Tag Archives: EstDomains

EstDomains Active Domain List and Registrar Abuse Search Form

Estdomains Active Domain List maintained by Directi is available in a searchable form on HostExploit.com.

The total: 272,488 active domains is provided as a community service, any research or abuse comments on these domains are welcomed to abuse(at)directi.com or estlist (at)hostexploit.com. Any of suspected illegal or child pornography content should be reported directly to IWF here


281,000 Domains to be Transferred from EstDomains to Directi


As a result of the EstDomains de-accreditation by ICANN, Directi will be taking over EstDomains’ Registrar operations. ResellerClub, Directi’s Reseller arm, will be managing EstDomains’ Domains and Digital Certificates henceforth. ResellerClub and EstDomains Inc use LogicBoxes’s Registrar Automation platform, OrderBox, which will make the entire migration process a smooth one.

Certifiedbug: http://certifiedbug.com/blog/tag/botnet/

Registrar EstDomains Stay of Termination lifted

ICANN: http://www.icann.org/en/announcements/announcement-12nov08-en.htm

The termination of ICANN-accredited registrar EstDomains is to go ahead, effective 24 November 2008.

Letter to EstDomains concerning decision to proceed with termination:
http://www.icann.org/correspondence/burnette-to-poltev-07nov08-en.pdf [PDF]

The notice of primary contact change recently sent to ICANN’s Brussels office is not compliant with the requirements of the RAA and is not an effective notice of primary contact change. Until notice of primary contact change is received at ICANN’s address above, ICANN’s records will continue to reflect that Mr. Vladimir Tsastsin is the primary contact for EstDomains, Inc.

Certifiedbug, October 30, 2008. ICANN Stays EstDomains Notice of Termination

Certifiedbug, October 29, 2008. ICANN cans EstDomains, Inc.

ICANN cans EstDomains, Inc.

Stacy K. Burnette, Director of Contractual Compliance at ICANN, sent an official letter to Vladimir Tsastsin, President of EstDomains Inc., informing him that the company’s accreditation as a registrar is being terminated.

Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for Estdomains, Inc. (Customer No. 919, IANA No. 832) is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction. This termination shall be effective within fifteen calendar days from the date of this letter, on 12 November 2008.

The attached Estonia Court records state that you were convicted of credit card fraud, money laundering and document forgery on 6 February 2008. EstDomains’ has submitted official documents to ICANN that state you are the President of EstDomains. Absent receipt by ICANN of any document indicating that you were removed from the position of President, ICANN concludes that you maintained the position of President of EstDomains since the date of your conviction. Estdomains’ RAA is being terminated based on your conviction and your status as President of EstDomains.

Notice Of Termination Of ICANN Register Accreditation Agreement. (PDF)

ICANN’s notice informs that approximately 281,000 domains currently sponsored by EstDomains will be transferred to another ICANN-Accredited Registrar in accordance with the De registration Transition Procedure and that EstDomains has the right to suggest the transfer recipient by November 6, 2008.

Certifiedbug: http://certifiedbug.com/blog/tag/estdomains/

ICANN – Expressions of Interest Sought for Bulk Transfer of Registrations

As the result of the de-accreditation of EstDomains, Inc. (IANA ID 832), ICANN is seeking Statements of Interest from ICANN-accredited registrars that are interested in assuming sponsorship of the gTLD names that had been managed by EstDomains. EstDomains managed approximately 280,000 gTLD registrations, including registrations in the biz, com, info, mobi, net, and org registries, including approximately 7 second-level internationalized domain names. EstDomains, Inc. is organized in Delaware, United States

:roll: Whack-A-Mole.


New EST Domains

decitu.com is one of estdomain’s October registrations, checking it out my browser was redirected to porno-tube-online.com/porn/. Obviously an adult content site.

Snippet from my log,
/banners/flash/24368/json_400x600_005.swf 11,524 application/x-shockwave-flash
Host: banners.adultfriendfinder.com.

By the way, if your Adobe flash is up to date and you think you are protected from SWF exploits see Sandi’s article at Spyware Sucks.
Adobe Flash 10 does NOT stop malvertizement hijacking

A lot of malware victims end up in help forums because they were redirected to a bad site, or intentionally downloaded video codecs so they could watch such content.

The dialog informs that a codec is needed to view the video, this is where you should stop already before infecting your computer.

The anti virus program alerted.

Hiding in the background waiting for an unsuspecting user to download the codec was a rogue, the link on its own produced an error.

Domain Name: DECITU.COM
Created: 2008-10-23
Expires: 2009-10-23
Updated: 2008-10-23
3 other sites hosted on this server.

Certifiedbug October 24, 2008. EstDomains, Inc. PR

From EstDomains’s Press release,

Once again EstDomains, Inc would like to address the interactive community and ask for co-operation to make the Internet clear and safe. Please report infringements that involve the activity of EstDomains, Inc customers to: https://support.estdomains.com.

The support link they provided produced,
“The requested site did not respond to a connection request and the browser has stopped waiting for a reply.”
I went directly to their website and clicked the red ‘Report Abuse’ button, same thing.

The rest of the site loads normally, it is the ‘support’ page that was kapoot at time of writing.

EstDomains, Inc. PR

To read history see http://certifiedbug.com/blog/tag/estdomains/

October Press releases:
EstDomains, Inc Takes Next Step in Combating Spam and Malware


EstDomains, Inc Combating Cyber Crime — Thousands Domain Names Suspended


The Spamhaus Project.
SBL68934 agava.ru
24-Oct-2008 10:41 GMT estdomains.com / esthost.com / Cernel – dirty host/registrar

SBL68935 agava.ru
24-Oct-2008 09:03 GMT estdomains.com / esthost.com / Cernel – dirty host/registrar

SBL68936 agava.ru
24-Oct-2008 09:04 GMT estdomains.com / esthost.com / Cernel – dirty host/registrar

SBL68937 ptt.spb.ru
24-Oct-2008 10:41 GMT estdomains.com / esthost.com / Cernel – dirty host/registrar


Intercage back

Apprantly IP transit provider UnitedLayer has agreed to provide upstream service to Intercage after Intercage agreed to completely sever ties with Esthost.

Intercage, Inc’s website has a holding page, it looks strangely familiar…

UnitedLayer operates out of the same San Francisco colocation facility as Intercage and Pacific Internet Exchange (PIE).

Kind of reminds me of Lizards that give up their tail to escape.

Is anyone else feeling dizzy yet.

Report for AS27595
Controversial ISP Intercage now back online
‘Malware-friendly’ Intercage back among the living

EstDomains PR. Improved detection-prevention

EstDomains, Inc: Improved Detection and Prevention System is Live

EstDomains, Inс (http://estdomains.com), announces the launch of new improved and even more efficient version of detection and prevention system oriented to the avoidance of potentially fraudulent transactions, spamming and harmful software distribution that might be performed from the company customers’ accounts.

From the very beginning, EstDomains, Inc (http://estdomains.com), a domain name registration services provider, has undertaken the obligations to provide Internet community with most secure solutions for network presence establishment and running of successful and stable online enterprise. The management of the company also realizes the great necessity of keeping the Internet clean of the fraudulence, harmful software or any disposal of obscene materials. According to the Acceptable Usage Policy, valid for EstDomains, Inc (http://estdomains.com), the appropriate measures are taken against customers who take a risk of using provided services for spam delivery, phishing attempts, distribution or storage of data that may damage user’s computer equipment such as viruses or any other kinds of malware, corrupted codes that are designed with an intention to steal personal data and credit card information or any related materials involved in cybercrime arrangements. Carefully elaborated account monitoring system is used to reveal AUP violation cases among company’s customers. The corrupted account holders are deprived of their account without any refund along with the ultimate right of companies’ services further usage.

In order to prevent crooked customers from being able to continue with their illegal enterprises, the new advanced and more efficient account monitoring system has been applied to the services provided for domain name registration. The improved system is equipped with a whole pack of advanced features that use smart schemes for detailed analyses of the activity performed by an account holder, whose account has been suspended due to violation of AUP terms and conditions. On top of everything else, carefully elaborated clusters also reveals accounts that are registered under different name but in reality belong to a person who has been involved in AUP infringements. Various details, such as IP addresses, minute payments descriptions, personal data analysis, accounts sign up logs and so on, are used for the creation of a common pattern, which indicates characteristic features of one particular person. These patterns are indispensable tool in the further investigations that are led in order to recognize corrupted account holders from other law-abiding customers. The revealed accounts violating AUP are deactivated. As usual, in order to avoid wrong accusations, the domain name holder, whose account contains domain names that violate company’s Acceptance Usage Policy, will receive a notification with a warning and further detailed instruction how to report a mistake. The required information proving that the account is not privy to the delinquent activity of any kind must be submitted within 24 hours.

Once again EstDomains, Inc would like to address the interactive community and ask for help in making the Internet space more safe and user-friendly. Please report infringements that involve the activity of EstDomains, Inc customers to: https://support.estdomains.com.

Wilmington, DE (PRWEB) September 21, 2008.


Uh huh, kept for historical purposes. ;-)

EstDomains, Inc declares opposition to malware mongers

EstDomains, Inc: Global Struggle Against Malware Distribution



Wilmington, DE (PRWEB) September 14, 2008 — EstDomains, Inc (http://estdomains.com), a US-based domain name Registrar, officially declares opposition to malware mongers in order to protect Internet users from attacks on their computers or stealing of their important data. EstDomains, Inc pays special attention to domain name holders’ private data protection and secure money transaction operations. It can be said in all modesty that EstDomains, Inc has succeed in protecting its customers from any possible occurrence of fraudulence or cracking. However, being an eminent member of interactive community, EstDomains, Inc management along with other giants of online industry continues its struggle against malicious software distribution and is giving its best to work out even more efficient solutions for detecting malware sources.

The term “malicious software” or commonly called “malware” speaks for itself. The software of this kind may not only interrupt work process by displaying annoying trifles on the user’s desktop but corrupt important files and damage hard disc as well as causing considerable losses to computer’s owner. Slowing down the whole computer system or spamming from one’s email account is the smallest troubles that cunningly written software may cause. Unfortunately, there are many widely known precedents of unauthorized credit card usages performed with stolen passwords and codes. The most unpleasant thing about malware is that usually it is installed on a computer without user’s consent from a website that may seem to be utterly innocent.

The EstDomains, Inc management does not deny the fact that no one is secured from having a customer who uses provided services for delinquent purposes. But it must be noted that the carefully planned infrastructure of EstDomains, Inc makes the special provision for the cases of malware distribution that may originate from the domain name registered under the company’s name. Such domain names are suspended immediately along with domain holder’s account if there is an evidence of malware presence on the web site. According to the most recent statistics over five thousand domain names were detected and ruthlessly suspended by EstDomains, Inc specialists only last week.

The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance.

In addition to the constant monitoring of its infrastructure, EstDomains, Inc (http://estdomains.com) has created a unique system that allows reveal direct malware sources along with potentially dangerous web sites. Further, the detailed reports with warnings are sent to hosting companies and Registrars in order to notify them about the threat and to ask for the measures to be taken. In addition to independently lead investigations, EstDomains, Inc relies on the information available from such influential anti-malware organizations and listings as webhelper4u.net, malwaredomainlist.com, hosts-file.net, malwaredomains.com, malwarebytes.org and many others.

Today, EstDomains, Inc (http://estdomains.com) would like to urge all Internet users to join this world-wide campaign against malware distributions and distributors and report every single display of corrupted codes to: https://support.estdomains.com. It does not matter whether the domain name for suspected web site is registered with EstDomains, Inc or with any other Registrar. There is one common goal for everyone. Namely, keep the Internet space clean and safe for both business and leisure.

Cyber Crime USA
More on Atrivo-Intercage-Estdomains
Atrivo, EstDomains Inc.,
Directi continues to suspend malware sites