How to Search and Interpret 'ANSI Whois' for Independent Domain Registrant Investigations

In the case of sites operated under what is known as a unique domain, the information of the domain registrant is registered and made public in a form called “whois”. Domains have a somewhat public nature, so it is necessary to register and disclose information such as technical contacts in case of problems with the network environment. Therefore, when acquiring a unique domain and operating a site with that domain, the principle is that you must publish your own information as “whois” for the domain you have acquired.

The Role of Whois in Requests for Deletion and IP Address Disclosure

From the perspective of those who have had defamatory or damaging rumors posted on their websites, it can be said that:

1. Websites can be operated anonymously
2. However, in the case of sites with their own domain, it is possible to check the domain registrant using whois
3. And, in the case of sites with their own domain, the domain registrant and the site operator generally match
4. If the domain registrant is known, it can be determined who has the authority to remove the defamatory or damaging rumor articles from the site

This is the general idea.

https://monolith.law/reputation/whois (ja)

Therefore, when making a request for deletion or IP address disclosure against a site with its own domain, the first step is to check the information of the domain registrant using whois. A web service often used for this purpose is the whois information retrieval service operated by “Asuka.Net”, called “Domain Name & IP Address Search (ANSI Whois)”.

Basic Search Method and How to View “ANSI Whois”

Registrant Information is Displayed in “Search”

The method of searching and viewing ANSI Whois is simple. When you enter the domain to be investigated on the top page and click “Search”, the whois information related to the domain will be displayed as shown below.

Domains and Subdomains

One thing to note is that the “domain” here refers to the “Monolith-law.jp” part of the website URL.

http://www.Monolith-law.jp/article/index.html

In the above example, everything after “/article” is information about the location of the webpage within the domain, not the domain itself. Furthermore, the “www” part is a “subdomain”, which can be set up as many as you want within a single unique domain. In other words, even if there are multiple subdomains like,

http://www.Monolith-law.jp
http://www2.Monolith-law.jp
http://blog.Monolith-law.jp

the “domain” that needs to register operator information in whois is common to all, and there is no need to investigate each one, such as “First, investigate www.Monolith-law.jp, then investigate www2.Monolith-law.jp~”.

What is an Anonymous Domain Registration Service?

However, it is not always the case that the information of the ‘domain registrant’ is recorded in whois. First of all, what is registered is the self-declared address and name. When registering a domain, it is not the case that a confirmation mail is sent to the registered address. ‘Domain registrars’ such as ‘Onamae.com’ and ‘GoDaddy’, which are used when registering a unique domain, do issue warnings such as ‘Please register the correct address and name’ and ‘If the registration is incorrect, the domain may be deleted’, but in reality, domains with issues such as:

• Being registered under an old address
• Lacking a building floor number
• Being completely false addresses

are rarely deleted.

Anonymous Services Provided by Domain Registrars

Furthermore, there are services known as ‘anonymous domain registration services’ in this world. For example, domains that display the following information in whois are registered using an anonymous domain registration service.

Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 14747 N Northsight Blvd Suite 111, PMB 309
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Postal Code: 85260
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: TOKUMEI.NET@domainsbyproxy.com

The above is the whois information of a domain registered using the anonymous domain registration service of the domain registrar ‘GoDaddy’. The address and phone number listed here are those of GoDaddy, not the domain registrant. The principle is that when registering a unique domain, the registrant’s own address and name should be made public, but for those who do not want to make it public, GoDaddy, so to speak, registers the unique domain on their behalf using GoDaddy’s address and name.

The Information Registered Varies by Registrar

The information registered in this case varies by domain registrar. For example, in the case of the domain registrar ‘Namecheap’, it would be as follows:

Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: ok https://icann.org/epp#ok
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Generally speaking, if you search for the name, URL, address, or phone number that appears in the whois information and find the domain registrar’s website, it is likely that it was registered using this type of ‘anonymous domain registration service’.

In this case, it is generally difficult to identify the site operator from the domain. You will either need to use various ‘know-how’ to investigate the site operator by means other than whois information, or give up on identifying the ‘site operator’ for the time being, investigate the web server administrator, and make the web server administrator the other party to request deletion or IP address disclosure.

https://monolith.law/reputation/disclosure-of-the-senders-information (ja)

Domain Registrants and Web Server Administrators

It may be a bit confusing, but

• The registrant of a unique domain that operates a site
• The administrator of a web server that stores and sends data of a site (operated by a unique domain) to viewers

These are different concepts.

Procedure for Operating a Site with a Unique Domain

For example, if you decide to operate a site with a unique domain, you would

1. First, acquire a unique domain at the domain registrar “Onamae.com”
2. Next, rent a server from “Sakura Internet” and upload all the data of the website
3. Set it up so that when you try to access the unique domain, it connects to the server of “Sakura Internet”

That’s how you would proceed. In other words, even if it is unclear who has acquired the unique domain, it is possible to request the server administrator to delete an article that may constitute defamation or damage to reputation that has been uploaded to their server.

https://monolith.law/reputation/owndomain-siteserver (ja)

It is Impossible to Request Disclosure of Sender Information to Domain Registrars

Furthermore, it is not possible to request the domain registrar to disclose the IP address or name and address of the article poster. This article will omit the details, but this is because domain registrars do not fall under the category of providers under the Provider Liability Limitation Act (Japanese Provider Liability Limitation Act).

Logically, what is possible for domain registrars is what is called a bar association inquiry. Although the victim (or their attorney) of defamation or damage to reputation does not have any legal right to request disclosure, it is certain that the domain registrar has information about the perpetrator, i.e., the party to the claim for damages. This is where the system called “bar association inquiry” comes in.

https://monolith.law/reputation/references-of-the-barassociations (ja)

However, just because it is “logically possible” does not mean that the domain registrar will actually disclose the information. That is another issue.

Identifying Sites Using ‘CDN’ such as CloudFlare

Furthermore, when examining whois information, in addition to addresses and names, there is another section you should pay attention to: the ‘Name Server’. This is related to the following setting:

When trying to access the specific custom domain, it is set to connect to the ‘Sakura Internet’ server

This is the server information associated with that custom domain.

Although we will not go into detail in this article, if ‘CLOUDFLARE.COM’ appears in the ‘Name Server’, the site operated under that domain is using the so-called CDN service ‘CloudFlare’.

Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: JAY.NS.CLOUDFLARE.COM
Name Server: LOLA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

We plan to explain the details of CDN services like CloudFlare in a separate article. However, for sites operated under such domains, the location of the web server, which would be the recipient of a deletion request, is also concealed. Therefore, it is usually difficult to make deletion or IP address disclosure requests out of court, as well as in court or provisional dispositions.

Introduction to Our Firm’s Measures

Internet law, such as the removal of defamatory articles on the internet and the identification of operators, is a field that requires IT knowledge, such as about whois. Monolith Law Office is a legal firm with high expertise in both IT, particularly the internet, and law. We provide solutions for reputational damage management. Details are provided in the article below.

https://monolith.law/practices/reputation (ja)