Threat Intelligence Blog

Posted March 7, 2012

pink_cupcakes for website owner whois

Let’s say you find a website you like about something you really enjoy, like cupcakes. The cupcakes you see on the site are pink and full of frosting and you absolutely must contact the owner of the website to complement them on how heavenly they look. But no matter where you look, you can’t find a way to contact the site owner using their site. What do you do now?

Your best bet is looking at the site’s WHOIS information.

WHOIS information is established for a website when its domain is registered. If you wanted to register a domain for your new website the business you buy the domain from – called a registrar – will ask you to fill out a form with the contact information for the domain. This will become the WHOIS information for the domain and is visible anytime someone performs a WHOIS search.

How do I search for WHOIS contact information?

So you want to find out how to contact the person who ran the site which showed those pink cupcakes. There are many places on the internet where you can look up WHOIS data, which is free. Here are a few handy ones you may want to bookmark:

Now that you know where to find WHOIS data, try a few examples. Continuing with our pastry theme, take a look at these WHOIS records, courtesy of GoDaddy…

MarthaStewart.com WHOIS
MarthaStewart.co.uk WHOIS
MarthaStewarteverydaliving.com WHOIS

While those three domains are run by different entities, did you notice how different the results for each looked? That brings us to…

What can affect the integrity of WHOIS information?

  • Local policy: Depending on what type of domain is registered, different information may be shown to the public when they do a WHOIS search on a domain. For example, some WHOIS results for domains from overseas provide very little more than a name and an email address. Other times you’ll be shown the name, address, email address, telephone and fax numbers for the domain’s registrant (the domain owner), the technical contact they want the world to see, and its administrative and billing points of contact. But there is no standard set of details that you can always count on seeing when you make a WHOIS request.
  • Registrant truthfulness: Unfortunately, WHOIS information you read may not be true. When you register a domain name you must accept the terms and conditions which state that the information you provide in the domain’s WHOIS details are accurate and up to date. ICANN even requires that “at least annually, a registrar must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data, and make any corrections.” Unfortunately there is not really any service in place which checks on the accuracy of WHOIS data out there. You may come across WHOIS records from those who list their name as Mickey Mouse (when it isn’t) or list their address as the White House (when it isn’t). As Wikipedia notes, “The Federal Trade Commission has testified about how inaccurate WHOIS records thwart their investigations.”
  • Anonymization: For a reasonable fee, registrants can often opt to have the information they provide for WHOIS listings be anonymized. That is, their real contact information would be replaced by a generic set of contact information provided by a third party proxy, so you would be shown 123345@domainnamesbyproxy.com instead of pinkcupcakewizard@bestpinkcupcakesiteever.com. This third party will forward communications to the domain registrant if any is received. WHOIS anonymization is often a valuable option for those who want to maintain their privacy and do not want their public identity to be connected with a site they run. However it is also a helpful tool for criminals that want to make it harder for law enforcement to determine who may be responsible for a given website.

If you come across a domain’s WHOIS information that you think is inaccurate, you can report it using the WHOIS Data Problem Reporting System. That site offers a step-by-step wizard that will walk you through reporting bad WHOIS data. The registrar will receive your report, and they’ll reach out to the registrant. As they put it: “Reports submitted through [the] system will be forwarded to the appropriate registrar for handling, and the progress of your report will be tracked.”

When a website doesn’t offer contact information and you perform a WHOIS request to find the owner of the domain, the WHOIS information may be immediately available, but given factors like those listed above, the information you are looking for may remain not be offered, may be false, or may be anonymized. But it is the first step in tracking down how to reach out and find that recipe for pink cupcakes which started you on this quest to begin with.


Further reading:

Knujon’s Abused Domains Study: KnujOn reviewed nearly one million WHOIS records from domain names advertised with spamSPAM: Unsolicited usually commercial messages (such as e-mails, text messages, or Internet postings) sent to a large number of recipients or posted in a large number of places. in 2011 and found that 22.8% of the rogue registrations could be blocked with fundamental validation.”

ICANN’s Response to its WHOIS Accuracy Study: “The Study found (and most public comment submissions agreed) that the levels of inaccuracy are unacceptable.”

Additional Posts

Defensive Measures of Google+ for Businesses

By now you are likely familiar with Google+, also written Google Plus. While some regard the ...

Common Questions About the New gTLDs

A generic Top Level Domain, or gTLD, is the name that appears to the right of “dot,” such as ...