What is WHOIS
WHOIS is a TCP/IP protocol specifically designed to query contact and DNS information about entities on the Internet. An entity on the Internet can be a domain name, an IP address, or an AS (Autonomous System). For each entity, the WHOIS protocol provides three types of contacts: an administrative contact, a technical contact, and a billing contact. These contacts are the responsibility of the provider, who names them according to the internal policies of their network. When registering a domain, users have the option of choosing a private WHOIS that hides the details of the domain owner. This option is offered for free by some providers and for an annual fee by others.
What kind of information does it store?
Whois records typically display the registration date, registrar company, contact information for the owner of the domain itself, nameservers, the most recent date, and expiration date.
There are two different data models for storing Whois resource information:
Thin Model. Thin Whois lookup only gives a small amount of information such as the registrar, name servers and registration dates.
Thick Model. This model provides more insights into what is contained in a thin Whois record. Usually, the additional details may contain registrant, administrative or technical contact information.
You cannot trick the whois information because registrars have a strict policy of verifying the domain buyer information he filled in when registering the domain including even personal video calls.
There are a variety of whois services across the net. Just google some of them by typing “whois”. We’ll show some examples:
These are common databases for all domain zones, but there are also whois databases for certain domain zones. For example nic.xyz/whois — obviously for domains in .xyz zone.
Finding the domain owner
So, now that we've got the search resources sorted out. Let's start the actual search for the domain owner. You choose the domain you like and run a search through the whois database. We take abcdtestdomain.xyz as an example.
You should receive an information query like this:
Domain Name: ABCDTESTDOMAIN.XYZ
Registry Domain ID: D265563522-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2022-01-13T12:27:43.0Z
Creation Date: 2021-12-22T17:06:35.0Z
Registry Expiry Date: 2022-12-22T23:59:59.0Z
Registrar IANA ID: 1068
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2022-01-20T18:16:04.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
As we can see in this example, the domain owner has hidden his contact information from the Namecheap registrar. And this is normal, and quite common practice. Nobody wants to get spam and other unsolicited calls from strangers, right?
Usually, you need the "Registrant" field. It will contain all the information about the owner of the domain. But most often you need to contact the registrar directly through the Registrar Abuse Contact Email with a request to contact the owner of the domain on the issue you are interested in, for example, you get spam from the owner of this website.
If you are using Linux or Mac you can simply type in terminal:
And receive the same output
So what are the alternatives?
Email matching, of course! You won't know the owner's name, but you can at least get through to him. Most often these are emails with names such as:
We hope this information prepared by BlueVPS experts was useful for you and you became a lot more skillful on this topic. Until next time!