July 18, 2019
Despite being name-dropped in almost every cybersecurity conversation, there are still a few aspects of the WHOIS database download that people haven’t heard of or fully comprehend. That’s understandable because WHOIS is such a dynamic resource that’s constantly evolving as the domain landscape expands. You can read about it in our blog post Why is WHOIS Information so Valuable?
Indeed, WHOIS data is growing every day, and keeping track is crucial to know the general pulse in a given industry and identify threats as cybercriminals try to blend in. WHOIS touches practically every aspect of business operations, not just cybersecurity. Getting to know what makes it unique helps understand why. Let me highlight some of them.
1. WHOIS Databases Are Available in Thick or Thin Models
WHOIS database downloads are not created equal. The Thick model contains all the mandatory info about any given domain — i.e., date and place of registration, date of expiration, and name server — plus additional details including contact support info for the administrative, registrant, and technical contacts. The Thin model, on the other hand, only supplies the registrar, registration dates, and the name server of a particular domain name. If you need additional data, you have to make another lookup at the on-file registrar to obtain full domain ownership information.
2. Reverse WHOIS Can Instantly Spot Bad Actors
Cybercriminals are extremely clever when it comes to covering their tracks, resorting to ingenious obscuring techniques to throw off investigators. A reverse query can spot them through very specific searches using a registrant’s name, phone number, or email address. Cross-referencing the results rapidly uncovers clues to establish a pattern of illegal activities leading to the perpetrators. The technique can expose credit card scammers, email addresses used in phishing, and connect the dots between known and yet unidentified threats.
3. WHOIS Helps in Sleuthing for Scoops
Journalists are sniffing out exciting scoops by following the trail of WHOIS data. For example, a promising lead might come up about a suspicious website, but how do you proceed from there? A quick check of that website at a WHOIS database will reveal valuable contact information about the name of its owner, phone number, and email address — enough to set up a clarificatory interview. What’s more, querying the WHOIS database leads to interesting investigative angles while helping verify important information to get the facts right before publication.
4. WHOIS Databases Are Created and Maintained by Individual Registrars
While the Internet Corporation of Assigned Names and Numbers (ICANN) is its central registry, WHOIS data is heavily decentralized such that individual registrars are the ones that organize and maintain the WHOIS records into databases. To ensure that domain information stays current, the ICANN requires those who have registered domain names to update their respective domain information every year — a process also conducted by registrars.
5. WHOIS Data Helps Beyond Business
The information that is accessible through the WHOIS database download has many beneficial uses that extend well beyond the business sphere. Not too many people know it, but accessing WHOIS information is vital in facilitating national and international investigations by identifying persons of interest, locating their whereabouts, and establishing the links to their criminal networks. WHOIS data helps tackle unlawful activities motivated by hate crime, extremism and terrorism, environmental destruction, pornography, human trafficking, child abuse, and other ones. The information is actually helping create a better society while keeping business in check.
From identifying hackers, unearthing investigative stories, and helping maintain world order, the WHOIS database download is a versatile tool with known and little-known yet vital features that can be leveraged for the benefit of different users.
Alex Francois is Senior Content Manager at www.ipify.org. He is knowledgeable about technologies that permit tracking IP addresses and other relevant data to ensure better cybersecurity protection and marketing campaigns.