YAY! Re: Atrivo/Intercage: NO Upstream depeer

Raymond Dijkxhoorn raymond at prolocation.net
Wed Sep 24 03:33:35 CDT 2008


> Thanks to the efforts of the people on this list, you've known
> Estdomains/Esthost was bad news for several weeks or more.

[root at control ~]# dig estdomains.com

; <<>> DiG 9.5.0-P2 <<>> estdomains.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2970
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;estdomains.com.                        IN      A

estdomains.com.         86400   IN      A

inetnum: -
netname:        NL-ECATEL-20080829
descr:          Ecatel LTD
country:        NL
org:            ORG-EL38-RIPE
admin-c:        RvE16-RIPE
tech-c:         RvE16-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      ECATEL-MNT
mnt-routes:     ECATEL-MNT
source:         RIPE # Filtered

person:         Reinier van Eeden
address:        Archangelkade 1-3
address:        1013 BE  Amsterdam
mnt-by:         IQARUS-MNT
e-mail:         r.eeden at nl.iqarus.com
phone:          +31 64 607 11 12
nic-hdl:        RvE16-RIPE
source:         RIPE # Filtered

The same guys were hosting several ROKSO spammers in 2006 allready. This 
smells badly!

Earlier this year they had also this one (also ROKSO)


The company that Reinier was with was called Icarus earlier, does that 
ring a bell? 3 of the top 10 ROKSO spammers were hosted there. This is 
more then just a normal shining.


