Author Topic: EstDomains clearing up the shit  (Read 36448 times)

0 Members and 1 Guest are viewing this topic.

September 03, 2008, 08:27:38 pm
Reply #15

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
http://www.umaxforum.com/showthread.php?t=29510
http://www.master-x.com/forum/topics/108213/
http://www.domenforum.net/showthread.php?t=54514
http://www.gofuckbiz.com/showthread.php?t=4085

This one makes me curious: http://forums.acenet-inc.net/Private/showthread.php?t=2454

Private forum at a hosting company.

September 03, 2008, 09:15:31 pm
Reply #16

sowhat-x

  • Guest
http://www.google.com/translate?langpair=ru|en&u=http://www.master-x.com/forum/topics/108213/page/75/

The point where the Esthost representative refers to MDL,
and the act of de-listing the domains during the next update...
don't know,but something certainly didn't felt ok inside me there...
URIBL didn't even bothered replying back to them:
that seems to have hurted them,and I think that maybe that's the very best choice...
Why even bother start conversations with these lamers...i doubt anyone else out there has...
just let them run with no place to hide...or better said,with no place to be hosted...

September 04, 2008, 03:04:50 am
Reply #17

TeMerc

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 32
    • TeMerc Internet Countermeasures
Here is the latest:
http://go.theregister.com/feed/www.theregister.co.uk/2008/09/03/directi_strikes_back/

I still say we can't trust them. You know they're gonna get another setup in place all too quick.

But time will tell, as I commented in that article.

But for as long as they-Atrivo\Inhoster\Intercage\Est and whoever else have been doing bad on the Net, it will take forever before anyone trusts any parties involved in any of that if ever.

I know I'm no easy push over for this type of outright criminal behavior. Far as I'm concerned they can just drop off the Earth and never return.
*

September 04, 2008, 06:41:59 am
Reply #18

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
This explains the surge of XPA2008 everywhere for the last 3 to 4 weeks.

Notice that has let up a bit now.

September 04, 2008, 12:27:30 pm
Reply #19

sowhat-x

  • Guest
Heh,just got a possible idea about the number of visitors at 26 Aug...articled dated 24 August:  ;)
http://www.sudosecure.net/archives/228

PS:Seen that now cjeremy?So let me not hear you complaining again,
that I'm supposedly the only regular reader there,ha-ha...  :D

September 04, 2008, 03:08:34 pm
Reply #20

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

September 06, 2008, 03:05:24 am
Reply #21

sowhat-x

  • Guest
http://www.avertlabs.com/research/blog/index.php/2008/09/04/the-darksides-domains/
http://www.theregister.co.uk/2008/09/03/directi_strikes_back/
Most of the important news/links can be found via Knujon's site though...

PS:In the very first phrase / beginning of the McAfee article,
do note the part where they make fun of Microsoft,he-he...excellent sense of humour!  ;D
Quote
(and whilst Terry is dancing in doorways)

September 07, 2008, 10:06:58 am
Reply #22

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Subject: InterCage, Inc. (NOT Atrivo)
To: NANOG@NANOG.ORG


Hello Everyone,

Good morning.
Seeing the activity in regards to our company here at NANOG, I believe
this is the most reasonable and responsible place to respond to the
current issues on our network. We hope to obtain non-bias opinion's
and good honest and truthful information from the users here.

Being that there are much larger operators here then us, what kind of
insight can you give to the issues that have arisen?

We've near completely removed (completion monday 09/08/08) Hostfresh
from our network. 2 of their /24's have been removed:
58.65.238.0/24 dropped
58.65.239.0/24 dropped
The machine's they leased from us have been canceled.

What do you suggest for the next move?

Thank you for your time. Have a great day.

---
Russell M.
InterCage, Inc.

September 07, 2008, 10:33:53 am
Reply #23

sowhat-x

  • Guest

September 07, 2008, 07:20:29 pm
Reply #24

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
By request this thread has been made public.

September 09, 2008, 01:38:06 pm
Reply #25

kokach

  • Jr. Member

  • Offline
  • **

  • 10
Hi to everybody.
I'm writing on behalf of the EstDomains, Inc and I would like to explain the situation.
We really are in the middle of the total clean-up. We ask every possibly problematic customer to transfer out or make their best to remove themselves from different kinds of anti-abuse listings, in case their projects are legit.
As for the real problematic customers - we suspend them. Suspend totally, including their domains, accounts, look for connections to other accounts and so on.
We would really like to perform this total clean-up, but we need some support as well. Guys, stop accusing us please. You'll definitely see we aren't as bad as you think. We need your support and, even more important, your reports. At the moment, there is about 270,000 domains registered through us and we can't investigate the activity of each of them, so in case you do have any information about any of the domain name being involved in some shady activity, we'll really appreciate if you forward it to us.
Thank you!

September 09, 2008, 07:38:17 pm
Reply #26

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

September 09, 2008, 07:46:24 pm
Reply #27

sowhat-x

  • Guest
Quote
As for the real problematic customers - we suspend them.
One has certainly to wonder if only the customers themselves are the 'problematic' ones...

Quote
We would really like to perform this total clean-up...
We've noticed that EstDomains representatives have already requested people,
in various well-known security related forums/projects,
to provide them with names of well-known malware domains to 'clean' them out...
Since you're in the SEO business,I would assume you're quite familiar with scripting...
thereby,the following queries will probably be a good starting point...

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=estdomains+site:www.siteadvisor.com
1470 results...

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=estdomains+site:hosts-file.net
331 results...

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=estdomains+site:www.castlecops.com
282 results...

September 09, 2008, 07:56:28 pm
Reply #28

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Guys, stop accusing us please

We don't accuse anyone. All what we do is collecting facts, facts about malware spreading domains.
And you have a lot of them.
Ruining the bad guy's day

September 09, 2008, 08:01:33 pm
Reply #29

sowhat-x

  • Guest
...and maybe an even faster way to clean up most of the crap at once...
Just script whois queries against the domains listed in the following two blocklists,
then grep for the matches that got returned...

http://hosts-file.net/?s=Download
http://malwaredomains.com/?page_id=66