Tracing a webhost

[InaGlo]

Well after finding my image available as a free download on wallpaper sites all over the net Ive managed to get most of them to remove it.

However there are a few sites that are blatantly ignoring any contact.
One in particular, has the DMCA, Contact Us, Terms & Conditions, take you to a blank page, and from what I can see on Whosis, all the information is protected.

Can anyone offer any suggestions how to trace a site owner? Im a bit green in these areas.

 

[Phil789]

Can you link to the sites?

 

[DemiLion]

Well after finding my image available as a free download on wallpaper sites all over the net Ive managed to get most of them to remove it.

However there are a few sites that are blatantly ignoring any contact.
One in particular, has the DMCA, Contact Us, Terms & Conditions, take you to a blank page, and from what I can see on Whosis, all the information is protected.

Can anyone offer any suggestions how to trace a site owner? Im a bit green in these areas.

Ignore the site owner. Serve a DMCA take down notice on the host.

 

[desantnik]

Here is how

http://rising.blackstar.com/how-to-send-a-dmca-takedown-notice.html

 

[InaGlo]

Well, as I said, Im not the brightest sparkler in the packet, but I HAVE tried Whois and all the info seemed to be locked down tight.... feel free to explore and see if you can fair any better than I did ...
http://www.flash-screen.com/free-wallpaper/charming-girl-under-mask/

 

[Harvey_nikon]

this is the host:
https://www.cloudflare.com/

they've also got a facebook page for the site:
http://www.facebook.com/pages/HD-Wallpapers/261374570550133

 

[gramps]

Registrant:
Maxo Group
Xinshidai
Haidian, 100088
China

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Domain Name: FLASH-SCREEN.COM
Created on: 14-Apr-02
Expires on: 14-Apr-13
Last Updated on: 11-Jan-12

Administrative Contact:
Group, Maxo onehit@gmail.com
Xinshidai
Haidian, 100088
China
+86.82803508

Technical Contact:
Group, Maxo onehit@gmail.com
Xinshidai
Haidian, 100088
China
+86.82803508

Domain servers in listed order:
GABE.NS.CLOUDFLARE.COM
PAT.NS.CLOUDFLARE.COM

 

[rljutter]

http://support.cloudflare.com/kb/about-cloudflare/what-is-a-valid-dmca-or-copyright-complaint

Below is taken from there site, first step serve a DMCA on them, gain the ACTUAL web hosting site then serve upon them, the host is ultimatly responsible for what it hosts and should instruct the site owner to remove the images or face shutdown

"How do I file a DMCA complaint?

CloudFlare is a pass-through network provider and, at most, automatically caches content for a limited period in order to improve network performance. CloudFlare is not a hosting provider and does not
provide hosting services for any website. CloudFlare does not have the ability to remove content from sites, take a site offline, etc.

CloudFlare will release the hosting provider name of the site's server with a valid DMCA complaint. If the complaint does not fall under DMCA guidelines, or if all of the requested information is not sent required for a [valid DMCA complaint], CloudFlare will not release the hosting provider to the party making the complaint."

 

[Forbiddenbiker]

Edit. I think this might just be wrong then... but its what i found through a location site.

IP 173.245.61.113
Host cf-173-245-61-113.cloudflare.com
Country code US
Country United States
Area code CA
Region California
City San Francisco
Latitude 37.7697
Longitude -122.3933
Postal code 94,107
Area Code 415
Provider n / a
Domain n / a
Time zone n / a

 

[bolide]

Cloudflare say they are not a hosting company but www.flash-screen.com resolves to one of their IPs so I'd start there

They're in California so they should understand takedowns & copyright

Nick Froome

 

[Forbiddenbiker]

Thats funny becuase all these companies share the same IP.

Someone should tell them...

 

[D-pearce92]

Thats funny becuase all these companies share the same IP.

Someone should tell them...

How could that happen though, 1400 websites to the same ip.

 

[DemiLion]

How could that happen though, 1400 websites to the same ip.

Fairly easily when you bear in mind that the IP address will probably be the external one of a router rather than a server.

 

[Ray S]

How could that happen though, 1400 websites to the same ip.

Quite common on cheap shared hosting, having a ton of websites per machine. you can even have multiple machines hiding behind a single IP. This is pretty much business as usual, and normally only big sites have a dedicated IP address.

 

[M.A.Gibson]

WHOIS information for 173.245.61.26:

[Querying whois.arin.net]
[whois.arin.net]
#
# Query terms are ambiguous. The query is assumed to be:
# "n 173.245.61.26"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:

# http://whois.arin.net/rest/nets;q=173.245.61.26?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 173.245.48.0 - 173.245.63.255
CIDR: 173.245.48.0/20
OriginAS: AS13335
NetName: CLOUDFLARENET
NetHandle: NET-173-245-48-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Assignment
Comment: http://www.cloudflare.com/
RegDate: 2010-12-28
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-173-245-48-0-1
OrgName: CloudFlare, Inc.
OrgId: CLOUD14
Address: 665 Third Street #207
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2011-11-03
Comment: http://www.cloudflare.com/
Ref: http://whois.arin.net/rest/org/CLOUD14
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE2916-ARIN
OrgNOCHandle: NOC11962-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: http://whois.arin.net/rest/poc/NOC11962-ARIN
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: admin@cloudflare.com
OrgTechRef: http://whois.arin.net/rest/poc/ADMIN2521-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: http://whois.arin.net/rest/poc/NOC11962-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: http://whois.arin.net/rest/poc/ABUSE2916-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: admin@cloudflare.com
RTechRef: http://whois.arin.net/rest/poc/ADMIN2521-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html

 

[onomatopoeia]

How could that happen though, 1400 websites to the same ip.

Name based virtual hosting, as implemented from HTTP/1.1

Before it existed you could type the IP address or the domain name and get the same page. With name based virtual hosting, if you put in the IP address all you normally get is an error or a page telling you to upgrade your browser to one with HTTP/1.1 support.

As an example, most websites of the form www.<something>.demon.co.uk resolve back to 193.195.70.8 which is a server for the webspace provided to demon internet customers with their dialup or broadband account.

 

[InaGlo]

Thanks guys, I do appreciate the help ... even though I feel more confused than ever, lol!
I have mailed both Cloudflare and the onehit gmail addy. Be interesting to see if either respond.

Also, on a side note, since all this first came to my attention 3 weeks ago, Ive had the image removed from numerous sites, and in this time have received 2 emails, both asking to license the image for different uses.
One wants to have a painting created from the image, and another has asked for 'the raw file/large jpeg to print an A4 copy for the wall'. This image has been on my Flickr for a few years now and Ive never been asked anything like this until now!



EDIT: Fairly quick response from Cloudflare ....


'CloudFlare received your abuse complaint dated 3/30/2012 regarding
flash-screen.com. CloudFlare is a pass-through network provider and,
at most, automatically caches content for a limited period in order to
improve network performance. CloudFlare is not a hosting provider and
does not provide hosting services for flash-screen.com or any other
website.

Our investigation indicates that flash-screen.com is hosted at
liquidweb.com . You should direct your request to:

1. The provider where flash-screen.com is hosted;

2. The owner listed in the whois record for flash-screen.com and/or

3. The contact listed on the flash-screen.com site


Note -- a look up of the IPs for a website will show CloudFlare IPs
because we're a pass-through network. The actual website is still
hosted at the web hosting provider indicated above. If the web host
has any questions please have the web host contact us DIRECTLY
regarding this site.'



Have now mailed liquidweb to see what they have to say.

 

[Forbiddenbiker]

Nicely done Gloria. ...just goes to prove the world is still far bigger than flicker likes to appear. ...congrats on the enquiries, looks like you might make a profit from all this after all.

How could that happen though, 1400 websites to the same ip.

Fairly easily when you bear in mind that the IP address will probably be the external one of a router rather than a server.

I didn't know this on that first post. ..they're a type of gateway instead it seems.

 

[desantnik]

Load balancer front end... very common in large data centres.

The requested URL is used to direct the traffic to a specific host behind the load balancer.

 

[InaGlo]

Nicely done Gloria. ...just goes to prove the world is still far bigger than flicker likes to appear. ...congrats on the enquiries, looks like you might make a profit from all this after all.

Alas Adam, its far from over ...
Found a further 9 sites to do battle with this morning