Intercage – Spam/Malware Friendly ISP Back Online


There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.

Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing IP addresses under the management of Intercage were hosting a number of sites engaged in phishing, malware propagation, and other illegal activities.

It’s a pretty bold move by UnitedLayer..but Intercage and their website is back online now.

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world’s cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer’s move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion’s share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

It looks like it’s going to hurt them with between a quarter and a half of their revenue coming from this one customer! They shouldn’t have put all their eggs in one basket, especially a malware ridden Eastern European basket.

I think Internet Exchanges and upstream providers need to be more vigilant about spam and malware propagation sites, if hosts refuse to sort the problem out – pull the plug!

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

“We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed,” said UnitedLayer COO Richard Donaldson. “And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)…then we will terminate them like we would any other client.”

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today’s law enforcement in overcoming a rat’s nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens’ best interests at heart.

There is definitely a potential for abuse here and it’s something that needs to be watched. More people need to take time to submit abuse reports, headers and IP addresses to the upstream providers, data centers and hosts involved.

Some may not know what the sites on their network are doing, some may actually be hacked, and some may be complicit with the spammers – but either way people need to report!

It’s an interesting story and definitely one to watch, let’s just hope no-one starts to abuse this with RIAA take-down notices etc.

Source: The Register

Posted in: Legal Issues, Malware, Spammers & Scammers

, , , , , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


4 Responses to Intercage – Spam/Malware Friendly ISP Back Online

  1. Morgan Storey October 7, 2008 at 4:56 am #

    Anyone got a list of their ip blocks… drop x.x.x.x/16 :)

  2. terrery October 7, 2008 at 11:44 am #

    ”There is definitely a potential for abuse here and it

  3. Morgan Storey October 7, 2008 at 10:35 pm #

    If intercage is anything like the previous Russian Business Network, it will take these reports of abuse and file them straight in the bin.

  4. SpikyHead October 8, 2008 at 12:45 am #

    @terrery
    “i strongly believe if someone notice abuse of website