Find Out 'Who Is' Behind a Website
Edited by Doug Collins, VC, Alma, Inukshuk and 10 others
Have you ever wanted to find out who was really behind a website? Maybe a name that you are considering for your new website is already taken, and you're interested in contacting the owner of the domain to see if they are willing to sell it. Perhaps you think the name of the website that you're on doesn't seem quite right, and you want to check to see if it really is owned by that big corporation that you think you're dealing with, and not some phishing scammer in his basement. Whatever your reason, the internet has a system that will show you who owns a domain and how to contact them. This system is called WHOIS (pronounced as two words 'who-is').
Of course, an open database showing who owns every site and their contact information was quickly scanned and exploited. This gave rise to the optional private or anonymous domain name registration, in which the general contact info for the registrar company is shown to the public, rather than the individual owner's addresses. However, there are still some ways to find out more details if you know how to look. This article will cover both the basic whois lookup and more advanced techniques to see who is really behind a website.
As you go through this wiki, start a document and cut and paste the results of each step into it. You will find this useful later when you are trying to put all the clues together, assuming the whois information you find is less than helpful.
- 1 How to do a standard 'Whois Lookup'
- 2 How to get past the anonymous domain registration and contact the real owner
- 3 Questions and Answers
- 3.1 Who is behind this website quentinandrewsSPAMURL1931 .hpage.co.in/welcome_26712275.html?
- 3.2 I am trying to trace a phishing website owner?
- 3.3 What about advanced techniques?
- 3.4 How to get past the fake registrant name on Who Is?
- 3.5 How to find a website owner when the owner is hidden by a proxy?
- 3.6 How can you track someone who has given fake details in the WHOIS records?
- 4 Comments
How to do a standard 'Whois Lookup'
The starting point to find out any information about domain ownership is to do a WHOIS lookup. For many companies, this is all you'll need. If the information is public, you're done. If however, as is becoming increasingly common, the information is protected, or private, you'll need to do a little more digging.
- 1Go to a public tool like whois.net, Internic Whois or who.is a relatively new entry into the whois arena
- 2Enter the target domain name in the box and click "Go"
- 3For the purposes of this example, we have chosen to lookup apple.com
WHOIS information for apple.com:** [Querying whois.verisign-grs.com] [Redirected to whois.corporatedomains.com] [Querying whois.corporatedomains.com] [whois.corporatedomains.com] Domain Name: apple.com Registry Domain ID: 1225976_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.corporatedomains.com Registrar URL: www.cscprotectsbrands.com Updated Date: 2013-11-27 04:36:25 -0500 Creation Date: 1987-02-19 00:00:00 -0500 Registrar Registration Expiration Date: 2021-02-20 00:00:00 -0500 Registrar: CSC CORPORATE DOMAINS, INC. Registrar IANA ID: 299 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +1.8887802723 Domain Status: clientTransferProhibited Registry Registrant ID: Registrant Name: Domain Administrator Registrant Organization: Apple Inc. Registrant Street: 1 Infinite Loop Registrant City: Cupertino Registrant State/Province: CA Registrant Postal Code: 95014 Registrant Country: US Registrant Phone: +1.4089961010 Registrant Phone Ext: Registrant Fax: +1.4089741560 Registrant Fax Ext: Registrant Email: firstname.lastname@example.org Registry Admin ID: Admin Name: Domain Administrator Admin Organization: Apple Inc. Admin Street: 1 Infinite Loop Admin City: Cupertino Admin State/Province: CA Admin Postal Code: 95014 Admin Country: US Admin Phone: +1.4089961010 Admin Phone Ext: Admin Fax: +1.4089741560 Admin Fax Ext: Admin Email: email@example.com Registry Tech ID: Tech Name: Domain Administrator Tech Organization: Apple Inc. Tech Street: 1 Infinite Loop Tech City: Cupertino Tech State/Province: CA Tech Postal Code: 95014 Tech Country: US Tech Phone: +1.4089961010 Tech Phone Ext: Tech Fax: +1.4089741560 Tech Fax Ext: Tech Email: Apple-NOC@apple.com Name Server: nserver5.apple.com Name Server: ADNS1.APPLE.COM Name Server: nserver3.apple.com Name Server: nserver4.apple.com Name Server: ADNS2.APPLE.COM Name Server: nserver2.apple.com Name Server: nserver6.apple.com Name Server: nserver.apple.com
Whois information is provided so you will be able to know who is behind the website. This information can help you determine the credibility of the website, or perhaps you would like to contact their technical people to let them know about a problem with their website, or perhaps you would like to buy the website. Unfortunately in today's world this kind of information, especially for larger websites, is easily and routinely exploited. So many websites have fake, misleading, or dead end information listed in their whois info.
Anonymous domain ownership through domain registration proxy
You might also see entries like this:
Registrant Name: WHOISGUARD PROTECTED Registrant Organization: WHOISGUARD, INC.
This means the ownership of this domain is protected so you cannot find out who is behind the website. Another company's information is listed in proxy. To find out who is really behind such a website will require more advanced techniques.
Abuse? How to report abuse to the domain registrar
Some registrars take action against domains involved in serious abuse such as phishing. You can use this email and phone number to report such problems. You will find the abuse has to be very serious for domain registrars to take action. You will find ISPs to be much more responsive
Registrar: ENOM, INC. Registrar IANA ID: 48 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: +1.4252744500
How to get past the anonymous domain registration and contact the real owner
Anonymous domain registrations are commonly used today by webmasters to protect their true identity. Amazingly there a lot of approaches that will yield clues that, with a little elbow grease, will often produce an identity.
Find out what other sites are hosted on the same IP address
If this is a private server the owner will often have other sites he owns shared on the same IP address. Use a service like spyonweb to see what other domains are hosted on the same ip.
Find out what other sites use the same Google analytics or Adsense codes
Google really doesn't consider your privacy as a site owner when they design their software. Most websites on the internet use Google's analytics software to analyze their website traffic, and Google AdSense to sell ads to their traffic. If a webmaster has several sites with the same Google analytics or Adsense codes tools like spyonweb will show you these sites:
It is surprising how many webmasters will protect their identity well on one website but on another they list their contact info. Many webmasters fail to realize they have left a cookie trail by using Google analytics or AdSense codes. And to be fair, Google forces you to use the same Adsense codes on all websites, and if you sign up with multiple identities and you are caught you are turfed from the AdSense program for life. So most webmasters can't take the chance, which creates a great trail for you to follow to find out who they really are.
Offer to buy the site
Almost every site is for sale for the right price. This technique will most likely get you the email address or some kind of name when the person replies to your offer. Make sure you do some research to offer a decent price. Check the site's Alexa ranking. Also get ballpark value of the site from here. Then send an email to offer to buy the site to the email listed in their whois information. Even though the whois data is usually an anonymous proxy identity, the email listed will be forwarded to the real owner. Don't be scared off by the email's crazy format which often includes crazy letter and number combos like this:
These machine generated emails do forward to the real owner so go ahead and send the email, but you should be aware these codes change frequently so the email address will only work for a limited period, so do not try to re-email this address later. if you want to send a second follow-up email you will need to lookup the email address again as the code embedded in the email address will likely have changed.
If the email doesn't work and you don't get a response, consider emailing the email addresses listed on the website. If that doesn't work, or no email addresses are listed on the website then try sending an email to each of these commonly used email addresses. Be sure you send to each of the following email addresses separately because most spam systems will reject emails with too many bad addresses. So do not load up the "To:" field with all these emails. Take the time to send an email to each address.
email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com
When you get a reply, see who sent you the email. Often you will get an email or name. If you want to know where they live roughly, view the source of the email. In the header of the email, you will see the original sending IP address. If you don't know how to read an email header, like most people, then you can lookup the email source ip here like this:
Finding out the location of the sender of the email can help you evaluate the data you have dug up dug up in your investigation. If you find out the sender lives in the same region as the whois info it can add credibility that this information is correct. Or perhaps the sender's location matches another website they own where they list their address.
Questions and Answers
Who is behind this website quentinandrewsSPAMURL1931 .hpage.co.in/welcome_26712275.html?
I d like to know more about the owner of this webpage quentinandrewsSPAMURL1931 .hpage.co.in/welcome_26712275.html
Visiting the site it clearly says its a "David Stewart site" however the user id found in the subdomain portion of the URL is:
This implies the user is named "Quentin Andrews". The articles in the left-hand menu are all about financial trading. The backlinks (somewhat hidden as they do not have any decoration to indicate they are links until you mouse over them) point to various user profiles:
The user profiles are not filled out and are all different user names. Right away we now know we are dealing with some type of web spam. I have purposely removed HTTP from all URLs and added SPAM URL into each URL so this wiki does not reference any web spam.
So now we know this is the work of a web spammer who's identity is sure to be hidden. It is very likely he is operating a spam tool which creates thousands of useless user profiles. To get search engines to index these useless profiles he is creating backlinks. Of course, that is a guess but there is not a good reason to use terms like "trading binary options" and "binary options" as anchor text to empty profiles. The ONLY reason I can think of would be web spam. At this point, you would have to try and get IP address information from the various websites that were spammed. In addition to being very time-consuming this effort would likely be unfruitful, Most websites will not share this information, and even if they did it would lead to proxy IPs. You would then need to get the logs from those proxies (assuming they keep logs) and then get a court order to get the real world info on who is behind those IP addresses. Unfortunately, web spam is not illegal except in eyes of Google and other search engines. Therefore getting subpoenas would be impossible unless you can prove some type of illegal activity took place and convince law enforcement it is worth pursuing. With so much credit card fraud, identity theft and phishing scams swamping law enforcement, web spam, even if it were illegal, would be low on the priority list in my humble opinion.
I am trying to trace a phishing website owner?
I am trying to trace the real owner of a website called sky-request.com. I have tried: Have contacted the who is abuse section - no response, have contacted the who is phone number - no help, have contacted owner on social media - no response. I think it was caused by: Believe it is a suspect owner and they are hiding real identity
Phishing is illegal. You should report your situation to law enforcement or the FBI. Phishing is a serious crime and law enforcement can use their subpoena powers to get information you can't.
What about advanced techniques?
Hello what are the "advanced techniques" to track an email through WhoisGuard?. . As it is mentioned in the paper
VisiHow QnA. This section is not written yet. Want to join in? Click EDIT to write this answer.
How to get past the fake registrant name on Who Is?
I want to know who the REAL owner of the business is at a certain website. On Who Is, it says the owner is domain by proxy is the owner, which I KNOW is not true. I want to know who is hiding behind DBP. Is there any way to do that? . Thank you!. I have tried: I have googled and searched and their listed phone number comes up as a "scammer" phone number. I think it was caused by: I am wondering if the products on this website are fraudulent or not? I was considering placing an order, but when I go to order on their website, it was there is a problem with their PayPal merchant account and to come back later? Are you kidding me?
Obviously other people being scammed already complained and his account at paypal has been suspended. Now if you have any damages you can file a "John Doe" lawsuit against him. As part of a "John Doe" lawsuit the court will order paypal to give up his real identity.
I used Whois to look something up but they are hidden by. I think a proxy (go daddy) for one. There are a few sites. that I believe are ran by propaganda but the owner is well. hidden. Thanks for any help.. I have tried: I tried whois website and the go daddy domain look up. I think it was caused by: They don't want people to know who is really behind website
Email the website and offer to buy it for a serious sum of money. Domains by proxy websites always forward the crazy email they show to the website owner's real email address. When he replies often the email will come from his real email. With his real email address you can search Google for similar user ID's. Also check social media profiles matching his user information. Often people will use a similar username in their email all over the internet. So if his email is firstname.lastname@example.org then search the internet for skyfallblue or skyfallblue882.
How can you track someone who has given fake details in the WHOIS records?
I am performing a case study on how to track the webmaster whose email ID and all means of contact listed are fake. For anonymous contact one can communicate at other webmaster emails, but if all those webmaster email IDs are fake then what can one do to find the real identity? I have tried: I have tried WHOIS and reverse WHOIS lookup, but the details returned are fictitious. I think it was caused by: The webmaster has entered fake contact information and has still managed to get a domain name registered.
- 1Contact the registrar's abuse dept. Most abuse email addresses are email@example.com. All domains are required to keep their whois information up to date and accurate. The registrant will either have to correct their whois information or lose their domain.First, you can turn them in.
- 2Contact customer service. When they reply by email track their email header to their IP location here: .A secondary approach, if the website in question sells something, then pretend to be a customer.
- 3Use their IP address found in the previous step in conjunction with their physical address to deduce if you have found their base of operations.If they sell a physical product you can by the product and then return it.
- 4Visit the physical address and pretend to be a customer and see what you can learn.
- 5Ask for an address you can send the prize. You will need to give them some type of proof that this is not a scam because many scams work this way. If they don't publish an email address try each of the standard email addresses:Another idea is to contact the website and tell them they have won a prize.
Categories : Ultimate Guide To Build & Promote A Website
Recent edits by: mfrank, Maria Quinney, WebmasterRPI