Threat Intelligence Blog

Posted March 7, 2012

pink_cupcakes for website owner whois

Whether you are looking to purchase a domain name from someone who currently owns the name, or you need to correct an error on someone else’s website, there will come a time where you’ll need to contact a domain owner. . T But, even after trying contact us forms or chatbots, you can’t find a way to contact the site owner using their site. What do you do now?
Your best bet is looking at the site’s WHOIS information.

What is a WHOIS Database?

WHOIS is the data managed by domain registries, essentially signaling who is responsible for a domain or IP. WHOIS information is established for a website when its domain is registered. If you wanted to register a domain for your new website the business you buy the domain from – called a registrar – will ask you to fill out a form with the contact information for the domain. This will become the WHOIS information for the domain and is visible anytime someone performs a WHOIS search.

How do I search for a website owner using WHOIS information?

So you want to find out how to contact the website owner who runs the site using WHOIS?. There are many places on the internet where you can look up WHOIS data, which is free. Here are a few handy ones you may want to bookmark:

Now that you know where to find WHOIS data, try a few examples using different versions of a similar domain to trace down the domain holders.

While those three domains are run by different entities, did you notice how different the results for each looked? That brings us to…

What can affect the integrity of WHOIS information?

  • Local policy: Depending on what type of domain is registered, different information may be shown to the public when they do a WHOIS search on a domain. For example, some WHOIS results for domains from overseas provide very little more than a name and an email address. Other times you’ll be shown the name, address, email address, telephone and fax numbers for the domain’s registrant (the domain owner), the technical contact they want the world to see, and its administrative and billing points of contact. But there is no standard set of details that you can always count on seeing when you make a WHOIS request.
  • Registrant truthfulness: Unfortunately, WHOIS information you read may not be true. When you register a domain name you must accept the terms and conditions which state that the information you provide in the domain’s WHOIS details are accurate and up to date. ICANN even requires that “at least annually, a registrar must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data, and make any corrections.” Unfortunately there is not really any service in place which checks on the accuracy of WHOIS data out there. You may come across WHOIS records from those who list their name as Mickey Mouse (when it isn’t) or list their address as the White House (when it isn’t). As Wikipedia notes, “The Federal Trade Commission has testified about how inaccurate WHOIS records thwart their investigations.”
  • Anonymization: For a reasonable fee, registrants can often opt to have the information they provide for WHOIS listings be anonymized. That is, their real contact information would be replaced by a generic set of contact information provided by a third party proxy, so you would be shown 123345@domainnamesbyproxy.com instead of pinkcupcakewizard@bestpinkcupcakesiteever.com. This third party will forward communications to the domain registrant if any is received. WHOIS anonymization is often a valuable option for those who want to maintain their privacy and do not want their public identity to be connected with a site they run. However it is also a helpful tool for criminals that want to make it harder for law enforcement to determine who may be responsible for a given website.

How to I report Inaccurate WHOIS Information?

If you come across a domain’s WHOIS information that you think is inaccurate, you can report it using the WHOIS Data Problem Reporting System. That site offers a step-by-step wizard that will walk you through reporting bad WHOIS data. The registrar will receive your report, and they’ll reach out to the registrant. As they put it: “Reports submitted through [the] system will be forwarded to the appropriate registrar for handling, and the progress of your report will be tracked.”

When a website doesn’t offer contact information and you perform a WHOIS request to find the owner of the domain, the WHOIS information may be immediately available, but given factors like those listed above, the information you are looking for may remain not be offered, may be false, or may be anonymized. But it is the first step in tracking down how to reach out and find that recipe for pink cupcakes which started you on this quest to begin with.


Further reading:

Knujon’s Abused Domains Study: KnujOn reviewed nearly one million WHOIS records from domain names advertised with spam in 2011 and found that 22.8% of the rogue registrations could be blocked with fundamental validation.”

ICANN’s Response to its WHOIS Accuracy Study: “The Study found (and most public comment submissions agreed) that the levels of inaccuracy are unacceptable.”

Additional Posts

Defensive Measures of Google+ for Businesses

By now you are likely familiar with Google+, also written Google Plus. While some regard the ...

Common Questions About the New gTLDs

A generic Top Level Domain, or gTLD, is the name that appears to the right of “dot,” such as ...