What is WHOIS

WHOIS is a TCP/IP protocol specifically designed to query contact and DNS information about entities on the Internet. An entity on the Internet can be a domain name, an IP address, or an AS (Autonomous System). For each entity, the WHOIS protocol provides three types of contacts: an administrative contact, a technical contact, and a billing contact. These contacts are the responsibility of the provider, who names them according to the internal policies of their network. When registering a domain, users have the option of choosing a private WHOIS that hides the details of the domain owner. This option is offered for free by some providers and for an annual fee by others.


What kind of information does it store?

Whois records typically display the registration date, registrar company, contact information for the owner of the domain itself, nameservers, the most recent date, and expiration date. 

There are two different data models for storing Whois resource information:

Thin Model. Thin Whois lookup only gives a small amount of information such as the registrar, name servers and registration dates.

Thick Model. This model provides more insights into what is contained in a thin Whois record. Usually, the additional details may contain registrant, administrative or technical contact information. 

You cannot trick the whois information because registrars have a strict policy of verifying the domain buyer information he filled in when registering the domain including even personal video calls.


There are a variety of whois services across the net. Just google some of them by typing “whois”. We’ll show some examples:


These are common databases for all domain zones, but there are also whois databases for certain domain zones. For example nic.xyz/whois — obviously for domains in .xyz zone.

 

Finding the domain owner

So, now that we've got the search resources sorted out. Let's start the actual search for the domain owner. You choose the domain you like and run a search through the whois database. We take abcdtestdomain.xyz as an example.

You should receive an information query like this:

Domain Name: ABCDTESTDOMAIN.XYZ

Registry Domain ID: D265563522-CNIC

Registrar WHOIS Server: whois.namecheap.com

Registrar URL: https://namecheap.com

Updated Date: 2022-01-13T12:27:43.0Z

Creation Date: 2021-12-22T17:06:35.0Z

Registry Expiry Date: 2022-12-22T23:59:59.0Z

Registrar: Namecheap

Registrar IANA ID: 1068

Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited

Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Registrant Organization: Privacy service provided by Withheld for Privacy ehf

Registrant State/Province: Capital Region

Registrant Country: IS

Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

Name Server: DNS1.REGISTRAR-SERVERS.COM

Name Server: DNS2.REGISTRAR-SERVERS.COM

DNSSEC: unsigned

Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

Registrar Abuse Contact Email: [email protected]

Registrar Abuse Contact Phone: +1.9854014545

URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

>>> Last update of WHOIS database: 2022-01-20T18:16:04.0Z <<<


For more information on Whois status codes, please visit https://icann.org/epp


As we can see in this example, the domain owner has hidden his contact information from the Namecheap registrar. And this is normal, and quite common practice. Nobody wants to get spam and other unsolicited calls from strangers, right? 

Usually, you need the "Registrant" field. It will contain all the information about the owner of the domain. But most often you need to contact the registrar directly through the Registrar Abuse Contact Email with a request to contact the owner of the domain on the issue you are interested in, for example, you get spam from the owner of this website. 

If you are using Linux or Mac you can simply type in terminal:

whois abcdtestdomain.xyz 

 

And receive the same output


So what are the alternatives?

Email matching, of course! You won't know the owner's name, but you can at least get through to him. Most often these are emails with names such as:


  1. [email protected]
  2. [email protected]
  3. [email protected] and so on.


Conclusion

We hope this information prepared by BlueVPS experts was useful for you and you became a lot more skillful on this topic. Until next time!



Blog
Subscribe to our Newsletter