[Tfug] Slightly OT regarding advanced "whois" searches...
Nathan Hruby
nhruby at gmail.com
Tue Sep 4 08:54:12 MST 2012
On Mon, Sep 3, 2012 at 10:58 PM, Jim March <1.jim.march at gmail.com> wrote:
> ...possibly at the Linux command line?
>
> I need to know which websites share the same hosts and/or technical contact
> names/phone numbers. Basically I've got a line on some "bad guys" doing
> various websites and putting their own names in the whois data. I need to
> find out how many other sites are involved.
>From the CLI, you can simply run "whois DOMAINNAME-HERE" to lookup the
registrant info. Note that many registrars provide identity
obfuscation services to prevent spamming.
If you have a list of IP's you may also find the Team Cymru ASN lookup
page useful:
http://asn.cymru.com/
This will indicate what ASN the IP addresses you're interested belong
to. It's a good way to aggregate disparate IP's into a consolidated
list of networks for easier actioning.
HTH,
-n
--
-------------------------------------------
nathan hruby <nhruby at gmail.com>
metaphysically wrinkle-free
-------------------------------------------
More information about the tfug
mailing list