How can I find out who is hosting a certain domain? [duplicate]
I've got a friend who has been completely abandoned by his previous website guy. Yes, the guy was cut rate, and yes, you get what you pay for.
Anyway, he has asked me to help him untangle all that has been done. Starting now, he wants to know who is actually hosting his website. He knows for sure that the site is registered through GoDaddy, and he previously had the domain hosted there as well. He even prepaid his hosting contract through August 2011 I believe.
Now he's receiving hosting bills from 2 other companies as well (I don't know the names of the other 2 companies at this time). He THINKS that the programmer (who has dropped off the face of the earth) had moved it somewhere, but he doesn't know where it was moved.
Is there any way to tell from a WhoIs or some other method where the site is being hosted? Whois reports 1 IP address, traceroute reports a different IP address.
I'm more than a little outside my comfort zone. Any help or pointers would be much appreciated.
Have always found this a useful site.
WHOIS Site
First off get the IP address of the hosting server
[jim@smokey ~]$ dig www.dogisland.com ;; QUESTION SECTION: ;www.dogisland.com. IN A ;; ANSWER SECTION: www.dogisland.com. 7200 IN CNAME dogisland.com. dogisland.com. 7200 IN A 69.43.139.149 ;; AUTHORITY SECTION: dogisland.com. 7200 IN NS NS1.Realtown.com. dogisland.com. 7200 IN NS DNS1.InternetCrusade.com. ;; Query time: 198 msec ;; SERVER: 208.78.97.155#53(208.78.97.155) ;; WHEN: Mon Dec 7 15:26:34 2009 ;; MSG SIZE rcvd: 127
Notice who handles the "NS" records, they're who is handling the DNS hosting (which is often separate from the web hosting).
Next up, do a reverse DNS lookup on that ip address. Often there are clues in rDNS.
[jim@smokey ~]$ dig -x 69.43.139.149 ;; QUESTION SECTION: ;149.139.43.69.in-addr.arpa. IN PTR ;; ANSWER SECTION: 149.139.43.69.in-addr.arpa. 3600 IN PTR web22.icsandiego.com. ;; AUTHORITY SECTION: 139.43.69.in-addr.arpa. 3600 IN NS ns1.Realtown.com. 139.43.69.in-addr.arpa. 3600 IN NS dns1.internetcrusade.com. ;; Query time: 102 msec ;; SERVER: 208.78.97.155#53(208.78.97.155) ;; WHEN: Mon Dec 7 15:26:48 2009 ;; MSG SIZE rcvd: 140
Looks like "icsandiego" is the host here.
Third, whois the IP address.
[jim@smokey ~]$ whois 69.43.139.149
[Querying whois.arin.net]
[whois.arin.net]
Castle Access Inc ARIN-CASTLE-ALLOC (NET-69-43-128-0-1)
69.43.128.0 - 69.43.207.255
Internet Crusade ICSANDIEGO (NET-69-43-139-0-1)
69.43.139.0 - 69.43.139.255
# ARIN WHOIS database, last updated 2009-12-06 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
So here I can see that "Internet Crusade ICSANDIEGO" owns the IP address, which lines up with the dns and rdns from before. Given all this I'd google some of those company names and see where it got me.
So, try that for your domain.
I have found http://www.robtex.com/dns/ a very good DNS search tool that assembles lots of different relevant data.
nslookup hostname_of_site
whois the IP that is returned by nslookup.
A non-authorative answer means that your DNS server is giving you an answer for a domain that it's not authorative for, which is normal and expected.
At the end of the day, does it matter who's currently hosting the web site? What you need to determine is who is hosting the DNS zone for the domain in question. Once you have that information, you can contact them and have them point the DNS record for the web site anywhere you wish.