Whois and how to decipher the info
-
Hi There,
I was hoping for a lesson in reading a Whois entry. As you are aware, when comments and spam get onto ones blog, they are listed with email, IP and url if they have one. There is aslo a link to Whois.
Problem is that most of us have no clue as to what the information means, except the obvious (name, IP’s etc) and thus cannot decipher for ourselves if it is truly SPAM or not.Example: What appears to be a legit comment was left at my site and the whois says this:
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NLReferralServer: whois://whois.ripe.net:43
NetRange: 212.0.0.0 – 212.255.255.255
CIDR: 212.0.0.0/8
NetName: RIPE-NCC-212
NetHandle: NET-212-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-11-14
Updated: 2005-08-03# ARIN WHOIS database, last updated 2007-11-20 19:10
# Enter ? for additional hints on searching ARIN’s WHOIS database.Now because this shows multiple listings of IP addresses, I would normally mark it as SPAM and then delete it…. but how does one know for sure that is the right thing to do?
Could you give us some feedback as to how to decipher the WHOIS info please.
Any help is appreciated.
Thanks
gottabkd.wordpress.com -
-
This might help some: http://www.lookup-ip.com/main/02/ .
With the nameservers, you can take part of the address typically and put it into your browser address bar and find out more. Example: take ripe.net from the first nameserver and add it to http:// and you will be taken to their webpage where you can do some more investigation.
-
Thank you thesacredpath… useful to know.
@kimik0 …. the main page of what? Is that the same as http://www.lookup-ip.com/main/02/
Thanks all ;)
-
Here’s how I dmca’d a splogger stealing my stuff.
The site was i d e a h u s t l e .com
(No link because it’s a total theiving splog site)Got to http://dnsstuff.com
There is a WHOIS box on that site
Enter the domain name.The result shows a small amount of information but says the rest is at GoDaddy.
Use the link and you get to this page.That lists the person’s name, address, email.
It lists the domain registrar. In this case GoDaddy said they could do nothing as they did not host the site. Didn’t hurt to ask though.
It also lists the nameservers:Domain servers in listed order:
NS1.LIQUIDXHOST.COM
NS2.LIQUIDXHOST.COMSo going to http;//liquidhost.com found a real website and a real address for abuse reports.
So that’s where the dmca went. They actually shut his site down but then he removed the offending content and replaced it with new offending content. Make of that host what you want.So if they have not hidden their information then you do have some way to try and have a go back. If they have privacy controls it’s slightly more complex because you have to find out where the domain is being hosted and attack it that way.
(The splogger said on my blog that he had no idea what splogging was, that it was not his site, he would not do it again and more BS. He continues to steal.)
So you are not limited to just the RIPE information – go poke around http://dnsstuff.com
-
Another example.
Well known splog: universityupdate.com (Yes, those comments ARE spam)
It’s registered at Network Solutions and this is the results page.
It gives you a name but nothing else.
But it does give the nameservers: ns1.loosefoot.com
Going to http://loosefoot.com gets nothing
Googling that domain leads to http://lfchosting.com
And going there is a Policies link.
Seems like the place to send a complaint…… -
-
- The topic ‘Whois and how to decipher the info’ is closed to new replies.