2

I have a work project where I need to perform analysis on domain registrants behind a whois guard/proxy and figure out who they are(they are mostly bad guys who use domains for malware).
As a demonstration, if I run a whois lookup on test.com(I will not use a malicious domain here for obvious reason)

whois test.com -h whois.networksolutions.com

I get the following result:

[Querying whois.networksolutions.com]
[whois.networksolutions.com]
Domain Name: TEST.COM
Registry Domain ID: 5429075_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2018-07-21T07:22:47Z
Creation Date: 1997-06-18T04:00:00Z
Registrar Registration Expiration Date: 2019-06-17T04:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Reseller: 
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: 
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization: 
Registrant Street: 12808 Gran Bay Parkway West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.5707088780
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: qq9tq6x63es@networksolutionsprivateregistration.com
Registry Admin ID: 
Admin Name: PERFECT PRIVACY, LLC
Admin Organization: 
Admin Street: 12808 Gran Bay Parkway West
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32258
Admin Country: US
Admin Phone: +1.5707088780
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: qq9tq6x63es@networksolutionsprivateregistration.com
Registry Tech ID: 
Tech Name: PERFECT PRIVACY, LLC
Tech Organization: 
Tech Street: 12808 Gran Bay Parkway West
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.5707088780
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: t96nb4x48wg@networksolutionsprivateregistration.com
Name Server: NS65.WORLDNIC.COM
Name Server: NS66.WORLDNIC.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2018-10-17T23:18:12Z <<<]

You will see that it's behind a whois proxy. In order to figure out the real registrant behind this domain, I need to access all the domains in aggregate and run my model on it. However, most whois servers quickly throttle me if I perform the lookup repeatedly.
Is there a way to get around this? Or better yet to have a full access to the entire set of domains names with whois records? how would I request such access?

Linear Fusion
  • 41
  • 1
  • "I have a work project where I need to perform analysis on domain registrants behind a whois guard/proxy" if they are behind a proxy there is probably a reason so how could you imagine that, for "anyone" it would be possible to bypass that and get the true registrant? Don't you think it voids the whole proxy feature? – Patrick Mevzek Jan 06 '19 at 22:16
  • @Patrick Mevzek: there's no direct way to by pass whois proxy. You can guess based on historic data, but it's not a sure way. – user121196 Jan 08 '19 at 00:26

0 Answers0