Hi!
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
[EMAIL PROTECTED] ~]# dig estdomains.com
; <<>> DiG 9.5.0-P2 <<>> estdomains.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2970
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;estdomains.com. IN A
;; ANSWER SECTION:
estdomains.com. 86400 IN A 94.102.49.3
inetnum: 94.102.48.0 - 94.102.63.255
netname: NL-ECATEL-20080829
descr: Ecatel LTD
country: NL
org: ORG-EL38-RIPE
admin-c: RvE16-RIPE
tech-c: RvE16-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ECATEL-MNT
mnt-routes: ECATEL-MNT
source: RIPE # Filtered
person: Reinier van Eeden
address: Archangelkade 1-3
address: 1013 BE Amsterdam
mnt-by: IQARUS-MNT
e-mail: [EMAIL PROTECTED]
phone: +31 64 607 11 12
nic-hdl: RvE16-RIPE
source: RIPE # Filtered
The same guys were hosting several ROKSO spammers in 2006 allready. This
smells badly!
Earlier this year they had also this one (also ROKSO)
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65783
The company that Reinier was with was called Icarus earlier, does that
ring a bell? 3 of the top 10 ROKSO spammers were hosted there. This is
more then just a normal shining.
bye,
Raymond.
