Jump to content

upstream for 91.213.209.95


mrmaxx
 Share

Recommended Posts

I received some UCE at work in a foreign language. I tried to report it through SpamCop, but it just wants to report to "postmaster[at]ei-ag.info" who I suspect is the spammer. whois.ripe.net doesn't appear to show any upstream, and I'm not familiar enough with LookingGlass or BGP to know who the upstream is either.

Also, the spamvertised website is another where it appears to be a blatant spammer ("double opt in limited") and the only contact is the "postmaster" of the spam-friendly web host. :( The website is hosted on 91.213.83.28, another RIPE host, for which there is no upstream indicated. :(

If someone could research this and update SpamCop to report to someone who might actually care, it would be appreciated!

Link to comment
Share on other sites

If someone could research this and update SpamCop to report to someone who might actually care, it would be appreciated!

Finding someone who cares might actually be a problem. Of course the SCBL does care so if the research is unsuccessful I hope you'll still submit the report to update the list.

Andrew

Link to comment
Share on other sites

Finding someone who cares might actually be a problem. Of course the SCBL does care so if the research is unsuccessful I hope you'll still submit the report to update the list.

Of course I reported it! :D I was just hoping someone could find an upstream provider that might consider "leaning on" the spammy email and web hosts. :D

Link to comment
Share on other sites

...I was just hoping someone could find an upstream provider that might consider "leaning on" the spammy email and web hosts. :D
SpamCop takes some pains to avoid reporting to spammers but I guess, inevitably, are always playing catch-up. KnujOn or Complainterator might be the way to go in general for these cases. There are some here who can unravel the complexities of up stream provider discovery and might care to offer some specifics on the cases in point.

91.213.209.95 (says postmaster[at]ei-ag.info), Senderbase thinks eiagr.com with 'privacy protected' registrant protection and http://www.robtex.com/dns/eiagr.com.html#records says that has NS in 91.206.92.0/23 which http://www.robtex.com/dns/eiagr.com.html#graph says is Taranet - 100% AS47540 TARAINFORM-AS Tarainform Limited and http://www.webtrace.info/asn/47540 suggests abuse[at]tarainform.com which is Russian (where they generally have a 'different' view about spam).

Looking at 91.213.83.28 (SC says postmaster[at]doi-ltd.com), SenderBase seems to think it is in 91.213.83.0/24

Then http://www.robtex.com/route/91.213.83.0-24.html says that is 100% AS47540 TARAINFORM-AS Tarainform Limited and http://www.webtrace.info/asn/47540 suggests abuse[at]tarainform.com

So, my bumbling attempts wouldn't seem to advance the cause much. http://www.siteadvisor.com/sites/tarainform.com gives no cause for optimism.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...