- Impact
- 16,250
Here is a question I'm often asked by n00bs and even
those that have been in this business for awhile.
The first part is simple but specifics can get complecated.
Thanks to our good friends at Softnik they have given us
an indepth summary to refer to.
==========================================
Whois is a protocol used to find information about
networks, domains and hosts. The whois records
normally include data on the organizations and the
contacts associated with these networks and domains.
Whois services operate through a whois server. Any one
can connect to a whois server and send a query. The
whois server will then respond to the query and close the
connection. Any one can run a whois server. For example
a company could run a whois server that provides
information about its various departments and employees.
The most common use of whois is for finding information
about domain names. For example, you can find
information on a domain (eg: microsoft.com) by querying
the appropriate whois server.
Let us assume you want to find the domain registration
details regarding "softnik.co.uk"
(There is a reason for using a domain name with a "co.uk"
extension instead of ".com". We will come to that later).
The whois server for UK domains is whois.nic.uk. So all
we need to do is connect to whois.nic.uk on port 43 (the
standard port defined for whois requests) and then send
the string softnik.co.uk followed by a carriage return
linefeed pair.
You can try this on your own!
From the Windows Start button select 'Run'. Now type
telnet whois.nic.uk 43
and click OK.
The telnet window will open up and briefly show a
'connecting..' message. Once the connection is made the
window will be blank. Now type in any UK domain (e.g.
microsoft.co.uk) and press enter (please note that the
telnet window will not display the text that is being typed
in)
You should be able to see the unformatted raw domain
record in the window.
The Internet address space allocation is managed by a
number of different organizations. These registries provide
IP allocation information through their whois servers.
To find the allocation information for a specific IP
address, query it first using the ARIN whois server. If the
IP address is allocated through any of the other registries
this information will be reported by ARIN. More lookups
will be required to locate the actual data.
When large IP blocks are allocated to a large organization,
there may be other whois servers internal to the
organization. This means even more lookups.
WhoisView is a free Windows software tool that makes
looking up IP addresses very simple. It will retrieve the
ownership information by digging through various whois
servers automatically. It will find information all other
similar tools are unable to or don't bother to locate.
American Region
The Internet numbering resources for North America is
managed by American Registry for Internet Numbers
(ARIN).
Web Site: www.arin.net
Whois Server: whois.arin.net
Asia/Oceania Region
Asia Pacific Network Information Centre (APNIC) serves
the Asia Pacific region, comprising the countries in Asia
and Australia.
Web Site: www.apnic.net
Whois Server: whois.apnic.net
Europe & Middle East
The RIPE Network Coordination Centre (RIPE NCC)
manages the IP allocation in Europe, The Middle East,
The North of Africa and parts of Asia.
Web Site: www.ripe.net
Whois Server: whois.ripe.net
Latin American & Caribbean Region
The Latin American and Caribbean IP address Regional
Registry (LACNIC), is the emerging organization that will
administer the Latin American and Caribbean Region IP
address space.
Web Site: www.lacnic.org
Whois Server: whois.lacnic.net
African Region
The African Network Information Center (AfriNIC), is the
emerging organization that will administer IP allocation for
Africa.
Web Site: www.afrinic.org
The most common use of whois is for looking up domain
names. This may be for checking available domain names
before registering or to locate information on the domain
name registrant.
The whois server for domain registration records are
maintained by the organization authorized to register
domain names. This depends on the specific domain
name extension.
There are a number of registrars for the popular Com, Net
and Org domains. This means that the actual domain
records are generally not available from a single whois
server.
Here is the procedure for looking up the popular top level
domains.
Query whois.crsnic.net (or rs.internic.net) for Com & Net
Domains or whois.publicinterestregistry.net for Org
Domains.
Check the returned records to see if the domain is already
registered. If it is, look for the authoritative whois server
Query the authoritative whois server to obtain the actual
whois records.
Whois View will perform the above steps automatically
and you will be able to obtain the actual whois records
straight away.
The other top level domain registrars maintain their own
whois servers. Some of the main domain extensions and
the whois servers are listed below.
INFO: whois.afilias.info
BIZ: whois.neulevel.biz
AERO: whois.information.aero
COOP: whois.nic.coop
NAME: whois.nic.name
For more information on the ICANN approved top level
domains please visit ICANN TLD Programs.
Whois servers normally accept connections on port 43.
This means that your whois client should be able to
transmit and receive data using this port.
If you are behind a firewall or proxy the whois lookups
may not work. If this is the case ask your system
administrator to open up port 43.
There is always a temptation to perform domain lookups
at high speeds using multiple threads. If you do this you
will soon start seeing outputs similar to the following
Welcome to the NSI Registrar Whois Server.
Your IP address is contained within a list of IP addresses
that may have failed to abide by Network Solutions'
Whois policy.
If you feel this is in error, please contact us at
1-888-642-9675 or (703)-742-0914 or at
[email protected].
Remember that whois servers are being used and abused.
Whois server administrators have responded with limits
on how many lookups may be performed per minute, per
day, etc.
If you are using a software like Watch My Domains or
Domain Name Analyzer you need to be careful about the
number of connections you make to the whois servers.
Here are some examples of the limits set by different
domain registrars. Please note that these are just a few
examples. Almost all registrars have similar limits in place.
Tucows (whois.opensrs.net) rejects multiple simultaneous
connections from the same IP. You will have to be
satisfied with one connection at a time.
BulkRegister (whois.bulkregiter.net) will immediately
block the IP temporarily if they notice a large number of
connections being made. This is done by their software
automatically.
Network Solutions (whois.networksolutions.com) will
block the IP temporarily if you do more than 1000
lookups in a day.
Go Daddy (whois.godaddy.com) will simply start hiding
all the relevant information from the returned whois text if
your IP gets in their list.
...most other registrars also have similar restrictions.
IMPORTANT:
If your internet connection has a permanent IP, you
should be very careful while using public resources like
whois servers. Make sure that your IP doesn't find its way
into various registrar ban lists. If you ever find your IP
banned give them a call and explain your situation. Find
out what got you banned and assure them that you will
follow their whois policy usage guidelines.
Verisign/Netsol provides bulk access to the WHOIS data
through a license agreement with them. For information,
send an e-mail message to bulkwhois @ netsol.com.
If you are behind a firewall or proxy the whois lookups
may not work. If this is the case ask your system
administrator to open up TCP port 43.
information. Whois View is an example.
Most of the time you just need a simple whois client to
lookup domains or IP addresses. Whois View is the ideal
solution if you are using the Windows platform.
There are times when your whois client software requires
more features and options.
The advanced features include ability to query multiple
whois servers simultaneously, perform high speed
lookups, provide processing of the whois output records,
ability to store the results in a database, caching the results
to prevent unnecessary lookups, etc.
Technically a "proxy" is a person or agency who has
authority to act for another. Whois Proxies act as an
intermediary between a whois client and whois servers.
Now, why would you need an intermediary for doing
whois lookups?
There are a number of reasons why a whois proxy is
useful.
Uses of a Whois Proxy
Whois proxies can act as a single point of contact
between the whois client and whois servers. Instead of the
whois client being aware of different whois servers it only
needs to communicate with the proxy. The proxy takes
care of deciding which whois server to connect to. This
has the advantage that any required code changes may be
made at the proxy (instead of updating every copy of the
whois client on multiple computers)
Whois proxies can cache the data reducing overall
network traffic to and from whois servers. For example, if
person A asks for specific domain record, the proxy first
checks if a fresh data is available in the local cache. If it is
not, the data is retrieved and supplied to A's whois client.
The data is also cached locally. If after a few minutes
person B asks for the same data, it is picked up from the
local cache and supplied to B. No connections are made
to the whois servers.
If you are behind a firewall that rejects direct connects to
port 43, you can try accessing a whois proxy that uses the
HTTP protocol. Since HTTP connects are almost never
prevented by a firewall, this method provides an easy way
to overcome network restrictions.
There are two types of top-level domains: generic and
country code. Generic Top Level Domains (gTLD) are
used on a global basis and include tlds like Com, Net, org,
Info, biz, Aero, etc.
Country code Top Level Domains (ccTLD) are meant for
use by individual countries, as they deem necessary.
Examples include .US, .UK, .AU, .IN, etc.
Some country code domains are open to registration on a
global basis. However most of the country code domains
are restricted.
The registries for country code TLDs maintain their own
whois servers. Here are a few examples
UK: whois.nic.uk
US: whois.nic.us
ca: whois.cira.ca
de: whois.nic.de
ws: whois.nic.ws
au: whois.aunic.net
nu: whois.nic.nu
Whois Results for Microsoft.Com
Have you tried looking up Microsoft.Com using
whois.crsnic.net (or rs.internic.net)?
This is what you will get back! (edited output)
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can
now be registered with many different competing
registrars. Go to http://www.internic.net for detailed
information.
MICROSOFT.COM.WILL.CRASH.IN.6MN.ORG
MICROSOFT.COM.WILL.BE.....WITH.MY.SPANNER
.NET
MICROSOFT.COM.WANADOODOO.COM
MICROSOFT.COM.SUX.BUT.PYROFREAK.ORG.R
ULEZ....
MICROSOFT.COM.SHOULD.....BECAUSE.LINUXIS
GOD.COM
MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTAL
FLOSS.CA
MICROSOFT.COM.IS.SOON.GOING.TO.THE....
MICROSOFT.COM.IS.NOT.SEXYCOOL.ORG
MICROSOFT.COM.HAS.ITS.OWN.CRACKLAB.CO
M
MICROSOFT.COM.FILLS.....BELLIGERENCE.NET
...
The Explanation
No, no one has cracked Microsoft's website or the
registry database. It is done by simply creating name
servers with those names.
If you look carefully, all those additional entries are not
top level domain names. They are all name servers. The
registry not only stores information on domain names but
also the name servers. So, if the owner of
myowndomain00.com creates a name server called, say
"microsoft.com.is.whatever.myowndomain00.com"
and registers it at their registrar as a valid name server, the
information will find its way into the registry zone file.
When you do a simple lookup for just "microsoft.com"
the whois server pulls out all entries that start with
'microsoft.com'. These entries will include not only
domain names but also name servers.
Looking up COM and NET Domains, the right way
So how do you find the actual information for
Microsoft.Com?
Add the word domain followed by a blank space before
the actual domain name. So in this case do a lookup for
domain microsoft.com
instead of just microsoft.com.
The above tells the whois server to pull out only domain
name records and not name servers.
Note that it is better to do the above for all Com and Net
domain lookups, since the same problem can occur with
any domain.
An often asked question is...
"Can we use a tool like Whois View or IP Lookup to
determine the geographical location of a site visitor?"
The answer is a partial yes. However there are a number
of issues involved depending on how you intend to
implement it.
There are no serious problems involved if you intend to
use IP address only as a method of roughly identifying the
geographical location. However it is not a good idea to
make important decisions based on the IP address of the
visitor.
Problems with geographical identification
Not all IP based identifications are accurate. IP lookups
only allow you to locate the address of an organization
that owns the block. It doesn't mean that the IP is actually
allocated/used in the same country (fortunately in most
cases the IP addresses are allocated in the same country).
People move around. Some one from France could move
to Germany during the weekend and then browse from
there. If your website uses the IP address to present a site
customized to the geographical area, ensure that there is a
way for your visitor to change the default selection (like
providing a drop-down box for selecting the country).
Even now there are sites that simply don't provide such an
option.
Your site visitor may be browsing using a proxy server
located in another country or continent. IP based
geographical identification will be completely inaccurate in
this case.
An area where IP address lookup is very useful is for
credit card fraud identification. If you are merchant who
ships costly products after taking a credit card payment
you would want to ensure that the order is is not made
using a stolen card.
One common feature of many fake credit card orders is
that the orders often originate from a different country.
If John Doe from Maryland, USA orders a product and
then you notice that his Internet Service provider is in a
totally different country, there is probably some thing
wrong. Use Whois View to check the IP address of the
person who made the order and verify that there is nothing
suspicious. Please note that people travel and the
purchase could be genuine. So don't always assume that
all such purchases are fraud.
==========================================================
So thats it for today fellow members.
I hope this was informative and answers
some your questions.
There is a lot more to the whois system
than could possibly be explained in one
article, or even one lifetime...
Basicly it's complicated because it's designed
to help, if that makes any sense.
--------
(It sux I have to disclaim before I tell you about a very cool company)
I have no connection with Softnik except that
they have an excelent catalog of outstanding
tools, both freeware and shareware, and I really
appreciate the full features he has allowed in the
demos. Man these are the timesavers and have
the "drill down" abilities that can make the difference
between xx and xxx. :gn:
Here are some of his freeware tools. If you have
never used DNA before, you are in for a real good
time and we'll see you in a few days....
>>> Softnik Technologies <<<
Domain Status
Domainfilter
Domain Name Analyzer
~ Cyberian ~
those that have been in this business for awhile.
The first part is simple but specifics can get complecated.
Thanks to our good friends at Softnik they have given us
an indepth summary to refer to.
==========================================
What is Whois?
Whois is a protocol used to find information about
networks, domains and hosts. The whois records
normally include data on the organizations and the
contacts associated with these networks and domains.
Whois services operate through a whois server. Any one
can connect to a whois server and send a query. The
whois server will then respond to the query and close the
connection. Any one can run a whois server. For example
a company could run a whois server that provides
information about its various departments and employees.
The most common use of whois is for finding information
about domain names. For example, you can find
information on a domain (eg: microsoft.com) by querying
the appropriate whois server.
Whois Lookup using Telnet
Let us assume you want to find the domain registration
details regarding "softnik.co.uk"
(There is a reason for using a domain name with a "co.uk"
extension instead of ".com". We will come to that later).
The whois server for UK domains is whois.nic.uk. So all
we need to do is connect to whois.nic.uk on port 43 (the
standard port defined for whois requests) and then send
the string softnik.co.uk followed by a carriage return
linefeed pair.
You can try this on your own!
From the Windows Start button select 'Run'. Now type
telnet whois.nic.uk 43
and click OK.
The telnet window will open up and briefly show a
'connecting..' message. Once the connection is made the
window will be blank. Now type in any UK domain (e.g.
microsoft.co.uk) and press enter (please note that the
telnet window will not display the text that is being typed
in)
You should be able to see the unformatted raw domain
record in the window.
IP Whois: Looking up IP addresses
The Internet address space allocation is managed by a
number of different organizations. These registries provide
IP allocation information through their whois servers.
To find the allocation information for a specific IP
address, query it first using the ARIN whois server. If the
IP address is allocated through any of the other registries
this information will be reported by ARIN. More lookups
will be required to locate the actual data.
When large IP blocks are allocated to a large organization,
there may be other whois servers internal to the
organization. This means even more lookups.
WhoisView is a free Windows software tool that makes
looking up IP addresses very simple. It will retrieve the
ownership information by digging through various whois
servers automatically. It will find information all other
similar tools are unable to or don't bother to locate.
Organizations responsible for IP allocations
American Region
The Internet numbering resources for North America is
managed by American Registry for Internet Numbers
(ARIN).
Web Site: www.arin.net
Whois Server: whois.arin.net
Asia/Oceania Region
Asia Pacific Network Information Centre (APNIC) serves
the Asia Pacific region, comprising the countries in Asia
and Australia.
Web Site: www.apnic.net
Whois Server: whois.apnic.net
Europe & Middle East
The RIPE Network Coordination Centre (RIPE NCC)
manages the IP allocation in Europe, The Middle East,
The North of Africa and parts of Asia.
Web Site: www.ripe.net
Whois Server: whois.ripe.net
Latin American & Caribbean Region
The Latin American and Caribbean IP address Regional
Registry (LACNIC), is the emerging organization that will
administer the Latin American and Caribbean Region IP
address space.
Web Site: www.lacnic.org
Whois Server: whois.lacnic.net
African Region
The African Network Information Center (AfriNIC), is the
emerging organization that will administer IP allocation for
Africa.
Web Site: www.afrinic.org
Domain Whois: Looking up Domain Names
The most common use of whois is for looking up domain
names. This may be for checking available domain names
before registering or to locate information on the domain
name registrant.
The whois server for domain registration records are
maintained by the organization authorized to register
domain names. This depends on the specific domain
name extension.
There are a number of registrars for the popular Com, Net
and Org domains. This means that the actual domain
records are generally not available from a single whois
server.
Whois lookup for Com, Net and Org Domains
Here is the procedure for looking up the popular top level
domains.
Query whois.crsnic.net (or rs.internic.net) for Com & Net
Domains or whois.publicinterestregistry.net for Org
Domains.
Check the returned records to see if the domain is already
registered. If it is, look for the authoritative whois server
Query the authoritative whois server to obtain the actual
whois records.
Whois View will perform the above steps automatically
and you will be able to obtain the actual whois records
straight away.
Whois lookup for other top level domains
The other top level domain registrars maintain their own
whois servers. Some of the main domain extensions and
the whois servers are listed below.
INFO: whois.afilias.info
BIZ: whois.neulevel.biz
AERO: whois.information.aero
COOP: whois.nic.coop
NAME: whois.nic.name
For more information on the ICANN approved top level
domains please visit ICANN TLD Programs.
Domain Whois: Port 43
Whois servers normally accept connections on port 43.
This means that your whois client should be able to
transmit and receive data using this port.
If you are behind a firewall or proxy the whois lookups
may not work. If this is the case ask your system
administrator to open up port 43.
High speed whois lookups
There is always a temptation to perform domain lookups
at high speeds using multiple threads. If you do this you
will soon start seeing outputs similar to the following
Welcome to the NSI Registrar Whois Server.
Your IP address is contained within a list of IP addresses
that may have failed to abide by Network Solutions'
Whois policy.
If you feel this is in error, please contact us at
1-888-642-9675 or (703)-742-0914 or at
[email protected].
Remember that whois servers are being used and abused.
Whois server administrators have responded with limits
on how many lookups may be performed per minute, per
day, etc.
Whois Lookup Policies
If you are using a software like Watch My Domains or
Domain Name Analyzer you need to be careful about the
number of connections you make to the whois servers.
Here are some examples of the limits set by different
domain registrars. Please note that these are just a few
examples. Almost all registrars have similar limits in place.
Tucows (whois.opensrs.net) rejects multiple simultaneous
connections from the same IP. You will have to be
satisfied with one connection at a time.
BulkRegister (whois.bulkregiter.net) will immediately
block the IP temporarily if they notice a large number of
connections being made. This is done by their software
automatically.
Network Solutions (whois.networksolutions.com) will
block the IP temporarily if you do more than 1000
lookups in a day.
Go Daddy (whois.godaddy.com) will simply start hiding
all the relevant information from the returned whois text if
your IP gets in their list.
...most other registrars also have similar restrictions.
IMPORTANT:
If your internet connection has a permanent IP, you
should be very careful while using public resources like
whois servers. Make sure that your IP doesn't find its way
into various registrar ban lists. If you ever find your IP
banned give them a call and explain your situation. Find
out what got you banned and assure them that you will
follow their whois policy usage guidelines.
Verisign/Netsol provides bulk access to the WHOIS data
through a license agreement with them. For information,
send an e-mail message to bulkwhois @ netsol.com.
Whois from behind a proxy server or firewall
If you are behind a firewall or proxy the whois lookups
may not work. If this is the case ask your system
administrator to open up TCP port 43.
Simple Whois Clients
Whois clients connect to a whois server and retrieve information. Whois View is an example.
Most of the time you just need a simple whois client to
lookup domains or IP addresses. Whois View is the ideal
solution if you are using the Windows platform.
Advanced Whois Clients
There are times when your whois client software requires
more features and options.
The advanced features include ability to query multiple
whois servers simultaneously, perform high speed
lookups, provide processing of the whois output records,
ability to store the results in a database, caching the results
to prevent unnecessary lookups, etc.
Whois Proxy
Technically a "proxy" is a person or agency who has
authority to act for another. Whois Proxies act as an
intermediary between a whois client and whois servers.
Now, why would you need an intermediary for doing
whois lookups?
There are a number of reasons why a whois proxy is
useful.
Uses of a Whois Proxy
Whois proxies can act as a single point of contact
between the whois client and whois servers. Instead of the
whois client being aware of different whois servers it only
needs to communicate with the proxy. The proxy takes
care of deciding which whois server to connect to. This
has the advantage that any required code changes may be
made at the proxy (instead of updating every copy of the
whois client on multiple computers)
Whois proxies can cache the data reducing overall
network traffic to and from whois servers. For example, if
person A asks for specific domain record, the proxy first
checks if a fresh data is available in the local cache. If it is
not, the data is retrieved and supplied to A's whois client.
The data is also cached locally. If after a few minutes
person B asks for the same data, it is picked up from the
local cache and supplied to B. No connections are made
to the whois servers.
If you are behind a firewall that rejects direct connects to
port 43, you can try accessing a whois proxy that uses the
HTTP protocol. Since HTTP connects are almost never
prevented by a firewall, this method provides an easy way
to overcome network restrictions.
Country Code Top Level Domains
There are two types of top-level domains: generic and
country code. Generic Top Level Domains (gTLD) are
used on a global basis and include tlds like Com, Net, org,
Info, biz, Aero, etc.
Country code Top Level Domains (ccTLD) are meant for
use by individual countries, as they deem necessary.
Examples include .US, .UK, .AU, .IN, etc.
Some country code domains are open to registration on a
global basis. However most of the country code domains
are restricted.
Whois Servers for ccTLDs
The registries for country code TLDs maintain their own
whois servers. Here are a few examples
UK: whois.nic.uk
US: whois.nic.us
ca: whois.cira.ca
de: whois.nic.de
ws: whois.nic.ws
au: whois.aunic.net
nu: whois.nic.nu
Strange Whois Results
Whois Results for Microsoft.Com
Have you tried looking up Microsoft.Com using
whois.crsnic.net (or rs.internic.net)?
This is what you will get back! (edited output)
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can
now be registered with many different competing
registrars. Go to http://www.internic.net for detailed
information.
MICROSOFT.COM.WILL.CRASH.IN.6MN.ORG
MICROSOFT.COM.WILL.BE.....WITH.MY.SPANNER
.NET
MICROSOFT.COM.WANADOODOO.COM
MICROSOFT.COM.SUX.BUT.PYROFREAK.ORG.R
ULEZ....
MICROSOFT.COM.SHOULD.....BECAUSE.LINUXIS
GOD.COM
MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTAL
FLOSS.CA
MICROSOFT.COM.IS.SOON.GOING.TO.THE....
MICROSOFT.COM.IS.NOT.SEXYCOOL.ORG
MICROSOFT.COM.HAS.ITS.OWN.CRACKLAB.CO
M
MICROSOFT.COM.FILLS.....BELLIGERENCE.NET
...
The Explanation
No, no one has cracked Microsoft's website or the
registry database. It is done by simply creating name
servers with those names.
If you look carefully, all those additional entries are not
top level domain names. They are all name servers. The
registry not only stores information on domain names but
also the name servers. So, if the owner of
myowndomain00.com creates a name server called, say
"microsoft.com.is.whatever.myowndomain00.com"
and registers it at their registrar as a valid name server, the
information will find its way into the registry zone file.
When you do a simple lookup for just "microsoft.com"
the whois server pulls out all entries that start with
'microsoft.com'. These entries will include not only
domain names but also name servers.
Looking up COM and NET Domains, the right way
So how do you find the actual information for
Microsoft.Com?
Add the word domain followed by a blank space before
the actual domain name. So in this case do a lookup for
domain microsoft.com
instead of just microsoft.com.
The above tells the whois server to pull out only domain
name records and not name servers.
Note that it is better to do the above for all Com and Net
domain lookups, since the same problem can occur with
any domain.
Site Visitor's Geographical Location
An often asked question is...
"Can we use a tool like Whois View or IP Lookup to
determine the geographical location of a site visitor?"
The answer is a partial yes. However there are a number
of issues involved depending on how you intend to
implement it.
There are no serious problems involved if you intend to
use IP address only as a method of roughly identifying the
geographical location. However it is not a good idea to
make important decisions based on the IP address of the
visitor.
Problems with geographical identification
Not all IP based identifications are accurate. IP lookups
only allow you to locate the address of an organization
that owns the block. It doesn't mean that the IP is actually
allocated/used in the same country (fortunately in most
cases the IP addresses are allocated in the same country).
People move around. Some one from France could move
to Germany during the weekend and then browse from
there. If your website uses the IP address to present a site
customized to the geographical area, ensure that there is a
way for your visitor to change the default selection (like
providing a drop-down box for selecting the country).
Even now there are sites that simply don't provide such an
option.
Your site visitor may be browsing using a proxy server
located in another country or continent. IP based
geographical identification will be completely inaccurate in
this case.
Credit Card Fraud Detection
An area where IP address lookup is very useful is for
credit card fraud identification. If you are merchant who
ships costly products after taking a credit card payment
you would want to ensure that the order is is not made
using a stolen card.
One common feature of many fake credit card orders is
that the orders often originate from a different country.
If John Doe from Maryland, USA orders a product and
then you notice that his Internet Service provider is in a
totally different country, there is probably some thing
wrong. Use Whois View to check the IP address of the
person who made the order and verify that there is nothing
suspicious. Please note that people travel and the
purchase could be genuine. So don't always assume that
all such purchases are fraud.
==========================================================
So thats it for today fellow members.
I hope this was informative and answers
some your questions.
There is a lot more to the whois system
than could possibly be explained in one
article, or even one lifetime...
Basicly it's complicated because it's designed
to help, if that makes any sense.
--------
(It sux I have to disclaim before I tell you about a very cool company)
I have no connection with Softnik except that
they have an excelent catalog of outstanding
tools, both freeware and shareware, and I really
appreciate the full features he has allowed in the
demos. Man these are the timesavers and have
the "drill down" abilities that can make the difference
between xx and xxx. :gn:
Here are some of his freeware tools. If you have
never used DNA before, you are in for a real good
time and we'll see you in a few days....
>>> Softnik Technologies <<<
Domain Status
Domainfilter
Domain Name Analyzer
:wave:
Peace,~ Cyberian ~
