WHOIS

External parties may look up contact information and other data related to the server environment and employees by querying a whois server. The lockup itself is not an attack, but the information gathered can be used in further attacks.

What can happen?

Anyone can look up the owner, the domain registrar, and other information about an domain. This can then be used to find other domains the same owner has registered, send phishing emails to the owner, and similar attacks.

Remediation

The WHOIS records will always be available. This is a fundamental part of today’s world of domains.

However, if it is believed the situation requires it, there are services that can be used to hide the owner of the domain from the WHOIS records. This is done by having a third party act as the owner on paper, limiting the information an outstanding party is able to request. Those services are often called Privacy Guards and are often offered by the domain registrar. There are also independent Privacy Guards not connected to any domain registrar.

This finding is more about being aware of this record, rather than a recommendation to fix it. In most cases this can be marked as an Accepted Risk and thereby filtered out from future reports, but in some instances a Privacy Guard is worth considering.

Resources