A study on WHOIS privacy or proxy abuse on domains associated with harmful internet communications

  • Author(s) / Creator(s)
  • A concern was raised that some domains associated with harmful internet communication may use the means of Privacy/Proxy registration to obscure their identity, making it more difficult to investigate and possibly shut down. Our goal is to investigate the degree/scope of this abuse. To conduct our study, we collected a number of confirmed malicious domains on the internet and investigated to determine whether they were registered under privacy/proxy services or not. We did this by conducting WHOIS query on each domain and analyzing the 'registrant' and 'registrar' sections of the returned WHOIS data, based on the assumptions in the following paragraphs. We contacted about 50 domain registrars to confirm our findings; though none of them were willing to share their subscriber registration data with us for privacy reasons, one of them confirmed that they do not support proxy registration in their country of operation. This information was confirmed in our findings. Our result show the same percentage for malicious domains investigated was registered under privacy/proxy and non-privacy/non-proxy services respectively.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International