NANOG:
Look, the people posting here who are trashing Intercage are pure security
analysts -- they
know and understand the evil that is Intercage. STOP TRYING TO ASSIST
INTERCAGE
-- you are effectively aiding and abetting the enemy.
Intercage/Atrivo hosts the malware cc botnets that DDoS your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:52 PM, Paul Ferguson [EMAIL PROTECTED]
wrote:
On Tue, Sep 23, 2008 at 10:13 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I believe the blocks your referring to are their 85.255 Blocks?
Registered to InHoster. I
]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 11:11:39 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:52 PM, Paul Ferguson [EMAIL PROTECTED]
wrote:
On Tue, Sep 23, 2008
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 11:28 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
Sorry I didn't make this clear enough in the previous responses.
The prefixes that are registered to Inhoster belong to Esthost.
I'm not sure how or why you think those
Wow, this topic has really gotten old.
On Tue, Sep 23, 2008 at 11:31 PM, Paul Ferguson [EMAIL PROTECTED]wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 11:28 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
Sorry I didn't make this clear enough in the previous
Greco [EMAIL
PROTECTED]
Sent: Tuesday, September 23, 2008 11:08:21 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
NANOG:
Look, the people posting here who are trashing Intercage are pure security
analysts -- they
know and understand the evil that is Intercage. STOP TRYING TO ASSIST
.
- Original Message
From: Pedram M [EMAIL PROTECTED]
To: nanog@nanog.org
Sent: Tuesday, September 23, 2008 11:38:54 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Wow, this topic has really gotten old.
On Tue, Sep 23, 2008 at 11:31 PM, Paul Ferguson [EMAIL PROTECTED]wrote:
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:12 AM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I hope soon, people will realise and accept the truth that we are a
LEGITIMATE Company that DOES Operate in the USA. We are NOT directly or
in-directly related to any
]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Wednesday, September 24, 2008 12:20:59 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:12 AM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I hope
PROTECTED]
Cc: Christopher Morrow [EMAIL PROTECTED]; nanog@nanog.org; Joe Greco
[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 11:08:21 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
NANOG:
Look, the people posting here who are trashing Intercage are pure security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:27 AM, Mark Foo [EMAIL PROTECTED] wrote:
Answer Ferg's question -- Why are you moving to CERNAL? Do you think this
is going to work? That's just another of Emil's networks.
Actually, I was not being coy.
Okay, maybe I
12:27:50 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Ferg was just being coy -- what you don't understand is there are about 3 other
security mailing lists plotting to TAKE YOUR SERVICE DOWN. You FAIL. Law
Enforcement might not take action against you (but appear
]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: Bruce Williams [EMAIL PROTECTED]; Christopher Morrow [EMAIL
PROTECTED]; nanog@nanog.org; Joe Greco [EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 12:27:50 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Ferg was just
Russell,
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
Why are you only now shutting them down?
Thank you for proving that our research was not for naught, and that
Atrivo/Intercage is a black hat operation which needs
]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: Bruce Williams [EMAIL PROTECTED]; Christopher Morrow [EMAIL
PROTECTED]; nanog@nanog.org; Joe Greco [EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 12:27:50 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Ferg was just
Hi!
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
[EMAIL PROTECTED] ~]# dig estdomains.com
; DiG 9.5.0-P2 estdomains.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id:
, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Oh I got the memo, you'll be getting served one soon too.
I just wonder why you don't consider playing both sides of the fence
-- with your
knowledge of who's who in the cyber crime field, you could
PROTECTED]; Christopher Morrow
[EMAIL PROTECTED]; nanog@nanog.org; Joe Greco
[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Oh I got the memo, you'll be getting served one soon too.
I just wonder why you don't
It is clear to me -- at least -- that this entire criminal
operation is being operated out of Eastern Europe, and their
foothold in the U.S. is the major issue here.
If you believe that this is a criminal operation then you
should keep this discussion OFF THE LIST and discourage
anyone from
, Inc.
- Original Message
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: nanog@nanog.org
Sent: Wednesday, September 24, 2008 2:23:01 AM
Subject: RE: YAY! Re: Atrivo/Intercage: NO Upstream depeer
It is clear to me -- at least -- that this entire criminal
operation is being operated out
PROTECTED]; Christopher Morrow [EMAIL PROTECTED];
nanog@nanog.org; Joe Greco [EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Oh I got the memo, you'll be getting served one soon too.
I just wonder why you don't
Hello Joe,
If we can't power down the machine, due to evidence loss. We
can't nullroute the IP, as stated, some malware will delete
itself or alter itself when Net Access is lost.
Now we can filter a single port, in the case of spam, phishing, etc?
You can do whatever you need to, of
Very well said.
James
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 5:23 AM
To: nanog@nanog.org
Subject: RE: YAY! Re: Atrivo/Intercage: NO Upstream depeer
It is clear to me -- at least -- that this entire criminal
operation
On Wed, Sep 24, 2008 at 04:19:16AM -0400, Paul Wall wrote:
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
Why are you only now shutting them down?
several weeks? Try several years. And do note the rationale
(below)
On Wed, Sep 24, 2008 at 12:13 AM, Russell Mitchell [EMAIL PROTECTED] wrote:
Hello Paul,
Those are their IP Blocks. We were simply routing them, as they were our
client.
They've owned these blocks for quite a while. They seem to have moved that
after a day of being down.
You're not very
Hold the rejoicing, Atrivo is back, this time on UnitedLayer.
I'd contact them, only they seem to change CTOs every month or two,
does anybody know who's currently in charge?
Thank you, and Drive Slow,
Paul Wall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, their management team is listed here:
http://www.unitedlayer.com/team.html
- - ferg
On Tue, Sep 23, 2008 at 5:46 PM, Paul Wall [EMAIL PROTECTED] wrote:
Hold the rejoicing, Atrivo is back, this time on UnitedLayer.
I'd contact them, only
Mitchell=0A=0AInterCage, Inc.=0A=0A=
=0A=0A- Original Message =0AFrom: Paul Wall [EMAIL PROTECTED]=
=0ATo: Mark Foo [EMAIL PROTECTED]=0ACc: [EMAIL PROTECTED]: Tues=
day, September 23, 2008 5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
: NO Upstream depeer=0A=0AHold the rejoicing, Atrivo
5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
: NO Upstream depeer=0A=0AHold the rejoicing, Atrivo is back, this time on =
UnitedLayer.=0A=0AI'd contact them, only they seem to change CTOs every mon=
th or two,=0Adoes anybody know who's currently in charge?=0A=0AThank you, a=
nd Drive
Wall [EMAIL PROTECTED]=
=0ATo: Mark Foo [EMAIL PROTECTED]=0ACc: [EMAIL PROTECTED]: Tues=
day, September 23, 2008 5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
: NO Upstream depeer=0A=0AHold the rejoicing, Atrivo is back, this time on =
UnitedLayer.=0A=0AI'd contact them, only they seem
On Tue, Sep 23, 2008 at 11:20 PM, Joe Greco [EMAIL PROTECTED] wrote:
I would suggest a different Step 1. Instead of killing power, simply
isolate the affected machine. This might be as simple as putting up a
firewall rule or two, if it is simply sending outgoing SMTP spam, or
it's probably
using bolt cutters on cables has a certain satisfaction...
On Tue, Sep 23, 2008 at 8:23 PM, Christopher Morrow
[EMAIL PROTECTED] wrote:
On Tue, Sep 23, 2008 at 11:20 PM, Joe Greco [EMAIL PROTECTED] wrote:
I would suggest a different Step 1. Instead of killing power, simply
isolate the
Apologies, Yahoo was set to Rich Text :(
-
Hello All,
It seems you all missed the memo.As of about 11PM PST
Last night 09/22/08, Esthost has been ENTIRELY Shutdown.
They no longer have ANY Machine on my network.
I'm currently starting to monitor some of the public media, such as google,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Russ,
While I think that is great and everything, can you explain why Cernel is
now originating prefixes which were originally originated by
Atrivo/Intercage?
I'd be curious as to your explanation.
Thanks,
- - ferg
On Tue, Sep 23, 2008 at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It may be true that Estdomains has moved a couple of the external-facing a
hosting hosts into the a Netherlands hosting provider in conjunction with
this whole situation -- folks are watching very carefully.
estdomains.com A 94.102.49.3
for your time. Have a great day.
---
Russell Mitchell
InterCage, Inc.
- Original Message
From: Paul Ferguson [EMAIL PROTECTED]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 9:22:03 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream
Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 8:20:18 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Hello All,=0A=A0=0AIt seems you all missed the memo.=0AAs of about 11PM PST=
Last night 09/22/08, Esthost has been ENTIRELY Shutdown
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:13 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I believe the blocks your referring to are their 85.255 Blocks?
Registered to InHoster. I believe those prefixes are an entity of
their's, though I don't know for sure.
38 matches
Mail list logo