Hi!
Thanks to the efforts of the people on this list, you've known Estdomains/Esthost was bad news for several weeks or more.
[root@control ~]# dig estdomains.com ; <<>> DiG 9.5.0-P2 <<>> estdomains.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2970 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;estdomains.com. IN A ;; ANSWER SECTION: estdomains.com. 86400 IN A 94.102.49.3 inetnum: 94.102.48.0 - 94.102.63.255 netname: NL-ECATEL-20080829 descr: Ecatel LTD country: NL org: ORG-EL38-RIPE admin-c: RvE16-RIPE tech-c: RvE16-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: ECATEL-MNT mnt-routes: ECATEL-MNT source: RIPE # Filtered person: Reinier van Eeden address: Archangelkade 1-3 address: 1013 BE Amsterdam mnt-by: IQARUS-MNT e-mail: r.eeden@nl.iqarus.com phone: +31 64 607 11 12 nic-hdl: RvE16-RIPE source: RIPE # Filtered The same guys were hosting several ROKSO spammers in 2006 allready. This smells badly! Earlier this year they had also this one (also ROKSO) http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65783 The company that Reinier was with was called Icarus earlier, does that ring a bell? 3 of the top 10 ROKSO spammers were hosted there. This is more then just a normal shining. bye, Raymond.