[nsp-sec] Intercage
Huopio Kauto
Kauto.Huopio at ficora.fi
Wed Oct 1 02:38:12 EDT 2008
Bill Woodcock wrote:
>I got word from the FBI yesterday that they're seeing Intercage dumping
>servers on the used market. Which I take with cautious optimism.
The rats have left the ship quite a while ago. Estdomains have moved
themselves to Russia:
estdomains.com. 10431 IN NS a.estdomains.com.
estdomains.com. 10431 IN NS b.estdomains.com.
a.estdomains.com. 10445 IN A 89.108.95.135
b.estdomains.com. 10474 IN A 83.171.76.98
www.estdomains.com. 300 IN A 83.171.76.98
mail.estdomains.com. 86400 IN A 83.171.76.99
39561 | 89.108.95.135 | AGAVA Agava JSC AS number
31353 | 83.171.76.98 | PTT-AS Petersburg Transit Telecom
31353 | 83.171.76.99 | PTT-AS Petersburg Transit Telecom
The .98 hosts also Estdomains' own whois protection service:
2008-09-26 23:00:18 2008-09-30 18:59:36 ns2.protectdetails.com
A 83.171.76.98
Now..how close Cernel is to Estdomains?
--Kauto
CERT-FI
More information about the nsp-security
mailing list