Investigating the Server Administrator of a Unique Domain Site Using 'aguse.jp'

When making requests for deletion or disclosure of the poster’s IP address for articles on websites operated under so-called unique domains, the two possible parties to whom these requests can be made are, broadly speaking,

1. The site operator (often the same as the domain registrant)
2. The web server administrator

For example, in the case of a deletion request, you can:

1. Request the site operator to “delete the article as I am suffering from defamation damage on the site you operate”
2. Request the web server administrator to “delete the article as I am suffering from defamation damage on the site hosted on the server you manage”

In simple terms, the parties to whom deletion requests for articles on the Internet can be made are:

• Those who have the authority to delete the article
• Those who have a certain level of involvement in the publication of the article on the Internet, and can be said that they should delete the article in principle

Both the site operator and the web server administrator fall into this category. The request for disclosure of the IP address has a different logical structure, but the conclusion is the same.

What Does “Investigating the Web Server Administrator” Mean?

But who exactly is the “web server administrator managing the site operated under a unique domain”? For instance, who would it be in the case of our site (Monolith Law Office’s site)?

We will explain how to use the web service “aguse.jp” to investigate who the web server administrator managing the site operated under a unique domain is.

How to Investigate the Site Operator = Domain Registrant

As mentioned at the beginning, whether it’s a request for article deletion or a request for IP address disclosure, if the operator of the site is known, it’s possible to make a request to that operator. In the case of a site with a unique domain, the site operator often matches the registrant of that domain. Information about the registrant of a unique domain can be investigated using a system called “whois”.

Investigation Methods for Web Server Administrators

Many sites operated with their own domain often use what is known as a rental server. To broadly explain what we mean by “sites with their own domain”, the process shown below is taken when setting up a site:

1. First, you acquire your own domain using a domain registration service such as “Onamae.com” or “GoDaddy”.
2. Next, you secure a web server by contracting with a rental server like “Sakura Internet”, which will host your website.
3. Then, you configure it so that when you try to access the URL of that domain, it connects to that web server.

How to Use “aguse.jp”

One of the web services frequently used to investigate web servers is “aguse.jp”.

Using “aguse.jp” is simple. First, enter the URL you want to investigate on the homepage. The necessary information is the URL up to

http://www.Monolith-law.jp/article/index.html

the “www.Monolith-law.jp” part. This part is called the “hostname”.

In the above example, everything after “/article” is information about the location of that webpage within the server and is not necessary for identifying the server. On the other hand, the “www” part is a “subdomain”. Although you can set up any number of them within a single unique domain (Monolith-law.jp), if the subdomains are different, the web servers may also be different. In other words, if there are multiple subdomains like,

https://monolith-law.jp
http://www2.Monolith-law.jp
http://blog.Monolith-law.jp

each subdomain may have a different web server. This is different from investigating the information of the domain registrant using “whois”.

How to Read the “aguse.jp” Investigation Results Page

When you click “Search”, the investigation results page will be displayed.

The “Reverse Lookup Hostname” displays the “hostname” of the web server hosting the website in question.

And the information displayed under “Administrator Information for Forward Lookup IP Address ●●.●●.●●.●●” is about the administrator of the web server.

How to Investigate the Administrator

If you Google the string displayed here, you can identify the administrator of the web server. In this case, it was confirmed that “Sakura Internet Inc.” is managing “www.Monolith-law.jp”.

How does “aguse.jp” conduct its investigations?

The usage of “aguse.jp” as a web service is essentially exhausted in the above, but at this time, we will explain in more detail what kind of technical processing is being done, and why we can check the administrator information of the web server hosting the unique domain site in this way. After all, if you don’t understand “what you are doing”, you won’t be able to handle even a slightly exceptional case.

“IP Address” is an Address on the Internet

Firstly, let’s start with what an “IP address” is. An IP address, also referred to as an “address on the internet,” is information that every machine connected to the internet (in principle) uniquely possesses. For instance, even when you browse this website on your smartphone, that smartphone has its own IP address.

Similarly, just as the device browsing the website (such as a smartphone) has its own IP address, the website itself and the web server hosting that site also have their own IP addresses. Communication between machines on the internet, for example, “communication for browsing the Monolis Law Firm’s website on a smartphone,” always occurs between machines that have their own IP addresses.

Between the smartphone with IP address ●●.●●.●●.●● and the web server with IP address ●●.●●.●●.●●, web page data and the like are exchanged.

This is what it means to “browse a website using the internet.”

The Relationship Between “URL” and “Web Server’s IP Address”

However, when users are surfing the internet, they are not consciously aware of the IP address of the website (or more accurately, the web server hosting it) they are viewing. This is because the communication based on IP addresses, as mentioned above, is primarily conducted within devices such as smartphones, and it is designed so that users do not need to be aware of the “IP address”. Instead, what users are conscious of is the URL.

https://monolith.law/article/index.html

Users surf the web while being aware of such URLs. When a user tries to open a URL like the one above, their device, such as a smartphone, performs the following processes:

1. First, it investigates the IP address of the web server hosting the website of that URL
2. Then, it communicates with that IP address.

What is “Forward Lookup” of a Hostname

The process mentioned above, specifically, converting the URL (more precisely, the “www.Monolith-law.jp” part of the URL, which is the “hostname”) into an IP address, is referred to as “forward lookup”.

When investigating a URL with “aguse.jp”, the information displayed in the “IP address (IPアドレス)” is the IP address that came out by “forward lookup” of the hostname part of the URL.

What is “Reverse Lookup” of an IP Address?

“Reverse lookup” refers to the process of converting an IP address into a hostname, which is the opposite of “forward lookup”.

The “reverse lookup hostname (逆引きホスト名)” of “aguse.jp” is displayed as follows:

1. First, perform a forward lookup of the URL (specifically, the hostname part within the URL)
2. Then, perform a reverse lookup of the result to get the hostname

What complicates matters is that when you perform a “forward lookup → reverse lookup”, in the case of a custom domain site, the hostname of the rental server appears. This mechanism may seem a bit complicated, but we will explain it simply below.

What is a “Name Server”

Firstly, “reverse lookup” is not necessarily a required process for internet use. As mentioned above, “forward lookup”, which is the process of finding the IP address of a web server based on a URL, is performed during regular internet browsing. However, “reverse lookup” does not typically appear in regular internet browsing or normal internet communication. The tool used to perform this “forward lookup” is what we call a “name server”.

1. First, investigate the IP address of the URL (the web server hosting the website)
2. Communicate with the IP address

More precisely, what is happening during this first step is:

1. Query the name server for the hostname of the URL (the web server hosting the website) you are trying to access
2. The name server responds with the IP address of the URL (the hostname of the web server hosting the website)

In other words, a name server holds allocation information, such as “hostnames and their corresponding IP addresses”, much like a dictionary.

“Name Servers” and “Root Name Servers”

Name servers are countless on the internet. As mentioned above, a large number of inquiries are made during the process of surfing the internet. If there was a system where a single name server responded to all inquiries across the entire internet, the load on that server would be enormous. Therefore, there are countless name servers, and they are arranged on a tree, starting from a “root name server”, which is the master of the name servers. It’s like “Name servers (for example, A and B) hang under the root name server, and other name servers (for example, C and D) hang under name server A…” and so on.

While it is desirable that all of these countless name servers on the internet always have the same dictionary information, trying to achieve this would also result in a huge workload. Therefore, in reality, perfect synchronization is not performed. It operates on a system where “there is information somewhere on the tree of name servers, and as long as there is information somewhere, you can get an answer eventually by asking in order.”

What is the “Reverse Lookup” of an IP Address?

In a “reverse lookup”, inquiries are made sequentially from the root name server to other name servers. This is the opposite of the usual inquiry (the inquiry during a forward lookup), asking for the hostname corresponding to the IP address ●●.●●.●●.●●. The response to this inquiry is often a string related to the web server hosting the website. For example,

• When you perform a “forward lookup” on the hostname “Monolith-law.jp”, the returned IP address is “59.106.27.183”
• When you perform a “reverse lookup” on the IP address “59.106.27.183”, the returned hostname is “www1943.sakura.ne.jp” (not “Monolith-law.jp”)

Then, the hostname “related to the web server hosting the website” includes the domain owned by the rental server operator in the case of a rental server, such as “sakura.ne.jp” in the above example.

Domain Whois Information of Rental Server Operators

Rental server operators often register accurate information on Whois.

Therefore, if you look up this domain name in ‘Whois’, you can obtain information about the rental server operator. For example, in the above case, you can find out that the ‘Operating Organization (運営組織)’ is ‘SAKURA Internet Inc.’

Summary

As we have seen, investigating the hosting server provider that manages a site operating under a unique domain, in order to make deletion or IP address disclosure requests, is a complex matter in terms of IT. What we have explained in this article is merely the ‘basics’. When problems arise that cannot be overcome with basic knowledge alone, figuring out how to solve these problems becomes the ‘application’.

Reputation management on the Internet is highly specialized, requiring expertise in both IT and law.