knightshade Posted June 1, 2014 Share Posted June 1, 2014 One particular spammer I track has recently setup home in a 1280 IP address wide netblock (18.104.22.168/24, 22.214.171.124/22). A couple of things (whois street address doesn't actually exist, ARIN have been unable to contact the POC for the netblock since 2010 & unresponsive abuse email address) lead me to suspect that admin control of the netblock may have been compromised. Now, the question I have is: Is there anyway to find who is actually hosting the servers of the spammer's domains? Inquiries to the abuse address in that netblock's whois are probably going straight to the spammer or the bitbucket, so that's presumably a no-go. The only way I could think of was to run a tracert on the IP's hosting the spammer's domains - these all ultimately end up in the suspect netblock, but always go through one particular external IP owned by a hosting company before going to private IP addresses/IPs in the suspect netblock. Is that IP likely to be of the actual hosting company? (Try tracert with these IPs used to host spam domains - 126.96.36.199, 188.8.131.52, 184.108.40.206 - to see what I mean.) Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.