Re: Atrivo/InterCage Abuse
fhh
> I'de just like to recap for the past few months. We haven't heard very
> much as far as abuse on the network. So we take that as abuse has
> slowed down.
>
> Fhh, P Thompson, Morely Dotes... How has it been?
>
> I've been in the shadows the past few months working on other things,
> but I've still been in the background on abuse. Our blocks are now
> clear on SORBS. Hopefully, we can keep working that way. Our current
> SBL Listings are being investigated and resolution will be met within
> the next few days.
>
> Hopefully, you guys can agree with me that the amount of abuse on the
> network has shrunk quite a bit. ;) But that may not be the case. You
> may just be quiet like I was ;)
Are you serious? You did not solve major problems on your network at all.
When you do not solve problems I am reporting to you, I am not in a hurry
to report all other abuse I am seeing.
I doubt my opinion matters, but I would advise internet users to firewall
large parts of the Atrivo/Intercage network. Also, I am starting to believe
that an investigation on Esthost by law enforcement might be appropriate.
I am seeing nothing but *serious* trouble on the network of Esthost (and
Atrivo is providing internet connectivity for Esthost) .
--
feike
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Shmuel (Seymour J.) Metz
09/02/2005
at 01:22 AM, Ru...@Atrivo.com said:
>Hopefully, you guys can agree with me that the amount of abuse on the
>network has shrunk quite a bit. ;)
In addition to monitoring NANAS, I'd advise you to plant some spam
traps of your own. That way you might see some of it before we (TINW)
do, and cut it off before it gets you blocked. Keep in mind that on
some networks, the first spam complaint you get will be on the 5xx.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
Unsolicited bulk E-mail will be subject to legal action. I reserve
the right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to spam...@library.lspace.org
Morely Dotes
@z14g2000cwz.googlegroups.com:
> I'de just like to recap for the past few months. We haven't heard very
> much as far as abuse on the network. So we take that as abuse has
> slowed down.
>
> Fhh, P Thompson, Morely Dotes... How has it been?
I'd have to dig through logs and archives to answer that definitively, but
nothing stands out in recent memory.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
Andrew - Supernews
> If I had the ability... I would cut Esthost as a client... But, in
> doing so, it causes nearly a quarter if not half of the company's
> monthly revenue to be cut. That is not too good of a move nor
> reasonably possible ;)
>
> People consider Atrivo/InterCage to be some abuse supporting company...
"Thine own mouth condemneth thee, and not I: yea, thine own lips testify
against thee."
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services
fhh
> There is no "network of esthost". The network in which Esthost resides
> is our network. Esthost is one of our larger clients, They are very
> successful in the industry of web hosting and domain registration. They
> just recently became an ICANN Accredited Registrar. I won't comment on
> "why" they're so successful... But for some, that may be obvious.
>
> I believe an investigation by law enforcement is a very corrective
> step... That would definately clean Esthost up.
>
> I can honestly say, there are 2 of our major clients who are very
> successful... and with both of those comes occasional abuse. On one,
> it's the occasional spam via exploit. The other... Esthost... Well... A
> lot worse abuse then just spam.
>
> One of the things I find quite rediculous is people have taken all of
> our business emails from whois etc, and placed them in spam runs. How
> stupid can you get?... Honestly! You have never received a spam email
> that came from our business servers... Our clients (like EVERY other
> companies clients) do get the abuse of spam from their servers. For all
> of our clients (esthost aside)... This is not very often. We can't
> please everyone. We try... But when you have to go through and work
> with a client like esthost who doesn't quite take abuse too
> seriously... and the only other thing you can do is null their client's
> server.... it's hard to get a "correct" action taken. The correct
> action on any intentional spammer is to be immediately removed. As well
> as intentional virii distributors. This is seen with iframecash.biz...
> We took reports from P Thompson and demanded their removal... That
> appeared to be resolved... and then they pop up again.
>
> If I had the ability... I would cut Esthost as a client... But, in
> doing so, it causes nearly a quarter if not half of the company's
> monthly revenue to be cut. That is not too good of a move nor
> reasonably possible ;)
>
> People consider Atrivo/InterCage to be some abuse supporting company...
> If only any of you knew what the position would be in a company our
> size.
What you are saying here is really alarming. In fact you are admitting that
up to 50% of the revenue of Atrivo.com may be related to (proxy) spam and
other serious abuse. You are confirming that Atrivo is unable and unwilling
to stop the abuse by customers of Esthost.
> It's not as easy as you believe it to be ;)
Well, your own words suggest that Atrivo.com is in very bad shape indeed.
Morely Dotes
@f14g2000cwb.googlegroups.com:
> If I had the ability... I would cut Esthost as a client... But, in
> doing so, it causes nearly a quarter if not half of the company's
> monthly revenue to be cut. That is not too good of a move nor
> reasonably possible ;)
If 100% of the company's revenue will be cut off when the Feds decide
there's conspiracy to violate the CAN-SPAM going on, will that be good?
Look at this week's issue of _Computerworld_ for an article by John
Columbus, entitled "Good Numbers And Bad."
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Dolphin
message <1125683278.3...@f14g2000cwb.googlegroups.com> reply:
> Hello fhh,
>
> There is no "network of esthost". The network in which Esthost resides
> is our network. Esthost is one of our larger clients,
> But when you have to go through and work
> with a client like esthost who doesn't quite take abuse too
> seriously... and the only other thing you can do is null their client's
> server....
Several questions arise:
1. Does the Atrivo's AUP permit their clients to abuse or run services that
help to abuse other networks?
- Your AUP says it is "Unacceptable use".
2. Do ALL Atrivo's clients have to follow it?
- Your AUP says: "This policy applies to all customers (also known as
'subscribers') using the products and services provided by Atrivo."
3. If such a client repeatedly violates your AUP, but you refure to apply
your AUP and terminate the client's account, it says what?
- That you do not want to.
> it's hard to get a "correct" action taken.
Oh, it's very easy! You don't even need to read a manual to grasp the idea
of how a wirecutter works. It's all about the WILL to do it.
> The correct
> action on any intentional spammer is to be immediately removed. As well
> as intentional virii distributors.
So you know what should be done, too.
> This is seen with iframecash.biz...
> We took reports from P Thompson and demanded their removal... That
> appeared to be resolved... and then they pop up again.
And your customer who let them back on, and moreover - still keeps them on,
is still your customer? Atrivo knows about it, and Atrivo still keeps them?
And you honestly do not understand why the whole Atrivo's net space should
not be trusted with a single packet?
> If I had the ability... I would cut Esthost as a client...
Oh, the ability you have! Don't tell that there is not a single wirecutter
around, or that you do not know which plugs lead to that client of your's.
It's the will to do that, that's what Atrivo lacks.
> But, in
> doing so, it causes nearly a quarter if not half of the company's
> monthly revenue to be cut. That is not too good of a move nor
> reasonably possible ;)
Is it just me, or is this whole thing looks like HostNOC/BurstNET and
Azoogle all over again? How much of blocking Atrivo is ready to suffer
before they will cut the abusers off?
> People consider Atrivo/InterCage to be some abuse supporting company...
And it isn't so exactly why? Your client supports abuse, you keep that
client. You know what it means? It means that YOU support abuse.
> If only any of you knew what the position would be in a company our
> size.
>
> It's not as easy as you believe it to be ;)
The size doesn't matter, it's how you use it.
BurstNET has also said exactly the same:
<http://groups.google.com/group/news.admin.net-abuse.email/msg/d6c93bbbf40ae2f4>
The excuse didn't fly then, and I don't think it will fly now, either.
> Thank you for your time. Have a great day.
>
> --
> Russell Mitchell - Russ[at]Atrivo.com
> Atrivo Technologies
Welcome to my firewall, say "Hi" to BurstNET, while you are there.
When Atrivo will stop providing network services to the abuse-friendly
clients, let the world know.
Dolphin.
--
URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
ICQ: 6615461
Morely Dotes
> What you are saying here is really alarming. In fact you are admitting that
> up to 50% of the revenue of Atrivo.com may be related to (proxy) spam and
> other serious abuse. You are confirming that Atrivo is unable and unwilling
> to stop the abuse by customers of Esthost.
And, in fact, that up to half of Atrivo's income is dependent on criminal
activities, and that Atrivo knowingly (if passively) permits that criminal
activity to continue.
That's not an admission calculated to inspire trust. You have another job
lined up somplepace, Russ? I'd say the final nail is now in Atrivo's
coffin.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Spamhuntress
I've had extensive dealings with their abuse/support department.
They will occasionally terminate a domain registered with ESTdomains.
But most of their clients lease or cohost servers from them.
Most of the linkspam is by now using subdomains at dyndns providers,
pointing to boxes on ESThost. And ESThost do NOT terminate service to
spammers. Their techs will say outright that they refuse because of the
revenue.
I'm wondering if blacking out specific IP numbers would be possible
from Atrivo? Say if one of the ESThost IP numbers was caught doing
something nefarious (linkspam, mailspam or virii dropping), you
blackhole it for a month. Include in the agreement with ESThost that
you can do that, without any remuneration to them.
Just a suggestion.
Having ESThost cut off at major intersect points on the net would work
too?
Anri Erinin
Spamhuntress wrote:
> ESThost is worse than ever.
>
> I've had extensive dealings with their abuse/support department.
I monitor them from the times they were name15.com and actively
participated in the carderplanet's forum.
>
> They will occasionally terminate a domain registered with ESTdomains.
This is the modus operandi for a buletproof domain registrar: 30 days
for a spam domain and 7 days for fraud/scam domain.
> But most of their clients lease or cohost servers from them.
>
> Most of the linkspam is by now using subdomains at dyndns providers,
> pointing to boxes on ESThost. And ESThost do NOT terminate service to
> spammers. Their techs will say outright that they refuse because of the
> revenue.
see above.
--
Yes, I do have a spellchequer
Anri Erinin
> Hello fhh,
>
> There is no "network of esthost". The network in which Esthost resides
> is our network.
I did notice atrivo.com became intercage.com but haven't noticed you are
on the move again:
http://groups.google.com/group/nl.internet.misbruik/msg/9afffd0636ae9bf9?hl=en&
old netname:
inetnum: 85.255.112.0 - 85.255.127.255
netname: EstHost
descr: Inhoster hosting company
descr: OOO Inhoster, ul.Antonova 5, Kiev, 03186, Ukraine
current netname:
inetnum: 85.255.112.0 - 85.255.127.255
netname: inhoster
descr: Inhoster hosting company
descr: OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine
> Esthost is one of our larger clients, They are very
> successful in the industry of web hosting and domain registration. They
> just recently became an ICANN Accredited Registrar. I won't comment on
> "why" they're so successful... But for some, that may be obvious.
I think we can safely use google as 'rating' or 'citation' service,
can't we?
http://www.google.com/search?q=%22estdomains.com%22
http://www.google.com/search?q=%22esthost.com%22
Please specificaly note the second one:
Results 1 - 100 of about 12,800 for "esthost.com".
spam, fraud, viruses, hijack, proxies, fraud, spam, abuse, fraud, scam,
pr0n, spam, exploits, trojans, fraud, scam, spam. These are the
supplementary words associated with these searches.
I have a question to you: who is Coteco, LLC? Is this another atrivo
alias or is it the name of the client of intercage? Because everything
associated with esthost/estdomains/estboxes/estservers (well, most of
it) resolves to Coteco, LLC at intercage:
mckenell.com has address 69.50.182.18
network:IP-Network:69.50.182.16/29
network:IP-Network-Block:69.50.182.16 - 69.50.182.23
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
http://www.google.com/search?&sa=G&q=%22mckenell.org%22
http://mckenell.com/
http://stevegonz.web.aplus.net/Careerswithmckenell.html
<quote>
ORDER MANAGER
Description Your role will include to handle the administration and
processing of clients' orders and customer support cases in general,
assist in pre-sales activities, work on documentation, develop a
cash-flow scheme for each order, calculate service commission, and
handle consulting activities on payment conversion details, etc. The
training course is enclosed. We hope you to fulfill the following
requirements:
* Willingness to teach oneself on complex technical matters;
* Ability to analyze complex problems and propose solution scenarios;
* Willingness to convert telephone inquiries into paid orders;
* Strong customer, interpersonal, sales and telephone skills;
* Ability to work efficiently and achieve good interaction with
potential customers.
Salary
The payment range is from $1000 - $1400 per week depending on individual
willingness to work.
Qualifications:
* Age range from 26 to 45 years.
* Prior payments management knowledge (bank transfers, checks,
postal money orders, wire transfers) is a must.
* Basic knowledge on most frequently used e-currency and e-payment
systems (E-gold, PayPal, E-bullion, etc) and how they work.
* Ability to conduct consulting.
* Well-balanced personal and managerial style.
* Be able to perform well under situations with tight
time-requirements.
* Computer proficiency (advanced user level).
* 3+ years in finance environment is a benefit.
General:
* Office environment
* Full-time employment and commitment required
Important:
A competitive salary, outstanding benefits package and professional
support is offered to individuals willing to work and to achieve
top-notch professional level.
TRANSFER MANAGER
Job Description
The task of the Processing Manager is to process payments between our
partners' clients and our company, in particular, to manage cash and
balance receipts, follow up on accounts, etc. The job is related to
remote Internet operations. Every payment order will be accompanied by
detailed instruction. The brief training course is enclosed.
Salary 5% from each transaction
Candidate requirements
* Willingness to work from home, take responsibility, set up and
achieve goals
* Ability to create good administrative reporting
* Prior customer service experience is a good benefit, but not a must
* Honesty, responsibility and promptness in operations
* Effectively interaction with customers
* Familiar to working online, Internet and e-mail skills
* One or several personal bank accounts.
General: This job will allow you to:
* Work efficiently from home;
* Increase available personal time
* Achieve financial independence in half the normal time (1-3 hours
per day)
* Interact and associate with other members in order to benefit
from their knowledge and experiences
* Become able to share time and money with others less fortunate
than yourself
* Develop high self-respect and esteem.
SUPPORT MANAGER
Job DescriptionWe are looking for a new talent to strengthen our Support
Team. We are mainly looking for candidates to receive and redirect phone
calls to consultants if necessary, react to the calls and consult on
various items himself. The brief training course is enclosed. Please
contact us to know more about this job.
Salary $700-$800 per week
Candidate requirements: Ability to work well in a team
Nice voice
Ability to eliminate stress and good communication manners
Customer service attitude, and ability to handle different kinds of people
PC User skills
Type of Activity:
Full-time occupation
Office environment
</quote>
WHOIS details for domain "mckenell.com":
Request: mckenell.com
from whois.crsnic.net:43 [cached Thu Mar 24 23:45:23 2005 UTC]
from whois.directi.com:43 [cached Thu Mar 24 23:45:24 2005 UTC]
Registration Service Provided By: ESTDOMAINS
Contact: sup...@estdomains.com
Website: http://www.estdomains.com
Abuse Desk Email Address: ab...@estdomains.com
Domain Name: MCKENELL.COM
Registrant:
McKenell Investiments Ltd.
Kelly B. Potts (ater...@mail15.com)
7204 Secret valley Ct SW
Albuquerque
NM,87121
US
Tel. +505.2648443
Creation Date: 20-Jan-2005
Expiration Date: 20-Jan-2006
Domain servers in listed order:
24572.mercury.orderbox-dns.com
24572.venus.orderbox-dns.com
24572.earth.orderbox-dns.com
24572.mars.orderbox-dns.com
Administrative Contact:
McKenell Investiments Ltd.
Kelly B. Potts (ater...@mail15.com)
7204 Secret valley Ct SW
Albuquerque
NM,87121
US
Tel. +505.2648443
Technical Contact:
McKenell Investiments Ltd.
Kelly B. Potts (ater...@mail15.com)
7204 Secret valley Ct SW
Albuquerque
NM,87121
US
Tel. +505.2648443
Billing Contact:
McKenell Investiments Ltd.
Kelly B. Potts (ater...@mail15.com)
7204 Secret valley Ct SW
Albuquerque
NM,87121
US
Tel. +505.2648443
Status:ACTIVE
See also
http://groups.google.com/groups?&as_scoring=d&num=100&as_q=orderbox-dns.com
-------------------------
velocityglobalinc.com has address 217.106.234.205
http://velocityglobalinc.com/employ.html
<quote>
We have many ways to save our clients' money. We hire the cheapest
programmers and designers all over the world. Our stuff works mostly
from home and we don't pay high office rent. That is why our price is
the best on the market.
One of these ways to save money is hiring a Financial Manager.
In case of getting order from another country we have to pay 15% fee for
international bank transfer according to the US law. To reduce the
tranfer cost we are looking for Financial Managers all over the world.
When we get an order from another country, the Financial Manager in this
country gets the payment and sends it to us through Western Union.
Commission rate of Financial Managers is 3%. This way we reduce expences
for international bank transfer twice.
In order to qualify for the position, you must be aged 21 and above. The
prospective candidate should be good with numbers, committed and a good
communicator. No special education is required; however, any experience
in accounting / finance / client relations / database management is an
advantage. You will be working under the direct supervision of the
respective Regional Collections Executive. You receive your commission
as soon as the transfer is carried out. There are no probation periods,
no rolling reserves and no hidden fees or deductions.
Now required financial manager in:
The United Kingdom
Australia
New Zealand
</quote>
whois -h whois.criticalinternet.com velocityglobalinc.com
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: VELOCITYGLOBALINC.COM
Registrant:
Velocity Global
Serge (velocity...@hotmail.com)
2100 West Loop S
Houston
Texas,77002
US
Tel. +512.2885915
Creation Date: 23-Jul-2005
Expiration Date: 23-Jul-2006
Domain servers in listed order:
ns1.velocityglobalinc.com
ns2.velocityglobalinc.com
Administrative Contact:
Velocity Global
Serge (velocity...@hotmail.com)
2100 West Loop S
Houston
Texas,77002
US
Tel. +512.2885915
Technical Contact:
Velocity Global
Serge (velocity...@hotmail.com)
2100 West Loop S
Houston
Texas,77002
US
Tel. +512.2885915
Billing Contact:
Velocity Global
Serge (velocity...@hotmail.com)
2100 West Loop S
Houston
Texas,77002
US
Tel. +512.2885915
Status:ACTIVE
-------------------
http://www.google.com/search?&q=%22pukkasearch.net%22
http://www.google.com/search?&q=%22your-searcher.com%22
http://www.google.com/search?&q=%2224-7-search.com%22
http://groups.google.com/groups?q=%2224-7-search.com%22
Old:
your-searcher.com has address 69.31.76.67
network:Handle:CUSTBLK-69-31-76-64-29
network:IP-Network:69.31.76.64/29
network:IP-Network-Block:69.31.76.64 - 69.31.76.71
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
your-searcher.com has address 69.50.172.99
network:IP-Network:69.50.172.96/27
network:IP-Network-Block:69.50.172.96 - 69.50.172.127
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
24-7-search.com has address 69.50.191.68
network:IP-Network-Block:69.50.191.64 - 69.50.191.71
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
----------------
softzion.net has address 69.50.160.83
network:IP-Network:69.50.160.80/29
network:IP-Network-Block:69.50.160.80 - 69.50.160.87
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
http://softzion.net/faq.php
<quote>
Why is the software so inexpensive?
We offer the software for downloading only, it means that you do not
receive a fancy package, a printed manual and license that actually
aggregate the largest part of the retail price. In this situation we are
restricted in selling the products for private purposes only! You will
not be able to get a technical support and different rebates from the
manufacturer. Updates are available for the most of our products (you
may ask our support staff for the exceptions) that make them fully
functional and operating. Additionally you save the delivery cost.
</quote>
whois -h whois.directi.com softzion.net ...
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: SOFTZION.NET
Registrant:
Neo net ltd
John Hopking (so...@lastsoft.biz)
PO box 675 , denver .co
Denver
CO,188101
US
Tel. +1.2372732
Creation Date: 21-Apr-2005
Expiration Date: 21-Apr-2006
Domain servers in listed order:
ns1.soft-ns.com
ns2.soft-ns.com
Administrative Contact:
Neo net ltd
John Hopking (so...@lastsoft.biz)
PO box 675 , denver .co
Denver
CO,188101
US
Tel. +1.2372732
Technical Contact:
Neo net ltd
John Hopking (so...@lastsoft.biz)
PO box 675 , denver .co
Denver
CO,188101
US
Tel. +1.2372732
Billing Contact:
Neo net ltd
John Hopking (so...@lastsoft.biz)
PO box 675 , denver .co
Denver
CO,188101
US
Tel. +1.2372732
Status:ACTIVE
---------------------------
compare the above with:
http://lastsoft.biz/
lastsoft.biz has address 195.206.123.50
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27034
195.206.120.0/22 is listed on the Spamhaus Block List (SBL)
24-Aug-2005 15:08 GMT | SR04
Telecom Point Company JSC (AS34373)
Domain Name: LASTSOFT.BIZ
Domain ID: D7325903-BIZ
Sponsoring Registrar: CRITICAL INTERNET, INC
Sponsoring Registrar IANA ID: 832
Domain Status: ok
Registrant ID: DI_1700129
Registrant Name: Dima Churjumov
Registrant Organization: NA
Registrant Address1: Nolvaku 11-15
Registrant City: Tartu
Registrant State/Province: Jögevamsa
Registrant Postal Code: 50309
Registrant Country: Estonia
Registrant Country Code: EE
Registrant Phone Number: +372.51342367
Registrant Email: exp...@estdomains.com
Administrative Contact ID: DI_1700129
Administrative Contact Name: Dima Churjumov
Administrative Contact Organization: NA
Administrative Contact Address1: Nolvaku 11-15
Administrative Contact City: Tartu
Administrative Contact State/Province: Jögevamsa
Administrative Contact Postal Code: 50309
Administrative Contact Country: Estonia
Administrative Contact Country Code: EE
Administrative Contact Phone Number: +372.51342367
Administrative Contact Email: exp...@estdomains.com
Billing Contact ID: DI_1700129
Billing Contact Name: Dima Churjumov
Billing Contact Organization: NA
Billing Contact Address1: Nolvaku 11-15
Billing Contact City: Tartu
Billing Contact State/Province: Jögevamsa
Billing Contact Postal Code: 50309
Billing Contact Country: Estonia
Billing Contact Country Code: EE
Billing Contact Phone Number: +372.51342367
Billing Contact Email: exp...@estdomains.com
Technical Contact ID: DI_1700129
Technical Contact Name: Dima Churjumov
Technical Contact Organization: NA
Technical Contact Address1: Nolvaku 11-15
Technical Contact City: Tartu
Technical Contact State/Province: Jögevamsa
Technical Contact Postal Code: 50309
Technical Contact Country: Estonia
Technical Contact Country Code: EE
Technical Contact Phone Number: +372.51342367
Technical Contact Email: exp...@estdomains.com
Name Server: NS1.1STSOTF-NS.COM
Name Server: NS2.1STSOTF-NS.COM
Created by Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Last Updated by Registrar: CRITICAL INTERNET, INC
Last Transferred Date: Mon Aug 15 14:36:57 GMT 2005
Domain Registration Date: Wed Jul 07 20:44:54 GMT 2004
Domain Expiration Date: Thu Jul 06 23:59:59 GMT 2006
Domain Last Updated Date: Mon Aug 15 14:59:48 GMT 2005
--------------------------
Domain Name: 911-SOFT-SHOP.BIZ
Domain ID: D7926654-BIZ
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Domain Status: clientHold
Domain Status: clientTransferProhibited
Registrant ID: D16DAE3E8DF27EC3
Registrant Name: STEVE MILLER
Registrant Organization: Swebsoft commun.
Registrant Address1: PO Box 7361-101540
Registrant City: San Francisco
Registrant State/Province: CA
Registrant Postal Code: 94120
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.5555555555
Registrant Email: 911...@lastsoft.biz
Administrative Contact ID: 13AF41486A6AB5C6
Administrative Contact Name: STEVE MILLER
Administrative Contact Organization: Swebsoft commun.
Administrative Contact Address1: PO Box 7361-101540
Administrative Contact City: San Francisco
Administrative Contact State/Province: CA
Administrative Contact Postal Code: 94120
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.5555555555
Administrative Contact Email: 911...@lastsoft.biz
Billing Contact ID: 19B654315BF6F9FF
Billing Contact Name: STEVE MILLER
Billing Contact Organization: Swebsoft commun.
Billing Contact Address1: PO Box 7361-101540
Billing Contact City: San Francisco
Billing Contact State/Province: CA
Billing Contact Postal Code: 94120
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.5555555555
Billing Contact Email: 911...@lastsoft.biz
Technical Contact ID: 29E2CAB732B307DB
Technical Contact Name: STEVE MILLER
Technical Contact Organization: Swebsoft commun.
Technical Contact Address1: PO Box 7361-101540
Technical Contact City: San Francisco
Technical Contact State/Province: CA
Technical Contact Postal Code: 94120
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.5555555555
Technical Contact Email: 911...@lastsoft.biz
Name Server: NS1.ALL4ALL.BIZ.DIRECTIDELETEDDOMAIN.COM
Name Server: NS2.ALL4ALL.BIZ.DIRECTIDELETEDDOMAIN.COM
Created by Registrar: ENOM, INC.
Last Updated by Registrar: ENOM, INC.
Domain Registration Date: Sun Oct 10 21:38:05 GMT 2004
Domain Expiration Date: Sun Oct 09 23:59:59 GMT 2005
Domain Last Updated Date: Tue Oct 26 17:24:35 GMT 2004
---------------------------
http://groups.google.com/groups?q=s-redirect.com
http://www.google.com/search?&sa=G&q=%22newiframe.biz%22
Domain Name: S-REDIRECT.COM
Registrant:
Hikesi me
Abdula J ()
Tartu Peapostkontor, pk. 12
Tartu
null,50001
EE
Tel. +372.55647646
Creation Date: 18-May-2004
Expiration Date: 18-May-2005
Domain servers in listed order:
ns1.pukkasearch.net
ns2.pukkasearch.net
---------------
http://www.google.com/search?num=100&sa=G&q=%22Adwaredelete.com%22
whois -h whois.directi.com adwaredelete.com ...
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: ADWAREDELETE.COM
Registrant:
GSPAY LIMITED
GSPAY LIMITED (sup...@adwaredelete.com)
Tooley 88a
London
null,EC1Y 1BL
GB
Tel. +507.7923612
Creation Date: 23-Jun-2004
Expiration Date: 23-Jun-2006
Domain servers in listed order:
ns1.klikfeed.com
ns2.klikfeed.com
Administrative Contact:
GSPAY LIMITED
GSPAY LIMITED (sup...@adwaredelete.com)
Tooley 88a
London
null,EC1Y 1BL
GB
Tel. +507.7923612
Technical Contact:
GSPAY LIMITED
GSPAY LIMITED (sup...@adwaredelete.com)
Tooley 88a
London
null,EC1Y 1BL
GB
Tel. +507.7923612
Billing Contact:
GSPAY LIMITED
GSPAY LIMITED (sup...@adwaredelete.com)
Tooley 88a
London
null,EC1Y 1BL
GB
Tel. +507.7923612
Status:ACTIVE
-------------------
http://www.google.com/search?num=100&q=%22soviet-tanks.com%22&btnG=Search
Registration Service Provided By: ESTHOST
Contact: sa...@esthost.com
Domain Name: SOVIET-TANKS.COM
Registrant: Esthost Philip Lawrence (ad...@18to21sex.com)
Peapostkontor, pk. 12 Tartu null,
50001 EE Tel. +372.55647646
Creation Date: 12-Mar-2004
Expiration Date: 12-Mar-2005
Domain servers in listed order:
ns1.1800callsex.com
ns2.1800callsex.com
Administrative Contact: Esthost Philip Lawrence (ad...@18to21sex.com)
Peapostkontor, pk. 12 Tartu null,
50001 EE Tel. +372.55647646
Technical Contact: Esthost Philip Lawrence (ad...@18to21sex.com)
Peapostkontor, pk. 12 Tartu null,
50001 EE Tel. +372.55647646
Billing Contact: Esthost Philip Lawrence (ad...@18to21sex.com)
Peapostkontor, pk. 12 Tartu null,
50001 EE Tel. +372.55647646
----------------
http://www.google.com/search?num=100&sa=G&q=%22techstarlab.com%22
whois -h whois.criticalinternet.com techstarlab.com ...
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: TECHSTARLAB.COM
Registrant:
Domreg Inc.
Philip Roettger (philipr...@yahoo.com)
12524 Gladecrest Drive
Carmel
IN,46033
US
Tel. +618.4575921
Creation Date: 15-Jul-2005
Expiration Date: 15-Jul-2006
Domain servers in listed order:
ns.informtelecom.ru
ns1.informtelecom.ru
Administrative Contact:
Domreg Inc.
Philip Roettger (philipr...@yahoo.com)
12524 Gladecrest Drive
Carmel
IN,46033
US
Tel. +618.4575921
Technical Contact:
Domreg Inc.
Philip Roettger (philipr...@yahoo.com)
12524 Gladecrest Drive
Carmel
IN,46033
US
Tel. +618.4575921
Billing Contact:
Domreg Inc.
Philip Roettger (philipr...@yahoo.com)
12524 Gladecrest Drive
Carmel
IN,46033
US
Tel. +618.4575921
Status:SUSPENDED
Note: This Domain Name is Suspended. In this status the domain name
is InActive and will not function.
---------------
http://www.google.com/search?q=%22xawm.biz%22
[DOMAIN whois information for XAWM.BIZ ]
Domain Name: XAWM.BIZ
Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org
TLD Info: See IANA Whois - http://www.iana.org/root-whois/biz.htm
Registry: NeuLevel - http://www.neulevel.biz
Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM) -
http://www.directi.com
Whois Server: whois.biz
Name Server[from whois, whois+dns ip]: NS1.JETSEARCH.ORG 69.50.177.101
Name Server[from whois, whois+dns ip]: NS2.JETSEARCH.ORG 69.50.177.102
Status: clientHold
Status: clientTransferProhibited
Status: clientDeleteProhibited
Status: clientUpdateProhibited
Creation Date: Fri Sep 24 16:21:51 GMT 2004
Expiration Date: Fri Sep 23 23:59:59 GMT 2005
Updated Date: Wed Mar 16 15:07:22 GMT 2005
[whois.biz]
Domain Name: XAWM.BIZ
Domain ID: D7815249-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Sponsoring Registrar IANA ID: 303
Domain Status: clientHold
Domain Status: clientTransferProhibited
Domain Status: clientDeleteProhibited
Domain Status: clientUpdateProhibited
Registrant ID: DI_795860
Registrant Name: Max
Registrant Organization: xawm
Registrant Address1: Marata 90-35
Registrant City: S. Petersburg
Registrant Postal Code: 193001
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +7.9213732308
Registrant Email: jo...@mail.ru
Administrative Contact ID: DI_795860
Administrative Contact Name: Max
Administrative Contact Organization: xawm
Administrative Contact Address1: Marata 90-35
Administrative Contact City: S. Petersburg
Administrative Contact Postal Code: 193001
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +7.9213732308
Administrative Contact Email: jo...@mail.ru
Billing Contact ID: DI_795860
Billing Contact Name: Max
Billing Contact Organization: xawm
Billing Contact Address1: Marata 90-35
Billing Contact City: S. Petersburg
Billing Contact Postal Code: 193001
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +7.9213732308
Billing Contact Email: jo...@mail.ru
Technical Contact ID: DI_795860
Technical Contact Name: Max
Technical Contact Organization: xawm
Technical Contact Address1: Marata 90-35
Technical Contact City: S. Petersburg
Technical Contact Postal Code: 193001
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +7.9213732308
Technical Contact Email: jo...@mail.ru
Name Server: NS1.JETSEARCH.ORG
Name Server: NS2.JETSEARCH.ORG
Created by Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Last Updated by Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A.
DIRECTI.COM)
Domain Registration Date: Fri Sep 24 16:21:51 GMT 2004
Domain Expiration Date: Fri Sep 23 23:59:59 GMT 2005
Domain Last Updated Date: Wed Mar 16 15:07:22 GMT 2005
[whois.publicinterestregistry.net]
Domain ID: D104481463-LROR
Domain Name: JETSEARCH.ORG
Created On: 31-May-2004 23:25:15 UTC
Last Updated On: 17-May-2005 22:47:02 UTC
Expiration Date: 31-May-2006 23:25:15 UTC
Sponsoring Registrar: Direct Information PVT Ltd. (R27-LROR)
Status: OK
Registrant ID: DI_1328979
Registrant Name: Dmitry Kuznetsov
Registrant Organization: Deviate inc
Registrant Street1: Jukova ave 180-75
Registrant Street2:
Registrant Street3:
Registrant City: S. Petersburg
Registrant State/Province:
Registrant Postal Code: 190005
Registrant Country: RU
Registrant Phone: +7.9213149676
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: devi...@mail.ru
Admin ID: DI_1328979
Admin Name: Dmitry Kuznetsov
Admin Organization: Deviate inc
Admin Street1: Jukova ave 180-75
Admin Street2:
Admin Street3:
Admin City: S. Petersburg
Admin State/Province:
Admin Postal Code: 190005
Admin Country: RU
Admin Phone: +7.9213149676
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email: devi...@mail.ru
Tech ID: DI_1328979
Tech Name: Dmitry Kuznetsov
Tech Organization: Deviate inc
Tech Street1: Jukova ave 180-75
Tech Street2:
Tech Street3:
Tech City: S. Petersburg
Tech State/Province:
Tech Postal Code: 190005
Tech Country: RU
Tech Phone: +7.9213149676
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email: devi...@mail.ru
Name Server: NS1.JETSEARCH.ORG
Name Server: NS2.JETSEARCH.ORG
---------------
whois -h rwhois.intercage.com 69.50.191.68
network:IP-Network:69.50.191.64/29
network:IP-Network-Block:69.50.191.64 - 69.50.191.71
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.191.133
network:IP-Network:69.50.191.128/29
network:IP-Network-Block:69.50.191.128 - 69.50.191.135
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.189.119
network:IP-Network:69.50.189.112/29
network:IP-Network-Block:69.50.189.112 - 69.50.189.119
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.179.217
network:IP-Network:69.50.179.208/28
network:IP-Network-Block:69.50.179.208 - 69.50.179.223
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.177.102
network:IP-Network:69.50.177.96/29
network:IP-Network-Block:69.50.177.96 - 69.50.177.103
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.177.104
network:IP-Network:69.50.177.104/29
network:IP-Network-Block:69.50.177.104 - 69.50.177.111
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.191.28
network:IP-Network:69.50.191.24/29
network:IP-Network-Block:69.50.191.24 - 69.50.191.31
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.187.26
network:IP-Network:69.50.187.24/29
network:IP-Network-Block:69.50.187.24 - 69.50.187.31
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.180.186
network:IP-Network:69.50.180.184/29
network:IP-Network-Block:69.50.180.184 - 69.50.180.191
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
whois -h rwhois.intercage.com 69.50.179.210
network:IP-Network:69.50.179.208/28
network:IP-Network-Block:69.50.179.208 - 69.50.179.223
network:Org-Name:Coteco, LLC.
network:Street-Address:73 GreenTree Drive #36
> I believe an investigation by law enforcement is a very corrective
> step... That would definately clean Esthost up.
>
> I can honestly say, there are 2 of our major clients who are very
> successful... and with both of those comes occasional abuse. On one,
> it's the occasional spam via exploit. The other... Esthost... Well... A
> lot worse abuse then just spam.
Yes, fraud, scam, proxy hijack, browser hijack, all sorts of CRIMINAL
acctivity.
> If I had the ability... I would cut Esthost as a client... But, in
> doing so, it causes nearly a quarter if not half of the company's
> monthly revenue to be cut. That is not too good of a move nor
> reasonably possible ;)
So, you admit that serving the spammer is a better choice.
Well, your net, your rules. But what are you doing here then?
--
Yes, I do have a spellchequer
--
Spamhuntress
The thing is, usenet has a long and rather unique history. It's the
preferred hunting ground of trolls, psychopaths and other miscreants,
along with perfectly normal people. Both cranky and nice. What most of
them have in common, is a very thick skin. Those who don't, disappear
pretty quickly. So unfortunately the name of the game is that you WILL
get some flak here. That's what make some of the participants tick. It
may feel personal, but for some it's more about them than about you.
I'm afraid you'll have to raise above that, and listen to the factual
information, and not get rattled by loony attacks. That said, I and
others are pretty frustrated about some outfits in your IP block...
Can you review your TOS/AUP and insert something about linkspam in
them? And preferably something about dynamic IP subdomains as well. As
you know, they can only be terminated by the provider of the subdomain.
And they are legion by now. So a spammer will move from one to another,
trying to keep a certain number of subdomains active and spammed at any
one time.
The provider of the IP address has the power to terminate their
service. ESThost has so far been totally unwilling to do that. Now that
you're changing things would be a good time to take that abuse into
account and insert language about it in your policies, that ESThost
would have to take into account or lose service for certain IP numbers.
I believe many of the linkspammers lease lots of IP numbers assigned to
maybe one or two physical boxes. Changing IP numbers would create some
work for them, because of all the accounts at all the different
subdomain providers. Ideally changing box provider would create even
more work. But another factor is that many of them have trouble with
English, and feel more at home at ESThost. I believe that's a factor
along with them being bullet proof.
Either way, more and more of the spam is moving in that direction, and
now is the time for you to at least cover your back when you need to
get cooperation from ESThost.
fhh
> As I've stated in the past, we've been working to get InterCage
> launched. With InterCage will come new policies, TOS/AUP/Privacy/SPAM.
> These policies will be STRICTLY enforced. Right now, We believe in
> working with the client to get abuse on their machine(s) dealt with.
> Because of that, one of the abuser's site(s) is shutdown while other's
> he may have stay live. This is the most recent case with Peter Severa,
> now listed on ROKSO. They dropped his domain rain-mailer.com, but
> stated to me that he was completely removed, then later stated they
> still provide him with a server. I made it very clear that if a ROKSO
> spammer is on the network under ANY client's space, I will start
> terminating machine's. I am not happy myself with the current avenues
> we have to take to get an abuser dealt with.
As far as I know Mr Severa has used IP space of Atrivo/Esthost and Pilosoft
since november 2004.
> On another note: I do not run Atrivo/InterCage. If I did, abuse would
> be dealt with when we receive word and correct information regarding
> it. I do not care how much money anyone has in services from
> Atrivo/InterCage, nor does Emil. It's not a matter of money, it's a
> matter of working with the client to get things dealt with.
This is in contradiction with what you said in message
<1125683278.3...@f14g2000cwb.googlegroups.com> :
| If I had the ability... I would cut Esthost as a client... But, in
| doing so, it causes nearly a quarter if not half of the company's
| monthly revenue to be cut. That is not too good of a move nor
| reasonably possible ;)
> One thing that bothers me with trying to assist in these groups is the
> fact that people give great collateral to use with their abuse
> reporting, though they don't send it to where it would really make a
> difference. Reporting to the open world is ok ofcourse, but expecting
> us to participate in these groups while you continually provide rude
> remarks or senseless attacks is rediculous. It makes me feel like this
> is a childs club. I'm sure many of you are of-age, so why not act like
> adults. Any kind of abuse is bad yes, but constant attacks doesn't get
> it dealt with any faster, it pushes ISP's like us to simply cease
> contact with you. Sure, we'll still handle your reports, but we won't
> communicate back with you. Hopefully some of you REALLY understand what
> I've said and take it to heart. Perhaps things would go alot smoother.
I am sorry, but I think these remarks are *not* appropriate. As far as I
know you have not been flamed in this moderated group. Also, I have no
intention to attack you personally or behave like a child. I don't envy
your (probably difficult) job, I do understand that you may have a hard
time when reading your inbox filled with nasty and useless emails etc, but
please don't say that people in this group are acting like children.
If you really want to clean up your network I am willing to help you. But so
far I feel that all abuse reports I have sent to ab...@atrivo.com were not
acted upon properly.
--
feike
Shmuel (Seymour J.) Metz
09/02/2005
at 07:51 PM, Ru...@Atrivo.com said:
>If I had the ability... I would cut Esthost as a client... But, in
>doing so, it causes nearly a quarter if not half of the company's
>monthly revenue to be cut. That is not too good of a move nor
>reasonably possible ;)
The flip side of that is that someone considering blocking or listing
you has to consider the expewnse and inconvenience of tracking your
individual customers rather than just blocking everything.
>People consider Atrivo/InterCage to be some abuse supporting
>company...
And you have bolstered that opinion by explaining how your upper
management doesn't support abuse control.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
Unsolicited bulk E-mail will be subject to legal action. I reserve
the right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to spam...@library.lspace.org
--
DevilsPGD
Ru...@Atrivo.com wrote:
>Spamhuntress, fhh, Schmuel:
>As I've stated, I'll be bringing some new policies into effect with the
>launch of InterCage.
>
>They will be available soon.
>
>Thanks for your responses. Glad atleast a few of us can be on the same
>foot,
You have to understand, most of the posters here share the same goal,
stopping spam. However, many have very little patience with ISPs who
continue providing services to known net abusers, especially with
excuses like "Our contracts are too feeble to terminate the customer" or
"Our business model needs the customer's monthly income"
To be blunt, neither of those are my problem. Spam hitting my users IS
my problem, and if nobody on the originating ISP will fix the problem, I
will fix it myself.
Personally, I'm both more forgiving and more militant then many other
posters. I'm quick to block, but I'm reasonably quick to drop a block
and see if the abuse has ceased.
But excuses don't make me likely to do so.
*shrugs*
--
Having a smoking section in a restaurant is like having a peeing section
in a swimming pool.
Spamhuntress
point subdomains into ESThost IP range. They should check all existing
subdomains pointing to that range, and delete all subdomains that look
remotely spammy.
I've heard there's one paying customer in that range that looks legit.
Apart from that, I haven't heard of any legit accounts.
Rich Kulawiec
> If I had the ability... I would cut Esthost as a client... But, in
> doing so, it causes nearly a quarter if not half of the company's
> monthly revenue to be cut. That is not too good of a move nor
> reasonably possible ;)
However, it is necessary that you do so immediately. But we'll get to that.
First, let's see how you've done with spammers on your network that were
reported to you not only here but (with considerably more detail) to your
abuse address back in early April -- FIVE MONTHS AGO.
Of course, any responsible and competent abuse desk would have had all
of these completely and permanently removed within hours.
Yet, we find (as of 12 noon EST September 6) that all of these
spammers/abusers/phishers are still on Atrivo's network:
69teenage.com 69.50.175.248
alfa-search.com 69.50.160.42
alloha.info 69.31.79.190
amateur-thumbs.net 69.50.179.56
any-find.com 69.50.172.99
aroundweb.com 69.50.177.4
bad-movies.net 69.50.187.18
bad-passion.com 69.50.187.18
bizonio.com 69.50.172.99
brealistic.com 69.50.182.149
callbackgsm.biz 69.50.160.19
car-fuck.net 69.31.79.103
conyc.com 69.50.164.77
deftonsm.com 69.50.166.174
devonanal.com 69.31.79.185
dm3ti.com 69.50.167.215
dubolom.com 69.50.172.99
easyteenies.com 69.31.77.219
family-incest.us 69.50.164.158
find-online.net 69.50.171.44
find4u.net 69.50.172.99
free-hardcore-movie.net 69.31.130.223
fxincomeline.biz 69.50.168.126
galsonbed.com 69.50.179.58
ghbikfgjhf.com 69.50.166.68
gms-world.biz 69.50.168.126
gotofucks.com 69.31.74.194
hourlyfxgold.biz 69.50.171.19
justasex.com 69.31.79.103
kloun.com 69.50.172.99
klounada.com 69.50.172.99
linuxwaves.net 69.50.187.19
macinstruct.net 69.50.187.19
moretraffic-4u.com 69.50.177.114
my-find.com 69.50.172.99
myemailvideo.co.uk 69.22.169.21
mypoisk.com 69.50.172.99
mypoiskovik.com 69.50.172.99
nude-teens-bodies.com 69.50.177.252
onemarq.net 69.50.182.149
online-greencard.com 69.31.74.202
passwordlovers.com 69.50.170.36
pics-porn.org 69.50.187.19
pics-stories.com 69.50.171.19
pip-gold.biz 69.50.168.126
pissing-girls.org 69.50.188.199
projectw.org 69.50.165.90
qatarforum.com 69.50.164.234
realpan.com 69.50.171.122
reddest.org 69.50.171.122
robogold.biz 69.50.187.99
rpreal.com 69.50.187.20
secureroot.org 69.50.187.19
sexyteenvirgin.com 69.50.166.58
sparklingnights.com 69.50.166.218
sportprofitsclub.biz 69.50.171.19
stickylist.com 69.31.77.218
stopstandby.com 69.50.166.218
stories-adult.net 69.31.79.103
teenagepic.com 69.31.77.219
thehuj.net 69.50.187.20
tropotun.com 69.50.172.99
turboreactor.com 69.50.160.146
usbitches.com 69.50.179.57
vanchungtelephone.com 69.50.179.66
x-pictures.org 69.50.187.19
your-search.info 69.50.160.42
And then we get to Esthost, which of course is nothing but a front
for spammers, phishers, and other varieties of scum. A brief glance
there turns up:
4-counter.com
aroundweb.com
deftonsm.com
easy-search.net
find-online.net
icanfindit.net
oopsearch.com
thesearchs.com
maximumsearch.net
find4u.net
who are all in the spyware business, and then there's the "Lamagro"
spam gang:
alloha.info
amateur-thumbs.net
car-fuck.net
devonanal.com
galsonbed.com
justasex.com
stories-adult.net
usbitches.com
and another spyware scumbag:
as well as a generous assortment of others:
1-online-poker.us
100-sex.com
1800callsex.com
1amateursexroad.com
666videosex.com
airteens.com
all-mature.com
antiaids.info
apninc.biz
aroundcock.com
asian-girls.name
asianjam.com
asiasexpic-free.com
british-hardcore.net
coolvids.net
cumonchicks.com
dotsidegroup.com
fist-sex.info
free-gigz.com
fucksuck.biz
gay-planet.biz
gay-room.com
getpornodvd.com
getthis4free.com
group-place.com
i-horny.com
indian-sex.name
inet-search.info
inzcest.com
milf-hardcore.net
my-dialer.com
ph-e-ntermine.com
riskfreeinvest.com
s-rx.com
sex-mania.net
sexdrivex.com
supernetmall.biz
trylogos.com
virginsworld.com
And like I said: a *brief* glance. No doubt a more thorough examination
would turn up many more.
Now let's return to your statement:
> If I had the ability... I would cut Esthost as a client... But, in
> doing so, it causes nearly a quarter if not half of the company's
> monthly revenue to be cut. That is not too good of a move nor
> reasonably possible ;)
You are the abuse desk at Atrivo, are you not? Then it is presumed
that you have the ability to cut ANYONE as a client. Instantly.
I therefore expect all the domains in the first group above, as
as Esthost, to be promptly and permanently removed from Atrivo's network.
"promptly", as in today.
Any further delay will be factored into my decision about whether or not
any IP traffic from Atrivo-controlled network space will be permitted
on my network or any of my clients'.
Please do not bother to follow up this message with excuses or
hand-wringing or rationalization or or whining or anything else.
I am interested, at this point, ONLY in your actions.
---Rsk
Anri Erinin
Rich Kulawiec wrote:
>>If I had the ability... I would cut Esthost as a client... But, in
>>doing so, it causes nearly a quarter if not half of the company's
>>monthly revenue to be cut. That is not too good of a move nor
>>reasonably possible ;)
>
>
> However, it is necessary that you do so immediately. But we'll get to that.
>
> First, let's see how you've done with spammers on your network that were
> reported to you not only here but (with considerably more detail) to your
> abuse address back in early April -- FIVE MONTHS AGO.
>
> Of course, any responsible and competent abuse desk would have had all
> of these completely and permanently removed within hours.
>
> Yet, we find (as of 12 noon EST September 6) that all of these
> spammers/abusers/phishers are still on Atrivo's network:
Most of these are hosted by Esthost/Estdomains (Coteco LLC) with a few
exceptions for adultxspace.com (yet another Russian spamer), "Thumbest
Hosting" - (yet another adult hosting) and one William Lu:
>
> 69teenage.com 69.50.175.248
network:IP-Network-Block:69.50.175.240 - 69.50.175.255
network:Org-Name:adultxspace.com
> alfa-search.com 69.50.160.42
> your-search.info 69.50.160.42
network:IP-Network-Block:69.50.160.40 - 69.50.160.47
network:Org-Name:Coteco, LLC.
> alloha.info 69.31.79.190
network:IP-Network-Block:69.31.79.176 - 69.31.79.191
network:Org-Name:Coteco, LLC.
> amateur-thumbs.net 69.50.179.56
network:IP-Network-Block:69.50.179.48 - 69.50.179.63
network:Org-Name:Coteco, LLC.
> any-find.com 69.50.172.99
> bizonio.com 69.50.172.99
network:IP-Network-Block:69.50.172.96 - 69.50.172.127
network:Org-Name:Coteco, LLC.
> aroundweb.com 69.50.177.4
network:IP-Network-Block:69.50.177.0 - 69.50.177.7
network:Org-Name:Coteco, LLC.
> bad-movies.net 69.50.187.18
> bad-passion.com 69.50.187.18
network:IP-Network-Block:69.50.187.16 - 69.50.187.23
network:Org-Name:Coteco, LLC.
> brealistic.com 69.50.182.149
network:IP-Network:69.50.182.144/29
network:IP-Network-Block:69.50.182.144 - 69.50.182.151
> callbackgsm.biz 69.50.160.19
network:IP-Network-Block:69.50.160.16 - 69.50.160.23
network:Org-Name:Coteco, LLC.
> car-fuck.net 69.31.79.103
network:IP-Network-Block:69.31.79.96 - 69.31.79.111
network:Org-Name:Coteco, LLC.
> conyc.com 69.50.164.77
network:IP-Network-Block:69.50.164.72 - 69.50.164.79
network:Org-Name:Coteco, LLC.
> deftonsm.com 69.50.166.174
network:IP-Network-Block:69.50.166.168 - 69.50.166.175
network:Org-Name:Coteco, LLC.
> devonanal.com 69.31.79.185
network:IP-Network-Block:69.31.79.176 - 69.31.79.191
network:Org-Name:Coteco, LLC.
> dm3ti.com 69.50.167.215
network:IP-Network-Block:69.50.167.208 - 69.50.167.215
network:Org-Name:Coteco, LLC.
> easyteenies.com 69.31.77.219
network:IP-Network-Block:69.31.77.208 - 69.31.77.223
network:Org-Name:Thumbest Hosting
network:Street-Address:Vaci Ut 27
network:City:Budapest
network:State:Pest megye
network:Postal-Code:1025
> family-incest.us 69.50.164.158
network:IP-Network-Block:69.50.164.152 - 69.50.164.159
network:Org-Name:Coteco, LLC.
> find-online.net 69.50.171.44
network:IP-Network-Block:69.50.171.40 - 69.50.171.47
network:Org-Name:Coteco, LLC.
> free-hardcore-movie.net 69.31.130.223
network:IP-Network-Block:69.50.168.120 - 69.50.168.127
network:Org-Name:Coteco, LLC.
> fxincomeline.biz 69.50.168.126
network:IP-Network-Block:69.50.168.120 - 69.50.168.127
network:Org-Name:Coteco, LLC.
> galsonbed.com 69.50.179.58
network:IP-Network-Block:69.50.179.48 - 69.50.179.63
network:Org-Name:Coteco, LLC.
> ghbikfgjhf.com 69.50.166.68
network:IP-Network-Block:69.50.166.64 - 69.50.166.71
network:Org-Name:Coteco, LLC.
> gms-world.biz 69.50.168.126
network:IP-Network-Block:69.50.168.120 - 69.50.168.127
network:Org-Name:Coteco, LLC.
> gotofucks.com 69.31.74.194
network:IP-Network-Block:69.31.74.128 - 69.31.74.255
network:Org-Name:Coteco, LLC.
> hourlyfxgold.biz 69.50.171.19
> pics-stories.com 69.50.171.19
> sportprofitsclub.biz 69.50.171.19
network:IP-Network-Block:69.50.171.16 - 69.50.171.31
network:Org-Name:Coteco, LLC.
> justasex.com 69.31.79.103
network:IP-Network-Block:69.31.79.96 - 69.31.79.111
network:Org-Name:Coteco, LLC.
> kloun.com 69.50.172.99
> klounada.com 69.50.172.99
> my-find.com 69.50.172.99
> mypoisk.com 69.50.172.99
> mypoiskovik.com 69.50.172.99
> find4u.net 69.50.172.99
> dubolom.com 69.50.172.99
> tropotun.com 69.50.172.99
network:IP-Network-Block:69.50.172.96 - 69.50.172.127
network:Org-Name:Coteco, LLC.
> linuxwaves.net 69.50.187.19
> macinstruct.net 69.50.187.19
> pics-porn.org 69.50.187.19
> secureroot.org 69.50.187.19
> x-pictures.org 69.50.187.19
network:IP-Network-Block:69.50.187.16 - 69.50.187.23
network:Org-Name:Coteco, LLC.
> moretraffic-4u.com 69.50.177.114
network:IP-Network-Block:69.50.177.112 - 69.50.177.119
network:Org-Name:William Lu
network:Street-Address:916 East Navilla Place
network:City:Covina
network:State:CA
network:Postal-Code:91724
> myemailvideo.co.uk 69.22.169.21
network:IP-Network-Block:69.22.169.21 - 69.22.169.21
network:Org-Name:SearchNSearch
network:Street-Address:7a Wolverhampton Road Bloxwich
network:City:Walsall
network:State:West Midlands
network:Postal-Code:WS3 2EY
> robogold.biz 69.50.187.99
network:IP-Network-Block:69.50.187.96 - 69.50.187.103
network:Org-Name:Coteco, LLC.
n
> nude-teens-bodies.com 69.50.177.252
network:IP-Network-Block:69.50.177.248 - 69.50.177.255
network:Org-Name:Coteco, LLC.
> onemarq.net 69.50.182.149
network:IP-Network-Block:69.50.182.144 - 69.50.182.151
> online-greencard.com 69.31.74.202
network:IP-Network-Block:69.31.74.128 - 69.31.74.255
network:Org-Name:Coteco, LLC.
> passwordlovers.com 69.50.170.36
network:IP-Network-Block:69.50.170.32 - 69.50.170.39
network:Org-Name:Coteco, LLC.
> pip-gold.biz 69.50.168.126
network:IP-Network-Block:69.50.168.120 - 69.50.168.127
network:Org-Name:Coteco, LLC.
> pissing-girls.org 69.50.188.199
network:IP-Network-Block:69.50.188.192 - 69.50.188.207
network:Org-Name:Coteco, LLC.
> projectw.org 69.50.165.90
network:IP-Network-Block:69.50.165.88 - 69.50.165.95
network:Org-Name:adultxspace.com
> qatarforum.com 69.50.164.234
network:IP-Network-Block:69.50.164.232 - 69.50.164.239
network:Org-Name:William Lu
> realpan.com 69.50.171.122
> reddest.org 69.50.171.122
network:IP-Network-Block:69.50.171.120 - 69.50.171.127
network:Org-Name:Coteco, LLC.
> rpreal.com 69.50.187.20
network:IP-Network-Block:69.50.187.16 - 69.50.187.23
network:Org-Name:Coteco, LLC.
> sexyteenvirgin.com 69.50.166.58
network:IP-Network-Block:69.50.166.56 - 69.50.166.63
network:Org-Name:adultxspace.com
> sparklingnights.com 69.50.166.218
network:IP-Network-Block:69.50.166.216 - 69.50.166.223
network:Org-Name:William Lu
> stickylist.com 69.31.77.218
network:IP-Network-Block:69.31.77.208 - 69.31.77.223
network:Org-Name:Thumbest Hosting
network:Street-Address:Vaci Ut 27
network:City:Budapest
network:State:Pest megye
network:Postal-Code:1025
> stopstandby.com 69.50.166.218
network:IP-Network-Block:69.50.166.216 - 69.50.166.223
network:Org-Name:William Lu
> stories-adult.net 69.31.79.103
network:IP-Network-Block:69.31.79.96 - 69.31.79.111
network:Org-Name:Coteco, LLC.
> teenagepic.com 69.31.77.219
network:IP-Network-Block:69.31.77.208 - 69.31.77.223
network:Org-Name:Thumbest Hosting
> thehuj.net 69.50.187.20
network:IP-Network-Block:69.50.187.16 - 69.50.187.23
network:Org-Name:Coteco, LLC.
> turboreactor.com 69.50.160.146
network:IP-Network-Block:69.50.160.144 - 69.50.160.151
network:Org-Name:adultxspace.com
> usbitches.com 69.50.179.57
network:IP-Network-Block:69.50.179.48 - 69.50.179.63
network:Org-Name:Coteco, LLC.
> vanchungtelephone.com 69.50.179.66
network:IP-Network-Block:69.50.179.64 - 69.50.179.79
network:Org-Name:William Lu
>
> And then we get to Esthost, which of course is nothing but a front
> for spammers, phishers, and other varieties of scum. A brief glance
> there turns up:
>
> 4-counter.com
216.239.59.99 - Heh!
69.50.177.4
69.50.166.174
69.50.171.44
80.77.85.97 -> uaonline
66.246.221.83 - nac.net
69.50.172.99
Quote: "There is no "network of esthost". The network in which Esthost
resides is our network."
It looks like there is no 'network of intercage'...
--
Yes, I do have a spellchequer
--
fhh
> Spamhuntress, fhh, Schmuel:
> As I've stated, I'll be bringing some new policies into effect with the
> launch of InterCage.
>
> They will be available soon.
Ok, I will wait and see. Until then my conclusion is that Atrivo / Esthost
resembles a bulletproof provider for malware and zombiemasters. Firewalling
Atrivo/Intercage IP space looks quite appropriate for internet users who
are not interested in zombiemasters, trojans and proxy spam.
--
feike
Shmuel (Seymour J.) Metz
09/06/2005
at 04:08 AM, Ru...@Atrivo.com said:
>Spamhuntress, fhh, Schmuel:
That's Shmuel!
>As I've stated, I'll be bringing some new policies into effect with
>the launch of InterCage.
Once it's online, I would expect the dialog here to reflect how well
it actually works. Please keep in mind that we've seen lots of broken
promises here, so nobody puts much credence on promises. If you
deliver, then I would expect the atrivo reputation to gradually
improve. But it's not going to happen unless your management backs you
up, and I don't expect anybody to cut atrivo slack until it turns
around.
Anri Erinin
> Hello all,
>
> I'de just like to recap for the past few months. We haven't heard very
> much as far as abuse on the network. So we take that as abuse has
> slowed down.
Russell, can you please comment on this:
http://www.google.com/search?num=100&as_qdr=all&q="85.255.112.9"
http://www.google.com/search?num=100&as_qdr=all&q="85.255.112.10"
http://www.google.com/search?num=100&as_qdr=all&q="85.255.112.11"
http://www.google.com/search?num=100&as_qdr=all&q="85.255.112.12"
http://www.google.com/search?num=100&as_qdr=all&q="85.255.112.13"
http://www.google.com/search?num=100&as_qdr=all&q="85.255.112.15"
http://www.google.com/search?num=100&q="195.95.218.1"
http://www.google.com/search?num=100&q="195.95.218.3"
http://www.google.com/search?num=100&q="195.95.218.4"
http://www.google.com/search?num=100&q="195.95.218.5"
Note that in most cases the other DNS is within 69.50.160.0/19...
Just one example:
http://www.google.com/search?num=100&as_qdr=all&q="69.50.184.86"
--
Yes, I do have a spellchequer
--
Rich Kulawiec
> I therefore expect all the domains in the first group above, as
> as Esthost, to be promptly and permanently removed from Atrivo's network.
[...]
> Please do not bother to follow up this message with excuses or
> hand-wringing or rationalization or or whining or anything else.
> I am interested, at this point, ONLY in your actions.
And a week of action -- or rather, inaction -- speaks volumes.
Meanwhile, Anri Erinin has continued to point out still *more* spammers,
phishers, spyware vendors, etc. on Atrivo's network. (See NANAE.)
I think we're done here.