Don't like ads? PRO users don't see any ads ;-)
Public Pastes

#OpEcatel: Teaching a bad host a lesson

By: TheAnon0ne on Jul 29th, 2012  |  syntax: None  |  size: 9.11 KB  |  hits: 6,573  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Twitter: @TheAnon0ne | E: theanon0ne@hushmail.com
  2.  
  3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  4. This is a sub-op of #OpPedoChat | http://pastebin.com/xvBaU2vd
  5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6.  
  7. Started: 7/29 @ 3pm GMT
  8. Last update: 7/30 12.45am GMT
  9.  
  10. Busy week, see http://bit.ly/MeA2FC for more info.
  11.  
  12. ``````````````````````````` #OpEcatel: Teaching a bad host a lesson ```````````````````````````
  13.  
  14. Greetings Netizen. Host Ecatel is an evil company that has been lightly profiled before, see
  15. bit.ly/9hj5fN & bit.ly/PQKUrm for just two examples. Recently, we discovered a cache of sites
  16. hosted by Ecatel that were targets for #OpPedoChat. When we asked Ecatel to remove the sites,
  17. they not only refused several times, they literally resorted to "go screw your mom" for reply:
  18. i.imgur.com/5WMZC.png | TL,DR: Ecatel refuses to remove kiddie porn sites.
  19.  
  20. This will not stand. Operation Ecatel: Engaged. Expect Us.
  21.  
  22. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= * ~ *Operation News & More* ~ * =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  23. ===============================================================================================
  24.  
  25. * 7/29: Some of the targets fluctuate, but billing.ecatel.net & helpdesk.ecatel.net have been
  26.         staying down most of the day. None of Ecatel's holdings have escaped Tango Down today.
  27.  
  28. * 7/29: List of all IP addresses tied to Ecatel avail @ http://bit.ly/QVOyCE
  29.  
  30. * 7/29: Ecatel sent another email, telling me to go screw my mother: i.imgur.com/5WMZC.png
  31.         In exchange, I gave them this form: http://bit.ly/Owth0Y
  32.  
  33. ~ #OpEcatel launched @ 3pm GMT in response to the egregious nature & behavior of Ecatel ~
  34.  
  35. * 7/29: Call to arms! Target is ecatel.co.uk & ecatel.net | They REFUSE to remove CP they
  36.         host. Their answer to the opportunity we let them have: i.imgur.com/wmBBH.png
  37.  
  38. 7/28 ~ 7/29: We gave Ecatel *another* chance: http://i.imgur.com/ndsQ6.png
  39.  
  40. * 7/28: ecatel.co.uk is TangoDown, been down for hours| Bad host REFUSED to remove CP sites
  41.  
  42. * 7/21 - 7/28: Several Anons contact Ecatel, nicely, and get rudely rebuffed and ridiculed.
  43.                Jimmies start getting rustled.
  44.  
  45. * 7/21: Ecatel.net, responsible for several CP targets, profiled: http://bit.ly/Psoeuw
  46.  
  47. ##############################################################################################
  48.  
  49. ################################
  50. Targets (updated 7/29 @ 4pm GMT)
  51. ################################
  52.  
  53. http://ecatel.co.uk
  54. http://www.ecatel.info
  55. http://ecatel.net (89.248.167.19)
  56. http://billing.ecatel.net
  57. http://mirror.ecatel.net
  58. http://noc.ecatel.net
  59. http://helpdesk.ecatel.net
  60. http://www.smokeping.nl
  61.  
  62. DNS servers: 89.248.167.3, 89.248.163.67, & 89.238.154.91
  63. List of all IP addresses tied to Ecatel avail @ http://bit.ly/QVOyCE
  64.  
  65. ##############################################################################################
  66.  
  67. #########
  68. Harvester
  69. #########
  70.  
  71. g.nelson@ecatel.net, r.eeden@ecatel.net, eeden@ecatel.net, sale@ecatel.net, XXXXX@ecatel.net,
  72. admin@ecatel.net, abuse@ecatel.net, sales@ecatel.net, info@ecatel.net, noc@ecatel.net
  73.  
  74. ##############################################################################################
  75.  
  76. ####
  77. Moar
  78. ####
  79.  
  80. Ecatel was rated #1 worst host in the world for serving spam, infected websites and Zeus C & C servers http://news.hostexploit.com/hosts-and-registrars-news/4566-ecatel-speaks-to-dutch-news-about-1-bad-host-position.html
  81.  
  82. Ecatel does more than just kiddie porn, they are well-known to facilitate cyber criminals, botnets, etc: http://www.secanalyst.org/2011/08/23/understanding-ecatel/
  83.  
  84. http://hphosts.blogspot.com/2010/04/as29073-ecatel-need-more-proof-of-their.html
  85.  
  86. http://badhost.info/AS29073
  87.  
  88. http://www.scamfraudalert.com/identity_theft_phishing_spam_blackmails/13773-spamhaus_project_reports_ecatel_net_network_host_most_notorious_spammers_cybe.html
  89.  
  90. http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461.html
  91.  
  92. ##############################################################################################
  93.  
  94. ######################################################################
  95. d0x (in progress, not guaranteed accurate). Some credit to @OpPedoChat
  96. More info available @ http://bit.ly/Psoeuw
  97. ######################################################################
  98.  
  99. Owner of ECATEL LTD
  100.  
  101. Name: Ferdinand Reinier Van Eeden
  102.  
  103. http://company-director-check.co.uk/director/912188052
  104. http://www.cdrex.com/ferdinand-reinier-van-eeden/1074299.html
  105.  
  106. Short Name: Ferdinand Van Eeden
  107.  
  108. Year of Birth: 1986
  109.  
  110. Address:
  111.  
  112. Singravenstraat
  113. 42 2548SL
  114. Gravenhage
  115.  
  116. Address 2:
  117.  
  118. 235 Spui
  119. Den Haag
  120. Netherlands
  121. 2511 BP
  122.  
  123. Number: 070-3944255
  124.  
  125. 235 Spui Den Haag Netherlands 2511 BP (Registered to company)
  126.  
  127. Person ID: 17485089
  128.  
  129. Director ID : 912188052
  130.  
  131. Company's ;
  132.  
  133. Company Name          
  134. FIBER XPRESS LIMITED - 06466487 (Company registration number)  
  135. REBA ENTERPRISES LIMITED - 06265960 (Company registration number)              
  136. REBA HOLDING LIMITED -  06264749 (Company registration number)
  137. ECATEL LTD -  05562825 (Company registration number)
  138.  
  139. Company Address's ;
  140.  
  141. 80 SIDNEY STREET
  142. FOLKESTONE
  143. CT19 6HQ
  144. GB
  145.  
  146. Manger of ECATEL LTD:
  147.  
  148. Name: Bartholomeus Johannes Karreman
  149.  
  150. Short name - Bartholomeus Karreman
  151.  
  152. Year of Birth: 1946
  153.  
  154. Address
  155. 2648 Neherkade
  156. Den Haag
  157. 2521 Rv
  158. The Netherlands
  159. 2521 RV
  160.  
  161. Director ID : 912188051
  162.  
  163.  
  164. ##############################################################################################
  165.  
  166. ###############################################################################
  167. Vulnerability Information (send moar to @theanon0ne or theanon0ne@hushmail.com)
  168. ###############################################################################
  169.  
  170. Starting Nmap 6.01 ( http://nmap.org ) at 2012-07-29 11:31 EDT
  171. Nmap scan report for www.ecatel.co.uk (80.82.67.2)
  172. Host is up (0.11s latency).
  173. Not shown: closed ports
  174. PORT     STATE SERVICE              VERSION
  175. 80/tcp   open  http                 Apache httpd 2.2.9 ((Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch)
  176. 111/tcp  open  rpcbind (rpcbind V2) 2 (rpc #100000)
  177. 2049/tcp open  nfs (nfs V2-4)       2-4 (rpc #100003)
  178.  
  179. www.ecatel.co.uk/ [200]
  180. http://www.ecatel.co.uk [200] HTTPServer[Debian Linux][Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch], PHP[5.2.6-1+lenny9][Suhosin-Patch], Frame, Country[NETHERLANDS][NL], IP[80.82.67.2], Apache[2.2.9], X-Powered-By[PHP/5.2.6-1+lenny9], Title[ Ecatel - Home]
  181. URL    : http://www.ecatel.co.uk
  182. Status : 200
  183.    Apache ---------------------------------------------------------------------
  184.     Description: The Apache HTTP Server Project is an effort to develop and
  185.                  maintain an open-source HTTP server for modern operating
  186.                  systems including UNIX and Windows NT. The goal of this
  187.                  project is to provide a secure, efficient and extensible
  188.                  server that provides HTTP services in sync with the current
  189.                  HTTP standards. - homepage: http://httpd.apache.org/
  190.     Version    : 2.2.9
  191.  
  192.    Country --------------------------------------------------------------------
  193.     Description: GeoIP IP2Country lookup. To refresh DB, replace
  194.                  IpToCountry.csv and remove country-ips.dat. GeoIP database
  195.                  from http://software77.net/geo-ip/. Local IPv4 addresses
  196.                  are represented as ZZ according to an ISO convention.
  197.                  Lookup code developed by Matthias Wachter for rubyquiz.com
  198.                  and used with permission.
  199.     Module     : NL
  200.     String     : NETHERLANDS
  201.  
  202.    Frame ----------------------------------------------------------------------
  203.     Description: This plugin detects instances of frame and iframe HTML
  204.                  elements.
  205.  
  206.    HTTPServer -----------------------------------------------------------------
  207.     Description: HTTP server header string
  208.     Os         : Debian Linux
  209.     String     : Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch (from server string)
  210.  
  211.    IP -------------------------------------------------------------------------
  212.     Description: IP address of the target, if available.
  213.     String     : 80.82.67.2
  214.  
  215.    PHP ------------------------------------------------------------------------
  216.     Description: PHP is a widely-used general-purpose scripting language
  217.                  that is especially suited for Web development and can be
  218.                  embedded into HTML. - homepage: http://www.php.net/
  219.     Version    : 5.2.6-1+lenny9
  220.     Module     : Suhosin-Patch
  221.     Version    : 5.2.6-1+lenny9
  222.  
  223.    Title ----------------------------------------------------------------------
  224.     Description: The HTML page title
  225.     String     :  Ecatel - Home (from page title)
  226.  
  227.    X-Powered-By ---------------------------------------------------------------
  228.     Description: X-Powered-By HTTP header
  229.     String     : PHP/5.2.6-1+lenny9 (from x-powered-by string)
  230.  
  231. ##############################################################################################
  232.  
  233. We are Anonymous.
  234. We do not Forgive.
  235. We do not Forget.
  236. Expect Us.
  237.  
  238. @TheAnon0ne | theanon0ne@hushmail.com
create a new version of this paste RAW Paste Data