How to find out the host for a dubious website?

I've recently received a spam email that links to a website of legally doubtful content. How can I find out the Internet provider for the site, such that I can complain about the site? The whois-service gives some information, but the data seems to be about the domain registration, not the actual hosting provider or ISP. Is there some other service where I can find out who to complain to? Or am I just reading the whois output wrong?

Hans-Peter Störr

Posted 2013-02-25T06:56:03.707

Reputation: 1 501

What are you trying to achieve exactly? If they host their own server its unlikely you will have any luck shutting them down, even if you do, they can replace their server within hours. – Ramhound – 2013-02-25T11:41:43.813

Answers

The question is a bit tricky. Whois is normally a good place to start as it gives you a feel for the site, including the nameservers which, if often, but not always give you a hint about the hosting provider.

In order to work out where a site is located, you need to get its IP address. This is as easy as doing a "ping" to the site. Even better, if you use traceroute it will show you all the hops between your computer and that site - and usually the hops immediately before will give you a clue of their ISP's router. Importantly, using traceroute will do a reverse lookup on the domains and this will help you work out who their ISP is. You can then google the results to try and find a contact detail for their domain name.

Another technique might be to look and see how mail is handled for the site, and see if there is a link (again, not always). To do this you need to do a DNS lookup for the MX record for the site. (Googling "MX Lookup") should help you come up with a tool for this. If they are farming their mail out to an ISP, you should be able to do a WHOIS to find more about the ISP and contact them.

davidgo

Posted 2013-02-25T06:56:03.707

Reputation: 49 152

If you look up their IP address, you can run a WHOIS on that IP to get the registration info for that address (which would include the ISP).

cpast

Posted 2013-02-25T06:56:03.707

Reputation: 2 279

While a Whois is a good idea, it does not include their ISP, it includes their registrar and technical contact - if you are lucky. – davidgo – 2013-02-25T07:54:21.487

1@davidgo Not if you run a whois on the IP address. That shows the IP registration info, not the domain name info. – cpast – 2013-02-25T08:06:17.347

That is a good technique. Of-course, it doesn't help if the ISP is purchasing a block of space from a bigger ISP who has the ARIN/APNIC/RIPE/AFRINIC etc block, but definately worth pointing out. The key being to do the whois on the IP rather then the domain. – davidgo – 2013-02-25T08:16:07.543

@davidgo This does get you contact info for the ISP, so you can report abuse there. – cpast – 2013-02-25T08:17:08.380

The given rule for contacting an abuse departments at any given isp is to use abuse@<isp_name>.com. That address almost always works. – MaQleod – 2013-02-25T17:13:11.660

@MaQleod - You must live on a very nice, quaint part of the Internet ! – davidgo – 2013-02-25T18:44:09.423

It might just be an america-centric ISP thing, but any ISP I've ever dealt with, including the ones I've worked for, have always had an abuse@ address. This goes for AT&T, Megapath, CenturyLink, etc – MaQleod – 2013-02-25T19:24:51.557

Once you find out IP, you have to go to the right Organisation. Now ICAAN have designated IPv4 range to huge organisation like apnic.net (for asia pacific) and ripe.net (for europe region). You can WHOIS search and find out to which organisation does the IP belongs to? And Later you may contact to corresponding organisation. I hope they might help.

grvpanchal

Posted 2013-02-25T06:56:03.707

Reputation: 748