Regarding advanced "whois" searches, question re-phrased...

Wed Sep 5 01:10:53 MST 2012

What you want is to run a sql query against registrar databases, or api 
access to a game of questions against a whois server for possible 
domains from a dictionary.  The former (i think/hope) isn't going to 
happen unless you work for one, and the later costs money as your 
queries equal hits against a db somewhere to query unique domain names, 
parsing for unique data.  There may be pay services, but I would again 
hope not.

If you were fbi you could tell every registrar to give you results of 
simply every record they have in csv, much like apple's leak of your 
udid info, to search/macro against.  But, generally one cannot do this.

I think ultimately it falls under a certain level of assumed privacy, or 
at least a cat and mouse game that you can't simply say "show me 
everything this person owns" via whatever api/protocol.  If it's that 
nefarious of content, sounds like best to simply hand over to law 
enforcement.  Unless of course it's more under the "morally 
questionable" category, that gets gray fast (could be most politicians 
or religions).  They can do it at an icann level if it goes high enough 
(or pays the fee for api access to your info).

If they run multiple websites and you have a sampling already, likely 
rather search engine aspects of their site, even at a html/css/js level, 
for common content and style.  Might find things they're not stupid 
enough to use their names for.

-mb

On 09/04/2012 12:38 PM, Jim March wrote:
> OK, it turns out Mike Ballon's example won't work.
>
> Let me try to re-phrase the question:
>
> I have this rogue ISP/Webhost/Webdesign company - call 'em "badguycorp".
>   I don't want to say their name.  They are hosting websites that are
> legally and/or morally questionable.
>
> I want to find those websites.
>
> I have half a dozen or so known example domains that "badguycorp" is
> hosting/running.  Looking at their whois data, I know that the main
> point of commonality is the name servers.  All of them end in
> badguycorp.net <http://badguycorp.net> - with different
> stuff preceding those.  For example:
>
> ns3.tre.badguycorp.net <http://ns3.tre.badguycorp.net>
> ns2.fds.badguycorp.net <http://ns2.fds.badguycorp.net>
> ns1.jhg.badguycorp.net <http://ns1.jhg.badguycorp.net>
>
> So.  What I need to do is trawl for whois entries where the name
> server(s) end in "badguycorp.net <http://badguycorp.net>", and report
> what those websites are.
>
> Is there a way to do this, by any method, Linux command line or otherwise?
>
> Thanks!
>
> Jim
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss