Archive for the ‘Whois’ Category

Beyond Whois: DomainTools Domain Profile

July 18th, 2014 Comments off

beyond-whoisOfficial ownership records are valuable and can often tell interesting tales about the goods–physical or digital–that they cover. However, ownership records only go so far, as anyone who has used a commercial vehicle history report knows! Getting beyond the basics of registration data can make a world of difference for prospective buyers, and several firms have made a lucrative business out of providing detailed histories of cars and light trucks.

Internet domains are no different. It’s a safe bet that almost anyone reading this is very well-versed with Whois (which used to be spelled WHOIS, in the stilted English of protocol names back in the day). That familiar Courier-font blob of domain registration information is key to all kinds of activities, from domain investment and management, to brand management, to cybercrime investigation. The vast majority of investigations at DomainTools begin with a Whois lookup.

As useful as this information is, however, there is much more that can be learned about a domain by going beyond the data in the Whois record itself, so we’re going to spend some time looking at what’s *not* in the Whois records.

Here at DomainTools, we’ve been collecting and presenting such additional data for years, and the extra information forms a large part of the structure and experience of our Whois lookup results. We call this combination of Whois registration data and additional domain information the Domain Profile (though that name is not explicitly shown on the Whois results page).

Here are examples of the Domain Profile information, the datapoints that go beyond the Whois record:

  • IP address (some domains may not have one associated with them, but most do, even if it’s just a parking site from the registrar)
  • IP geolocation location and ASN (this tells you about the network on which the domain resides)
  • Screenshot
  • Website title
  • Response code (the code the web server sends back upon the initial HTTP connection–assuming the domain has a website up and running)
  • Server type
  • SEO score, terms, GA codes, images, and links information
  • MX records (these are not on the Whois results page, but are available to you through Reverse MX)

Each of these pieces of information can be very valuable. Which are most important depends on the type of investigation you are conducting. But right from the get-go, they help to give you an overall sense of the status of the domain, allowing you to very quickly assess the basics:

  • Does it have a website? Does the site look “professional?” Does it look as though it’s been updated recently?
  • Does it reside on a dedicated IP address, or a relatively “small” IP address (one with not too many other domains on it), or is it on a big hosting site?
  • Is there evidence that the domain’s owner has tried to maximize the domain’s profile, through SEO and other optimization techniques?
  • How does the owner (or at least the webmaster) describe the web site? What are they trying to tell the world (and search engine bots!) about the site?

By spending as little as a few seconds looking over the Domain Profile on the Whois results page, you can pick up a lot of useful detail, which in turn informs your decisions about what to do next in your investigation. The next blog on “Beyond Whois” will give more detail on how the Domain Profile datapoints can point you toward valuable answers and sometimes-unexpected insights.

As always, we invite your questions and feedback to Thanks for reading, and happy exploring!


The World’s #1 Whois service just got better

June 12th, 2014 Comments off

whois-fullIf you’ve spent any time on our site, you already know that “Whois” with DomainTools is much more than just a static Whois entry for a domain. Our Whois results page provides a detailed profile of the domain, including summary information on related IP addresses, name servers, IP geolocation, and web server stats and historical stats on domain ownership, NS, IP and Screenshot changes.

For most of our users, this is the jumping-off point for all kinds of investigations into cybercrime, security threats, online fraud, domains purchase, domain value, marketing opportunities, competition or any number of other activities.

We’ve just made access to this information easier to use, cleaner and faster. We’ve done a major overhaul of the Whois results page—a page that hasn’t had a design/UI update in many years. Not only was our goal to make it cleaner, better, faster, but to make it easier for users to start their investigations and leverage our Reverse, History, Monitors and other premium products. Like with a beautiful old building, at some point you need to renovate the lobby to make it look clean and function better.

Here’s an overview of the changes:

  • Major profile information has been cleaned up and organized so that the most valued and used information is on top.
  • Rows that contain historical or reverse lookup information such as registrant email, Whois History, and IP address, have action buttons that let you instantly “pivot” on that data point.
  • We flattened the tab structure so that key information is visible at a glance. We’ve included expand/collapse controls for the major sections of the table, as well.
  • A new “Tools” section is available in the upper right enabling you to jump straight to specific tools, view the domain’s screenshot, buy/backorder the domain, etc.
  • We’ve decreased load time.

For details on the changes and how to get the most out of the new features, read the User Guide.

What hasn’t changed:

  • We still provide the best coverage of Whois reporting across ccTLDs, new TLDs and gTLDs.
  • We still provide Whois history back 12 years.
  • We still provide the industry’s best Reverse Whois, Reverse IP, Reverse Name Server and Reverse Mail Server products.
  • We still provide the #1 Domain Search, domain name typo and name spinning products.
  • We still provide 100% real-time lookups, every time, for paying members. For non-paying members, most lookups are real-time and never older than that day. (The first lookup of every domain per day are real-time and subsequent lookups are never older than that day.)
  • The raw Whois record is always provided.

The new Whois results page is a big change from the previous. For long-time users, there might be a bit of a learning curve. So, please, jump in, explore, experiment and get to know it. We believe you will find it much more efficient. If, after you’ve tried it for a few days, you still have suggestions on how to make it better, please send us your feedback at

For casual visitors, many of our more powerful tools, like Reverse Whois, Whois History and Domain Search, are available only to subscribing members. If you’re not already a DomainTools Professional member, sign up for a membership or a Free Trial  to find out for yourself how much you can learn with the research products we’ve assembled on top of the world’s largest database of domain and IP information.

Thanks for using DomainTools and happy exploring!

Share redirected to

March 26th, 2014 Comments off

This week, DomainTools will redirect traffic to Many of you will remember that DomainTools originally started as “”. And that URL has maintained its sole purpose of serving the best Whois records in the industry. But as we continue to build and refine our business maintaining multiple sites and brands has created complexity. We’re in the process of revamping the entire whois experience on and want to bring all of our loyal users under one umbrella.

For several years now, the whois searches at have returned results from[domain.tld] pages. It is only the homepage that is now being redirected as the final piece in the migration. By redirecting we can focus all our resources on a single site and are able to offer you, our customers, a more integrated, feature rich and modern user experience.

If you are among the few that still use as your first interaction with us, we hope this is not a great inconvenience and that you find using just as easy, and hopefully better. If not, we are always interested in hearing what we can do to make your experience better. Thank you for your understanding.



Categories: External Articles, Whois Tags:

DomainTools Overhauls Whois History – UX Upgrades Continue

January 14th, 2014 Comments off

whois-history-screenshotWhen we rolled out our new website home page last November, we promised a transformation of our design and User Experience (UX) across our entire site.  And we’re not settling for superficial design changes, we are rethinking our UX to align with our users’ experiences and what they are trying to accomplish with our products.

One of the most powerful products DomainTools offers its members is our unique Whois History. Many of you visit Whois History every day—some, many times per day! This product contains valuable insight that can power many kinds of investigations, including researching the ownership history of a domain you wish to own, tracking down cyber-criminals and fraudsters before they hid behind Whois privacy protection and gathering evidence of ownership and usage of a given website.

Today, we’ve made all of that much easier. We’ve redesigned the Whois History UX to be more intuitive and to provide a huge boost in functionality  in order to accelerate your research. The new Whois History makes it faster for you to pinpoint significant events in the history of a domain, such as ownership, Whois privacy, and contact information changes. This will dramatically reduce the amount of time required to investigate historical changes to a domain.

What’s changed? Take a look!

  • Total layout and UX redesign—This is not mere window dressing! The new look enables you to quickly find dates with changed records, while viewing and navigating the data at the same time.
  • Filtering for fast search—Filtering helps you narrow a search and pull out those records that contain a specific bit of information, such as a person or organization name, phone number, physical address, etc.
  • Whois record changes highlighted—You can now view the specific changes that occurred highlighted within the documents themselves. No more hunting back and forth between two records to find the differences!
  • Screenshots with Whois records—Links to screenshots were added so you can track homepage changes at the time of the Whois record change without leaving the page.
  • Inline Reverse Whois lookups
  • Download and Bookmark records
  • …and, importantly, we have not removed any functionality. You’ll still be able to accomplish everything you always could—and more!

The new site should be easy to figure out, but if you want to accelerate your ramp to becoming a Whois History Power User, all the new features are explained in this help page and video link:

We are very excited about this update. Everything we do at DomainTools is aimed at helping you get the answers you need quickly and efficiently. We believe this update to Whois History delivers on that promise.

Check it out!

Jeff Day
VP of Product


Extreme Makeover for DomainTools Website

November 3rd, 2013 Comments off

We are very excited to present a new look and feel for DomainTools’ website!  This is the first of many changes to design, usability and architecture to come.  We have long wanted to update the look and usability of our website, but have prioritized delivering the best data, scalable and reliable infrastructure and innovative products over UI as we know that access to data is what drives value for you, our customers.

We are now undergoing a UI and usability refresh to bring our design up with today’s standards and ensure an efficient and positive user experience.  This home page and navigation redesign is just Phase One and includes major improvements to design, navigation, overall site usability and support resources architecture to make our customer’s experience better.

As I’m sure is apparently obvious, our new home page and solution pages reflect a significant new growth opportunity in our business; Enterprise sales for customers in the brand protection, cybercrime investigation and ad or social network markets.  As the leaders in domain name and DNS data intelligence, DomainTools holds incredible value to companies who want to use “internet data” to know who is attacking their networks or infringing on their brand on the Internet.  This evolution benefits everyone, as new revenue growth enables us to invest more in product innovation and data gathering.

We remain committed to the customers on which this Company was founded: Domain professionals.  While a home page and site redesign is a natural first step of a website overhaul, future improvements will bring much needed updates to our core Whois and domain research usability and provide valuable new research tools and data visualization elements.  Keep a close eye on the site, and this blog, as we rollout improvements as they are ready.

We’re excited about all the work that has gone into our new website.  Check out major updates in:Home page and solution pagesLabs_screenshot

  1. Design and navigation, across the entire site
  2. Re-architected support page for better search and easier access to help, product information and best practice resources
  3. New Solution Briefs and education collateral
  4. New “DomainTools Labs” section showcasing Nextgen product innovation
  5. Peek at upcoming products IP Monitor and Reverse IP Whois

We hope you like the new improvements.  I know the new design and logo will come as a shock for those who have gotten used to our look and feel over the last 6 years, but change is good and reflects our commitment to investing in the business. Look for more as we continue to rollout updates that make it easier for you, our members, to do the research and get the information you need.



The Big Business of Cybercrime at FS-ISAC, IACC and INTA 2013 Spring Conferences

May 21st, 2013 Comments off

This spring contained, as usual, the spring “conference season”.  And, DomainTools attended a variety of them.   The back-to-back-to-back conferences we exhibited at were FS-ISAC, IACC and INTA.  Each of the three conferences had sessions covering the pervasiveness of cybercrime generally, but each also focused in on areas specifically pertaining to their own discipline: the security of financial networks and accounts, the sale of counterfeit goods, and online intellectual property/brand protection, respectively.

No matter how long I have been “in this business”, I continue to be awed by the vastness, ingenuity and determination of cybercrime and cybercriminals themselves.  It is big business.  Cybercrime has many impacts starting with potentially significant financial loss, both to individuals and companies, data and intellectual property loss, brand and reputation damage, and overall network and infrastructure abuse.  In 2012, Internet Crime Complaint Center (IC3) published their annual report which contains a fabulous overview of reported cybercrime such as automobile fraud, extortion scams, scareware tactics and others.  It also states reported losses by consumers above $525 million, an increase of 8.3% from 2011 — and those are only the reported losses.  IACC claims counterfeiting is a $600 billion a year problem.  Any way you look at it, crime is big business.

To combat this trend, security tools have changed.  They had to.  Fraud detection and prevention must adapt at a very fast pace to keep up with the online criminals’ ever-changing tactics. Entities must protect themselves, their employees, their network and their customers.  Rarely does a week go by without some new malware, email phishing scam or counterfeit takedown broadcast in the news.

Organizations are getting smarter through intelligence sharing, leveraging best practices, engaging with social media, and employing the use of big data.   Utilizing these various tactics can make it easier to identify suspicious behaviors earlier and monitor ongoing threats more surgically.  This is where DomainTools data can be useful:  Domain name and IP Whois data can help identify bad actors, either by utilizing Whois history which can often defeat Whois privacy services, or by associating domain names and IP addresses to each other through common variables.  DomainTools has the best Whois data, and therefore gives our clients the best chance of finding out who is behind a cybercrime.  Our data helps protect companies, networks, employees, customers and internet users worldwide.  And we’re just getting started.  Later this year DomainTools will be releasing powerful new investigative tools which will set the standard for how whois and DNS data can inform critical cybersecurity efforts across the globe.  Stay tuned!


5 Things To Know About Managing Your Domain Information

April 25th, 2013 Comments off

gear-sign-officeAll too often the Support Team here at DomainTools receives disconcerting stories from registrants who have no control over their domain names or websites.  What is entirely surprising is how many registrants shift control of their business’ domain and/or website to outside resources without building a solid understanding  as to how to manage their own domain assets.

With many trustworthy Registrars in today’s domain registration marketplace, with their volumes of Help and Support knowledge resources, it is mind boggling at times that people still blindly trust others to handle what may very well be one of their most crucial business decisions.


I have found that there are five basic tips that can be useful, to even the most novice domain registrants:

1. Registering your own domain name is simple. If you sign up for Facebook, you can create a user account at a Registrar of your choice.  The information fields you will be asked to fill out are pretty basic and take only minutes to fill out.  You should expect a confirmation email in order to verify your account.  Again this is a fairly standard protocol in today’s online world.  The verification email is also a great way to become familiar with how your registrar contacts you and so you can add them to any ‘safe’ lists you may have.  This will ensure that you don’t miss any important communications from them during the registration lifecycle. Help and Support information links are usually provided with these communications as well.


2. Don’t let anyone else register your own domain name. Avoid the “I let my sister’s, in-law’s, brother’s aunt whose son’s girlfriend’s, sisters hair dressers, cousin who work down at the docks and dabbles in web design, register my domain name” scenario. Friends and family are great, don’t get me wrong.  However, YOU should be the point of contact managing your domain assets. DomainTools receives at least half a dozen inquiries each day from registrants trying to access or reclaim their names because they allowed someone else to register it.  One day a registrant is communicating with their ‘web person’ then the next they have disappeared into thin air, leaving them with no access or ability to manage their domain asset. By choosing to use one of the more popular or well known domain registration providers you can rest assured that they will be there when you need them.  Many have 24 hour online and phone support and likely live chat with a real customer service representative.


3. Understand the WHOIS requirements.  All ICANN (Internet Corporation for Assigned Names and Numbers) accredited registries must comply with the WHOIS database requirements.  As such, when you register a domain name, ICANN requires your domain name registrar to submit your personal information to the WHOIS database.  Once your listing appears in the online directory, it is publicly available to anyone who chooses to check it using a WHOIS search tool such as DomainTools.  ICANN does a very thorough job of providing information on Registrant Rights & Responsibilities.


4. WHOIS privacy services are available to every Registrant. There is no disputing the potential risk of falling victim to hackers, spammers or other nefarious players by having your personal information made publicly available.  However, you (and other registrants) should know the may absolutely use a privacy protection service to mask their public WHOIS data details.  Most of the major registrars offer privacy services and if registrants. Not sure if your own registrar does? Ask and find out.


5. Get peace of mind through multi-year registrations.  Just before submitting the final check out button to pay for your domain name purchase, many Registrars will offer you the opportunity to register the domain name for multiple years.  This may seem like an upsell but in fact this is an opportunity for the registrant to lock in their name for years to come.  Many will offer 2, 3, 4, or 5 years registration.  The main benefit is that you will not have to worry about the yearly renewals and the possibility of missing the notification.  If you decide to choose the single year option, a domain-monitoring tool such as Domain Monitor from DomainTools can be a handy tool in your management ‘tool box’.  Access to Domain Monitor is free with a Novice account from DomainTools.


Santas Favorite Whois Contest Winners!

January 4th, 2013 Comments off

A BIG thank you to all of you who entered the Santas Favorite Whois contest! Santa had a wonderful time reading all of the entries and drew the following names out of the entry bag. The following three people won a FREE DomainTools Professional membership for one year (or a FREE Professional membership renewal for one year) if he or she is a current DomainTools member):


“DomainTools is one of the critical weapons that we have in combating counterfeiting on the Internet.  We use it on a daily basis to monitor domain names and keep track of registrant information.”

Joseph C. Gioconda
Attorney, Counselor at Law and Founder
Gioconda Law

“Small web professionals need all the help they can get to protect their ideas and future plans on their assets, what better way than to use the awesome Domain Tools to catch up with what other similar sites are doing to protect theirs! Without tools like it its like walking down a blind alley knowing you probably will get mugged.”

Anita Sudhakar


“DomainTools is a very valuable service to be because it allows me to do bulk registration lookups and greatly aids me in trying to attribute network based attacks against my customers. I have used your tools for years and find that they are really the only player in this space to date.”

Chuck Yarbrough
Senior IT Security Instructor/Developer


Congratulations to Joseph, Anita and Chuck! We’ll be be in touch shortly to set up your FREE DomainTools PRO account yearly access or renewal!

Thank you again to everyone who contributed a quote and cheers to 2013!


-DomainTools and Santa


The Numbers Behind Whois Privacy

November 16th, 2012 Comments off

Whois Privacy is an important topic here at DomainTools.  After all, a primary use of our Whois History product is to get behind Whois Privacy if possible.  Just this week Brian Krebs wrote an interesting blog post that does a good job of showing the power of DomainTools’ Whois History.

Whois is also a prevailing topic seemingly every year at ICANN Conferences, and no debate about Whois data is complete without also discussing the benefits and costs of allowing domain owners to utilize Whois proxy services in order to shield their domain ownership from the public eye.

With the recent celebrity of Nate Silver, data is now in vogue more than ever.  Data, assuming it is accurate, is fact not opinion.  Data helps inform qualitative conversations, can lend momentum to important decisioning processes, and can uncover unknown information in unique ways.  Take the first list in this article, below:  That 94% number shocked me so I pulled up the homepage and sure enough, every domain at gets free privacy protection.  Never knew that!   So in the spirit of featuring more of our DomainTools data on this blog, we offer some insights below on the proliferation of whois privacy at the registrar and TLD levels.

It must be noted upfront that, due to the imperfect nature of both Whois data and privacy identifiers, no data set in this arena can be 100% accurate. Specifically we identify these caveats with the data:

  • DomainTools does not have Whois records on all registered domains worldwide.
  • We only focused on privacy services with over 1,000 domains under management.
  • ccTLD data skews the numbers in cases such as .de, .es, and .eu where registrant data is not provisioned publicly.

Now to the data:

  • DomainTools identified 130 different privacy services across almost 225 million unique domain name Whois records.
  • Almost 32 million domains were identified as private, or about 15% of the total population we reviewed.




Privacy Concentration for Registrars with between 100K and 1MM Domains Under Management:
1. PTY LTD  94%
2.  April Sea Information Technology Corporation 93%
3.  New Dream Network (DreamHost) LLC  91%
4.  Brandon Gray Internet Services (  80%
5.  Bargin Register 76%
6.  BigRock Solutions pvt LTD  47%
7.  Cloud Group Limited 47%
8.  Netart Registrar Sp. z.o.o. 47%
9.  Net Earth One (Net Earth)  43%
10.  FBS Inc.  43%

Privacy Concentration for Registrars with over 1MM Domains Under Management:
1.  GMO Internet (  51%
2. pty LTD 48%
3.  PDR (  37%
4.  DomainSite  33%
5.  Moniker Online Services  26%
6.  25%
7.  Enom  25%
8.  Network Solutions  23%
9.  Tucows  22%
10. GoDaddy  21%

Privacy Concentration for TLDs with over 1MM Domains in DNS:
1. INFO  28%
2.  CN  20%*
3.  ORG  20%
4. COM  19%
5.  NET  19%
6.  BIZ  18%
7. MOBI  17%
8.  CO  17%
9.  JP 12%
10  IN 1%

* Nearly all the ‘private’ domains in .CN are associated with one registrar and privacy provider, and there are indications of underlying domain tasting on .CN as well.  Absent this registrar, privacy on .CN is virtually nil.


We’re putting this new data to work at DomainTools as well.  Our Whois History product uses color scheming to let users more easily identify privacy records in the reams of historical Whois records we have on file.  The work our R&D team has done to update our privacy detection is going into production shortly, making related tools all that more accurate.  Look for a redesign of our Whois History product coming soon!


Domain Spammers Fill-Up Christmas Inboxes

December 27th, 2011 Comments off

The onslaught of domain spammers emailing solicitations to acquire domain names that are dropping or pitching domains for sale seems to have increased dramatically over the last month.  Seeing that there is no rest for the wicked, I woke to find these devious elves had filled my Christmas morning in-box full of left-over fruit-cake domains (see image for examples).

The domain spamming appears to be increasing as new drop-catching services, email out domain names that may have some correlation to a domain name that the recipient of the email owns.  Companies like Intrust Domains have been soliciting people to “express interest” in a domain that Intrust then attempts to acquire.  I’m sure that anyone with a portfolio of even a handful of names has likely seen an email from one of these companies.  Clearly these spams have worked a reasonable rate of success or there wouldn’t be an increasing number of companies doing the same thing.

The sender of these emails tend to either be

Domain Opportunity which includes the address :
Backorder Division
200 E Colfax Ave # 100
Denver, CO 80203

Domain Inquiry
Marketing Development Team
111 N Canal St Suite 1890
Chicago, IL 60606

Domain Alert
The Domain Team
25 First Street, 2nd Floor
Cambridge MA 02141

Available Domain
The Domain Team
25 First Street, 2nd Floor
Cambridge MA 02141

I suspect that these are all the same group. Each email is formatted similarly and contains an opt-out at the bottom. Additionally all 3 senders above uses a link to an obscure domain name. For example , which at the time of this writing and in all cases links to

Another increasing form of domain spamming comes in the form of “new” sales letters. In a similar fashion to the expiring domain spam, these “marketers” tend to email domains that they have in some way deemed related to a domain you may own, at least that’s the story I’ve been given.

As an example, in the last 5 days I’ve received over a dozen an emails about “High SEO” domains such as,,, and from “Robert Parker” or “ADAM SMITH”, Michael Thomas and ”George Hunt”, who happen to have the same phone number : +91.939.277.4412

When I emailed and asked where they got my email address, they informed me “My email program found your email address from the whois data of similar domains.”   There’s no telling what “similar” domains means.

I’m all in favor of receiving an email about a domain opportunity that I might be interested in and I’ve been inclined to send out the occasional email about a domain I’m selling.  I’d like to think that these emails would be highly targeted to the recipient and may even be coming from tools like Estibot’s lead generation tool, but the recent ones I’ve been flooded with seem far too obscure and untargetted to be sourced via this tool.

This new breed of “domainer” seems to pay no mind to who they are emailing or why. The pitches are canned and automated at best, some containing the mistakes of non-native English speakers. Rather than sending out a targeted message, it seems domain spammers, like those spamming prescription medicine offerings, find it much easier to flood every possible in-box with their ridiculous pitches.  I suspect that much of the email harvesting that these spammers do comes from checking the new whois information of sold domains harvested via or

All signs indicate that there’ll be an increase in these emails in the coming year. Unfortunately, the results of this will likely also increase the number of domains bought under privacy as well as the number of domain sales that go unreported.

What do you think about this issue?

(c) 2011 (1)

DomainTools is giving away a free Reverse Whois Report for up to $99 to a winner in a giveaway they launched recently. In order to enter, visit their site to send an email to Santa before January 2nd, 2011.