homepage Welcome to WebmasterWorld Guest from 54.234.141.47
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Determining a website's ISP
How do I know which ISP a website is using?
persepee

10+ Year Member



 
Msg#: 9021 posted 8:41 am on Jun 18, 2005 (gmt 0)

Last night, I stumbled across a website which claimed to have the information I was looking for. Instead, it was a blank page which installed tons of spyware, adware and trojans.

Like most of you, I have seen lots of spyware in my years on the internet but this one was particularly nasty. Eventually, I did manage to get rid of it and I sent Google a detailed spam report.

But, I would also like to send this website's ISP an email in the hopes that they will drop this guy's account. How can I determine which ISP the offending website is using?

Thanks in advance for any replies.

 

globalissa

5+ Year Member



 
Msg#: 9021 posted 9:07 am on Jun 18, 2005 (gmt 0)

To identify a website host isp use a whois lookup on the domain name. Example:

[networksolutions.com...]

... using that to lookup webmasterworld.com yields:

Domain Name: WEBMASTERWORLD.COM
Status: PROTECTED

Administrative Contact:
Tabke, Brett btabke searchengineworld.com
3801 N Cap of TX Hwy e240-181
Austin, TX 78746
USA
512-231-8106

Technical Contact, Zone Contact:
WebmasterWorld.com webmaster webmasterworld.com
WestHost
3801 N Cap of TX Hwy e240-181
Austin, TX 78746
USA
512-231-8106

Record last updated on 31-Mar-2005.
Record expires on 11-Dec-2014.
Record created on 11-Dec-1999.

Domain servers in listed order:

Name Server: NS.WESTHOST.NET
Name Server: NS2.WESTHOST.NET

... so webmasterworld.com is hosted on NS.WESTHOST.NET. If you had an issue with that site you would write to abuse@their_domain.com

There are also other ways to locate a host isp but the method above generally yields adequate data and facts.

[edited by: Woz at 12:37 pm (utc) on June 18, 2005]

persepee

10+ Year Member



 
Msg#: 9021 posted 2:48 pm on Jun 18, 2005 (gmt 0)


Wow, thank you very much for that very detailed reply, globalissa!

publish

5+ Year Member



 
Msg#: 9021 posted 3:10 pm on Jun 18, 2005 (gmt 0)

That only works if they're using the nameservers at their host.

If they use other name servers it doesn't help since it only tells you their nameserver service, not their host.

And honestly reporting spam is a waste of time. In the time you take to report it the spammer will have built another two sites.

persepee

10+ Year Member



 
Msg#: 9021 posted 4:21 pm on Jun 18, 2005 (gmt 0)


Perhaps so, but doing nothing is not going to help.

IanMason

10+ Year Member



 
Msg#: 9021 posted 6:19 pm on Jun 18, 2005 (gmt 0)

Persepee: building upon the suggestion of globalissa and recognizing the concern raised by publish whereby a site may not be using their ISP’s name server, here are the steps that I take to identify the actual network provider.

Begin by obtaining the IP address used by the domain in question. Use a command line utility such as nslookup or dig to resolve the domain name to the IP address. A search of Google using “nslookup” as a search term will yield web based interfaces as well.

Once you have obtained the IP address the next step is to identify to whom that IP address has been assigned. As of today’s date, I know of four global IP registrars listed as follows:

www.arin.net
www.ripe.net
www.apnic.net
www.lacnnic.net/en/

Each of these registrars operates a whois service on their main page. Unlike the domain name based whois service, this service takes an IP address and responds with the name of the network owner to which that IP address has been assigned. Simply go down the above list of registrars until you obtain your answer.

With the answer in hand you may once again use globalissa’s excellent suggestion to obtain further information. While keeping in mind the limitations noted by publish on dealing with spammers, you may wish to explore RBL (Real Time Blacklists) through a Google search.

I hope this helps – if any part is unclear please sticky mail me.

globalissa

5+ Year Member



 
Msg#: 9021 posted 6:37 pm on Jun 18, 2005 (gmt 0)

IanMason is absolutely correct. There is one shortcut to determining the final host - use the tracert tool to do an actual traceroute on the IP or domain name. This approach instantly yields the IP address of the hosting organization. Better isp hosts will provide this tool for you. You can also access tracert via a windows DOS window type in:

tracert domain.com
... to trace by domain name or
tracert 127.0.0.1
... to trace by ip address

One of my host isps has a nice tracert feature that shows the flag of the country where each hop is, visual clues are good...

Thanks again to IanMason for their clarity.

nancyb

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 9021 posted 7:22 pm on Jun 18, 2005 (gmt 0)

get all kinds of info about a domain name and/or IP address using [dnsstuff.com
]." TARGET="_top" title="http://dnsstuff.com/[/url].">dnsstuff.com...] Try "Domain Info" for IP, name server (host) and registrar.
persepee

10+ Year Member



 
Msg#: 9021 posted 9:54 pm on Jun 18, 2005 (gmt 0)


Thanks a lot for the help guys. The information and links have been (and will be) very helpful.

Now that I know how to do it, I am going to start reporting spyware sites that I happen to comes across. There is certainly no shortage of them.

Maybe, it won't do much good but it makes me feel better about it. ;)

IanMason

10+ Year Member



 
Msg#: 9021 posted 1:02 am on Jun 19, 2005 (gmt 0)

Persepee: If your actions stop just one instance of key logging software that compromises someone’s bank account or prevents another’s identity from being stolen then you have done good - much good.

Many ISPs will respond if they are made aware of the problem especially when their own interests are at risk - a point that you may need to gently draw to their attention.

And finally, be inspired by the following quote:
"All that is necessary for the triumph of evil is that good men do nothing..."
- Edmund Burke (1729 – 1797)

scottmack

10+ Year Member



 
Msg#: 9021 posted 1:07 am on Jun 19, 2005 (gmt 0)

A web page can install tons of spyware, adware and trojans?

kevinpate

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 9021 posted 1:13 am on Jun 19, 2005 (gmt 0)

it's the frustration of the cleanup that wiehgs on the soul like a few tons ... the junk that's installed weighs but a few nano-ounces :)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved