The WHOIS record information is not gathered by performing a real time WHOIS lookup against another database. Instead, Umbrella Investigate maintains an extensive database of WHOIS record information. The WHOIS information shows the standard output of registered users or assignees for the domain queried, along with a full range of typical WHOIS data for a domain.
WHOIS data is generated from the domain registrars and, as a result, is not consistent in formatting, language or syntactical conventions. Investigate can return high-quality results when searching for gTLDs (for example, .com, .org and .net), but not from ccTLDs (for example, .ru, .cn, and co.uk). As a result of discrepancies, requests for information to our database can fail and there are times when historical or current records are not available.
- WHOIS Record Is Unavailable
- WHOIS Record Contact Information
- WHOIS Record Domain Availability
- WHOIS Record Email Addresses
- WHOIS Record Nameservers
- WHOIS Record Show More Data
At times, WHOIS record information is not available. For example, the domain does not exist:
"Sorry, couldn't load WHOIS information for this domain”
Note: Data may also not be available if the WHOIS information is simply set to active with no details available.
The first section of the WHOIS record information contains the Registrar Name and Internet Assigned Numbers Authority ID (IANAID) of the Registrar. For a full list of the IANAID, see Registrar IDs.
The next section of the WHOIS record includes fields related to when the domain was created, updated, or expires:
Created—Date the domain was registered.
Updated—Date the record was last updated.
Expires—Date the record expires.
Click Get latest to refresh the record with the latest available data. This refresh can be helpful if the record seems outdated at first glance, or if you’re reasonably confident that there is newer information available.
Click Raw data to open a new tab in your browser that displays the raw WHOIS record. If Investigate has no WHOIS record data, then the Raw data tab is blank.
Next, the WHOIS record lists the email address or addresses of the registrants for the domain.
The WHOIS Email Address section contains the following fields:
- Email Address—Address of the registrant associated with this domain.
- Associated Domains—The number of domains registered by this email address, including the number of malicious domains. The maximum number of Associated Domains is 500 and, where possible, the UI will show if any of the 500 gathered are malicious. The number of malicious domains only includes the ones in the first 500 results.
- Email Type—Owner, Administrator, Technical, Contact, Billing.
- Last Observed—Typically current, but changes to a date when the domain is no longer related to the email but was at some point in history. If Last Observed is dated, try clicking Get latest to refresh information.
If there is any historical information about the email address of the domain registrant, Investigate displays it under the “Show past data” button.
To pivot on the email and view information associated with the email address, click the email or the number associated domains to the email view of the WHOIS data.
For more information, see WHOIS – Email View Details.
The WHOIS Record contains information about the name servers that provide zone records.
The WHOIS nameservers section contains the following fields:
- Nameserver—Domain name of the nameserver.
- Associated Domains—The number of domains associated with the nameserver, including the number of malicious domains. The maximum number of Associated Domains is 500. Investigate displays the number of Associated Domains if any of the 500 domains are malicious.
- Last Observed—Current, but may change to a date in the past when this domain is no longer associated with the nameserver, but had been at some point in history. If Last Observed is dated, click Get Latest to refresh the information.
For more information, see WHOIS – Nameserver View Details.
For additional information about the WHOIS record connected to the personal details of the registrar—the Contact Name, Address, Phone number and Fax Number, click Show more WHOIS Data.
Note: In some cases, the information displayed may be falsified or obfuscated by malicious domain registrants and may not be of any particular value. You cannot pivot to other domains from this area of the WHOIS record.
The WHOIS record Show more section provides additional information which includes the Contact Name, Contact Type (Owner, Administrator, Technical, Contact, Billing), the date when the Contact Name Last Observed (Current, or a historical date), and the Registrant Address and Phone number (shown with their respective Type and Last Observed date). For each Address, there is a link to Google Maps.
Note: WHOIS data for addresses that do not follow any standard may fail to find the address location, and as a result fail to link to Google Maps.
If the domain is a nameserver for other domains listed in the WHOIS database, the WHOIS records shows these other domains. The information displays the domain to domain relationship (authoritative DNS) rather than an IP to domain relationship drawn from our DNS records. For more information, see WHOIS – Nameserver View Details.
Updated over 1 year ago