Find out who owns a phishing site?

[cross6]

A phishsing/adsense spam site is targeting our company. They've put up sever sites that now show up pretty highly ranked in google.


I tried whois but it doesn't yield much - any other avenues of exploration?

Our lawyers are hungry for details lol.

 

[n0cmonkey]

nslookup www.site.com

Then a whois at arin, ripe, or apnic on the IP. That should give you the owner of the IP address, and they should have contact information available. Sorry if I just repeated the whois you already tried.

 

[InlineFive]

Or you could look at the message headers for other domain and IP information.

 

[cross6]

Originally posted by: InlineFive
Or you could look at the message headers for other domain and IP information.

no emails

 

[cross6]

ok I just searched the arin whois and it says no records found - but the urls definately work. I tried with and without the WWW.

 

[jlazzaro]

care to share?

 

[n0cmonkey]

If ARIN doesn't have a record for the ip address try RIPE. If RIPE doesn't have it, try APNIC. Those are the big 3, one of them will probably have it.

 

[cross6]

Site in question is:


www.dowlafcu.com

 

[TC10284]

After doing a ping on their url and then a whois on ARIN, I got some information on the IP ping returned.
However, when searching up the web address in NSLOOKUP, if I drill down to closer DNS servers from a.root-servers.net, I am returned a different IP (which I won't post publicly on here). I doubt any of that helps but just a thought.

 

[cross6]

Originally posted by: TC10284
After doing a ping on their url and then a whois on ARIN, I got some information on the IP ping returned.
However, when searching up the web address in NSLOOKUP, if I drill down to closer DNS servers from a.root-servers.net, I am returned a different IP (which I won't post publicly on here). I doubt any of that helps but just a thought.

Which means.......