[108120] in North American Network Operators' Group
Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
daemon@ATHENA.MIT.EDU (Raymond Dijkxhoorn)
Wed Sep 24 04:33:46 2008
Date: Wed, 24 Sep 2008 10:33:35 +0200 (CEST)
From: Raymond Dijkxhoorn <raymond@prolocation.net>
To: Paul Wall <pauldotwall@gmail.com>
In-Reply-To: <620fd17c0809240119o755a1717jb7492285e4763953@mail.gmail.com>
Cc: Christopher Morrow <christopher.morrow@gmail.com>, nanog@nanog.org,
Joe Greco <jgreco@ns.sol.net>
Errors-To: nanog-bounces@nanog.org
Hi!
> Thanks to the efforts of the people on this list, you've known
> Estdomains/Esthost was bad news for several weeks or more.
[root@control ~]# dig estdomains.com
; <<>> DiG 9.5.0-P2 <<>> estdomains.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2970
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;estdomains.com. IN A
;; ANSWER SECTION:
estdomains.com. 86400 IN A 94.102.49.3
inetnum: 94.102.48.0 - 94.102.63.255
netname: NL-ECATEL-20080829
descr: Ecatel LTD
country: NL
org: ORG-EL38-RIPE
admin-c: RvE16-RIPE
tech-c: RvE16-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ECATEL-MNT
mnt-routes: ECATEL-MNT
source: RIPE # Filtered
person: Reinier van Eeden
address: Archangelkade 1-3
address: 1013 BE Amsterdam
mnt-by: IQARUS-MNT
e-mail: r.eeden@nl.iqarus.com
phone: +31 64 607 11 12
nic-hdl: RvE16-RIPE
source: RIPE # Filtered
The same guys were hosting several ROKSO spammers in 2006 allready. This
smells badly!
Earlier this year they had also this one (also ROKSO)
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65783
The company that Reinier was with was called Icarus earlier, does that
ring a bell? 3 of the top 10 ROKSO spammers were hosted there. This is
more then just a normal shining.
bye,
Raymond.
