Saturday, July 3, 2010

Confirming and ip/email/web sites owner

Scammers will often try to make themselves look more presentable by hiring a web designer/programmer to make a professional site for them. Then they simply walk away with the code and content without paying and worst still use your work to scam a bigger fish, most likely with info in it that clearly identifies it as YOUR work.

Here are a couple of nslookup/dig/whois trace examples
nslookup 66.249.89.104
dig -x 66.249.89.104
dig 104.89.249.66.in-addr.arpa
whois  66.249.89.104

Normally you can trace digs actions to see what servers are being talked with however my DSL modems dns server doesnt seem to not support it. So I cant use it. Here it is anyway.
dig -x 66.249.89.104 +trace

Here is a manually worked trace
dig @a.root-servers.net 104.89.249.66.in-addr.arpa +norecurse
dig @V.ARIN.NET 104.89.249.66.in-addr.arpa +norecurse
dig @ns2.google.com 104.89.249.66.in-addr.arpa +norecurse
dig @ns1.google.com -x 66.249.89.104 +norecurse
For this trace the path ends at an SOA record

dig @a.root-servers.net www.google.com +norecurse
dig @g.gtld-servers.net  www.google.com  +norecurse
dig @ns1.google.com  www.google.com  +norecurse

Now what to do with that raw info. Here are some ways to figure out if its legit
  • Grab domain name with a dig or nslookup on the real ips/urls that find in the emails
  • Grab the who-is info off the urls and find the registered owners,
  • Check them against an scammer list like http://www.autosurfinfo.net/badiplist.html
Then Since your dealing with a company;
  • Google search the company and its affiliates, Using the info from the whois and what they claimed to be in there emails.
  • Then First confirm the basics about the company web site.
    • Confirm that your looking at the real companies site. Not some fake site that is trying to trick you into believing its part of the really company. ie microsoft.com vs microsoft.jack.com
    • Are they claiming to be a massive company and yet they have a website made by some crud web publishing.
    • Is the content all pictures or stolen text (possibly modified when taken from a 3rd party place)
    • Is the web site hosted in a free host somewhere
  • Then you want to look at the companies location and employer info;
    • Google map the location and look at the building with street view
    • Does it have the companies names/sign logo etc
    • Can the companies number of employees actually fit in the building/floor they claim to be on?
    • Does the office space even appear to be used?
    • Is the building/location appropriate for there type of business?
  • Then you want to look at the companies finance info;
    • How much operating cash do they have and how many employees, figure out the ratio of cash to employees then match that to what that employee would be payed yearly if the number is too far off then how are they paying employees?
    • Is size/wealth of company reflected in the web site. Why would a multi-million dollar company have a crub website?
    • And look over the products/services that they sell and search around for 3rd party info on
      it. Confirm that they really can make the cash they are talking about.

No comments:

Post a Comment