registrar: estdomains (=thé place where scammers and thieves register their domains).
host: cernel.net/atrivo (=one of the places where scammers and thieves host).

I'm doing what I can to make people more aware. My tgp is not high in traffic, but everything helps. http://www.youngchickz.com/

These fuckers are going down they have been robbing us blind there teeny kitten!http://www.dnjournal.com/images/robbery.gif

F U C K T O E V E R Y B O D Y W H O T H I N K H E I S S E C U R E !!! you people will never learn. always cry ...

blocking/blacklisting anything even remotely related to inhoster/intercage/estdomains/esthost/cernel/atrivo would solve alot of problems.

we're never 100% secure, but it's better than not having any security at all. So just because people talk about this problem it means they are crying? No one said that we can all be 100% secure, but with more people taking a stand on this shit, the more we can slow it down till the day comes where it's totally gone. ya, that will take a very long time, but we still have to try in order to get anything done.

We will never learn? I guess you're the almighty and you know everything. Do you think we're idiots? We fucking know that there is no way to be completely safe unless you get rid of the internet that is. At least some of us try to help if we can and not call the ones trying to help cry babies.

How do you figure when its not internal but on a surfers comp?

isn't that the truth..

i guess this was the wrong time to get into this industry.

fuckin spyware hackers...

btw: some of that EST scum posts here:
http://www.gofuckyourself.com/member.php?u=78443
http://www.gofuckyourself.com/member.php?u=73898

50 scamming fucktards.

Bingo! This is what we can do to help. The progams may contol the money but the affiliates control the traffic. We are the front line for educating and protecting our surfers.

I would also say it would go a long way towards instilling good will if program owners emailed their members about ways to protect themselves as well...

:thumbsup

Sorry I was hung over when I wrote that and didn't have my head on straight


No, what I meant was, did you ever SEE what installs DH was promoting on his P2Pads.com network?


I kinda see it as a conflict of interest, personally. How can you sell traffic to people with a straight face if you are allowing Zango installs on your network? Basically helping your customers on one end lose money because of Zango hijacks, but profiting off of Zango hijacking your other customer's browsers?


Although I doubt DH would do Zango installs because of this, that's why I'm asking YOU Will76 if you had any proof of what DH was installing? I know he admitted to profiting off of doing installs on p2pads.com but nobody has any clue as far as I know about WHAT installs he was doing?

Could this problem be solved by not trading with any of the offending domain registrars/hosts?
Someone should set up a blacklist of domains/IPs...maybe even trade scripts could implement this.

it may help, but it will not solve the problem, unfortunately.

no and he would never disclouse that info, even after asked several times. I went as far as to ask him if he could name a couple "adware" companies that he thought were "ok". Not real adware like google, but "adware" companies, not like google would pay him anyway. He wouldn't even mention any adware companies muchless ones that he did business with.... He claims he never sold traffic for zango installs but I guess you have to take his word on that.

I simply check every new trade domain if it's registered with ESTDOMAINS, and if so I'm adding it to my blacklist. Quite often they're also hosted at either ATRIVO, INHOSTERS or INTERCAGE.

So when a new trade signs up the first thing I'm doing is to search for "domain.com" in google, most of the time somebody else had a problem with them already and posted the domain in some boards cheater section, so you can easily check that through google.
Next I'm checking his registrar at http://whois.domaintools.com, if it's ESTDOMAINS I'm having a new IP to blacklist.

And I've added the following server IP ranges to my blacklist:
74.52.6.43
66.29.35.37
216.255.189.123
216.255.189
70.84.80.50
216.240.149.117
74.52.6
66.29.35
216.255.189
70.84.80
216.255.178
216.240.149
67.15.187.2
72.232.215.76
216.255.176.124
216.255.176
74.52.6.43
216.255.178.52
216.255.178.60
216.255.178
72.232.194.58
72.232.215.74
72.232.215.77
209.8.19.242
209.51.132.202
91.192.117.46
69.50.160
69.50.161
69.50.162
69.50.163
69.50.164
69.50.165
69.50.166
69.50.167
69.50.168
69.50.169
69.50.170
69.50.171
69.50.172
69.50.173
69.50.174
69.50.175
69.50.176
69.50.177
69.50.178
69.50.179
69.50.180
69.50.181
69.50.182
69.50.183
69.50.184
69.50.185
69.50.186
69.50.187
69.50.188
69.50.189
69.50.190
69.50.191
85.255.112
85.255.113
85.255.114
85.255.115
85.255.116
85.255.117
85.255.118
85.255.119
85.255.120
85.255.121
85.255.122
85.255.123
85.255.124
85.255.125
85.255.126
85.255.127
72.55.148.87
88.85.81.195

And webmaster IPs:
88.151.106.252
81.169.235.6
70.84.80.50
83.188.23.87
81.169.224.98
83.69.20.130
81.169.234.219
69.166.67.221
91.192.117.46
72.232.65.178
64.151.36.201
86.57.128.201
91.124.155.94

And domains:
shyteenies.com
mashathumbs.com
sexgall.net
hotdailynudes.com
yourthumbnails.com
asianscity.com
xxxdesert.com
startfreevideo.com
tgpporn.net
100freegalls.com
fuckingcraft.org
extrablow.com
brothervids.com
onlinesexmovie.net
pjunkie.net
perky-teenies.com
sappypussy.com
dullworld.com
pinkyteenies.com
hardsaloon.com
pushpussy.com
teensseduction.com
angelsvids.com
chickswar.com
mixteenies.com
smokyvids.com
teensinlaw.com
good-teens.com
try-girls.com
pinkypussies.com
sexymovs.com
youngperfection.net
mpeggalls.com
lookmycunt.com
girlsrussian.net
pornstarocean.com
lovelyteenvids.com
porn-cinema.net
need4pornvids.com

The server IPs cover a wide range of INHOSTERS, ATRIVO and INTERCAGE, since I'm using that I didn't had any further problem with these guys, so I suggest that everybody uses these IP ranges as a temporary addition to their blacklist.

what are the namerservers for those hosts? I can add name servers to the ban list in the tgp script I'm using.

scrap my last question. I found the nameservers.

interesting reading

/what method did you use to find them with?

does whois not showing them anymore?

:thumbsup :thumbsup

sorry can you post a few links to?

Like u-bob said, the ESTHOSTERS and ESTDOMAINS guys post here...post a request for hosting spam and watch them jump in the thread.
After looking at the domains used by these people I think 80% of the problem would be solved by looking up the registrar or host before accepting the trade.
It shouldn´t be too hard to write a quick script that will check wether the trade is hosted with the offending hoster or the domain is registered with them.

Something like this ?

http://ihave.bushiq.com/cgi-bin/estdomains.cgi

superdio: might wanna add cernel.net to that list. It's another one of those fake hosting companies used by scammers/thieves.

Nice, I was thinking to write something myself, but as you already did it I might suggest to add a feature to check domains in bulk. Cause it would be great if someone could just copy/paste all his trades into your script, and have them checked at once :)

I.e. http://whois.domaintools.com/porn-cinema.net shows the nameservers (NS1&2.PORNSTAR-SITE.NET) for porn-cinema.net (I've just taken a random one from my blacklist).

Unfortunately these guys use quite many nameservers, so blocking their server IP ranges was the most effective solution on my side. There are still 2-3 signup attempts from these giys to our sites each day, but the IP blacklisting blocks them :)

We should have added some naked chicks to the first post(s), to get more bumps

Making it Sticky would also be great :thumbsup

So I went to triplexporn.org which links/trades to top-amateur.com and on top-amateur.com there is a popup to nichetgp.com. Nichetgp and top-amateur are owned by the same individual.
On nichetgp.com is this code
Now codecsoft.net has this code
exp1.htm contains this code

triplexporn.org(an ESTDOMAIN) came from Tolik's sig btw.
also on triplexporn is a javascript that includes /cgi-bin/counter2.pl which has this code--
which contains a popup to--
nichetgp.com/amateur/in.cgi?a=340
which contains the code(win32.exe) explained above

Incase anyone misses that

Why don't we img src the fuck out of these people?

I know The Hun used to do that when someone stole his shit/copied his page....img src them until their server melted.

I'm sure all of us collectively could bring down an entire hosting company if we really wanted to. Why not IMG SRC all of the domains on all of our high traffic pages until his host shuts his account off?

congrats you two lame losers. original full line of code:

<script language="Javascript">
document.write('<img src="cgi-bin/counter2.pl?' + inc + '" style="visibility:none" height="0" width="0">');
</script>

now explain me how img src redirect traffic?

one more thing - "tolik" account name - not my account name at fpctraffic.

Registrant Organization:UltraHoster
this company registering domain under esthost. does not see any problem here. i have all my domains at same place for years. and i does not force anyone to trade width me. dont like - dont trade. anyway most time i trading with same people for years.

who said it redirects traffic?

Thanks man, added em to my blacklist! :thumbsup

later
c-lo

triplexporn.org(an ESTDOMAIN) came from Tolik's sig btw.
also on triplexporn is a javascript that includes /cgi-bin/counter2.pl which has this code-- blablabla

who care what code have img src what wroting 0*0 image at bottom of page?

and i cannot get at all where you get and for what this at all frame/iframe breaking code what you posted?

and also - for what this here:
_____________________________
which contains a popup to--
nichetgp.com/amateur/in.cgi?a=340
_____________________________

i never traded or have a links to this site.
if some toplist open this link for some countries - not for me or i have popup blockers on.

cannot understand what relation this have to me?