A good website to tell you where your email comes from, company domain registration, etc.

http://www.dnsstuff.com/

This is another one from Bill Weinman:

http://whois.bw.org/

This is another good free DNS lookup:

http://www.ip2location.com/default.aspx

DNS stuff.com is now asking people to sign up for USD $ 36 a year. But they also have a free account that you can sign up for to continue using their regular tools.

Yes Miyuki I had a warning from DNStuff to join or I would not have access, which is good security. They need your email address and they send you a password .....and spam you :D ...... i hope not !!!

This looks like a good place to find out who is Hacking or spamming you!

http://www.whos.com/spammer_track

If we don't have it in here, this is another good one:

http://www.ipligence.com/

Hey Doctor,
www.ipligence.com is gtreat:D

Win32Whois (Freeware) - small, fast and powerful whois client.

http://www.gena01.com/win32whois/

Net tools provides domain, ip searches, pings and tracers.

http://www.all-nettools.com/toolbox

this is one I just found. It looks good.

http://www.db.ripe.net/whois

American registry for Internet numbers (ARIN) [that one!]

http://www.arin.net/index.shtml

Free online network utilities, from Central Ops net. http://centralops.net/co/

Cool things you can do:

AnalyzePath - Do a simple, graphical traceroute.
AutoWhois - Get Whois records automatically for domains worldwide.
Browser Mirror - See what your browser reveals.
Domain Check - See if a domain is available.
Domain Dossier - Investigate domains and IP addresses. Get registrant information, DNS records, and more.
Email Dossier - Validate and investigate email addresses.
NsLookup - Look up various domain resource records with this version of the classic NsLookup utility.
Ping - See if a host is reachable.
Traceroute - Trace the network path from this server to another.
TcpQuery - Grab a web page, look up a domain, and more.

http://www.robtex.com/
It's free, very simple to use, & can be added to your browser's search-bar (definitely in Firefox, maybe in Internet Explorer).
You can go into great detail with this tool, or just get the simple stuff we mostly use in AFI.

Brief intro from the home-page. (It uses your IP as a clickable example)

swiss army knife internet tool
in the searchbox above you can search for:
RBL checks multible RBL:s if a specific is listed (YourIP)
DNS checks detailed dns information for a hostname (Yourhostname) or a domain (YourISPdomain)
IP-number checks ip number information such as dns reverse and forwards (YourIP)
C-net checks an entire c-network (yourCnet)
whois lookup checks whois information for a domain (YourISPdomain)
route checks a specific routed prefix ()
AS numbers checks information on an AS-number (AS ())
BGP announcements checks prefixes origined from a specific AS-number (AS)
AS macros checks who belongs to an AS-macro (example: as-ams-ix-peers)
RFC documents Request For Comments (rfc2822)
add engine to browser


A good tool, I use it a lot.

My IP > http://www.ip-adress.com/
IP > http://www.ip-adress.com/ip_tracer/
intarweb Speed test etc.> http://www.ip-adress.com/speedtest/
Headertool handy back up. > http://www.ip-adress.com/trace_email/
when forged header is submitted usually u get this > Email Header not valid. Please try again with a full valid email header.


Mob locate.. not tried but free trial > https://secure.mobilelocate.co.uk/MLRegister.htm

Its all good to trace IP addresses however keep in mind they can be faked or just rerouted, it all depends how good in computers someone is to establish and use proxies, mirror site and tunneling etc, by itself the IP locator can only provide an indication

http://www.wipmania.com/en/
These tools, which include an add-on for Firefox, give lot's more data about the site you're looking at, accurate location, ping, trace, reverse DNS, all from the context-menu, or an icon on the status-bar, & more on the main site.

Here's a new one I found.

http://cqcounter.com/whois/

Sorry to post on old thread but IP and domain trace are kinda right in my field of spam fighting. Here is couple with short explanations.

InterNIC WHOIS (http://www.internic.net/whois.html)
This covers ARIN, APNIC, LACNIC, RIPE and AFRINIC databases in .aero, .arpa, .asia, .biz, .cat, .com, .coop, .edu, .info, .int, .jobs, .mobi, .museum, .name, .net, .org, .pro, and .travel domains.
InterNIC is basically common peoples interface to communicate with ICANN (http://www.icann.org/) (the nets big boss) see also home http://www.internic.net/index.html and find own way to use it.

Jørgen Mash's DNS database list (http://moensted.dk/spam/)
Can trace IP or domain and uses huge database of blacklists ie. wide results.
Slightly confusing results and needs fair ammount of users judgement.

LPSCI.COM (http://www.spamid.net/)
Several easy tools to trace IP and a cesipher to process email headers with option to send abuses.

Cisco IronPort SenderBase Security Network (http://www.senderbase.org/)
Gives a good report to judge how reliable is an IP when talking about email source.
Needs users judgement and little bit of knowledge obtained by experience.
(IronPort is behind of easy and popular spam reporting service Spamcop.net (http://www.spamcop.net/)
Please register an accout there and post any abusive mail in.)

SORBS (http://www.au.sorbs.net/lookup.shtml)
Enter an address, netblock or hostname you wish to check.
Again more focused on spam but might be useful to spot a bad source.

AHBL (http://www.ahbl.org/)
The AHBL is a database of hosts that have been known to cause various forms of abuse on the Internet which includes UCE/UBE/spam, Denial Of Service attacks, cracking attempts, and much more.

Spamhaus (http://www.spamhaus.org/index.lasso)
This is not a real lookup service like others but they are recognized by New Scotland Yard, FBI and other major LE.
Focused in spam again but if you find IP here its propably really bad one.

I like to use http://cqcounter.com/whois.

Swiss Army Knife Internet Tool: http://robtex.com :D

Robotex is :cool:

@Techmaster
Link is not working here? Got an 404 error! http://cqcounter.com/ works but its just a web counter site. Does this need a registration?

Hmmm.... That's weird! For some strange reason, the embedded URL isn't working right. Let's try this URL: http://dawhois.com/

Same site as the above URL that isn't working right.

yep that works Techmaster :)
here's a few more:
http://cqcounter.com/whois/
http://www.webyield.net/
http://www.ip-adress.com/ip_tracer/
http://www.nextwebsecurity.com/LocationTools.asp
http://geomaplookup.net/
http://www.ipinfodb.com/index.php
http://centralops.net/co/
http://www.gaijin.at/en/ols.php

Another terrific tool is called squishy wishy woo (no, not a joke).
It can take some time to process your request, so patience is required.

http://dns.squish.net/
This version is new and still under testing, so there might be a few bugs lingering around.

If you run into any problems, you can still use the old version at http://www.squish.net/dnscheck/v1.html

Squish is good :)
http://headertool.apelord.com/ < is slow lately or down.
Its well worth giving this a try > http://www.gaijin.at/en/olsmailheader.php

http://www.nirsoft.net/utils/ipnetinfo.html is a handy download too

http://www.nirsoft.net/utils/ipnetinfo.html is a handy download too


Website nirsoft.net
Domain Hash ff396ff6f62ad65a4b0315efe84a5a8d
IP Address 69.73.166.124 [SCAN]
IP Hostname static-124-166-73-69.nocdirect.com
IP Country US (United States)
AS Number 3595
AS Name GNAXNET-AS - Global Net Access, LLC
Detections 1 / 23 (4 %)
Status SUSPICIOUS


Scanning site with: VSCAN DETECTED WARNING.

hxxp://headertool.apelord.com/ Is no longer active as far as I am aware.

Its security was in question so it is best not to use it even if it comes back.

Website nirsoft.net
Domain Hash ff396ff6f62ad65a4b0315efe84a5a8d
IP Address 69.73.166.124 [SCAN]
IP Hostname static-124-166-73-69.nocdirect.com
IP Country US (United States)
AS Number 3595
AS Name GNAXNET-AS - Global Net Access, LLC
Detections 1 / 23 (4 %)
Status SUSPICIOUS


Scanning site with: VSCAN DETECTED WARNING.


Sorry Master Yoda, but this is one time I have to disagree. I think you might be getting a false positive somewhere, as I've been using Ipnetinfo for three years now, along with quite a few of their other tools. There could be a piece of software on their site that might be suspicious, but it would be something that might have slipped by them accidentally. All in all, I believe the site is on the level and nothing there is intended to be malicious. They have been around for a long time and if their intentions were less than wholesome, they wouldn't be around today. Just my honest opinion.

It may be, so I did another scan with the same result.

Report 2011-08-30 08:01:08 (GMT 1)
Website nirsoft.net
Domain Hash ff396ff6f62ad65a4b0315efe84a5a8d
IP Address 69.73.166.124 [SCAN]
IP Hostname static-124-166-73-69.nocdirect.com
IP Country US (United States)
AS Number 3595
AS Name GNAXNET-AS - Global Net Access, LLC
Detections 1 / 23 (4 %)
Status SUSPICIOUS
Scanning site with: VSCAN DETECTED.
The date is not todays but should still be relevant.


I then did a scan of the IP

Report 2011-09-17 07:29:09 (GMT 1)
IP Address 69.73.166.124
IP Hostname static-124-166-73-69.nocdirect.com
IP Country US
AS Number N/A
AS Name N/A
Detections 1 / 26 (4 %)
Status SUSPICIOUS

Scanning IP with: MyWOT DETECTED

Maybe we need to do further checks, I can only report the results that I found.

Some of their tools do get picked up by some antivirus software but I suspect it's because of their behaviour in ferretting out info rather than true viral activity.

I hope so anyway: for one thing I use a lot of the tools and for another, how good would it look if my first post sent everyone to a virus site! :)

hxxp://headertool.apelord.com/ Is no longer active as far as I am aware.

Its security was in question so it is best not to use it even if it comes back.

Apelord is defunct, and has been replaced by http://www.iptrackeronline.com/header.php which offers a much better analysis output. The thread at Basic email header analysis tools - a short tutorial (http://antifraudintl.org/showpost.php?p=127305&postcount=2) has been updated to reflect this.

Maybe we need to do further checks, I can only report the results that I found.

I understand completely, due to the outrageous number of web sites out there that are viral. I stumble across infected sites all the time, and the new safe search shield in the newly released AVG 2012 (I use the free edition) has been doing a remarkable job in stopping exploit codes from executing. But I still think there is nothing to be feared with this particular site. However, it always pays to be cautious. It's common for criminals to hack into clean web sites and inject their viral codes into them.

This is a Firefox add-on that loads & searches the URL of the target site using several different tools, e.g. CentralOps, Netcraft, DomainTools, Robtex, amongst other sites, all with the click of a mouse on the PR icon. Simple, safe & quick, it saves having to copy-&-paste anything, & does not communicate with the target site at all from your machine.


https://addons.mozilla.org/en-US/firefox/addon/passiverecon

PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information.