Re: [mailop] domain research tools?

2016-07-28 Thread Luis E. Muñoz 



On 28 Jul 2016, at 8:47, Michael Wise via mailop wrote:


Sometimes, for the guys we hunt, the only evidence is metadata.


+1000

Also, for the record, domain Registries often are ignorant on who the 
actual registrant is. This information can be more reliably extracted 
from the Registrar, and even in those cases, with a sizable grain of 
salt.


Domain Privacy services are an easy (and most often, automatic) add-on 
that increases revenue for the registrars, so it’s natural that they 
push it whenever they can.


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Luis E. Muñoz 
And of course, there’s most(1) which is what currently replaces my 
former use of less(1).


On 28 Jul 2016, at 8:16, Hugo Slabbert wrote:

On Thu 2016-Jul-28 09:05:22 -0600, Anne Mitchell  
wrote:




… I just call `whois` from BASH and pipe the results into `less`.


I do this too, except I use 'more'.  Is there a quantifiable 
difference between 'less' and 'more'? Or, perhaps, less is more? ;-)


In a matter of speaking, yes:

---
more(1)

DESCRIPTION
more  is  a  filter for paging through text one screenful at a time.  
This version is especially primitive.  ***Users should realize that 
less(1) provides more(1) emulation plus extensive enhancements.***

---

(emphasis mine)

Fom my purposes, `less` provides simpler navigation, and `more` always 
felt tailored to always moving forward not back.  There is:


   b or ^B Skip backwards k screenfuls of text.  Defaults to 
1.

   Only works with files, not pipes.

...but `less` just seemed simpler to navigate.



Anne


--
Hugo

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Michael Wise via mailop 
Okay, NOW we're getting to some stuff that is distinct, but ... The problem for 
me is having solid evidence against a domain that was created 5 minutes ago, 
with forged or PrivacyGuard-ed credentials... Sometimes you just have to fall 
back to IP rep and header analysis. Or just say, "This was created 5 minutes 
ago..." and deal with it appropriately.

Probably a bigger issue for ESPs than those of us playing defense.

Sometimes, for the guys we hunt, the only evidence is metadata.

Aloha,
Michael.
--
Sent from my Windows Phone

From: Neil Schwartzman<mailto:n...@cauce.org>
Sent: ‎7/‎28/‎2016 7:14 AM
To: mailop<mailto:mailop@mailop.org>
Cc: Autumn Tyr-Salvia<mailto:tyrsal...@gmail.com>
Subject: Re: [mailop] domain research tools?

Domaintools has an API and, as noted reverse whois, alerts on brands, IPs, and 
nameservers.

As well I’d add pDNS to your toolkit (Domaintools does NOT do passive). I 
recommend Zetalytics (April), a virustotal paid account & and Vixie’s offerings 
at Farsight Security.


On Jul 28, 2016, at 9:57 AM, Ryan Harris via mailop 
mailto:mailop@mailop.org>> wrote:

Domaintools.com<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdomaintools.com&data=02%7c01%7cmichael.wise%40microsoft.com%7c544b287025e449d972e908d3b6f1858c%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636053120872282404&sdata=5k%2b4%2fRylU3Te8fMN922k7CDre6smCxqyF9yI%2bx1v7UA%3d>
 is pretty nice. If you pay for their service they have a reverse whois that 
can show you other domains that are most likely connected to the shady domain 
you are looking at.


Ryan

On Thu, Jul 28, 2016 at 7:37 AM, Kurt Jaeger 
mailto:mai...@opsec.eu>> wrote:
Hi!

> Do you do any domain research in the course of your work? If so, what tools
> do you use for research [...]

http://www.domaintools.com/<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.domaintools.com%2f&data=02%7c01%7cmichael.wise%40microsoft.com%7c544b287025e449d972e908d3b6f1858c%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636053120872282404&sdata=GZSWE5AUterNhAGv6T84jU%2bargwEmwXUI0nVXvoG%2fwg%3d>

has some services, for some EUR/$.

--
p...@opsec.eu<mailto:p...@opsec.eu>+49 171 
3101372 4 years to go !

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=02%7c01%7cmichael.wise%40microsoft.com%7c544b287025e449d972e908d3b6f1858c%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636053120872282404&sdata=EKVUjl6C8SsHQGyV1QhUi1H2uSxwEoimi7oWeOe9TQU%3d>

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Franck Martin via mailop 
https://www.farsightsecurity.com/DNSDB/

On Thu, Jul 28, 2016 at 2:10 AM, Autumn Tyr-Salvia 
wrote:

> Hello,
>
> I have recently been dealing with a spammer that likes to use lookalike
> domains and pretend to be other legitimate businesses before doing bad
> things. I want to do more research on the domains they're using.
>
> Do you do any domain research in the course of your work? If so, what
> tools do you use for research, and what do you like/dislike about them? I
> would ideally like an easy to use web interface that doesn't contain any
> ads or try to run too many third party scripts on my browser that is
> reliable and comprehensive, and preferably has some type of API access. I
> am largely interested in finding domains registered to the same contact,
> but looking into other data points as well. I'm happy to pay for a good
> service. My research needs are fairly low in volume at the moment, but I'm
> not sure if that would change if I had a tool I really liked.
>
> Reviews/links would be appreciated.
>
>
> Thanks,
>
> Autumn Tyr-Salvia
> autumn.tyrsalvia@sparkpost
> tyrsalvia@gmail
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Hugo Slabbert 


On Thu 2016-Jul-28 09:05:22 -0600, Anne Mitchell  wrote:




… I just call `whois` from BASH and pipe the results into `less`.


I do this too, except I use 'more'.  Is there a quantifiable difference 
between 'less' and 'more'? Or, perhaps, less is more? ;-)


In a matter of speaking, yes:

---
more(1)

DESCRIPTION
more  is  a  filter for paging through text one screenful at a time.  This 
version is especially primitive.  ***Users should realize that less(1) 
provides more(1) emulation plus extensive enhancements.***

---

(emphasis mine)

Fom my purposes, `less` provides simpler navigation, and `more` always felt 
tailored to always moving forward not back.  There is:


   b or ^B Skip backwards k screenfuls of text.  Defaults to 1.
   Only works with files, not pipes.

...but `less` just seemed simpler to navigate.



Anne


--
Hugo

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Vick Khera 
On Thu, Jul 28, 2016 at 11:05 AM, Anne Mitchell  wrote:
> Or, perhaps, less is more?

Less is the opposite of more.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Anne Mitchell 

>  
> … I just call `whois` from BASH and pipe the results into `less`.

I do this too, except I use 'more'.  Is there a quantifiable difference between 
'less' and 'more'? Or, perhaps, less is more? ;-)

Anne

Anne P. Mitchell, Esq.
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Available for consultations by special arrangement.

Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Asilomar Microcomputer Workshop Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Marcel Strecker 

https://dnsdumpster.com/ is also a powerful tool. 


Mit freundlichen Grüßen
Marcel Strecker


optivo GmbH
Deliverability & Abuse Management








From: Autumn Tyr-Salvia  
To:  
Sent: 7/28/2016 11:10 AM 
Subject: [mailop] domain research tools? 


Hello,


I have recently been dealing with a spammer that likes to use lookalike domains 
and pretend to be other legitimate businesses before doing bad things. I want 
to do more research on the domains they're using. 


Do you do any domain research in the course of your work? If so, what tools do 
you use for research, and what do you like/dislike about them? I would ideally 
like an easy to use web interface that doesn't contain any ads or try to run 
too many third party scripts on my browser that is reliable and comprehensive, 
and preferably has some type of API access. I am largely interested in finding 
domains registered to the same contact, but looking into other data points as 
well. I'm happy to pay for a good service. My research needs are fairly low in 
volume at the moment, but I'm not sure if that would change if I had a tool I 
really liked. 


Reviews/links would be appreciated.




Thanks,


Autumn Tyr-Salvia
autumn.tyrsalvia@sparkpost
tyrsalvia@gmail




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Neil Schwartzman 
Domaintools has an API and, as noted reverse whois, alerts on brands, IPs, and 
nameservers.

As well I’d add pDNS to your toolkit (Domaintools does NOT do passive). I 
recommend Zetalytics (April), a virustotal paid account & and Vixie’s offerings 
at Farsight Security.


> On Jul 28, 2016, at 9:57 AM, Ryan Harris via mailop  wrote:
> 
> Domaintools.com is pretty nice. If you pay for their service they have a 
> reverse whois that can show you other domains that are most likely connected 
> to the shady domain you are looking at.
> 
> 
> Ryan
> 
> On Thu, Jul 28, 2016 at 7:37 AM, Kurt Jaeger  > wrote:
> Hi!
> 
> > Do you do any domain research in the course of your work? If so, what tools
> > do you use for research [...]
> 
> http://www.domaintools.com/ 
> 
> has some services, for some EUR/$.
> 
> --
> p...@opsec.eu +49 171 3101372 
>  4 years to go !
> 
> ___
> mailop mailing list
> mailop@mailop.org 
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Ryan Harris via mailop 
Domaintools.com is pretty nice. If you pay for their service they have a
reverse whois that can show you other domains that are most likely
connected to the shady domain you are looking at.


Ryan

On Thu, Jul 28, 2016 at 7:37 AM, Kurt Jaeger  wrote:

> Hi!
>
> > Do you do any domain research in the course of your work? If so, what
> tools
> > do you use for research [...]
>
> http://www.domaintools.com/
>
> has some services, for some EUR/$.
>
> --
> p...@opsec.eu+49 171 3101372 4 years to
> go !
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Kurt Jaeger 
Hi!

> Do you do any domain research in the course of your work? If so, what tools
> do you use for research [...]

http://www.domaintools.com/

has some services, for some EUR/$.

-- 
p...@opsec.eu+49 171 3101372 4 years to go !

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

2016-07-28 Thread Michael Wise via mailop 

… I just call `whois` from BASH and pipe the results into `less`.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Autumn Tyr-Salvia
Sent: Thursday, July 28, 2016 2:10 AM
To: mailop@mailop.org
Subject: [mailop] domain research tools?

Hello,

I have recently been dealing with a spammer that likes to use lookalike domains 
and pretend to be other legitimate businesses before doing bad things. I want 
to do more research on the domains they're using.

Do you do any domain research in the course of your work? If so, what tools do 
you use for research, and what do you like/dislike about them? I would ideally 
like an easy to use web interface that doesn't contain any ads or try to run 
too many third party scripts on my browser that is reliable and comprehensive, 
and preferably has some type of API access. I am largely interested in finding 
domains registered to the same contact, but looking into other data points as 
well. I'm happy to pay for a good service. My research needs are fairly low in 
volume at the moment, but I'm not sure if that would change if I had a tool I 
really liked.

Reviews/links would be appreciated.


Thanks,

Autumn Tyr-Salvia
autumn.tyrsalvia@sparkpost<mailto:autumn.tyrsalvia@sparkpost>
tyrsalvia@gmail
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] domain research tools?

2016-07-28 Thread Autumn Tyr-Salvia 
Hello,

I have recently been dealing with a spammer that likes to use lookalike
domains and pretend to be other legitimate businesses before doing bad
things. I want to do more research on the domains they're using.

Do you do any domain research in the course of your work? If so, what tools
do you use for research, and what do you like/dislike about them? I would
ideally like an easy to use web interface that doesn't contain any ads or
try to run too many third party scripts on my browser that is reliable and
comprehensive, and preferably has some type of API access. I am largely
interested in finding domains registered to the same contact, but looking
into other data points as well. I'm happy to pay for a good service. My
research needs are fairly low in volume at the moment, but I'm not sure if
that would change if I had a tool I really liked.

Reviews/links would be appreciated.


Thanks,

Autumn Tyr-Salvia
autumn.tyrsalvia@sparkpost
tyrsalvia@gmail
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop