http://msmvps.com/blogs/hostsnews/archive/tags/Intercage_2F00_EstDomains/default.aspxTags: Intercage/EstDomainsenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/hostsnews/archive/2007/08/25/more-exploit-sites.aspxSat, 25 Aug 2007 09:03:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1136699winhelp20020http://msmvps.com/blogs/hostsnews/archive/2007/08/25/more-exploit-sites.aspx#comments<p>Landing on &quot;<em>voyeurcampic(dot)com</em>&quot; my Antivirus (<a class="" href="http://msmvps.com/controlpanel/blogs/www.eset.com" target="_blank">NOD32</a>) jumps up with the following warning ...</p> <p><img src="http://mvps.org/winhelp2002/blog/voyeurcampic.gif" alt="" /></p> <p>NOD32 halts the loading of any further content and offers to Terminate (I like that description) the connection. So I investigate that site first thru Google and then check the Whois info ... oh this is not good!</p> <p><img src="http://mvps.org/winhelp2002/blog/voyeurcampic1.gif" alt="" /></p> <p>Well as you can see Google reports that &quot;<em>This site may harm your computer</em>&quot; ... yeah I&#39;d say so ... so checking the Registration info we find that it&#39;s Hosted at Intercage Inc (well known for allowing exploits) and Registered thru EstDomains and then the Whois info is protected/hidden by &quot;<em>PrivacyProtect.org</em>&quot;.</p> <p>Seems like they went thru a lot of trouble to hide their identity ... and they are running quite a few sites with similar exploits.<br />216.255.186.82 = 59 sites<br />216.255.186.83 = 15 sites<br />216.255.186.84 = 10 sites</p> <p>I already had the sites in the first two IP addresses listed in the <a class="" href="http://www.mvps.org/winhelp2002/hosts.htm" target="_blank">HOSTS file</a> and I&#39;ve added the 10 from the last one ... wow 84 sites all linked to each other not counting other outside sites that may link to them ... ever get the feeling the Internet is becoming a dangerous place?</p> <p>Ok ... let&#39;s see what McAfee&#39;s SiteAdvisor says : &quot;<a class="" href="http://www.siteadvisor.com/lookup/?q=voyeurcampic.com" target="_blank">No results found</a>&quot; even though that site was <a class="" href="http://whois.domaintools.com/voyeurcampic.com" target="_blank">registered</a> in July 07.<br />How about &quot;ExploitLabs LinkScanner&quot; = &quot;Congratulations! <a class="" href="http://linkscanner.explabs.com/linkscanner/checkstep.asp" target="_blank">LinkScanner Online</a> did not find any exploits.&quot; ... ouch!</p> <p>Be careful out there folks ...</p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1136699" width="1" height="1">Intercage/EstDomains