Where can I find a list of what the numerical internet addresses mean?
I'm talking about the string of numbers that identify an web address
and shows the country and such of the folks that send me their spam
and phishing attempts daily
Well that's neat! Provides a whole lot more info that I want about me.
All I was looking for was to be able to identify country or origin to
see where the phishing junk is coming from
nslookup from a command prompt with that IP will tell you what it
resolves to. Another approach would be to install the Netcraft Toolbar
which, if you do get caught off-guard and navigate to a known phishing
site, warns you right in the browser in an inmistakable way that you're
not where you think you are. Traceroute (or tracert if you're on
windows) to the IP and you can see that way as well.
In reality, if you get a phish-looking email with an IP rather than a
name, yeah, it's not legit. I've been using the Netcraft Toolbar; if
it's one they don't know, I report it that way. Been a long time since
I found one before they did, though.
I always run my cursor over the link and read the real address before
going there. Seldom do the posted address and the real address match
up. I'm just curious if there is some system of numbers that make it
easy to spot when the site is in Niger or someother known location
that hosts these people- say a number that means Niger or something.
On Sun, 09 Sep 2007 06:12:44 -0700, with neither quill nor qualm,
Gerry quickly quoth:
My favorite is Whois Source, now known as
IP sourcing, DNS stuff, pings, traceroutes, domain sales, etc.
Free but requires signup. (I haven't seen any spam from them at all,
so I think it's just to weed out the email gleaners.)
Save the Endangered Bouillons from being cubed!
[ ... ]
No such luck. You have to do an individual nslookup on each IP.
Sometimes, you can get a good idea from the first octet (the numbers
before the first '.'), but not always. Europe is handled by RIPE, and
you'll find blocks of as small as 255 address (differing only in the
last octet) assigned to vastly different countries.
I use a program called "jwhois" in my unix system, though I had
to compile that from source. A just plain "whois" comes with unix, but
you often have to try two or three calls as it redirects you to
different whois servers before you get a hit. "jwhois" automates that.
Or -- you could do a lookup with geektools via the web, IIRC.
(I use their whois server for when jwhois gets confused, which happens
sometimes.) But I call it with whois, and if you don't have that,
you'll need to go to the web-based approach.
geektools puts a limit on the number of lookups per day from a
given site, though I've never hit it (yet).
They seem to have added a stumbling block for those trying to abuse it
by automated systems, but it should work for you.
I remember the old days when we had to specify which
whois server to check, and in order to automate that,
I downloaded the source to ipw and built/used that.
Worked great until ripe made changes that broke it...
but that's not required with FreeBSD or Debian today,
nor has it been for years. Just do, for instance,
$ whois 188.8.131.52
OrgName: Covad Communications Co.
Address: 2510 Zanker Rd.
City: San Jose
NetRange: 184.108.40.206 - 220.127.116.11