How to Screen Domain Owners with Reverse WHOIS API and Reverse WHOIS Search

While the primary function of ISPs is to provide Internet access, some even offer domain name registration, web hosting, and email services.

17:15 24 February 2020

And to make sure that they are providing their consumers with the best service while complying with government regulations and cybersecurity best practices, ISPs sometimes have to screen potential domain owners. Here is the reason why and how they can do so using solutions like Reverse WHOIS API and Reverse WHOIS Search.

The Importance of Screening Domain Owners

For ISPs, screening domain owners is crucial for various reasons. Some countries have strict Internet censorship laws that they must comply with. Nations like China and Russia, for example, have been notoriously associated with intense censorship, and ISPs often have no choice but to prevent certain websites from being accessed.

While ISPs’ primary role is to provide IP addresses to Internet users, they still need to make sure that none of them have malicious intentions. Some may be infringing on trademark owners’ brands or creating phishing websites. By knowing more about each domain owner, it is then easier for ISPs to assess whether he or she should have the right to Internet resources or not. That is especially true for ISPs that operate in countries that require them to take an active role in mitigating online threats.

Ridding client lists of malicious domain owners, however, can be a daunting task. It is, however, not impossible with the help of domain solutions such as Reverse WHOIS API and Reverse WHOIS Search.

What Is Reverse WHOIS and How Does It Work?

Reverse WHOIS Search is a tool that allows users to get a list of all domains associated with a specific parameter such as a person’s name, organization, email address, telephone number, or physical address. That said, an ISP that wants to know more about a domain owner can use it to gather more information.

The tool also comes in an API version, Reverse WHOIS API, which users can easily integrate into pre-existing monitoring software. It gives out the same results that can allow ISPs to get to know domain owners better.

How to Use Reverse WHOIS API & Reverse WHOIS Search to Investigate Domain Owners

Let’s consider this scenario: A company filed an abuse report to you against a person who runs a look-alike of its domain. You received the registrant’s name and you can use either Reverse WHOIS API or Reverse WHOIS Search to know everything you can about the said registrant.

Here’s how:

 

• Search for all domains related to the registrant’s name

Perform a reverse WHOIS by registrant search using the domain owner’s name as a keyword. You should get a list of all the domains that have the name in their WHOIS records.

 

• Compare the look-alike’s WHOIS record with the complainant’s

Go through the entire list of resulting domains and look for the offending domain. Build a WHOIS report for it. Create a WHOIS report for the complainant’s domain as well. Compare their creation dates. If the domain look-alike was registered later than the legitimate domain, you could proceed with taking action.

 

• Perform the necessary action

If the domain look-alike’s record shows who its owner is, you may contact him/her directly. If not, you can go through the registrar. Should the domain’s owner fail to prove that he/she isn’t infringing on the rights of the trademark owner, you may proceed with blocking access to it.

As an additional precaution, ISPs can run potential domain owners through background checks using Reverse WHOIS before giving them purchase rights.

---

ISPs play a crucial role in making the Internet a much safer place for all users. By going above and beyond their core responsibilities with the help of domain research and monitoring solutions like Reverse WHOIS API and Reverse WHOIS Search, ISPs can provide the best service for their customers.

About the Author

Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP)—a data, tool, and API provider that specializes in automated threat detection, security analysis, and threat intelligence solutions for Fortune 1000 and cybersecurity companies. TIP is part of the WhoisXML API family, a trusted intelligence vendor by over 50,000 clients.