Regarding advanced "whois" searches, question re-phrased...
Shawn Badger
shawn at badger.pro
Wed Sep 5 16:07:04 MST 2012
I did a google search for an IP and one of the hits was
http://www.malwaregroup.com/ipaddresses/details/#IP.HERE#
Just replace the #IP.HERE# with the IP of the server you are looking
at and it may give you a list of the domains tied the address. One big
note though, the list isn't complete by any means, but it may get you
some of the domains.
On Wed, Sep 5, 2012 at 1:10 AM, Michael Butash <michael at butash.net> wrote:
> What you want is to run a sql query against registrar databases, or api
> access to a game of questions against a whois server for possible domains
> from a dictionary. The former (i think/hope) isn't going to happen unless
> you work for one, and the later costs money as your queries equal hits
> against a db somewhere to query unique domain names, parsing for unique
> data. There may be pay services, but I would again hope not.
>
> If you were fbi you could tell every registrar to give you results of simply
> every record they have in csv, much like apple's leak of your udid info, to
> search/macro against. But, generally one cannot do this.
>
> I think ultimately it falls under a certain level of assumed privacy, or at
> least a cat and mouse game that you can't simply say "show me everything
> this person owns" via whatever api/protocol. If it's that nefarious of
> content, sounds like best to simply hand over to law enforcement. Unless of
> course it's more under the "morally questionable" category, that gets gray
> fast (could be most politicians or religions). They can do it at an icann
> level if it goes high enough (or pays the fee for api access to your info).
>
> If they run multiple websites and you have a sampling already, likely rather
> search engine aspects of their site, even at a html/css/js level, for common
> content and style. Might find things they're not stupid enough to use their
> names for.
>
> -mb
>
>
>
> On 09/04/2012 12:38 PM, Jim March wrote:
>>
>> OK, it turns out Mike Ballon's example won't work.
>>
>> Let me try to re-phrase the question:
>>
>> I have this rogue ISP/Webhost/Webdesign company - call 'em "badguycorp".
>> I don't want to say their name. They are hosting websites that are
>> legally and/or morally questionable.
>>
>> I want to find those websites.
>>
>> I have half a dozen or so known example domains that "badguycorp" is
>> hosting/running. Looking at their whois data, I know that the main
>> point of commonality is the name servers. All of them end in
>> badguycorp.net <http://badguycorp.net> - with different
>>
>> stuff preceding those. For example:
>>
>> ns3.tre.badguycorp.net <http://ns3.tre.badguycorp.net>
>> ns2.fds.badguycorp.net <http://ns2.fds.badguycorp.net>
>> ns1.jhg.badguycorp.net <http://ns1.jhg.badguycorp.net>
>>
>>
>> So. What I need to do is trawl for whois entries where the name
>> server(s) end in "badguycorp.net <http://badguycorp.net>", and report
>>
>> what those websites are.
>>
>> Is there a way to do this, by any method, Linux command line or otherwise?
>>
>> Thanks!
>>
>> Jim
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list