Detectify
Knowledge Base

Back to Knowledge Base

Support Center

WHOIS

Last Updated: Apr 21, 2017 08:04PM CEST

External parties may look up contact information and other data related to the server environment and employees by querying a whois server. The lockup itself is not an attack, but the information gathered can be used in further attacks.

What can happen?

Anyone can look up the owner, the domain registrar, and other information about an domain. This can then be used to find other domains the same owner has registered, send phishing emails to the owner, and similar attacks.

Remediation

The WHOIS records will always be available. This is a fundamental part of today’s world of domains.

However, if it is believed the situation requires it, there are services that can be used to hide the owner of the domain from the WHOIS records. This is done by having a third party act as the owner on paper, limiting the information an outstanding party is able to request. Those services are often called Privacy Guards and are often offered by the domain registrar. There are also independent Privacy Guards not connected to any domain registrar.

This finding is more about being aware of this record, rather than a recommendation to fix it. In most cases this can be marked as an Accepted Risk and thereby filtered out from future reports, but in some instances a Privacy Guard is worth considering.

Resources

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete