.org
foto-toys-oggetti.com
hentaiphoto.org
herass.org
oldermature.org
plumprumps.org
pornstarpage.org
sex-here.biz
singleasian.org
watchsearch.org
xoxota.org
newsguide.us
xxx-pics.biz
teensonline.us
keres.info
snowpornmovies.com
furison.info
porn-host.org
freesexyhouse.com
x-moms.biz
anathema.biz
friendslinks.info
worldofporn.us
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 11, 2008, 01:20:32 pm
...yeah,as already noted,the list.txt above contained lots of inactive ones...
But I thought of supplying it as well in case it was of some help,
in digging out names/mails about suspicious clients,
that possibly registered newer domains in the meanwhile...

Here are few more,I've ran out of archived logs here,
hopefully other guys around have kept more logs to submit...
Mainly phishing/spamvertizement/redirection to malware sites related if I recall well...
Code: [Select]
activitycleaner.com
advra.net
ahloi.com
americanamails.com
canadadrugspills.com
canadian-rx-pills.com
canadiantablets.com
cheap-pharmacy.us
check-affiliate-program.com
contraviruspro.com
dcpills.com
directexpresspharmacy.com
drugspreview.com
ect-name.net
eskyptr.com
exporttradeservice.com
fantasticdollars.com
free3xmovies.com
freemoviesdb.net
futureinvests.com
gate4traff.net
globaltransjet.com
goldprofit.us
golnanosat.com
goodbux.com
greenpicssite.com
hyip-stats.com
hyips-analysis.com
indian-generics.com
kl89.net
lskdfjlerjvm.com
luxemil.com
medicine-catalog.com
meds-store.us
msnwm.com
needful-pills.com
netrcllc.com
ninyos.com
nm-lary2k.com
online-canadian-pharmacy.net
onlythebestptr.com
paydayloancourse.com
pills-kingdom.com
privacyguarantor.net
ps500.com
rapcool.com
rx-promo.com
sa-designs.net
safe-security-advisour.com
shopmole.com
tablive.com
tds-service.net
telleport.com
the-canadian-rx-pills.com
top7.biz
total-cleaner.com
tradingptr.com
true-money.com
victorfunds.com
vipasotka.com
virusburst.com
wtsinfo.net
youneedpills.com
young-in-mature.net
yourjobzone.com
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 11, 2008, 01:53:54 pm
There is a lot of pharmacy-domains.
Are they involved in phishing/spam/malware distribution as well?
For example, for canadiantablets.com, canadadrugspills.com and directexpresspharmacy.com I was not able to locate any mention of any of such activity. Are you sure that they were ever involved in phishing/spam/malware distribution?
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 11, 2008, 02:01:12 pm
http://www.scamfraudalert.com/f137/health-refill-www-my-rxshop-com-13453/
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 11, 2008, 05:01:47 pm
Brian Krebs' research continued...
http://voices.washingtonpost.com/securityfix/2008/09/fake_antispyware_purveyor_also.html
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 11, 2008, 09:09:59 pm
...some members decided to scrape through the data archived in the past here at MDL,
and were kind enough to supply me with them...

We're currently though in the process of re-validating MDL's archived data regarding EstDomains,
in order to avoid listing as much as possible potentially 'false' entries,
eg.malware sites that have been redirecting to EstDomains,but which were not directly affiliated...
As soon as the process gets finished,during next days or so,the info will be submitted here obviously...
Title: Re: EstDomains clearing up the shit
Post by: Ilya Klein on September 12, 2008, 10:54:00 am
Hello,
I'm the owner of favourlinks.com that was listed on previous page.
Thanks to you my domain name was suspended, but there is nothing illegal on it, no phishing/spam/malware or anything of this kind...
It was a USEFUL website visited by thousands of people daily.
But if you google it, you can find people asking to remove it or telling that it hijacked their homepage... I can explain it, yes, on some websites visitors were asked (via standard IE alert) if they want to set favourlinks as their homepage or not, they have a CHOICE, and they HAVE TO click "Yes" to set it. It's their decision. No software/malware was used and they ALWAYS could change their homepage to anything they want.
But, I think you agree with it, most of the internet surfers click "yes" on everything they see without reading it, and most of them even don't know how to change browser's homepage, so that's why you could find such topics on Google.
Now thousands of people see blank page as their homepage instead of website they saw and used everyday before, do you think they happy?
Thank you for your understanding.

Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 12, 2008, 11:14:13 am
Ilya Klein:

There's literally thousands of EstDomains sites that are associated with malware.
False positives might occur occasionally,although this is minimized here...
as all malware-hosting sites listed here have been MANUALLY verified in the past.

It's obviously not possible to remember by heart,
the reason for which every site listed here had been marked as malicious.
favourlinks.com is NOT listed either in MDL main list,
neither I can find an entry about it in the hosts file that we provide.
http://www.malwaredomainlist.com/mdl.php
http://www.malwaredomainlist.com/hostslist/hosts.txt
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 12, 2008, 11:16:53 am
...a few really quick queries over Google,return the following info:
http://www.google.com/search?hl=en&q=favourlinks.com&btnG=Google+Search&aq=f&oq=

In short...
http://www.geekstogo.com/forum/Need-help-to-remove-Favourlinks-com-t147134.html
http://www.pcreview.co.uk/forums/thread-2323167.php

And probably even more interesting this as well...
http://msmvps.com/blogs/hostsnews/archive/2007/08/12/another-video-activex-error.aspx
Title: Re: EstDomains clearing up the shit
Post by: Ilya Klein on September 12, 2008, 11:29:01 am
I think I explained it in my post.
Setting favourlinks as homepage is a hard work - you should click something that activate IE prompt to change homepage, then you have to wait some seconds to activate "Yes" button (but you can click "No" instantly and it's set as default button), then you have to click "Yes". And you can change it anytime you want. Is it hijacking? Or malware?

And the main question - do you think people who used to this website happy now?

p.s. In my local store there are people always asking "do you want to try this new product??!!", I have a choice, to say "yes I want" or "no thanks", and I don't think those people are criminals even if I don't like them because they are tiresome.
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 12, 2008, 11:35:08 am
So you don't mind if we unsuspend the favourlinks.com?
We took the information about it from your links.txt
Also, there are some domain names, which owners claim their domains are legit.
For example these are:
levetra.net
buycheaplevitra.net
cheapest-cialis.com
alivegirls.com
check-affiliate-program.com
As these domains were in your report, could you tell me if this is correct?
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 12, 2008, 11:39:52 am
Plus SiteAdvisor's report as well...
http://www.siteadvisor.com/sites/favourlinks.com

The report from 21 August there,just two weeks ago,is a very representative one:
Quote
...as of Aug. 21, 2008 this is still a current browser hijacking site,
it also plants sypware and malware that turns off your security scanner,
so it can give you driveby downloads. Avoid it all costs.

Meaning,we are certainly not accusing webmasters "in person",
that they are the ones who planted the malware scripts/.exes there in question.
Obviously,they might have been 100% legitimate web admins whose sites got hijacked.

Plus,we certainly are not the ones who "cancel" them:
we merely REPORT in public the domains that have been found,
to be extensively used in malware distribution.
What happens afterwards,is something that in most cases we cannot possibly be aware of...
Title: Re: EstDomains clearing up the shit
Post by: Kayrac on September 12, 2008, 11:42:32 am
My insight in this comes mostly from this thread(and a few others)

http://www.bleepingcomputer.com/forums/topic109702.html

user stating they cannot change their homepage away from favourlinks.com, while obviously it's down now since i can't check it out obviously, but to me this denotes other changes to the system for instance disabling internet options changing, and or a exe running on the system, which even if your site didn't infect them, why would a malware exe link to your site?

-Brian
Title: Re: EstDomains clearing up the shit
Post by: Kayrac on September 12, 2008, 11:48:38 am
So you don't mind if we unsuspend the favourlinks.com?
We took the information about it from your links.txt
Also, there are some domain names, which owners claim their domains are legit.
For example these are:
levetra.net
buycheaplevitra.net
cheapest-cialis.com
alivegirls.com
check-affiliate-program.com
As these domains were in your report, could you tell me if this is correct?

While there all down since you guys suspended them, theres a very interesting read for the top 3(online pharmacies)

http://www.fda.gov/oc/buyonline/faqs.html

while this pertains mostly(if not all) to the US, i can pretty much guarentee those are not good online pharmacy websites(i've personally not seen any online pharmacies hosting malware, not to say they couldn't)

Then your getting into a 'gray' area, most probably those top 3 were from spam emails, however sowhat and the others can probably give you more information, i'd wait until they respond to you :)

-Brian
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 12, 2008, 11:53:09 am
Quote
So you don't mind if we unsuspend the favourlinks.com?
Personally speaking always,I don't mind in general what you do with the data here...
Our task is to identify sites involved in malware/spam/phishing and report them back in public,
so that end-users can protect themselves via hosts files,
and obviously for AV companies to grab the malware in question...

Now in order to 'clean up' all of this mess over there in EstDomains,
ie.to identify which sites were possibly hijacked,
which of them are indeed 'bad' clients and which of them not...
With all the crap that has been gathered throughout all these years,
I can understand this will be a very time-consuming process...
About 1070 domains gathered from MDL's archived data,as I had promised earlier...

Code: [Select]
isvbr.net
antivirus2008x.com
vipantisetup.net
rbn-group.net
antivirus-scanner.com
xpantivirus-scanner.com
antivirus-scanonline.com
crackkeygenarchive.com
fastwebway.com
free-viruscan.com
getieantivirus.com
ieantivirus.com
infectionscanner.com
italianpornovideos.com
italypornvideos.com
malwarebell.com
topvirusscan.com
virus-scanonline.com
virusbestscan.com
virusbestscanner.com
windowzscanner.com
xpcleanerpro.com
mymoneydomain.net
pvmsecure.com
mybestwinstats.com
purecelebsite.com
vidwinstats.com
0bucksforpornmovie.com
100freegalls.com
101sexsecret.com
17-juvenile.com
18-bodies.com
1800-search.com
18sex18.info
18x-adult2008.com
18yearoldbabe.com
1sexin18.com
1st-tube.com
1uu9.com
2005-search.com
2007-search.com
2008-adult-s2008.com
2008adults2008a.com
20nu.net
20searchonlinesite.net
24-7find.com
2400teen.com
2trades.com
2younger.com
30young.com
32duraka.net
32hosts.net
32pigs.net
365pro.com
3picgirlssex3x.com
3xclipsonline.com
3xfestival.com
3xlcash.com
3xlsoftware.com
3xmaster.com
3xpowered.com
3xstreaming.com
404dnserror.com
404dnserror.net
404dnspage.com
404errortool.com
404traff.com
4563maturemovies.com
4less2.com
4u-sexy.com
54htsf.com
5foot.net
5wheel.net
69sexyteens.com
7zo.net
88videosex.com
8pussyvids.net
9-info.com
9maya.net
9xoxmodchip2.com
abapharm.net
abc-adult.com
abc-porno.net
abc77x.com
abcadult.net
abcdperformance.com
abcporno.net
abcways.com
about-adult.com
about-adult.net
about-porn.com
about-porno.com
about-sexy.com
aboutadultsex.com
aboutsexxx.com
aboutyourprivacy.com
access-adult.com
access-adult.net
access-dvd.com
access-porn.net
access-porno.com
accessadult.net
accessporno.net
aconfidenceonline.com
activexobj.com
add-block-filter.net
adnsline.com
adservertoo.com
adsnavigator.com
adult-browse.com
adult-control.com
adult-drive.com
adult-extasy.com
adult-freetube-8.com
adult-handjobs.com
adult-help.net
adult-hotel.net
adult-incest.com
adult-loan.com
adult-look.com
adult-name.net
adult-popular.com
adult-power.net
adult-room.net
adult-searchxxx.com
adult-tits.com
adult-toon.net
adult-use.com
adult-want.net
adult18tube2008.com
adultadscash.com
adultan.com
adultapp.com
adultasperger.com
adultau.com
adultbest.net
adultbookings.com
adultby.com
adultchatgay.com
adultcollect.com
adultdatingsearch.net
adultdvdsfor.com
adultdvdsfora.com
adulteducatio.com
adultexport.net
adultfast.net
adultfilmsite.com
adultforpc.com
adultgamesfor.com
adultgirlsweb.com
adultintern.com
adultloan.net
adultmac.com
adultmovieplus.com
adultnexttop.net
adultonlyview.net
adultpilot.net
adultquery.com
adults-my-way.com
adultsea.net
adultsexcar.com
adultsexpro.com
adultsonlyvids.com
adultsper.com
adultstarworld.com
adulttraffsale.com
adultuse.net
adultvideodot.com
adultvideosgroup.com
adultvidsonly.com
adultvidsportal.info
adultwebcamgirls.net
adultx2008.com
adultzoneworld.com
aduvid.com
advance-actions.com
advancedxpdefender.com
advancedxpfixer.com
advancerelo.net
advertstats.com
adwarebazooka.com
adwarepunisher.com
ae3oporti55.com
afreepornsource.com
afreexxx.com
africanebonyporn.com
afrochicksfuck.com
agsdee.com
aguardsoftware.com
ahomepcsafety.com
ahotporn.com
all-best-search.com
allanalteenmovies.com
allcamguide.com
allcollisions.com
alldiskscheck300.com
alldvdrip.net
allextra.com
allforlesbians.net
allfree-pornmovies.com
allmoviefree.com
allofmpegs.com
allotof.com
alloversafety.com
allpornhardcore.com
allsecurenews.com
allsecurepages.com
allsecuritypage.com
allsexvids.net
allsexygirl.com
allstuff4u.com
allteenmodel.com
alltubevideos.net
allxxxpornogerlsx.com
allyoungpictures.com
alreadynude.com
altmaxtravel.com
amateur-adultvideo.com
amateur-pornmovie.com
amateur-sharing.com
amateurukporn.com
amateuryoungteen.com
amazingshemales.net
amediasource.com
amigobore.com
anale-sesso.com
analliz.com
anallysex.com
analmaids.net
analpornshows.com
analytics-google.net
anti-virus-pro.com
antispy-pro.com
antispycheck.com
antispychecker.com
antispygolden.com
antispykit.com
antispyshield.com
antispysolutions.com
antispystorm2008.com
antispyware-2008-buy.com
antispyware-2008-download.com
antispyware-2008-soft.com
antispyware-2008buy.com
antispyware-2008soft.com
antispyware2008-download.com
antispyware2008-purchase.com
antispyware2008a.com
antispyware2008buy.com
antispyware2008c.com
antispyware2008purchase.com
antispyware2008soft.com
antispyware2008y.com
antispywaredeluxe.com
antispywarehelp.com
antispywarescaner.com
antispyzone.com
antivermins.com
antivir-online-scan.com
antivirgear.com
antivirprotect.com
antivirus-xp-08.com
antivirus2008pro-download1.com
antivirus2008pro-download2.com
antivirus2008pro.net
antivirus2008t-pro.com
antivirus2009online.com
antivirusdoc-scanner.net
antivirusgolden.com
antivirussecuritypro.com
antivirusworld9.com
antivirusxp08.com
antivirusxp08.net
antivirusxp2008.com
antivirxp08.com
antonygay.com
anykindclips.com
anykindmovies.com
anykindmp3s.com
anysafereviews.com
anysearching.com
anyvideoclips.com
aolcounter.com
aolpound.com
aperfectbar.com
apicturetool.com
applebabes.com
aprotectiongear.com
aprotectionweb.com
aprotectservice.com
asafebrowser.com
asafecenter.com
asafeinformation.com
asafetyalways.com
asafetynote.com
asafetynotice.com
asafetyproject.com
asafetysolution.com
asafetyvalue.com
asecureforum.com
asecurepaper.com
asecuretest.com
asecuretool.com
asecuritybar.com
asecurityclick.com
asecurityhere.com
asecurityservice.com
asfadaptation.com
asgates.com
asia-adult-video.com
asia-pornmovie.com
asia-video-xxx.com
asianmastrubate.com
asiansexcafe.com
asiansexpage.com
asiansoftcorepics.com
asianxxxcore.com
askiporn.com
asma40.com
aspxservice.com
ass-forum.com
assfuckher.com
asssuperxxxgirlssexy.com
assuredguard.com
atkgft.com
atotalsafety.com
atruesecurity.com
atubegirl.com
autopressinternet.com
autopressonline.com
aviadaptation.com
avicoupler.com
avidirection.com
aviexecution.com
avihelper.com
aviinstrument.com
aviplugin.com
avitool.com
aviutility.com
avsmanufacture.com
avsmiss.com
avwav.com
avxp-08.com
avxp08.com
avxp08.net
avxp2008.com
awebgate.com
awebsecuritytool.com
azaleahardcored.com
babe-girls.com
baberidecock.com
babesonbed.com
babestofuck.com
babestrips.com
baboonn.com
bakasoftware.com
bakasoftware.net
basic-adult.com
basic-porno.com
basicadult.com
basicporno.net
basicsex.net
batgirl-porn.com
batva.net
bbforama.com
bcnproduction.com
bcodecnow.net
bcodecnow2.net
beanal.com
beastporngirlaccessnr.com
berfalo.net
besecuredtoday.com
bessere-verbindung.net
best-codec.com
best-cracks.com
best-freeware08.com
best-porncollection.com
best-soft08.com
best-thumbs.net
best4all.net
bestadultporno.com
bestblackwomen.com
bestbloggin.com
bestbookblog.com
bestdailyvids.com
bestfindnow.info
bestfindrealty.com
bestgalleriesmovies.com
bestgeekblog.com
besthqgal.com
bestlesbimovies.com
bestmikeus.com
bestmoviesworld.com
bestsexworld.info
bestsoft-ware08.com
bestsoftware.cc
besttape4u.com
bestwetholes.com
bestxxxmovies.net
bestxxxoffer.com
bestyounggirls.com
bettasearch.com
better-search-online.com
bigbizzy.com
simdream.net
softsiteinc.com
traff.justcount.net
ie-antivirus-order.com
mustseethatvid.com
mysoftwarefreezone.com
onlythebestvid.com
thedownloadvid.com
scanner.antivir64.com
endupdate.com
ns0.endupdate.com
favoredmovie.com
firstupdate.net
hqsextube08.com
hqvideoporn.com
macromedia-download.com
ia-scanner.com
inupdate.net
myadultcube.com
mydirecttube.com
pornotube30.net
pornotube8.net
smart-antivirus-2009-buy.com
smart-antivirus-2009.com
smart-antivirus-2009buy.com
smart-antivirus2009-buy.com
smart-antivirus2009.com
smart-antivirus2009buy.com
smartantivirus-2009-buy.com
smartantivirus-2009.com
smartantivirus-2009buy.com
smartantivirus2009-buy.com
smartantivirus2009.com
smartantivirus2009buy.com
software-for-me-08.com
softwarefor-me-2008.com
traff-drive.com
tube28.net
updatecube.com
celebblowsbar.net
goodsex-2008.com
ls-movies.com
theyoungteens.com
womenladies.com
hotwomen2008.net
wetwomen-2008.com
blaunetmedia.com
freakingtube.com
freeeporntube.com
newporntv.com
pornotnt.com
karabotik.net
freetubeguide.net
hotstar2008.net
porngirlshost.com
teen-and-old-porn.com
toolz-porn.com
y0bt.com
ihatemondayand.com
malwarewar.com
protection-list.com
soft4cash.com
virusblast.com
brokenurls.com
caretoolbar.com
clickstoolbar.com
clipsfestival.com
clipslab.com
cusln.com
desklinks.com
dnserrorgoal.com
dnswebpage.com
download3xpics.com
fastfindsite.net
getxxxphotos.com
hotvideostube.com
immenseclips.com
immensevids.com
movstube.com
onlyfresh3xvids.com
opqgrin.com
partnerka.com
pcsdefender.com
perfectcleaner2007.com
photorepositary.com
photospool.net
picturesbomb.com
pornwizardry.com
powerof3x.com
realmovieszone.com
requestedimages.com
rockingmovs.com
rycsp.com
scarddlg.com
sclgntfy.com
secureonlinetags.com
shortcutclicks.com
spyaway2007.com
spymaxx.com
streampornvideos.com
supertds.com
tilimilitriam.com
topmovzonline.com
trefuel.com
tubescollection.com
vidscollections.com
virusranger.com
downloads.virusrescue.com
virusrescue.com
webprobar.com
wista-antivirus.com
wistascanner.com
doctorantivirus2008a.com
malwaremonitor.com
google-analystic.net
google-analystyc.com
malwarecore.com
malwareray.com
malwarewiped.com
mspublic.com
mspublik.com
setup.mspublik.com
void.mspublik.com
msvoid.com
xxxvidonline.com
bigtitsvideosworld.com
bikini-now.com
blowjobsdaily.com
boobedgirls.net
boobedstarsfuck.com
bustyqueens.net
bustytart.com
canadult.com
scanadult.com
casino-big-money.com
cazzi-cazzi.com
coolteenpics.com
coolteenpussy.com
coolteenspage.com
crazyclits.com
cum-attack.com
cumshotscafe.com
cumsshut.com
cunnilinguo.com
cuteasianbabe.com
cuteporns.com
donne-ciccione.com
donne-incinta.com
drycum.com
ebony-stars.com
ebonyadultsex.com
ebonygirlpics.com
euro-rape.com
eurosexgirls.net
every-search.net
fastpornvideo.com
feethouse.com
foto-lesbiche.net
foto-masturbazione.com
foto-orge.com
foto-porno-amatoriale.com
foto-porno-gallerie.com
foto-porno-manga.com
foto-spagnole.com
freetitshow.com
freetreeporn.com
freewhore.net
fuckallgirls.com
fuckthegranny.com
iwillfuckthispussy.com
funkpics.com
fxteens.com
gagonmouthbabe.net
gay-mpg.com
gaysgalleries.com
get-search.net
glamourebony.com
glamourporngirls.com
grandfuck.com
hardsex-now.com
hardsex-party.com
hentaiman.net
holegirl.com
horny-teen-sex.net
hotadults.net
hotorangemovies.com
hungrythroat.com
lesbianlavers.com
lickingasians.com
lingeriecastle.com
livebikiniparty.com
livesecuritycenter.com
mature-clits.com
mature-whores.net
milfslady.com
moviessurf.com
myadultblogs.net
mysexfile.com
nakedpornstars.net
nastystarshardcore.com
naturalorna.com
newsexclub.com
nextfuck.com
olderpornobabes.com
only-date-sites.com
onlysexpics.net
orientalsbeauty.com
page4teens.net
pantyhosecollection.net
pantyhosespace.com
pest-patrol.com
piedi-feticismo.com
platinumthumbs.com
pornocontent.net
pornostar-foto-video.com
pornrest.com
pornsitesvideos.com
porntubesite.com
pornxxxmagazine.com
rapethesluts.com
real-gallery.com
realcrazycunts.com
realliz.com
sborra-sopra-piedi.com
sborrate-in-faccia.com
search-and-more.net
searcheleven.com
seeshyteens.com
sesso-orale-gratis.net
sesso-vero-amatoriale.com
sexfantasy-show.com
sexxxorgy.com
sexyblacky.com
sexyyoungpics.com
shemale-escort-sex.com
sister-tabl.com
softasiangals.com
solehardcore.com
somesexpics.com
spermcovers.com
spermouth.com
spyhazard.com
superpornmoviessex.com
sweetschoolgirl.com
teenies-posing.com
teenpussymania.com
teens-co.com
teensex-for-cash.com
teensspace.com
themoviesclip.com
thumbstower.com
tina-sex-journal.com
travelorgy.com
upskirthome.com
video-porno-anale.com
video-porno-lesbiche.com
videomiles.com
videoxxxworld.com
viewnudeteens.com
vip-pics.com
wet-boobs.com
wholevideos.com
wildxxxpussy.com
wsexi.com
x-drugs.com
xxxlovepornxxx.com
xxxporncafe.com
zoosex-motion-videos.com
customsextapes.com
dark-pics.com
domainserror.com
enakedgirls.com
firstsexbox.com
hentai-lol.com
lolita-picss.com
most-adult.com
movie-in-side.com
mpegdirection.com
mpegutility.com
mpegversion.com
nymphets-lolita-tgp.com
picss-lolita.com
pmffprogram.com
secret-feed.com
shocking-girl.net
teendon.com
teenpornoonline.com
teensexdot.com
teenunit.net
thelolicon.com
wadtds.com
youngsexnow.net
macroav.com
malwarewipeupdate.com
mypornoxxx.com
clipsrun.com
handmadeclips.com
imgcontainer.com
inetppui.com
movlabs.com
picturesheap.com
zoomedclips.com
dryhomepage.com
eroticfuckers.com
homepagefile.com
homepagetoday.com
index-se.com
wagemax.com
bestpriceporn.com
city-porno.com
comp-porno.com
compporno.com
contact-porno.com
contactporno.com
control-porno.com
controlporno.com
coolbestporn.com
driveporno.net
engine-porno.net
findadultsex.com
funpornsite.com
funxxxporn.com
global-porno.net
groupporno.net
helpporno.net
hotxxxadult.com
keysexy.net
landporno.com
latina-pornmovie.com
lustgal.com
network-porno.net
networkporno.net
otherporno.com
pissing-video-xxx.com
playporno.net
pleasure-porno.com
plus-porno.net
popularporno.net
pornissex.com
pornsexcafe.com
porntimeguide.com
pornxxxfilm.com
review-porno.net
scan-porno.net
scanporno.com
seek-porno.net
serviceporno.net
sexy-drive.net
sexy-look.com
sexy-name.com
sexy-network.net
sexy-popular.com
sexy-review.com
sexy-super.com
sexyexport.net
spy-sheriff.com
spysheriff.com
superadultfriend.com
superliveporn.com
superporncity.com
teenporntop.com
theadulteye.com
theadultpost.com
total-sexy.net
usbestporn.com
useporno.net
worldbestadult.com
xxxadultgold.com
cleanticket.net
demoticket.net
endticket.com
endticket.net
gigaticket.net
hq-ticket.com
hqticket.com
hqticket.net
megazticket.com
megazticket.net
niceticket.net
stormticket.com
the-ticket.net
ticketnitro.com
vivaticket.net
wotticket.net
blogscontent.com
brakeporn.net
contact-adult.net
delfiporn.net
helpporn.net
look-adult.net
megazporn.com
name-adult.net
pleasure-adult.com
porn-comp.com
porn-look.net
porn-popular.com
porn-the.net
pornbrake.com
pornnitro.net
poweradult.net
scan-porn.net
service-porn.com
sexwhite.net
sexwot.net
sexxero.com
try-adult.com
uinsex.com
useporn.net
visit-adult.net
xeroporn.com
adminkos.net
fuckdns.com
traffomer.com
eltext.com
download.infectionscanner.com
club-super-sex.com
nude-bollywood.com
777-sex.com
angels-and-demon.com
bdsmbookmarks.com
smokinmovies.com
maturewoman-sex.com
revolution-video.com
teen-porn-video.com
anvi-scanner.com
justcount.net
totsec2009.com
total-submission.com
antivir-64.com
antivir64.com
tube40.net
scanner-avp2008.com
sexgirls-movies.com
pay4health.net
vicegrim.com
nude-art.net
tiny18.net
world-teens.com
criticalinternet.com
search-buy.net
theantivirusscan.com
clipwizards.com
findyourlink.net
getdailyvideos.com
imagesuniverse.com
immensepics.com
picstransformer.com
traffgates.com
bot.mspublik.com
1001-search.com
1computerspiele.net
abosearch.com
allabout6.com
analmoviesdownload.com
antispywareupdates.net
artfemdom.net
beastsex-movies.com
bestgall.net
bestpornoworld.com
chiavate-con-oggetti.com
cjtalk.net
creamlips.com
cumdelicious.net
cumriver.com
cutieteen.net
dashulka.com
dztalk.com
ebonyhut.net
enormi-cazzi.com
every-search.com
fatfast.net
fatpussypicture.com
feetfetishporno.com
femdomphotos.net
fingerfuns.com
foto-bondage.com
foto-pompe-pompini.com
foto-porno-infermiere.com
foto-porno-lesbiche.com
foto-porno-teen.com
foto-porno-video.com
foto-sesso-interraziale.com
foto-sesso-lesbo.com
foto-supercazzi.com
foto-tettone.com
foto-toys-oggetti.com
foto-troie-incinta.com
free-gallery.net
free-xxxgals.com
freeblonde.net
freecamvoyeur.com
freehqporno.com
freesex4gay.com
freshfacialmovies.com
freshpornolinks.com
fuck-whore.com
fuckthispussy.com
gallerie-foto-gratis.com
gestaporape.com
gingersex.net
girlmakeblowjob.com
glorypussy.com
goodcounter.net
grannysandra.com
grupal.net
hairyspring.com
hardcore-adulti-video.com
hardcorebe.com
hardsex-mania.com
hardteenaction.com
hitparadegay.com
honeylesbi.com
hot-clits.com
hot-date-list.com
hotstair.com
hottyasians.net
hustlerstars.com
incest-xxx.net
interracialshow.com
interrucial.com
iwstudio.net
japanpornfilms.com
justspicysex.com
lacemuscle.com
lactaswing.com
lesbi-dreams.com
lesbianplaying.com
lesbiche-sesso.net
livesecurityupdates.com
livexxxmature.com
loverchicks.com
matgals.com
mature-porn-sex.net
maturebabemovie.com
maturewoman-porn.com
more-search.net
nude-clits.com
nudeebonygirls.net
nudemature4u.com
nylonhome.com
oggetti-nella-fica.com
oknarosta.com
oldmatures.com
only-hardcore-sex.net
onlyporngals.com
orgypartynow.com
pantyhosecastle.com
pervonax.com
picturesgay.net
pictureslesbian.com
picturesmature.net
piedi-feticismo-sesso.com
piedi-fetish-sesso.com
pillssearch.net
pinknred.com
porno-babe.com
porno-gratis-filmati.com
porno-holic.com
posingebony.com
privacyprotect-cs.com
profigoda.com
pubblicita-siti-adulti.com
purestocking.com
puttane-grandi-tette.com
rape-fantasy-pics.com
roundgym.com
sablesex.com
sandybutts.com
scopate-gratis.com
search-biz.net
search-city.net
search-club.net
search-free.net
searchforapornstar.net
seductivepantyhose.com
sesso-racconti.com
sexiw.com
sexjizzgames.com
sexlt.com
sexpu.com
sexualwhore.com
sexyamateurbabe.com
shemalefotos.net
shemalez4u.com
slimblack.com
smut-4-free.com
soccerwife.com
stockinghome.com
stockingporno.net
suckskills.com
superiteens.com
teasinglesbi.com
teen-giovani-ragazze.com
teensexualitypics.com
teensgangbang.net
teenshot.net
teenspray.com
teenxxxarea.com
thebdsmvideos.com
thelesbimovies.com
titsfirm.com
titsnudefree.net
transex-transessuali.com
trueteenorgy.com
twoar.com
ultrafuckers.net
vegascocks.com
vietnamchicks.com
vividsunset.com
voyeur-guardoni.com
voyeurexcitement.com
wetteenager.com
xtratits-in-action.com
xxxgarden.net
youranalmovies.com
yourmaturesvideo.com
zone-erotic.com
zoo-sex-pics.com
pornoszones.com
antiwatch.com
ultimateprotect.com
ourtablets.com
chatroomonporn.com
dontforporn.com
pissing-adult-video.com
pissing-pornmovie.com
playhardmovie.com
playhardmovie.net
playxvideo.com
playxxxvideo.net
pornvideosteens.com
pornxvideo.net
sexmovieslist.com
stephieporn.com
teenandporn.com
teenxvideo.net
uniform-pornmovie.com
ahoist.net
adultfree-film.com
adultfree-film.net
bestmodelssite.com
bestpornogirls.net
brakesex.net
girlspornosite.com
group-adult.net
lightporn.net
mainsex.net
mainsexsite.net
movies-girls.com
pleasure-porn.com
porn-bestmovies.net
porn-freemovies.com
porn-pleasure.net
pornbestmovies.com
porndreams-free.com
porndreams-free.net
pornohere.net
pornqaz.com
qazsex.com
seebestsex.net
sex-dreamgirl.com
sex-freemovies.com
sexclean.net
sexgirls-movies.net
sexnitro.net
video-sexfree.com
xerosex.com
protectiondenetsurfage.com
biznesa.net
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 12, 2008, 11:57:44 am
Here is a list of domains which are registered at Estdomains and listed here on MalwareDomainList.
Title: Re: EstDomains clearing up the shit
Post by: Ilya Klein on September 12, 2008, 12:04:03 pm
but to me this denotes other changes to the system for instance disabling internet options changing, and or a exe running on the system

No. No. No. I don't know how to explain... you know, I just don't need such visitors who was forced to have my website as homepage. They are not happy, they complain, they don't need my website and or any of my services, they are bad customers. For what reason should I force them to visit my website?
I have a feedback form on my website and if somebody want to change favourlinks to anything else but don't know how to do it - I'm always trying to help.

why would a malware exe link to your site?

What malware exe are you talking about?

About SiteAdvisor, http://www.siteadvisor.com/sites/yahoo.com - spam, phishing, malware - all at once!
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 12, 2008, 12:15:51 pm
To kokach:

Assuming you're in a rush,in case this is of any help,
here's also the "not-so-tidy" version of our archived data as well,
as we didn't had the time required to sanitize them to the full extend...
You can be rest assured though that ALL of these were involved in 'suspicious' activities,
NO matter if their website owners were actually aware of this fact or not.

Some general statistics for those curious about it:
12700 domains archived in total by MDL,obviously all of them involved in malware/spam/phishing
4500 of them (approximately) somehow connected with EstDomains
Ie.not necessary registered via EstDomains...for example,
site via Directi hosting malicious javascript,that redirects to EstDomains site and goes on...
About 35% of MDL's data since ever...
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 12, 2008, 12:39:43 pm
Quote
About SiteAdvisor, http://www.siteadvisor.com/sites/yahoo.com - spam, phishing, malware - all at once!

Lol,I agree with that - automated systems are always prone to these kind of errors,
which are rather amusing sometimes,like the Yahoo mentioned above...
It's the manual reviews listed there (and in every other similar service) that is of main interest...
And that's also the very exact reason that all sites are always being manually verified here...
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 12, 2008, 01:12:58 pm
Thank you for all your help.
We'll review the lists you gave and get rid of the problematic domains.
However, in case you'll have anything more to report - kindly get in touch with me directly, kokach@estdomains.com.
Thanks again.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 12, 2008, 01:28:57 pm
Glad we were able to be of some help to the community.

To legitimate web-admins registered via EstDomains...
(in order to avoid any possible future misconceptions):

From what we all read over in WashingtonPost,
Directi suspended 21.000 sites at once in less than 2 days.
Ie.it pretty much appears like they've chosen to take down at once,
every single site where there had been some kind of suspicious activity reported.
This action certainly cuts off most of the crap at once,
and is obviously more than welcomed from a security perspective.
But that's just up to the registrar's choice...no member around here ever claimed,
that all of the malware-connected sites identified here through time should be taken offline "in blind".

To EstDomains representatives:

Hopefully the data we've supplied will be examined in detail,
so that both legitimate admins get notified and clean up their 'hijacked' webpages from nasties,
and obviously,for the directly malware-involved domains to be suspended.
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 12, 2008, 01:35:50 pm
Yes, we'll do our best!
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 12, 2008, 04:41:26 pm
So you don't mind if we unsuspend the favourlinks.com?
We took the information about it from your links.txt
Also, there are some domain names, which owners claim their domains are legit.
For example these are:
levetra.net
buycheaplevitra.net
cheapest-cialis.com
alivegirls.com
check-affiliate-program.com
As these domains were in your report, could you tell me if this is correct?

We have also had domain owners emailing me, telling me their site is legitimate and there is no malware. Yet when I have checked a lot of them, they have not been changed and were still directing users to malware. Though I'm not speaking for the domains you listed above as I haven't checked them.
Title: Re: EstDomains clearing up the shit
Post by: gimcnuk on September 13, 2008, 09:19:44 am
many webmasters with "white" projects, has problems with estdomains, because them suspend domains without notifications and checking
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 13, 2008, 10:45:17 am
@kokach:

Some domains from our list are now unreachable. I think you have suspended them.
But the domain status from your whois database is ACTIVE. Why ?

Examples :

antivirus2008x.com
aolcounter.com
 
Title: Re: EstDomains clearing up the shit
Post by: Ilya Klein on September 13, 2008, 01:15:41 pm
Because they have not suspended them (yet?), but it does not make sense - they are anyway offline.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 13, 2008, 02:34:49 pm
Quote
many webmasters with "white" projects, has problems with estdomains,
because them suspend domains without notifications and checking

According to a statement made by an EstDomains representative in a well-known security forum,
about 15000 domains were suspended during latest week:
http://www.malwarebytes.org/forums/index.php?showtopic=6159&st=40&p=27572&#entry27572

Since a complete list of the suspended sites hasn't been provided to the public,
it's obviously not possible to verify the above numbers.
Then again...the whole clean-up process hasn't yet been completed,
as there are still lots of stuff to be checked there...
all sides should be patient in the meanwhile - just found these ones yesterday:

ferrychi445677.com
my-socks.info
de-my-page.info
rivatos.net
onlinececk.com
guidetosuccess.name

If anyone was actually curious for the direct malware links in these...
http://www.malwaredomainlist.com/forums/index.php?topic=2207.msg5549#msg5549
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 14, 2008, 04:02:22 pm
EstDomains, Inc: Global Struggle Against Malware Distribution

http://www.prweb.com/releases/2008/9/prweb1325214.htm (http://www.prweb.com/releases/2008/9/prweb1325214.htm)
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 15, 2008, 09:27:17 am
Thanks.
Put these last domains to the suspend queue.
And yes, the whole clean-up process is still in action, and it will take some time in order to complete it...
Your help is greatly appreciated.
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 15, 2008, 07:27:04 pm
http://www.klikforum.com/viewtopic.php?p=96443

Quote
В свете последних событий, предлагаем свои услуги по регистрации и сопровождению абузостойких доменов с гарантией в следующих зонах: com/net/biz/info

Домены гарантировано держат:
- Любые виды и объёмы web-спама (абузы от uribl и ему подобных, включая печально известный malwaredomainlist.com)
- Кодеки и любой другой low-sercurity софт
- Контент (дорвеи и т.д.), кроме контента указаного ниже

English translation:

Quote
In light of recent events, offer their services to register and escort abuzostoykih domains with a guarantee in the following areas: com / net / biz / info

Domains guaranteed hold:
-- All types and amounts of web-spam (abuzy uribl from him and such, including the notorious malwaredomainlist.com)
-- Codecs and any other low-sercurity software
-- Content (dorvei, etc.), besides indicating the content below

Interesting.

Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 15, 2008, 07:34:56 pm
Quote
including the notorious malwaredomainlist.com

LMFAO! I love it!
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 16, 2008, 03:16:51 am
...And I surely hope that ICANN people also reads the above.

Because pretty much the only "notorious" thing in this whole story throughout the years,
is their obvious lack of will to take the appropriate legal action against proven criminal activities.
Instead,they left it as an exercise to AV/security companies and individual non-paid volunteers.
Law of the jungle:with malware creatures caught in the wild,ending up in our zoos to say so...

Whatever - at least it got proved,for once more,that the community spirit is alive and kicking.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 16, 2008, 07:18:42 am
And more of..."notorious" exploit packs and associated malware...

3hosts.info
beliveme.net
bestguideinc.net
bigtopband.net
carrentalhelp.org
catchmoneynow.com
e.pepato.org
entiremedianet.com
f1visa.info
fastmediaservice.com
getanews.info
gicia.info
google-analyticks.net
googlebotdirect.com
inetppui.com
insurance-all.net
internet-telecom.info
jet3.rtds.biz
jungleconn.com
littlesoring.com
lucky-traffic.com
mazafaka.biz
mortgage88.org
mxlinx.info
myceck.com
naship.info
ns1.initialinfo.com
ns2.funfuckporn.com
odory.com
oldsoftupd.net
p0llo.com
plusney.com
razvlekalovo.net
rtrbenews.com
safenavweb.com
scanner-xpertantivirus.com
service-porn.com
smart-security.biz
statadd.com
sypercasino.com
totalsecuredownload.com
traff.justcount.net
trffc.org
uptdaterav.com
xpsys.net
Title: Re: EstDomains clearing up the shit
Post by: kokach on September 16, 2008, 08:06:00 am
klikforum does not relate to us in any way
regarding other domains - thanks, got it, some of the domains have already been suspended, others are under investigation
Title: Re: EstDomains clearing up the shit
Post by: CM_MWR on September 17, 2008, 07:57:40 am
@kokach

As noble and honorable as your intentions may be,I am sure they are all in vain.

Reason being is the names related with estdomains will never be forgotten,the name itself will allways carry incrimination,the kind you can never get rid of,sorta like herpes or samsonite,its just seems to linger forver.  ;)

This in itself make me wonder what the real motive behind your actions are,Im just a dumb ole hillbilly,so i have to believe someone in estdomains has allready well considered this.

You must proceed with what you feel is correct for you situation but if you think for one second by removing and cleaning up your present clients somhow nulls all the careless and harmful wrongs of the past,I fear you are sadly mistaken.

Since the internet has no laws or governing parties with nuts any larger than the size of squirrel,we have only one thing out here.

Pride,Honor&Respect and Estdomains has violated everyone of these in a way no other has in the past,present or future.

Estdomains is,was and will allways be associated with malicous activities and will never be fully trusted by any self respecting humans.

Do as you wish but you all built this coat you wear,Im sorry if you dont like its colors or the way it smells,we didnt do this...you did!

I can only wish you luck in your endeavors but do know,there are many who are watching and may well know more about your person than you do.  :o

Kindest Regards,

The Monster
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 21, 2008, 02:09:48 pm
EstDomains, Inc: Improved Detection and Prevention System is Live
http://www.prweb.com/releases/2008/9/prweb1357644.htm (http://www.prweb.com/releases/2008/9/prweb1357644.htm)
Title: Re: EstDomains clearing up the shit
Post by: CM_MWR on September 22, 2008, 01:11:01 pm
Quote from another forum 


Quote
No one is routing their traffic now.

http://cidr-report.org/cgi-bin/as-report?as=AS27595

http://www.gossamer-threads.com/lists/nanog/users/108643

Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 22, 2008, 05:00:49 pm
Est is back .......

Quote
Host:  www.estdomains.com (5)
Current IP*:  94.102.49.3 (New IP detected) (37) 
IP On Record:  216.255.176.238

http://hosts-file.net/?s=estdomains.com
http://hosts-file.net/?s=94.102.49.3
http://hosts-file.net/?s=216.255.176.238

Quote
Host:  www.estdomains.com (5)
Current IP*:  94.102.49.4 (New IP detected) (38 )
IP On Record:  69.50.177.98 (8 )

http://hosts-file.net/?swww.=estdomains.com
http://hosts-file.net/?s=94.102.49.4
http://hosts-file.net/?s=69.50.177.98
Title: Re: EstDomains clearing up the shit
Post by: TeMerc on September 22, 2008, 07:18:49 pm
Steven this needs to be spread about as much as we can.

I'll start with these links, thanks.
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 22, 2008, 07:38:20 pm
I've just posted the following to the comments of the SF article :)

Quote
Nice one Brian (and nice comment TeMerc ;o)).

@Nandor Orban,
Indeed your site may be legit, however, your chosen registrar is not legit. Their WhoIs server however, most certainly is working, and has been now for quite some time;

http://hphosts.blogspot.com/2008/09/estdomains-now-allowing-whois-queries.html

Alas their force offline did not last long, as they've now moved their sites to the Netherlands, and not surprisingly, to another known cyber crime friendly hosting co (Iqarus).

************
BEGIN REF
************
Host: estdomains.com (5)
Current IP*: 94.102.49.3 (New IP detected) (37)
IP On Record: 216.255.176.238
 
http://hosts-file.net/?s=estdomains.com
http://hosts-file.net/?s=94.102.49.3
http://hosts-file.net/?s=216.255.176.238

Host: www.estdomains.com (5)
Current IP*: 94.102.49.4 (New IP detected) (38)
IP On Record: 69.50.177.98 (8)

http://hosts-file.net/?swww.=estdomains.com
http://hosts-file.net/?s=94.102.49.4
http://hosts-file.net/?s=69.50.177.98

Host:  esthost.com (29) 
Current IP*:  94.102.49.3 (New IP detected) (39) 
IP PTR:  Resolution failed 
IP On Record:  69.50.176.228 (4)

http://hosts-file.net/?s=esthost.com
http://hosts-file.net/?s=94.102.49.3
http://hosts-file.net/?s=69.50.176.228

************
END REF
************

Funnily, alot of Est's customers are also moving to Iqarus (amongst others) too. The following is my (quick) analysis of the 85.255.x.x block that I've currently got in the hpHosts database, and shows alot of their customers are either now offline, gone to Iqarus, Keyweb.de or ISP UATelecom (familiar names in the security community).

http://hosts-file.net/misc/hpHosts_-_85_255_x_x.html
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 22, 2008, 08:45:51 pm
www.atrivo.com   69.50.182.171
www.intercage.com   216.255.187.125
ns10.intercage.com   69.50.179.14
ns11.intercage.com   69.50.182.162


All online.

Tracert 216.255.187.125

  8   154 ms   168 ms   233 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   243 ms   234 ms   269 ms  209.237.229.197
 10   287 ms   266 ms   281 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   205 ms   189 ms   196 ms  PIE.us [206.223.144.14]
 12   193 ms   214 ms   196 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 22, 2008, 09:38:54 pm
whois.exe -h whois.cymru.com 69.50.182.171
whois.exe -h whois.cymru.com 216.255.187.125
Nada for the time being...

telnet route-server.cerf.net
> sho ip bgp 69.50.182.171
telnet route-server.cerf.net
> sho ip bgp 216.255.187.125
% Network not in table

whois.exe -h whois.ra.net x.x.x.x though returns...
Code: [Select]
route:      69.50.182.0/23
descr:      Proxy-registered route object
origin:     AS27595
remarks:    This route object is for a BtN customer route
remarks:    which is being exported under this origin AS.
remarks:   
remarks:    This route object was created because no existing
remarks:    route object with the same origin was found, and
remarks:    since some BtN peers filter based on these objects
remarks:    this route may be rejected if this object is not created.
remarks:   
remarks:    Please contact peering@cais.net if you have any
remarks:    questions regarding this object.
mnt-by:     MAINT-AS3491
changed:    sajwani@pccwbtn.com 20051104
source:     RADB
route:      69.50.176.0/20
descr:      Atrivo
origin:     AS27595
notify:     emil@atrivo.com
mnt-by:     MAINT-ATRIVO
changed:    emil@atrivo.com 20030414
source:     ALTDB
route:         69.50.182.0/23
descr:         BNDAS-INC-IP-SFO1-001
origin:        AS26769
mnt-by:        BANDCON-MNT
changed:       arinpoc@bandcon.com 20080429
source:        LEVEL3
Code: [Select]
route:      216.255.176.0/20
descr:      Atrivo
origin:     AS27595
notify:     emil@atrivo.com
mnt-by:     MAINT-ATRIVO
changed:    emil@atrivo.com 20030414
source:     ALTDB
route:         216.255.176.0/20
descr:         BNDAS-INC-IP-SFO1-001
origin:        AS26769
mnt-by:        BANDCON-MNT
changed:       arinpoc@bandcon.com 20080429
source:        LEVEL3
Title: Re: EstDomains clearing up the shit
Post by: JohnC on September 22, 2008, 09:57:28 pm
www.atrivo.com   69.50.182.171
www.intercage.com   216.255.187.125
ns10.intercage.com   69.50.179.14
ns11.intercage.com   69.50.182.162


All online.

Tracert 216.255.187.125

  8   154 ms   168 ms   233 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   243 ms   234 ms   269 ms  209.237.229.197
 10   287 ms   266 ms   281 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   205 ms   189 ms   196 ms  PIE.us [206.223.144.14]
 12   193 ms   214 ms   196 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]

  8   139 ms   134 ms   143 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   229 ms   216 ms   217 ms  209.237.229.197
 10   212 ms   215 ms   214 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   169 ms   192 ms   171 ms  207.7.146.250
 12   185 ms   168 ms   168 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]

hop 11 has changed.
Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on September 22, 2008, 10:00:32 pm
Oh dear .......;

Quote
OrgName: Unitedlayer, Inc.
OrgID: LAER
Address: 1019 Mission Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US

NetRange: 207.7.128.0 - 207.7.159.255
CIDR: 207.7.128.0/19
NetName: NETBLK-UNITEDLAYER-3
NetHandle: NET-207-7-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.UNITEDLAYER.COM
NameServer: NS2.UNITEDLAYER.COM

UL aren't gonna be a popular bunch .....
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 22, 2008, 11:06:31 pm
At the moment,BGPlay returns back results regarding 216.255.176.0/20 routing.
69.50.182.0/23 still returns nothing for the moment...
http://bgplay.routeviews.org/bgplay/

Title: Re: EstDomains clearing up the shit
Post by: CM_MWR on September 23, 2008, 11:34:35 am
lol...unitedlayer.....softlayer....imagine that.  ;)
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 24, 2008, 01:23:19 am
http://www.gossamer-threads.com/lists/nanog/users/108704#108704
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 26, 2008, 07:24:23 pm
http://msmvps.com/blogs/spywaresucks/archive/2008/09/26/1648934.aspx
Title: Re: EstDomains clearing up the shit
Post by: SysAdMini on September 26, 2008, 08:11:24 pm
http://msmvps.com/blogs/spywaresucks/archive/2008/09/26/1648934.aspx

Seems to be true. Name resolution for atrivo.com and intercage.com fails.
Title: Re: EstDomains clearing up the shit
Post by: sowhat-x on September 27, 2008, 05:11:04 am
Continued...again,from Sandi's blog:
http://msmvps.com/blogs/spywaresucks/archive/2008/09/27/1649032.aspx
Title: Re: EstDomains clearing up the shit
Post by: JohnC on October 08, 2008, 12:55:07 pm
www.atrivo.com   69.50.182.171
www.intercage.com   216.255.187.125
ns10.intercage.com   69.50.179.14
ns11.intercage.com   69.50.182.162


All online.

Tracert 216.255.187.125

  8   154 ms   168 ms   233 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   243 ms   234 ms   269 ms  209.237.229.197
 10   287 ms   266 ms   281 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   205 ms   189 ms   196 ms  PIE.us [206.223.144.14]
 12   193 ms   214 ms   196 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]

  8   139 ms   134 ms   143 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   229 ms   216 ms   217 ms  209.237.229.197
 10   212 ms   215 ms   214 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   169 ms   192 ms   171 ms  207.7.146.250
 12   185 ms   168 ms   168 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]

hop 11 has changed.

intercage.com 72.167.183.56

Quote
15   159 ms   161 ms   161 ms  ae-8-8.car1.Phoenix1.Level3.net [4.69.133.29]
 16     *        *        *     Request timed out.
 17     *      151 ms   156 ms  ip-208-109-112-153.ip.secureserver.net [208.109.112.153]
 18     *        *        *     Request timed out.
 19     *      223 ms     *     ip-216-69-188-33.ip.secureserver.net [216.69.188.33]
 20     *      153 ms   163 ms  p3slh242.shr.phx3.secureserver.net [72.167.183.56]
 21   153 ms   150 ms   151 ms  p3slh242.shr.phx3.secureserver.net [72.167.183.56]
Title: Re: EstDomains clearing up the shit
Post by: Dawud on October 14, 2008, 03:20:07 am
My site has been identified as one of these "attack" sites.
Someone please help me with this. My site is for my business and my
web guy (who set up my site and also hosts it) is a friend of
mine and is out of the country. I'm ignorant with the whole
web site thing, but I have 5 kids to feed and I need my site back
up and running. I googled this issue and found this forum. it seems
like the people here know what's going on much more than I do
anyone who can help me with this or direct me to whoever can
help me please email me at

abusulayman2@aol.com


thanks

Dawud
Title: Re: EstDomains clearing up the shit
Post by: tjs on October 14, 2008, 04:59:51 am
You should work with your web guy to find a new hosting provider. If you need help faster, you should find a new web guy. I don't think anyone on this forum is going to try to help you beyond that.

Title: Re: EstDomains clearing up the shit
Post by: MysteryFCM on October 14, 2008, 03:42:16 pm
Dawud,
Further to tjs's post, what is your site's domain name?
Title: Re: EstDomains clearing up the shit
Post by: JohnC on October 17, 2008, 04:22:51 pm
UkrTeleGroup

Quote
  8    49 ms    18 ms    33 ms  193.159.225.237
  9   136 ms   110 ms    97 ms  217.239.40.26
 10   126 ms    89 ms   100 ms  217.6.49.106
 11   100 ms    84 ms    91 ms  85.255.112.57

Quote
10   101 ms    92 ms    93 ms  above-twtc.iad10.above.net [64.125.12.78]
 11   127 ms   147 ms   128 ms  66.193.50.238
 12   130 ms   131 ms   162 ms  66.193.50.238
 13     *        *        *     Request timed out.
 14   160 ms   141 ms   135 ms  85.255.113.91