Author Topic: EstDomains clearing up the shit  (Read 49190 times)

0 Members and 1 Guest are viewing this topic.

September 03, 2008, 05:08:14 pm
Read 49190 times

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Any domains registered through EstDomains which are on the MDL they are contacting customers telling them they need to clean their sites or they will cancel the domain. In the last two days I have had various requests to remove domains. Whether or not these domains are only being cleaned temporarily to be removed from the MDL and will then go back to hosting/directing users to malware I am unaware.


September 03, 2008, 05:28:26 pm
Reply #1

sowhat-x

  • Guest
Ehmm...not really sure if I understood the above correctly...
you mean that EstDomains itself told it's clients to start clean up the crap,
and their now trying to convince you to do so?   ???
Or just that malware authors/estdomains clients do it by themselves,
as a temporary defensive mechanism?

September 03, 2008, 05:30:52 pm
Reply #2

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
I normally only get requests to remove domains which are RFIs and that kind of thing which have been cleaned.

The last couple of days I have gotten a lot of other requests, one said that his registrar gave him seven days to clean it up. Another guy asked me if I could CC the email back to notify@estdomains.com

September 03, 2008, 05:38:41 pm
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
I'm really confused. I thought that Estdomains is related to Atrivo and a source of evil. :-\
Ruining the bad guy's day

September 03, 2008, 05:41:05 pm
Reply #4

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
This is what I don't understand. Why are they contacting their customers and asking them to clean their sites?

September 03, 2008, 05:41:54 pm
Reply #5

sowhat-x

  • Guest
Guys,check this out now...seems they're in the process of somehow starting a 'new round'...
at the moment (temporarily?) removing at least some of the already spotted 'in the wild' domains:
http://www.malwaredomainlist.com/forums/index.php?topic=2149.msg5221#msg5221
At least that's what I understand myself,it can't be a complete coincidence...
Few well-known members/friends have already replied in the WashingtonPost article from what I see...

September 03, 2008, 05:57:56 pm
Reply #6

sowhat-x

  • Guest
Personal opinion,maybe I'm wrong on this,maybe not...
Do NOT remove anything hosted in RBN netblocks for the time being,
no matter if domains get temporarily cleaned/shut down -> to HELL with all of them.

If they are indeed legitimate webmasters with no malicious intentions whatsoever,
well then,they should choose different web space providers -> simple as that,heh...
Hope to hear other people's opinion on this matter...

September 03, 2008, 06:00:53 pm
Reply #7

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
I've still got stuff from 81.95.149 which I hadn't cleaned out, just incase the domains come back with new IPs :)

September 03, 2008, 06:10:55 pm
Reply #8

sowhat-x

  • Guest
Link taken from the (currently) last comment over at WashingtonPost's article...
http://msmvps.com/blogs/hostsnews/archive/2008/09/03/1646589.aspx

September 03, 2008, 06:37:15 pm
Reply #9

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
I've got a ton of Est related domains in hpHosts, including a few that were found within the last 48 hours.

I'm pretty sure there's a site monitoring Est NS's, but can't find the ref atm :(
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

September 03, 2008, 07:12:56 pm
Reply #10

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Maybe there is a relation between this activities and the astonishing high number of users from August 26,
what never happened before at this dimension.

 Most Online Ever: 320 (August 26, 2008, 09:07:15 PM)
Ruining the bad guy's day

September 03, 2008, 07:26:00 pm
Reply #11

sowhat-x

  • Guest
The WashingtonPost article is dated two days later,August 28,who knows...
Personally,I've came to the conclusion that the hit stats counter must been b0rked,ha-ha...
because it says 'Most Online Ever: 320'...but at the same moment...only 237 Members in total?  ;D

September 03, 2008, 07:34:30 pm
Reply #12

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
users online doesn't mean members online. users can be guests.
Ruining the bad guy's day

September 03, 2008, 07:36:26 pm
Reply #13

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
I think a large amount were Yahoo search engine crawlers. They have a large amount on the site at a time, and with unique IPs mostly.

September 03, 2008, 07:43:42 pm
Reply #14

sowhat-x

  • Guest
Heh,that's funny...imagine that i didn't knew that...
until now,i thought it was tracking / displaying in public,
only the number of maximum logged-in members...  ::)