Author Topic: EstDomains clearing up the shit  (Read 55263 times)

0 Members and 1 Guest are viewing this topic.

September 16, 2008, 08:06:00 am
Reply #75

kokach

  • Jr. Member

  • Offline
  • **

  • 10
klikforum does not relate to us in any way
regarding other domains - thanks, got it, some of the domains have already been suspended, others are under investigation

September 17, 2008, 07:57:40 am
Reply #76

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
@kokach

As noble and honorable as your intentions may be,I am sure they are all in vain.

Reason being is the names related with estdomains will never be forgotten,the name itself will allways carry incrimination,the kind you can never get rid of,sorta like herpes or samsonite,its just seems to linger forver.  ;)

This in itself make me wonder what the real motive behind your actions are,Im just a dumb ole hillbilly,so i have to believe someone in estdomains has allready well considered this.

You must proceed with what you feel is correct for you situation but if you think for one second by removing and cleaning up your present clients somhow nulls all the careless and harmful wrongs of the past,I fear you are sadly mistaken.

Since the internet has no laws or governing parties with nuts any larger than the size of squirrel,we have only one thing out here.

Pride,Honor&Respect and Estdomains has violated everyone of these in a way no other has in the past,present or future.

Estdomains is,was and will allways be associated with malicous activities and will never be fully trusted by any self respecting humans.

Do as you wish but you all built this coat you wear,Im sorry if you dont like its colors or the way it smells,we didnt do this...you did!

I can only wish you luck in your endeavors but do know,there are many who are watching and may well know more about your person than you do.  :o

Kindest Regards,

The Monster

September 21, 2008, 02:09:48 pm
Reply #77

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
EstDomains, Inc: Improved Detection and Prevention System is Live
http://www.prweb.com/releases/2008/9/prweb1357644.htm
Ruining the bad guy's day

September 22, 2008, 01:11:01 pm
Reply #78

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Quote from another forum 


Quote
No one is routing their traffic now.

http://cidr-report.org/cgi-bin/as-report?as=AS27595

http://www.gossamer-threads.com/lists/nanog/users/108643


September 22, 2008, 05:00:49 pm
Reply #79

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Est is back .......

Quote
Host:  www.estdomains.com (5)
Current IP*:  94.102.49.3 (New IP detected) (37) 
IP On Record:  216.255.176.238

http://hosts-file.net/?s=estdomains.com
http://hosts-file.net/?s=94.102.49.3
http://hosts-file.net/?s=216.255.176.238

Quote
Host:  www.estdomains.com (5)
Current IP*:  94.102.49.4 (New IP detected) (38 )
IP On Record:  69.50.177.98 (8 )

http://hosts-file.net/?swww.=estdomains.com
http://hosts-file.net/?s=94.102.49.4
http://hosts-file.net/?s=69.50.177.98
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

September 22, 2008, 07:18:49 pm
Reply #80

TeMerc

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 32
    • TeMerc Internet Countermeasures
Steven this needs to be spread about as much as we can.

I'll start with these links, thanks.
*

September 22, 2008, 07:38:20 pm
Reply #81

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
I've just posted the following to the comments of the SF article :)

Quote
Nice one Brian (and nice comment TeMerc ;o)).

@Nandor Orban,
Indeed your site may be legit, however, your chosen registrar is not legit. Their WhoIs server however, most certainly is working, and has been now for quite some time;

http://hphosts.blogspot.com/2008/09/estdomains-now-allowing-whois-queries.html

Alas their force offline did not last long, as they've now moved their sites to the Netherlands, and not surprisingly, to another known cyber crime friendly hosting co (Iqarus).

************
BEGIN REF
************
Host: estdomains.com (5)
Current IP*: 94.102.49.3 (New IP detected) (37)
IP On Record: 216.255.176.238
 
http://hosts-file.net/?s=estdomains.com
http://hosts-file.net/?s=94.102.49.3
http://hosts-file.net/?s=216.255.176.238

Host: www.estdomains.com (5)
Current IP*: 94.102.49.4 (New IP detected) (38)
IP On Record: 69.50.177.98 (8)

http://hosts-file.net/?swww.=estdomains.com
http://hosts-file.net/?s=94.102.49.4
http://hosts-file.net/?s=69.50.177.98

Host:  esthost.com (29) 
Current IP*:  94.102.49.3 (New IP detected) (39) 
IP PTR:  Resolution failed 
IP On Record:  69.50.176.228 (4)

http://hosts-file.net/?s=esthost.com
http://hosts-file.net/?s=94.102.49.3
http://hosts-file.net/?s=69.50.176.228

************
END REF
************

Funnily, alot of Est's customers are also moving to Iqarus (amongst others) too. The following is my (quick) analysis of the 85.255.x.x block that I've currently got in the hpHosts database, and shows alot of their customers are either now offline, gone to Iqarus, Keyweb.de or ISP UATelecom (familiar names in the security community).

http://hosts-file.net/misc/hpHosts_-_85_255_x_x.html
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

September 22, 2008, 08:45:51 pm
Reply #82

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
www.atrivo.com   69.50.182.171
www.intercage.com   216.255.187.125
ns10.intercage.com   69.50.179.14
ns11.intercage.com   69.50.182.162


All online.

Tracert 216.255.187.125

  8   154 ms   168 ms   233 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   243 ms   234 ms   269 ms  209.237.229.197
 10   287 ms   266 ms   281 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   205 ms   189 ms   196 ms  PIE.us [206.223.144.14]
 12   193 ms   214 ms   196 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]

September 22, 2008, 09:38:54 pm
Reply #83

sowhat-x

  • Guest
whois.exe -h whois.cymru.com 69.50.182.171
whois.exe -h whois.cymru.com 216.255.187.125
Nada for the time being...

telnet route-server.cerf.net
> sho ip bgp 69.50.182.171
telnet route-server.cerf.net
> sho ip bgp 216.255.187.125
% Network not in table

whois.exe -h whois.ra.net x.x.x.x though returns...
Code: [Select]
route:      69.50.182.0/23
descr:      Proxy-registered route object
origin:     AS27595
remarks:    This route object is for a BtN customer route
remarks:    which is being exported under this origin AS.
remarks:   
remarks:    This route object was created because no existing
remarks:    route object with the same origin was found, and
remarks:    since some BtN peers filter based on these objects
remarks:    this route may be rejected if this object is not created.
remarks:   
remarks:    Please contact peering@cais.net if you have any
remarks:    questions regarding this object.
mnt-by:     MAINT-AS3491
changed:    sajwani@pccwbtn.com 20051104
source:     RADB
route:      69.50.176.0/20
descr:      Atrivo
origin:     AS27595
notify:     emil@atrivo.com
mnt-by:     MAINT-ATRIVO
changed:    emil@atrivo.com 20030414
source:     ALTDB
route:         69.50.182.0/23
descr:         BNDAS-INC-IP-SFO1-001
origin:        AS26769
mnt-by:        BANDCON-MNT
changed:       arinpoc@bandcon.com 20080429
source:        LEVEL3
Code: [Select]
route:      216.255.176.0/20
descr:      Atrivo
origin:     AS27595
notify:     emil@atrivo.com
mnt-by:     MAINT-ATRIVO
changed:    emil@atrivo.com 20030414
source:     ALTDB
route:         216.255.176.0/20
descr:         BNDAS-INC-IP-SFO1-001
origin:        AS26769
mnt-by:        BANDCON-MNT
changed:       arinpoc@bandcon.com 20080429
source:        LEVEL3

September 22, 2008, 09:57:28 pm
Reply #84

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
www.atrivo.com   69.50.182.171
www.intercage.com   216.255.187.125
ns10.intercage.com   69.50.179.14
ns11.intercage.com   69.50.182.162


All online.

Tracert 216.255.187.125

  8   154 ms   168 ms   233 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   243 ms   234 ms   269 ms  209.237.229.197
 10   287 ms   266 ms   281 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   205 ms   189 ms   196 ms  PIE.us [206.223.144.14]
 12   193 ms   214 ms   196 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]

  8   139 ms   134 ms   143 ms  br01-eqixash.unitedlayer.com [206.223.115.154]
  9   229 ms   216 ms   217 ms  209.237.229.197
 10   212 ms   215 ms   214 ms  Vlan804.br01-200p-sfo.unitedlayer.com [209.237.224.173]
 11   169 ms   192 ms   171 ms  207.7.146.250
 12   185 ms   168 ms   168 ms  216.255.187.125-custblock.intercage.com [216.255.187.125]

hop 11 has changed.

September 22, 2008, 10:00:32 pm
Reply #85

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Oh dear .......;

Quote
OrgName: Unitedlayer, Inc.
OrgID: LAER
Address: 1019 Mission Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US

NetRange: 207.7.128.0 - 207.7.159.255
CIDR: 207.7.128.0/19
NetName: NETBLK-UNITEDLAYER-3
NetHandle: NET-207-7-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.UNITEDLAYER.COM
NameServer: NS2.UNITEDLAYER.COM

UL aren't gonna be a popular bunch .....
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

September 22, 2008, 11:06:31 pm
Reply #86

sowhat-x

  • Guest
At the moment,BGPlay returns back results regarding 216.255.176.0/20 routing.
69.50.182.0/23 still returns nothing for the moment...
http://bgplay.routeviews.org/bgplay/


September 23, 2008, 11:34:35 am
Reply #87

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
lol...unitedlayer.....softlayer....imagine that.  ;)