How to find out the host for a dubious website?
I've recently received a spam email that links to a website of legally doubtful content. How can I find out the Internet provider for the site, such that I can complain about the site? The whois-service gives some information, but the data seems to be about the domain registration, not the actual hosting provider or ISP. Is there some other service where I can find out who to complain to? Or am I just reading the whois output wrong?
spam-prevention whois
edited Jan 28 at 23:12
fixer1234
18.8k144982
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
add a comment |
I've recently received a spam email that links to a website of legally doubtful content. How can I find out the Internet provider for the site, such that I can complain about the site? The whois-service gives some information, but the data seems to be about the domain registration, not the actual hosting provider or ISP. Is there some other service where I can find out who to complain to? Or am I just reading the whois output wrong?
spam-prevention whois
edited Jan 28 at 23:12
fixer1234
18.8k144982
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
What are you trying to achieve exactly? If they host their own server its unlikely you will have any luck shutting them down, even if you do, they can replace their server within hours.
– Ramhound
Feb 25 '13 at 11:41
add a comment |
I've recently received a spam email that links to a website of legally doubtful content. How can I find out the Internet provider for the site, such that I can complain about the site? The whois-service gives some information, but the data seems to be about the domain registration, not the actual hosting provider or ISP. Is there some other service where I can find out who to complain to? Or am I just reading the whois output wrong?
spam-prevention whois
edited Jan 28 at 23:12
fixer1234
18.8k144982
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
I've recently received a spam email that links to a website of legally doubtful content. How can I find out the Internet provider for the site, such that I can complain about the site? The whois-service gives some information, but the data seems to be about the domain registration, not the actual hosting provider or ISP. Is there some other service where I can find out who to complain to? Or am I just reading the whois output wrong?
spam-prevention whois
spam-prevention whois
edited Jan 28 at 23:12
fixer1234
18.8k144982
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
edited Jan 28 at 23:12
fixer1234
18.8k144982
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
edited Jan 28 at 23:12
fixer1234
18.8k144982
edited Jan 28 at 23:12
fixer1234
18.8k144982
edited Jan 28 at 23:12
fixer1234
18.8k144982
18.8k144982
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
asked Feb 25 '13 at 6:56
Hans-Peter StörrHans-Peter Störr
98641223
98641223
What are you trying to achieve exactly? If they host their own server its unlikely you will have any luck shutting them down, even if you do, they can replace their server within hours.
– Ramhound
Feb 25 '13 at 11:41
add a comment |
What are you trying to achieve exactly? If they host their own server its unlikely you will have any luck shutting them down, even if you do, they can replace their server within hours.
– Ramhound
Feb 25 '13 at 11:41
What are you trying to achieve exactly? If they host their own server its unlikely you will have any luck shutting them down, even if you do, they can replace their server within hours.
– Ramhound
Feb 25 '13 at 11:41
What are you trying to achieve exactly? If they host their own server its unlikely you will have any luck shutting them down, even if you do, they can replace their server within hours.
– Ramhound
Feb 25 '13 at 11:41
add a comment |
3 Answers
3
active
oldest
votes
The question is a bit tricky. Whois is normally a good place to start as it gives you a feel for the site, including the nameservers which, if often, but not always give you a hint about the hosting provider.
In order to work out where a site is located, you need to get its IP address. This is as easy as doing a "ping" to the site. Even better, if you use traceroute it will show you all the hops between your computer and that site - and usually the hops immediately before will give you a clue of their ISP's router. Importantly, using traceroute will do a reverse lookup on the domains and this will help you work out who their ISP is. You can then google the results to try and find a contact detail for their domain name.
Another technique might be to look and see how mail is handled for the site, and see if there is a link (again, not always). To do this you need to do a DNS lookup for the MX record for the site. (Googling "MX Lookup") should help you come up with a tool for this. If they are farming their mail out to an ISP, you should be able to do a WHOIS to find more about the ISP and contact them.
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
add a comment |
If you look up their IP address, you can run a WHOIS on that IP to get the registration info for that address (which would include the ISP).
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky.
– davidgo
Feb 25 '13 at 7:54
1
@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info.
– cpast
Feb 25 '13 at 8:06
That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain.
– davidgo
Feb 25 '13 at 8:16
@davidgo This does get you contact info for the ISP, so you can report abuse there.
– cpast
Feb 25 '13 at 8:17
The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works.
– MaQleod
Feb 25 '13 at 17:13
|
show 2 more comments
Once you find out IP, you have to go to the right Organisation. Now ICAAN have designated IPv4 range to huge organisation like apnic.net (for asia pacific) and ripe.net (for europe region). You can WHOIS search and find out to which organisation does the IP belongs to? And Later you may contact to corresponding organisation. I hope they might help.
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f556974%2fhow-to-find-out-the-host-for-a-dubious-website%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
The question is a bit tricky. Whois is normally a good place to start as it gives you a feel for the site, including the nameservers which, if often, but not always give you a hint about the hosting provider.
In order to work out where a site is located, you need to get its IP address. This is as easy as doing a "ping" to the site. Even better, if you use traceroute it will show you all the hops between your computer and that site - and usually the hops immediately before will give you a clue of their ISP's router. Importantly, using traceroute will do a reverse lookup on the domains and this will help you work out who their ISP is. You can then google the results to try and find a contact detail for their domain name.
Another technique might be to look and see how mail is handled for the site, and see if there is a link (again, not always). To do this you need to do a DNS lookup for the MX record for the site. (Googling "MX Lookup") should help you come up with a tool for this. If they are farming their mail out to an ISP, you should be able to do a WHOIS to find more about the ISP and contact them.
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
add a comment |
The question is a bit tricky. Whois is normally a good place to start as it gives you a feel for the site, including the nameservers which, if often, but not always give you a hint about the hosting provider.
In order to work out where a site is located, you need to get its IP address. This is as easy as doing a "ping" to the site. Even better, if you use traceroute it will show you all the hops between your computer and that site - and usually the hops immediately before will give you a clue of their ISP's router. Importantly, using traceroute will do a reverse lookup on the domains and this will help you work out who their ISP is. You can then google the results to try and find a contact detail for their domain name.
Another technique might be to look and see how mail is handled for the site, and see if there is a link (again, not always). To do this you need to do a DNS lookup for the MX record for the site. (Googling "MX Lookup") should help you come up with a tool for this. If they are farming their mail out to an ISP, you should be able to do a WHOIS to find more about the ISP and contact them.
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
add a comment |
The question is a bit tricky. Whois is normally a good place to start as it gives you a feel for the site, including the nameservers which, if often, but not always give you a hint about the hosting provider.
In order to work out where a site is located, you need to get its IP address. This is as easy as doing a "ping" to the site. Even better, if you use traceroute it will show you all the hops between your computer and that site - and usually the hops immediately before will give you a clue of their ISP's router. Importantly, using traceroute will do a reverse lookup on the domains and this will help you work out who their ISP is. You can then google the results to try and find a contact detail for their domain name.
Another technique might be to look and see how mail is handled for the site, and see if there is a link (again, not always). To do this you need to do a DNS lookup for the MX record for the site. (Googling "MX Lookup") should help you come up with a tool for this. If they are farming their mail out to an ISP, you should be able to do a WHOIS to find more about the ISP and contact them.
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
The question is a bit tricky. Whois is normally a good place to start as it gives you a feel for the site, including the nameservers which, if often, but not always give you a hint about the hosting provider.
In order to work out where a site is located, you need to get its IP address. This is as easy as doing a "ping" to the site. Even better, if you use traceroute it will show you all the hops between your computer and that site - and usually the hops immediately before will give you a clue of their ISP's router. Importantly, using traceroute will do a reverse lookup on the domains and this will help you work out who their ISP is. You can then google the results to try and find a contact detail for their domain name.
Another technique might be to look and see how mail is handled for the site, and see if there is a link (again, not always). To do this you need to do a DNS lookup for the MX record for the site. (Googling "MX Lookup") should help you come up with a tool for this. If they are farming their mail out to an ISP, you should be able to do a WHOIS to find more about the ISP and contact them.
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
answered Feb 25 '13 at 8:04
davidgodavidgo
44k75292
44k75292
add a comment |
add a comment |
If you look up their IP address, you can run a WHOIS on that IP to get the registration info for that address (which would include the ISP).
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky.
– davidgo
Feb 25 '13 at 7:54
1
@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info.
– cpast
Feb 25 '13 at 8:06
That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain.
– davidgo
Feb 25 '13 at 8:16
@davidgo This does get you contact info for the ISP, so you can report abuse there.
– cpast
Feb 25 '13 at 8:17
The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works.
– MaQleod
Feb 25 '13 at 17:13
|
show 2 more comments
If you look up their IP address, you can run a WHOIS on that IP to get the registration info for that address (which would include the ISP).
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky.
– davidgo
Feb 25 '13 at 7:54
1
@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info.
– cpast
Feb 25 '13 at 8:06
That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain.
– davidgo
Feb 25 '13 at 8:16
@davidgo This does get you contact info for the ISP, so you can report abuse there.
– cpast
Feb 25 '13 at 8:17
The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works.
– MaQleod
Feb 25 '13 at 17:13
|
show 2 more comments
If you look up their IP address, you can run a WHOIS on that IP to get the registration info for that address (which would include the ISP).
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
If you look up their IP address, you can run a WHOIS on that IP to get the registration info for that address (which would include the ISP).
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
answered Feb 25 '13 at 6:58
cpastcpast
2,11421426
2,11421426
While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky.
– davidgo
Feb 25 '13 at 7:54
1
@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info.
– cpast
Feb 25 '13 at 8:06
That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain.
– davidgo
Feb 25 '13 at 8:16
@davidgo This does get you contact info for the ISP, so you can report abuse there.
– cpast
Feb 25 '13 at 8:17
The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works.
– MaQleod
Feb 25 '13 at 17:13
|
show 2 more comments
While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky.
– davidgo
Feb 25 '13 at 7:54
1
@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info.
– cpast
Feb 25 '13 at 8:06
That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain.
– davidgo
Feb 25 '13 at 8:16
@davidgo This does get you contact info for the ISP, so you can report abuse there.
– cpast
Feb 25 '13 at 8:17
The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works.
– MaQleod
Feb 25 '13 at 17:13
While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky.
– davidgo
Feb 25 '13 at 7:54
While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky.
– davidgo
Feb 25 '13 at 7:54
1
1
@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info.
– cpast
Feb 25 '13 at 8:06
@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info.
– cpast
Feb 25 '13 at 8:06
That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain.
– davidgo
Feb 25 '13 at 8:16
That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain.
– davidgo
Feb 25 '13 at 8:16
@davidgo This does get you contact info for the ISP, so you can report abuse there.
– cpast
Feb 25 '13 at 8:17
@davidgo This does get you contact info for the ISP, so you can report abuse there.
– cpast
Feb 25 '13 at 8:17
The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works.
– MaQleod
Feb 25 '13 at 17:13
The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works.
– MaQleod
Feb 25 '13 at 17:13
|
show 2 more comments
Once you find out IP, you have to go to the right Organisation. Now ICAAN have designated IPv4 range to huge organisation like apnic.net (for asia pacific) and ripe.net (for europe region). You can WHOIS search and find out to which organisation does the IP belongs to? And Later you may contact to corresponding organisation. I hope they might help.
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
add a comment |
Once you find out IP, you have to go to the right Organisation. Now ICAAN have designated IPv4 range to huge organisation like apnic.net (for asia pacific) and ripe.net (for europe region). You can WHOIS search and find out to which organisation does the IP belongs to? And Later you may contact to corresponding organisation. I hope they might help.
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
add a comment |
Once you find out IP, you have to go to the right Organisation. Now ICAAN have designated IPv4 range to huge organisation like apnic.net (for asia pacific) and ripe.net (for europe region). You can WHOIS search and find out to which organisation does the IP belongs to? And Later you may contact to corresponding organisation. I hope they might help.
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
Once you find out IP, you have to go to the right Organisation. Now ICAAN have designated IPv4 range to huge organisation like apnic.net (for asia pacific) and ripe.net (for europe region). You can WHOIS search and find out to which organisation does the IP belongs to? And Later you may contact to corresponding organisation. I hope they might help.
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
answered Feb 25 '13 at 10:52
grvpanchalgrvpanchal
6831611
6831611
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f556974%2fhow-to-find-out-the-host-for-a-dubious-website%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What are you trying to achieve exactly? If they host their own server its unlikely you will have any luck shutting them down, even if you do, they can replace their server within hours.
– Ramhound
Feb 25 '13 at 11:41