Blog




Read the other articles

What are WHOIS data
and what are they good for

While even the mere existence of WHOIS data is largely unknown for average users of the Internet, they serve as a basis of many practical and fundamental task of IT operation, cybersecurity, Internet research and a many other important and challenging areas. In the present blog we introduce WHOIS data briefly and demonstrate their use with a guided tour around some of the applications. We shall not address cybersecurity here: it is a very broad field of outstanding importance itself, so it will be treated in a separate blog.

What are WHOIS data

The purpose of WHOIS is to identify physical owner of an Internet domain or an IP address block. This requires a database in which these data can be looked up. The need for such information has appeared in the very early days of the Internet. The first RFC (Internet standard) specifying such a service appeared as early as 1982, in RFC 812 [1]. There is a dedicated protocol named WHOIS for the purpose. The current standard specifying it is RFC 3912 [2]. In spite of its known shortcomings, such as the declared lack of mechanisms for access control, integrity, and confidentiality, it is still the primary source of information about real-life entities related to an Internet domain. (We remark here that there have been several attempts to replace the WHOIS protocol by modern and more comprehensive solutions (such as, e.g. WEIRDS or RDAP, see also [3]), but none of them has taken off so far.)

Physically WHOIS is a distributed database. We do not go into details of how, in which structure and by whom its servers are operated. Nevertheless, the distributed database can be queried by client software available on many platform, using the standard WHOIS protocol or some of its variants. This is primarily designed to provide information in a human-readable form. To illustrate the result of a query, we shall try it for “cern.ch”, the birthplace of the World-Wide-Web as an example. We shall use a command-line client which is typically available or easy to install via the package manager on UNIX-style system (Linux, Mac OS X), or setting it up by downloading it from https://docs.microsoft.com/en-us/sysinternals/downloads/whois on your Windows box. So, if the command “whois” works in your command line, you may type:

whois cern.ch

resulting in the following output:

whois: This information is subject to an Acceptable Use Policy.
See https://www.nic.ch/terms/aup/
Domain name:
cern.ch

Holder of domain name:
CERN - European Organisation for Nuclear Research
John Shade
route de Meyrin
CH-CH-1211 Geneve 23
Switzerland

Technical contact:
CERN European Organization for Nuclear Research
John Shade
Case Postale
CH-1211 Geneva 23
Switzerland

Registrar:
Ascio Technologies Inc. Danmark

First registration date:
before 1996-01-01

DNSSEC:N

Name servers:
ext-dns-1.cern.ch       [192.65.187.5]
ext-dns-2.cern.ch       [192.91.245.85]
scsnms.switch.ch        [130.59.31.26]
scsnms.switch.ch        [2001:620:0:ff::a7]

As you can see, there is information on the registrar, on the date of the first registration, on the name servers and also, some contact information about the registrant, the owner of the domain. The information frequently includes also dates of expiry, last update, e-mail addresses of the contacts, too. For instance, if we just query ourselves, whoisdatabasedownload.com, we will find

Domain Name: WHOISDATABASEDOWNLOAD.COM
Registry Domain ID: 2094411049_DOMAIN_COM-VRSN
Registrar WHOIS Server: Whois.bigrock.com
Registrar URL: http://www.bigrock.com
Updated Date: 2017-12-23T16:43:54Z
Creation Date: 2017-01-31T18:35:15Z
Registry Expiry Date: 2019-01-31T18:35:15Z
Registrar: BigRock Solutions Limited
Registrar IANA ID: 1495
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.2013775952
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: DNS1.BIGROCK.IN
Name Server: DNS2.BIGROCK.IN
Name Server: DNS3.BIGROCK.IN
Name Server: DNS4.BIGROCK.IN
DNSSEC: unsigned

As you can see WHOIS indeed provides data which can link the virtual entities on the Internet to real-world ones, enabling a lot of useful activities which will be outlined later in this blog. But before turning our attention to the illustration of the use of these data, let us also try explaining why you are potentially in the need of services such as those provided on whoisdatabasedownload.com to obtain these data efficiently.

Why download a WHOIS database

At this point you may have the impression that using the WHOIS protocol is a perfect way of obtaining WHOIS data. Let us point out some of the reasons why it is not quite case.

  • The operators of WHOIS servers frequently pose limitations on their resources, e.g. they may limit the frequency you can make WHOIS queries from a given client.
  • The WHOIS protocol is designed to produce human-readable data. In many applications you probably prefer machine-readable data instead, such as a JSON that you can process by your application, structured data files (e.g. csv) to be loaded into a relational database), etc.
  • For certain types of analyses, you need WHOIS records in bulk. It can be very time and resource consuming to collect a large amount of WHOIS data. In addition, for the reason mentioned in point 1, the “on-the-fly” querying of WHOIS data for an analysis of this kind might well be impossible.
  • Sometimes you can be in the need of historic WHOIS data. These are not provided by the WHOIS protocol.

And this list is far from being complete. But the message here is: there are easy and more efficient ways of obtaining WHOIS data. From https://whoisdatabasedownload.com, for instance, you can purchase data for various domains and countries. The available time intervals which downloadable data range from daily updates to larger periods, including, of course, historic data. So if you plan to set up a WHOIS database in your favorite relational database management system (RDBMS) or in a more flexible environment such as MongoDB or Solr, you just need to buy and download the files and your bulk WHOIS data are ready to use.

Being aware of this, let us turn our attention now to some possible applications.

Applications

Here we briefly outline, without completeness of course, some typical applications of WHOIS data.

Domain marketing and brand protection

Domain marketing is the activity of using Internet addresses to maximize the number of potential visitors of your website. Its relevance can hardly be overemphasized as a domain name is essentially a synonym of a company or an organization. There are several descriptions on the details of this business, on the setting up of a proper domain marketing strategy, etc., see e.g. Ref. [4]. Domain marketing is rather complex; it is not simply about choosing a proper domain name.

And this is where WHOIS data come in. Even for choosing the name, it has to be figured out whether there exist companies with similar domain names. You also need to be aware of similar domain names that existed in the past. Especially, the reputation of the candidate domain names has to be assessed, which requires the knowledge of the entities related to the domains and the dates describing its existence in time.

Brand protection is another important buzzword in this field. If once you own a domain, it is your property, it is a cornerstone of the identity of your company or organization, so obviously you want to protect it. You need to detect if similar domains are registered to attract your potential clients. Also, any activity acting towards the decrease of your domain’s reputation, such as, the use of similar domains in phishing campaigns is harmful. There are numerous well-established techniques in support of brand protection, and many of them rely on WHOIS data.

The domain trading and web hosting business

Quite related to the previous line of applications, this is also a very active business area, and it is impossible to think of it without WHOIS: that of web hosting companies which frequently also provide domain name registrations. First of all, when registering a domain, possibly with the purpose of setting up a new website for some business, the provider has to be able to immediately decide whether the given domain is available. In addition, a good provider should support the client’s branding strategy. These obviously require up-to-date WHOIS data.

And not only this: domain registrations themselves have a more intriguing business aspect. As we have already pointed out, a registered domain is a property, hence domains can be considered as stock: you may invest into them and trade with them such as buy or resell them. There are many factors affecting the valuation of certain domains (including e.g. reputation or the popularity of similar domains, etc.), and WHOIS data are an important basis of their assessment. And for such purposes, too, there is a need of searching a larger sample of WHOIS data, so setting up an up-to-date WHOIS database is desirable.

Marketing research

WHOIS data tend to reflect the structure and dynamics of entrepreneurship more faithfully than traditional company registers. The registration of a domain frequently even precedes the actual funding of a company, and the details of domain registrations reveal a lot on the activity and characteristics of a company. In Ref. [5] it has been pointed out that WHOIS data opens the perspective of novel quantitative characterizations of entrepreneurship, if one intends to study this on an academic level. From a practical point of view, to obtain information on the activity of actual or potential business partners, clients, competitors, etc., a WHOIS database serves as a very good basis. According to their domain names and registration parameters you can identify the other agents and get information on their impact and behavior.

Legal and criminal investigations

The easy availability of highly developed communication technologies poses significant challenges to investigators. “Traditional” criminals use Internet technologies for communication. Moreover, we are also facing cybercrime, entirely in the virtual world of the Internet. The scope of these is completely international, and sometimes even the respective legislation cannot follow the new trends. But after all, the investigation of crime is aimed at finding the real criminals behind the misbehavior in the virtual space. WHOIS data do not only connect domains and IP addresses to these, but by employing more sophisticated technologies, coherent attacks of cybercriminals can be revealed based on them. The use of WHOIS data is thus prevalently known amongst the investigators specialized to these kinds of cases.

Internet research

Finally, let us mention that WHOIS databases facilitate many interesting academic studies. They can be analyzed with traditional statistical methods, big data tools, graph algorithms, etc. Especially when supplemented with other data such as, e.g. geolocation information, the structure and dynamics of these data reveal a variety of interesting technological, societal or economic phenomena. A quick search on related terms such as “WHOIS data” or “WHOIS” database on scholar.google.com or any other database yields a lot of good starting points for understanding this direction.

References

Read the other articles

© Copyrights Whois Database Download 2017. All rights reserved.