In April i got a DDoS attack (lol, good luck to take down google)
Nothing really high on my site, temari.fr suffered a bit, and i grabbed alot of weird referrers.
Fun things: some pointed to winlocks system like Multi Locker 3 on 18.104.22.168 and some other shits i've hacked the same day)
Brian have do an article recently about his DDoS http://krebsonsecurity.com/2013/05/conversations-with-a-bulletproof-hoster/
And because i'm concerned, many asked me explanations or sent me Brian article link via mail.
I've also entered in contact with off-sho.re.
Not directly, i told someone to talk him and see where he can go on the conversation, i was just intrigued by the price off-sho.re can do.
Here is the chat log:
Now about the madtrade.ru domain, the weird things come from the whois.
He just buy domains via his webnames.ru account and sell them by setting up customers nameservers.
He don't give them domain panel or anything, so he can do changes anytime.
For information, webnames reseller list is available here: http://www.webnames.ru/en/scripts/resellers_list.pl
I was little bit confuse as domains registered with webnames doesn't show reseller name, but off-sho.re's name is not in reseller list so likely he's not reseller.
He also sells domain via naunet.ru probably
Naunet is the actual domain provider for darkode and naunet is also famous for bulletproof domains.
When 'gofuck' got darkode domain suspended, they contacted naunet and naunet contacted pdr (PublicDomainRegistry) and told them to unsuspend domain:
darkode 'suspended' NS:
Fun datas, darkode belong to email@example.com:
gofuck got their domain suspended by giving them screenshots of posts in darkode, the mywot scoreboard also helped according to him. (http://www.mywot.com/en/scorecard/darkode.com)
They cleaned it now, it was red before and off-sho.re helped them to make it in yellow zone he provided fake ratings and stuff.
darkode got suspended on 15th april and they got it fixed on 17th.
off-sho.re is also obviously listed on SpamHaus (http://www.spamhaus.org/sbl/query/SBL182932)
And member of the StopHaus project but i don't need to explain that.
off-sho.re seem to use mainly the e-mail "firstname.lastname@example.org" as contact, a simple search in Google and you will find alot of information regarding whois and domains details
You can even find his Webmoney, Liberty Reserve, email addresses, ICQ, forum profiles etc...
Also congrats for your level 2.
And about darkode, here we go...
Here are some jabbers, of course just a small part, my listing is more long than that.
And i don't see the point to release my lists of icq/jabber/lr/wmz/aliases etc...
For me, darkode is just another wannabe private forum i've exposed, and when i do re-post like this, i don't do it because i care of this forum but due to an answer (on this case: off-sho.re).
That will annoy some people listed here to re-create a new address, but who gave me the stick to be beaten with ?
And about bulletproof hosting, here is an old conversation between GrandHost and Nassef, may that can interest someone.
As usual there is a lot of things to say, but i will stop here.