# The Reincarnation of a Bulletproof Hoster - Krebs on Security



## HalfEatenPie (Aug 4, 2016)

Article Link: http://krebsonsecurity.com/2016/08/the-reincarnation-of-a-bulletproof-hoster/


Excerpt: 



> [COLOR= rgb(85, 85, 85)]In April 2016, security firm [/COLOR]Trend Micro[COLOR= rgb(85, 85, 85)] [/COLOR]published a damning report[COLOR= rgb(85, 85, 85)] about a Web hosting provider referred to only as a “cyber-attack facilitator in the Netherlands.” If the Trend analysis lacked any real punch that might have been because — shortly after the report was published — names were redacted so that it was no longer immediately clear who the bad hosting provider was. This post aims to shine a bit more light on the individuals apparently behind this mysterious rogue hosting firm — a company called [/COLOR]HostSailor[dot]com[COLOR= rgb(85, 85, 85)].[/COLOR]



@HostSailor, any comments?  Curious as to what the purpose of this all is.


----------



## DomainBop (Aug 4, 2016)

> The Trend report observes that the unnamed, Netherlands-based virtual private sever (VPS) hosting provider appears to have few legitimate customers, and that the amount of abuse emanating from it “is so staggering that this company will remain on our watchlist in the next few months.”



That could describe many providers...



> According to a “reverse WHOIS” search ordered from DomainTools.com, that Yahoo email address was used in the original registration records for exactly one domain:santrex.net.



interesting...


----------



## DomainBop (Aug 4, 2016)

HostSailor, TrendMicro, & Censorship of Internet Security Reporting https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2016-July/003451.html


AS60117 (HostSailor) and "Mayko Evgeniy" https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2016-July/003450.html


and https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2016-July/003452.html


----------



## HostSailor (Aug 23, 2016)

HalfEatenPie said:


> Article Link: http://krebsonsecurity.com/2016/08/the-reincarnation-of-a-bulletproof-hoster/
> 
> 
> Excerpt:
> ...



We are very sorry for not responding earlier on, it seems that the mentioning of our username on this forum did not email us or notify us in any way. A few months ago we did face a wave of abuse on our network we did manage to put that under control, we noticed later on that trendmicro released a report but it seems that Ronald F. Guilmette does not like to mind his own business and decided to accuse Host Sailor Ltd. over the RIPE mailing list months later of hijacking IP ranges over the internet we personally contacted him to try and understand the motive behind such accusation, we managed to prove to him by writing from the provider itself that we were authorized to route the IP addresses in question, we also worked closely with him in shutting down a couple of abusers on our network that he claimed ran ransomware, he asked us to share payment methods, addresses, emails, IP addresses and what not for almost all users on our network which we refused to share and from there he did not stop harassing the company by posting reports over the internet, we did enjoy high amounts of traffic and sales since, but this will not stop us from proceeding with legal action to stop people like him from trying to stretch their power and muscles on providers over the internet or interfere with how they manage their business and infrastructure, the same goes to Brian who has helped Ronald in the preparations of the report.


----------



## HalfEatenPie (Aug 30, 2016)

Update:


http://krebsonsecurity.com/2016/08/hostsailor-threatens-to-sue-krebsonsecurity/



> [COLOR= rgb(85, 85, 85)]Earlier this month, KrebsOnSecurity published [/COLOR]The Reincarnation of a Bulletproof Hoster[COLOR= rgb(85, 85, 85)], which examined evidence suggesting that a Web hosting company called[/COLOR]HostSailor [COLOR= rgb(85, 85, 85)]was created out of the ashes of another, now-defunct hosting firm notorious for harboring spammers, scammers and other online ne’er-do-wells. Today, HostSailor’s lawyers threatened to sue this author unless the story is removed from the Web.[/COLOR]



read the rest of the article for the full details, but most important part I found "lol"y. 



>



vpsBoard eh?  Anywho, interesting regarding the legal notice.


----------



## DomainBop (Aug 31, 2016)

Page 2 of that letter: the three day deadline for Krebs to remove everything or burn in legal hell is today (8/31).





The jurisdiction for libel suits is usually the location of the defendant.  Krebs the man, and Krebs the blog are both located in the USA where bloggers are generally protected from being sued for hyperlinking to allegedly libelous 3rd party content by the same USC 230 immunity protections that protect forum owners like MannDude from the wrath of little shlonged men in Buffalo.  I really hope that Krebs submits that letter to the EFF's Lumen database (nee ChillingEffects)


If lawyer boy brought action in the UAE, libel is a criminal offense in the UAE and the plaintiff could also sue for civil damages, but good luck trying to enforce a UAE civil judgement (or any foreign judgment) against a US citizen if the US citizen never steps foot in the UAE.  The cost would be prohibitive and it could take years, and VPS servers will probably have joined  telegrams, VHS tapes, and floppy drives on the obsolete technology list by the time the plaintiff was able to recover part of the judgment


TL;DR Lawyer boy's letter proves Postbox isn't the only f*cktard in the world because the outcome of any legal action lawyer boy takes against Krebs probably won't be enough to counter the negative buzz his client 's rep will get from the Streisand Effect he triggered by sending his C&D...


----------

