Spam Tracing Tools

All-Purpose Network Tools
Whois
Traceroute
Routing Tools
DNS Tools
Email Validation Tools
Safe Browsing
Server Usage

GFI MailEssentials for Exchange/SMTP – www.gfi.com/mes/

– Stop 98% of spam mail, including phishing emails, image spam and PDF spam!
Download GFI MailEssentials for Exchange/SMTP free 30 day trial today! FREEWARE version available with disclaimers.

Web Pages of Network Tools

These pages allow DNS lookups, whois, traceroute, and more.

DNSstuff - www.dnsstuff.com/
GeekTools - www.geektools.com/
network-tools - network-tools.com/
Web Based Network Tools - networktools.tk/, home.planet.nl/~houwe135/wbnt1/
Ad hoc IPTools Page - tatumweb.com/iptools.htm
Internet Tools Gateway - codeflux.com/exec/tools/
Tools for use with the internet - www.subnetonline.com/pages/network-tools.php
Demon External Tools - www.demon.net/external/
InfoSysSec Network Tools - www.infosyssec.com/infosyssec/ipsectools.htm
Serversniff - serversniff.net/index.php
Nerdlabs Tools - www.nerdlabs.org/tools/index.php
All Net Tools Network Toolbox - www.all-nettools.com/toolbox/network-tools.htm
LogBud - logbud.com/
Robtex - www.robtex.com/
Domain Tools - dns-tools.domaintools.com/
IP 4 Easy - www.ip4easy.com/
DNS Miner - www.dnsminer.com/
4 DNS Tools - www.4dnstools.com/
DNSgoodies - www.dnsgoodies.com/
DNS Right - www.dnsright.com/
W3dt - www.w3dt.net/
DNS Information - www.freednsinfo.com/
DNS Queries - www.dnsqueries.com/en/
H Security Internet Toolkit - www.h-online.com/security/services/

Windows Network Tools

net.demon downloads - www.netdemon.net/downloads/
eMailTracker.ro - www.emailtrackerpro.com/
NetInfo - netinfo.tsarfin.com/
URL Discombobulator - www.karenware.com/powertools/ptlookup.asp
Magic NetTrace - www.tialsoft.com/mnettrace/
Crime Scene Investigator - www.promailix.com/
PCHelp's Network Tracer - www.pc-help.org/trace.htm - DOS command line batch file
IP Search Toolbar - www.panix.com/~saint/ipsearch/
iNetTools - www.wildpackets.com/products/free_utilities/inettools/overview
Essential NetTools - www.tamos.com/products/nettools/

Unix Network Tools

SpamViz - www.spamviz.net/ - graphical network discovery
S-Trace - s-trace.sourceforge.net/ - graphical origin mapping

Mac Network Tools

WhatRoute - www.whatroute.net/
IPNetMonitor - www.sustworks.com/site/prod_ipmonitor.html
IPNetMonitor for OSX - www.sustworks.com/site/prod_ipmx_overview.html

Cross-platform Network Tools

Find Friends - www.grymoire.com/Spam/FF.pl - Perl
SpamFryer - oplnk.net/~ajackson/software/ - Perl
SpamViz - www.spamviz.net/ - graphical network discovery

Whois

Discover who owns an IP address or domain name.

Web Whois
Domain Searches
Whois Scripts
Whois Proxy Servers
Worldwide Whois

How to use Whois

Web Whois

These websites provide a universal whois service for any IP address or domain name.

GeekTools Whois Proxy - www.geektools.com/whois.php - at m5computersecurity
BW Whois - whois.bw.org/ - at heypete, cybernode, thover
CyberAbuse Whois - www.fr2.cyberabuse.org/whois/
SamSpade.org - samspade.org/
Whois Proxy - www.antispam.ru/cgi-bin/1/whois
whois-server - antispam.rin.ru/whois.html
WHOIS Domain Query - www.opinionatedgeek.com/DotNet/Tools/Whois/
Search For Any Domain In The World - www.alldomains.com/
Whois Finder - www.whoisfinder.com/
Abfrage von whois-Datenbanken - www.iks-jena.de/cgi-bin/whois
SecuritySpace whois - www.securityspace.com/swhois/whois.html
Whois365 - www.whois365.com/en/
Whois gateway - pgl.yoyo.org/whois/

Domain Searches

DomainTools - www.domaintools.com/
Search Web by Domain - searchdns.netcraft.com/
Project Cyberdawn Domain Name List - www.w3dt.net/lists/dnl/

Whois Proxy Tools

Wrappers or proxies for whois save knowing the server to look up a query at.

Unix Whois Proxy Scripts
Windows Whois Proxy Tools
Other Whois Proxy Scripts

Unix Whois Proxy Scripts

GeekTools Software - www.geektools.com/software.php
wp.cgi Whois Proxy - wp-whois-proxy.sourceforge.net/
BW Whois - whois.bw.org/
jwhois - www.gnu.org/software/jwhois/
whoiss - www.roble.com/docs/whoiss
gwhois - www.iecc.com/gwhois
debian whois - ftp.debian.org/debian/pool/main/w/whois/
Front-end to Internet Whois - unixwiz.net/tools/whois.html

Windows Whois Proxy Tools

Several of the tools here also provide whois functions.

CyberAbuse Whois - www.fr2.cyberabuse.org/whois/
Karen's WhoIs - www.karenware.com/powertools/ptwhois.asp
HotWhois - www.tialsoft.com/hwhois/
"Whois" for Windows - www.cix.co.uk/~net-services/spam/whois.htm
Tafweb Whois - www.tafweb.com/whois.html
SmartWhois - www.tamos.com/products/smartwhois/

Other Whois Proxy Scripts

ASPNet Whois - www.aspnetwhois.com/ - ASP
phpWhois - phpwhois.com/ - PHP
rxwhois - purl.net/xyzzy/src/rxwhois.cmd - REXX script working on OS/2
Net::XWhois - search.cpan.org/dist/Net-XWhois/ - Perl
iwhois - seegras.discordia.ch/Programs/iwhois - Perl

Whois Proxy Servers

These servers will proxy whois requests to the correct whois server, and can be integrated with scripts.
You can use these servers to handle any IP and domain whois lookups.

Thur.de - whois.thur.de
Geektools - whois.geektools.com - see: whois.geektools.com/cgi-bin/proxy.cgi
Whois-servers - <tld>.whois-servers.net - e.g. us.whois-servers.net - see: www.whois-servers.net/
Cyberabuse - whois.cyberabuse.org - see: www.fr2.cyberabuse.org/whois/

Worldwide WHOIS

RIR (IP Space) Whois
Namespace Whois
Worldwide Whois

RIR (IP Space) Whois

Regional Internet Registries (RIRs) assign IP addresses to countries within their region. RIRs make a list of to whom they have assigned IP address available via whois. You can access whois either via the whois service or by accessing these websites.

ARIN - https://ws.arin.net/whois - North America (whois.arin.net)
APNIC - www.apnic.net/ - Asia-Pacific and Australia (whois.apnic.net)
RIPE - www.db.ripe.net/whois - Europe (full text search) (whois.ripe.net)
LACNIC - www.lacnic.net/en/ - Latin America and Caribbean (whois.lacnic.net)
AfriNIC - www.afrinic.net/ - Africa (whois.afrinic.net)

Namespace Whois

Generic Top-Level Domains - www.iana.org/domains/root/db/ - gTLDs
Root-Zone Whois Index by TLD Code - www.iana.org/domains/root/db/ - ccTLDs
Domain name registries around the world - www.norid.no/domenenavnbaser/domreg.html - ccTLDs
IANA Whois Service - whois.iana.org/ - limited to .int and details of TLD ownership
AfriDNS - afridns.org/ - African domain names
ICANN-Accredited Registrars - www.icann.org/en/registrars/accredited-list.html
Whois Proxy for .KR cc-tld - www.chebucto.ns.ca/~af380/kr-whois.html - .kr

Worldwide Whois

List of Internet whois servers - ftp://sipb.mit.edu/pub/whois/whois-servers.list

Traceroute

Traceroute Websites
Traceroute Applications

How Traceroute Works

Traceroute Websites

tracert - tracert.com/trace_exe.html, www.tracert.com/
traceroute.org - www.traceroute.org/
GeekTools Traceroute - www.geektools.com/traceroute.php
Reverse Traceroute/Looking Glass Search - www.caida.org/cgi-bin/reversetraceroute/assearch.cgi/
Traceroute Wiki - www.bgp4.net/tr
PI NOC Advanced Traceroute (TCP traceroute) - noc.pacific.net.sg/advancetools/traceroute.html
Traceroute Mesh Server - tr.meta.net.nz/tr.php
TCP, ICMP, UDP and Layer4 traceroute from ServerSniff - serversniff.net/

Traceroute Applications

Unix Traceroute Applications
Windows Traceroute Applications

Unix Traceroute Applications

Unix comes with the standard “traceroute” tool, used from the command line. These tools provide additional power and flexibility and can prove useful if a spammer is falsifying results to normal traceroutes.

tcptraceroute - michael.toren.net/code/tcptraceroute/
hping - www.hping.org/
TraceProto - traceproto.sourceforge.net/
Xtraceroute - www.dtek.chalmers.se/~d3august/xt/
Layer Four Traceroute (LFT) - pwhois.org/lft/
Path Analyzer Pro - www.pathanalyzer.com/ - Linux and OS X

Windows Traceroute Applications

Ping Plotter - www.pingplotter.com/
VisualRoute - www.visualiptrace.com/
3d Traceroute - www.hlembke.de/prod/3dtraceroute/
NetScanTools Pro Traceroute - www.netscantools.com/nstpro_traceroute.html
hping - www.hping.org/
Path Analyzer Pro - www.pathanalyzer.com/

Routing Tools

You can check which providers are giving a spammer connectivity (if he has his own AS) using these tools.

RIPE RIS - www.ripe.net/ris/
FixedOrbit - www.fixedorbit.com/
Java Autonomous System Path VIsualisation - lab.verat.net/Jaspvi/
CIDR Report - www.cidr-report.org/
Team Cymru IP to ASN Lookup - asn.cymru.com/
BGPLay @ Routeviews - bgplay.routeviews.org/bgplay/
Robtex AS - www.robtex.com/as/
BGP-Inspect-Routeviews - bgpinspect.merit.edu/
Netlantis - www.netlantis.org/
PWhois - pwhois.org/webquery.who

Query Routeviews and Cymru by DNS:

Get AS records for IP a.b.c.d (DNS query for the TXT record of d.c.b.a.<server>):

Routeviews - asn.routeviews.org or aspath.routeviews.org - see: www.routeviews.org/
Cymru - origin.asn.cymru.com or peer.asn.cymru.com - see: www.team-cymru.org/Services/ip-to-asn.html

Query RIPE RIS, Cymru and PWhois by whois (whois -h <server> a.b.c.d):

RIPE - riswhois.ripe.net - see: www.ripe.net/ris/
Cymru - whois.cymru.com and peer.whois.cymru.com - see: www.team-cymru.org/Services/ip-to-asn.html
PWhois - whois.pwhois.org - see: pwhois.org/webquery.who

Email Validation Tools

You can attempt to validate that a mailbox is real and will accept mail with these tools.

Test an email address - www.hq42.net/net_tools/test_email_addr.php
Validate email addresses - hexillion.com/asp/samples/ValidateEmail.asp
Validate email addresses - coveryourasp.com/ValidateEmail.asp
Email Address Checker - www.rolosoft.com/software/email-check/wa/lite/validate.aspx

DNS Tools

These tools provide information on the DNS servers for a domain. If you wish to look up hostnames or ip addresses to get DNS information use one of the all-purpose tools. On systems with BIND installed, use DIG.

DNS Tool Downloads
DNS Tools Online
DNS Enumeration

DNS Tool Downloads

dnstracer - www.mavetju.org/unix/dnstracer.php - get the binary here: www.mavetju.org/unix/general.php
DIG for Windows - pigtail.net/LRP/dig/ - Windows
nsbatch - www.jimprice.com/jim-soft.htm#nsbatch - Windows

DNS Tools Online

Squish.net dns checker for experts - www.squish.net/dnscheck/
DNSCHECK - www.dnscheck.se/
Alentus Name Service Delegation Check - dns.alentus.com/
The DNS Sleuth - atrey.karlin.mff.cuni.cz/~mj/sleuth/
DNS Auth Trace - freedns.afraid.org/
DNS Bajaj - www.zonecut.net/dns/
Quick DNS Check - pingability.com/zoneinfo.jsp
DNS Colos DNS Report - www.dnscolos.com/free-dns-report.html
intoDNS - www.intodns.com/
DNS History - dnshistory.org/

DNS Enumeration

These tools can be used to proactively discover hosts that exist for a particular domain. Although not malicious, they are more aggressive than other tools and should only be used if you understand why you are using them.

nmap with -sL option - insecure.org/nmap/
Virtual Hosts Hacking - www.revhosts.net/index.php?title=Main_Page
Reverse DNS for a subnet - abuso.cantv.net/p/dyn.cgi
Fierce Domain Scan - ha.ckers.org/fierce/
dnsenum - www.filip.waeytens.easynet.be/
Virtual Host Enumerator (venum) - www.ikwt.com/projects/venum/
TXDNS - www.txdns.net/
Reverse DNS (for a /24) - www.nerdlabs.org/tools/revdns.php

Server Usage

Safe Browsing

Safe Browsers
Web Link Malware and Rating Checkers

Safe Browsers

“Safe” (or text based) browsers are available online, and are also available in some of the Windows anti-spam tools.

Web Sniffer - web-sniffer.net/ - web-based
wannaBrowser - www.wannabrowser.com/ - web-based
Sleuth - www.sandsprite.com/Sleuth/
Spamstopper's notebook: curl - www.rickconner.net/spamweb/tools-curl.html
Down for everyone or just me? - downforeveryoneorjustme.com/ - web-based up/down checker

Web Link Malware and Rating Checkers

SCOUT — Speedy Complete Online URL Test - www.nz-honeynet.org/cwebservice.php
LinkScanner Online - linkscanner.explabs.com/linkscanner/
SmartFilterWhere URL checker - www.trustedsource.org/TS?do=feedback&subdo=url
FinJan URL Analysis - www.finjan.com/Content.aspx?id=574
FortiGuard Web Filtering URL submission - www.fortiguardcenter.com/webfiltering/webfiltering2.html
Site Truth - www.sitetruth.com/yhoo.html
Browser Defender - www.browserdefender.com/
Web Security Guard - www.websecurityguard.com/
McAfee SiteAdvisor - www.siteadvisor.com/
Dr. Web Online Scanner - vms.drweb.com/online/
Norton SafeWeb from Symantec - safeweb.norton.com/
Web of Trust (WOT) - www.mywot.com/
LinkExtend - www.linkextend.com/

Server Usage

These services can be used to expand knowledge of servers used by spammers, variously allowing you to look up webservers running in an IP range, domains sharing a name server, mail servers sending from a subnet or virtual webservers running on the same network address.

Netcraft “What's that Site Running” - uptime.netcraft.com/
Directi Advanced WHOIS Lookup! - whois.webhosting.info/
Senderbase - www.senderbase.org/senderbase_queries/main?searchString=
Web-Max Reverse Whois Lookup - tools.web-max.ca/websitesonip.php
RUS CERT Passive DNS Replication - cert.uni-stuttgart.de/stats/dns-replication.php
DomainTools Reverse IP - www.domaintools.com/reverse-ip/ - needs login
DOMAINSDB.NET - www.domainsdb.net/
Hostnames for IP Addresses - serversniff.net/content.php?do=hostonip
MSN Live search by IP address - help.live.com/help.aspx?mkt=en-gb&project=wl_searchv1#sr0 - use IP:<IP address>
Gigablast search by IP address - www.gigablast.com/index.php?page=help - use IP:<IP address>
TrustedSource - trustedsource.org/
The Whole Internet - thewholeinternet.wordtothewise.com/

everything you didn't want to have to know about spam

Hosted by spam.abuse.net, with help from Neil Schwartzman. Domain registration by Gregg DesElms. Logo by Art101.

This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 02-Jan-2010