Jump to content

upstream for 91.213.209.95


mrmaxx

Recommended Posts

Posted

I received some UCE at work in a foreign language. I tried to report it through SpamCop, but it just wants to report to "postmaster[at]ei-ag.info" who I suspect is the spammer. whois.ripe.net doesn't appear to show any upstream, and I'm not familiar enough with LookingGlass or BGP to know who the upstream is either.

Also, the spamvertised website is another where it appears to be a blatant spammer ("double opt in limited") and the only contact is the "postmaster" of the spam-friendly web host. :( The website is hosted on 91.213.83.28, another RIPE host, for which there is no upstream indicated. :(

If someone could research this and update SpamCop to report to someone who might actually care, it would be appreciated!

Posted
If someone could research this and update SpamCop to report to someone who might actually care, it would be appreciated!

Finding someone who cares might actually be a problem. Of course the SCBL does care so if the research is unsuccessful I hope you'll still submit the report to update the list.

Andrew

Posted
Finding someone who cares might actually be a problem. Of course the SCBL does care so if the research is unsuccessful I hope you'll still submit the report to update the list.

Of course I reported it! :D I was just hoping someone could find an upstream provider that might consider "leaning on" the spammy email and web hosts. :D

Posted
...I was just hoping someone could find an upstream provider that might consider "leaning on" the spammy email and web hosts. :D
SpamCop takes some pains to avoid reporting to spammers but I guess, inevitably, are always playing catch-up. KnujOn or Complainterator might be the way to go in general for these cases. There are some here who can unravel the complexities of up stream provider discovery and might care to offer some specifics on the cases in point.

91.213.209.95 (says postmaster[at]ei-ag.info), Senderbase thinks eiagr.com with 'privacy protected' registrant protection and http://www.robtex.com/dns/eiagr.com.html#records says that has NS in 91.206.92.0/23 which http://www.robtex.com/dns/eiagr.com.html#graph says is Taranet - 100% AS47540 TARAINFORM-AS Tarainform Limited and http://www.webtrace.info/asn/47540 suggests abuse[at]tarainform.com which is Russian (where they generally have a 'different' view about spam).

Looking at 91.213.83.28 (SC says postmaster[at]doi-ltd.com), SenderBase seems to think it is in 91.213.83.0/24

Then http://www.robtex.com/route/91.213.83.0-24.html says that is 100% AS47540 TARAINFORM-AS Tarainform Limited and http://www.webtrace.info/asn/47540 suggests abuse[at]tarainform.com

So, my bumbling attempts wouldn't seem to advance the cause much. http://www.siteadvisor.com/sites/tarainform.com gives no cause for optimism.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...