Finding webhost provider
I’ve seen on many forums and blogs, that upstream web providers are blamed for what their downstream providers do.
Case in point: Atrivo leases space to ESThost.
I’m not saying Atrivo is innocent. I have sent abuse complaints to both them and ESThost. I’ve only seen them spring to action once (ESThost).
But I’ll share with you some ways you can figure out exactly who is behind the IP addresses.
Tools: Whois on the domain name.
Method 1: If it’s a regular domain name, check the name server in the whois data. Sometimes it tells you who the provider is.
Minus: Increasingly, however, the spammer utilizes vanity name servers, which can be basically any server anywhere.
Tools: Ping the domain name. That gives you the IP number it’s hosted on.
Method 2: Use NSlookup on the IP number to find the name of the server
Minus: Often doesn’t work. No reverse DNS.
Method 3: Use DIG on the IP number. Gives you server name and or name server
Minus: Isn’t always reliable. Might give you the name server of upstream provider. And the name of the server may be tied to upstream provider, but actually be under the control of downstream
Method 4: Use service scan on the IP number, as found on Domain Whitepages. The SMTP scan may give you the name of the webhost.
Method 5: Use the SMTP verify tool in Sam Spade. Very useful for instance with dynamic IP provider domain names. Use an address for instance on this format: root@subdomain.maindoman.com.
Minus: I have only tested a small subset of addresses. Don’t know if it’ll work at all times. But so far (with ESThost), this seems to be the most reliable method.