How can I find websites owned by a particular company?
I find BGP Toolkit from Hurricane Electrics Internet Services quite useful for providing insight into any CIDR range, registrants, Who-Is info, IP and DNS info, IRR, assigned IPv4 and IPv6 CIDR ranges for individual ASNs, you name it. All data presented is also nicely linked to each-other for our convenience.
For example, searching by term PayPal will result in this table:
AS17012 PayPal, Inc.
64.4.248.0/22 PayPal, Inc.
64.4.246.0/24 PayPal, Inc.
64.4.244.0/22 PayPal, Inc.
64.4.240.0/22 PayPal, Inc.
216.136.236.0/22 PayPal, Inc.
173.0.94.0/23 PayPal, Inc.
173.0.88.0/22 PayPal, Inc.
173.0.84.0/22 PayPal, Inc.
173.0.80.0/22 PayPal, Inc.
173.0.80.0/20 PayPal, Inc.
which gives you a single ASN and a few assigned CIDR ranges that are registered to PayPal, Inc. These items in the list link to their individual info pages. Following the AS17012, for example, displays all kinds of information pertaining to this ASN, among others the list of Prefixes (in our case IPv4 CIDR ranges).
What is HE?
HE is one of the largest Internet backbone providers and can thus collate loads of infrastructure related information like the ones mentioned. You can search their database by registrant names, CIDR ranges, ASNs, IP addresses, and so on, all through the same input box and it will display either a list of possible matches, ordered by relevance and network range, or display a single match details when only one record is found. They also include a lot of various network related reports and statistics.
This is from their About page:
Hurricane Electric operates its own global IPv4 and IPv6 network and is considered the largest IPv6 backbone in the world as measured by number of networks connected... (and so on)
Also interesting (and relevant) to read is the page about their network. It gives a bit of insight into how they can collect all the data available through their search.
Of course, I'm not saying that HE is the only place to go. There are lots of other tools available, some paid and some more or less free to use and query. HE's one is however one I most frequently rely upon and I thought you might find it useful as well.
What do I use this information for:
I mostly use this information to compile blacklists and other network filters for my services. I find it especially useful to track down hosting companies and their CIDR ranges to include in content-theft, malware, spyware, and related policy blocks (in essence bad neighborhoods) when blocking by reverse DNS look-ups (and/or matching rDNS results with forward DNS look-up tables) wouldn't cut it.
Usage example:
To answer your example directly, collating information from HE gives us this list of A record domains operated by PayPal, Inc:
64.4.248.105 icppharm.com
173.0.84.191 paypal.fi, paypal.de, paypal.pt
173.0.88.180 paypal.mobi
173.0.89.113 www.paypal.de
173.0.89.161 www.paypal.com.pt
173.0.82.143 www.paypal-labs.com
173.0.82.144 www.paypallabs.com
173.0.82.145 www.thepaypalblog.com
173.0.82.156 paypal.me
173.0.82.157 paypal-portal.com
(limited to include only A records otherwise the list would stretch several pages long. This page alone, from one of several CIDR records, lists hundreds of domains.)
All relevant DNS records for our example can be found on pages 64.4.248.0/22, 173.0.94.0/23, 173.0.88.0/22, 173.0.84.0/22, 173.0.80.0/22, and 173.0.80.0/22
Some pages duplicate information from others as they're providing information on a sub-range of a larger range (smaller mask), like for example an IP range 173.0.80.0/22 would already be included in a 173.0.80.0/20 IP range.
What sites have 'paypal' in it's web address?
I'm going to make an attempt on answering this part of your question, however (as you probably can imagine) my answer can't be as straight-forward, because there isn't a single list of all registered domain names available to public, at least not that I'm aware of. Here's what I'd do:
The www.who.is website provides a bit difficult to navigate or search through domains index. Where do they collate all this information from is beyond my knowledge, I can only suspect they query individual registrars' databases on a regular basis.
Anyway, if you navigate their pages a bit you'll soon discover that the lists are organized in alphabetical order and then by page numbers (static URLs to individual pages). I guess you (or a CP savvy friend) could write a small utility crawler that would parse all this information into a single table and then do your search on it. If that's agreeable to the website operators and within their TOS isn't something I've researched. Honestly, probably not and your crawler could be banned sooner than it would be able to crawl all relevant pages. You would still end up having larger data set than any publicly available ones (that I know of) and that can be easily searched through by a common expression.
If you did this, you would soon discover tens of thousands (educated guess) of registered domain names that include 'paypal' keyword in it. Most, I gather, are actually parked domains, expired domains, and the most awful of the bunch - phishing locations trying to lure unsuspecting Internet users to their addresses by mimicking official PayPal domain names. For example, take a look at this page and search for 'paypal' in it. 1883 matches in a single page, and only God knows how many pages are actually relevant to our search without resorting to crawling and collating data of each individual index page. They can't possibly be all registered by PayPal, Inc.!
I hope that at least partially answers also your 'other' question.
Cheers!
I'm a big fan of Robtex. Share and enjoy.
Robtex is a service that does forward and backward DNS and IP searches. You can search on a domain name, for example, and it will show give you information about: IP, IP Block, IP ownership, hosting servers, load balancing information, route mapping graphs, trace route latency information, AS numers and macros, DNS whois, DNS ownership, DNS reverse ownership, etc. You can also get information about if and where the domains are published on black lists IP records analysis, and more.