8. Internet Service Provider
In what - at least for the time being - is the final step, you contact the ISP via any of the options provided in the contact information filed in the "org" handle.
Linux/BSD/Unix (1/2)
$ whois -T aut-num AS20738
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to 'AS20738'
% Abuse contact for 'AS20738' is 'abuse@hosteurope.de'
aut-num: AS20738
as-name: AS20738
org: ORG-OG1-RIPE
remarks: ************************
remarks: **** TRANSIT ****
remarks: ************************
import: from AS1299 accept ANY
import: from AS3549 accept ANY
export: to AS1299 announce AS-WEBFUSION
[...]
[... Lots of lines with import/export removed...]
[...]
export: to AS41095 announce AS-WEBFUSION
admin-c: HM2819-RIPE
tech-c: HM2819-RIPE
remarks: ============================================================================
remarks: ============================================================================
remarks: For information on "status:" attribute read https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources
status: ASSIGNED
mnt-by: MNT-WEBFUSION
mnt-lower: MNT-WEBFUSION
mnt-routes: MNT-WEBFUSION
mnt-by: RIPE-NCC-END-MNT
created: 2002-08-29T09:45:39Z
last-modified: 2016-04-29T13:56:05Z
source: RIPE # Filtered
organisation: ORG-OG1-RIPE
org-name: Host Europe GmbH
org-type: LIR
address: Hansestrasse 79
address: 51149
address: Cologne
address: GERMANY
phone: +49220310457575
fax-no: +49220310457121
admin-c: JOKO
admin-c: HONK
admin-c: SEPP
admin-c: MOMO
admin-c: METT
abuse-c: HEAH
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MNT-HEG
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-HEG
created: 2004-04-17T11:11:01Z
last-modified: 2016-07-22T06:43:10Z
source: RIPE # Filtered
role: Hostmaster Contact
address: Unit 4
address: The Tristram Centre
address: Brown Lane West
address: Leeds
address: LS12 6BF
address: United Kingdom
admin-c: PB11287-RIPE
admin-c: AC23366-RIPE
tech-c: PB11287-RIPE
tech-c: AC23366-RIPE
nic-hdl: HM2819-RIPE
abuse-mailbox: abuse@webfusion.com
remarks: ------------------------------------------------------
remarks:
remarks: Please direct Abuse complaints to abuse@webfusion.com
remarks: Complaints directed elsewhere will not be actioned.
remarks:
remarks: ------------------------------------------------------
mnt-by: MNT-WEBFUSION
created: 2008-06-12T07:38:24Z
last-modified: 2015-01-12T16:51:25Z
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.87.4 (DB-1)
Linux/BSD/Unix (2/2)
$ whois -T organisation ORG-OG1-RIPE
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to 'ORG-OG1-RIPE'
organisation: ORG-OG1-RIPE
org-name: Host Europe GmbH
org-type: LIR
address: Hansestrasse 79
address: 51149
address: Cologne
address: GERMANY
phone: +49220310457575
fax-no: +49220310457121
admin-c: JOKO
admin-c: HONK
admin-c: SEPP
admin-c: MOMO
admin-c: METT
abuse-c: HEAH
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MNT-HEG
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-HEG
created: 2004-04-17T11:11:01Z
last-modified: 2016-07-22T06:43:10Z
source: RIPE # Filtered
person: Malte von dem Hagen
address: Hansestrasse 79
address: 51149 Koeln
phone: +49 2203 1045 0
nic-hdl: HONK
created: 2007-01-19T13:33:06Z
last-modified: 2015-11-04T13:56:08Z
source: RIPE # Filtered
mnt-by: HOSTEUROPE-MNT
person: Joerg Krohn
address: Hansestrasse 79
address: 51149 Koeln
phone: +49 2203 1045 0
nic-hdl: JOKO
created: 2015-11-04T13:21:00Z
last-modified: 2015-11-04T13:21:00Z
source: RIPE # Filtered
mnt-by: HOSTEUROPE-MNT
person: Stefan Schmitz
address: Welserstrasse 14
address: 51149 Koeln
phone: +49 2203 1045 0
nic-hdl: METT
created: 2009-02-18T11:51:07Z
last-modified: 2009-02-18T11:51:07Z
source: RIPE # Filtered
mnt-by: HOSTEUROPE-MNT
person: Maurice Boltze
address: Welserstrasse 14
phone: +49 2203 1045 0
nic-hdl: MOMO
created: 2014-04-16T11:08:08Z
last-modified: 2014-04-16T11:08:08Z
source: RIPE # Filtered
mnt-by: HOSTEUROPE-MNT
person: Sebastian Gips
address: Welserstrasse 14
address: 51149 Koeln
phone: +49 2203 1045 0
nic-hdl: SEPP
created: 2010-07-23T14:23:06Z
last-modified: 2010-09-08T11:44:23Z
source: RIPE # Filtered
mnt-by: HOSTEUROPE-MNT
% This query was served by the RIPE Database Query Service version 1.87.4 (DB-2)
Web-Whois (1/2)
Web-Whois (2/2)
Once you have received the name of a tangible contact, you go on asking for the customer, contract and product information.
In this context, you should also be sure to request payment details (e.g. credit card number).
Bear in mind that if false information was already submitted to the DNR, it won't be any different here.
However, the ISP should have physical access to the server and be able to save the appropriate data so that it can be used in a court case.
Due to
MaxMind,
there is also the option to filter specific ISPs for the
ASN.
(Click for more details.)
$ readonly ASN="AS3320"
$ while read IP ; do
if geoiplookup "${IP}" \
| grep --fixed-strings "GeoIP ASNum Edition: ${ASN}" \
> /dev/null 2>&1 ; then
printf "${IP}\n"
fi
done < ipliste.txt
2.163.27.10
79.210.217.243
79.211.37.154
79.211.37.31
79.211.37.63
79.211.38.145
79.211.38.193
79.211.39.232
79.247.224.12
80.136.31.113
[...]
(Here, I would refer as a supplement to "my" shell script
"geoipfilter".)