Atrivo, Inc (also known as Intercage) and their main customer, Esthost (related to Estdomains) might well be a familiar name to people working in IT security. Atrivo is based is California and is run by one Emil Kacperski, so it has always surprised me that such a small operator should be a persistent host of malware.
Well, Atrivo's activities have not gone un-noticed by HostExploit.com who have produced a whitepaper and diagram and a YouTube video explaining how Atrivo's network is involved in a typical PC exploit.
Brian Krebs at the Washington Post has a comprehensive commentary. Note in particular the comments from "Emil K." at the bottom of the article. The RBN blog also has a comment here. Fascinating stuff.