| 9:07 am on Jun 18, 2005 (gmt 0)|
To identify a website host isp use a whois lookup on the domain name. Example:
... using that to lookup webmasterworld.com yields:
Domain Name: WEBMASTERWORLD.COM
Tabke, Brett btabke searchengineworld.com
3801 N Cap of TX Hwy e240-181
Austin, TX 78746
Technical Contact, Zone Contact:
WebmasterWorld.com webmaster webmasterworld.com
3801 N Cap of TX Hwy e240-181
Austin, TX 78746
Record last updated on 31-Mar-2005.
Record expires on 11-Dec-2014.
Record created on 11-Dec-1999.
Domain servers in listed order:
Name Server: NS.WESTHOST.NET
Name Server: NS2.WESTHOST.NET
... so webmasterworld.com is hosted on NS.WESTHOST.NET. If you had an issue with that site you would write to abuse@their_domain.com
There are also other ways to locate a host isp but the method above generally yields adequate data and facts.
[edited by: Woz at 12:37 pm (utc) on June 18, 2005]
| 2:48 pm on Jun 18, 2005 (gmt 0)|
Wow, thank you very much for that very detailed reply, globalissa!
| 3:10 pm on Jun 18, 2005 (gmt 0)|
That only works if they're using the nameservers at their host.
If they use other name servers it doesn't help since it only tells you their nameserver service, not their host.
And honestly reporting spam is a waste of time. In the time you take to report it the spammer will have built another two sites.
| 4:21 pm on Jun 18, 2005 (gmt 0)|
Perhaps so, but doing nothing is not going to help.
| 6:19 pm on Jun 18, 2005 (gmt 0)|
Persepee: building upon the suggestion of globalissa and recognizing the concern raised by publish whereby a site may not be using their ISP’s name server, here are the steps that I take to identify the actual network provider.
Begin by obtaining the IP address used by the domain in question. Use a command line utility such as nslookup or dig to resolve the domain name to the IP address. A search of Google using “nslookup” as a search term will yield web based interfaces as well.
Once you have obtained the IP address the next step is to identify to whom that IP address has been assigned. As of today’s date, I know of four global IP registrars listed as follows:
Each of these registrars operates a whois service on their main page. Unlike the domain name based whois service, this service takes an IP address and responds with the name of the network owner to which that IP address has been assigned. Simply go down the above list of registrars until you obtain your answer.
With the answer in hand you may once again use globalissa’s excellent suggestion to obtain further information. While keeping in mind the limitations noted by publish on dealing with spammers, you may wish to explore RBL (Real Time Blacklists) through a Google search.
I hope this helps – if any part is unclear please sticky mail me.
| 6:37 pm on Jun 18, 2005 (gmt 0)|
IanMason is absolutely correct. There is one shortcut to determining the final host - use the tracert tool to do an actual traceroute on the IP or domain name. This approach instantly yields the IP address of the hosting organization. Better isp hosts will provide this tool for you. You can also access tracert via a windows DOS window type in:
... to trace by domain name or
... to trace by ip address
One of my host isps has a nice tracert feature that shows the flag of the country where each hop is, visual clues are good...
Thanks again to IanMason for their clarity.
| 7:22 pm on Jun 18, 2005 (gmt 0)|
get all kinds of info about a domain name and/or IP address using [dnsstuff.com]." TARGET="_top" title="http://dnsstuff.com/[/url].">dnsstuff.com...] Try "Domain Info" for IP, name server (host) and registrar.
| 9:54 pm on Jun 18, 2005 (gmt 0)|
Thanks a lot for the help guys. The information and links have been (and will be) very helpful.
Now that I know how to do it, I am going to start reporting spyware sites that I happen to comes across. There is certainly no shortage of them.
Maybe, it won't do much good but it makes me feel better about it. ;)
| 1:02 am on Jun 19, 2005 (gmt 0)|
Persepee: If your actions stop just one instance of key logging software that compromises someone’s bank account or prevents another’s identity from being stolen then you have done good - much good.
Many ISPs will respond if they are made aware of the problem especially when their own interests are at risk - a point that you may need to gently draw to their attention.
And finally, be inspired by the following quote:
"All that is necessary for the triumph of evil is that good men do nothing..."
- Edmund Burke (1729 – 1797)
| 1:07 am on Jun 19, 2005 (gmt 0)|
A web page can install tons of spyware, adware and trojans?
| 1:13 am on Jun 19, 2005 (gmt 0)|
it's the frustration of the cleanup that wiehgs on the soul like a few tons ... the junk that's installed weighs but a few nano-ounces :)