How to Use WHOIS Database Download for Legal Research

To emerge triumphant in a legal battle, a litigator needs to do two things — prove the facts and prove the law. The facts lay the bedrock for your case, while the law supports it. Hence, it is crucial to establish impartial and relevant sources that conclusively demonstrate that a piece of evidence is admissible in court.

Reliable secondary sources like WHOIS records can aid litigators in satisfying the burden of proof. They primarily provide legal researchers with a starting point for discovering primary sources, including firsthand witness accounts and datasets, which can be a challenge to acquire at the outset. More than that, WHOIS records carry a lot of weight when presenting prima facie cases.

In this post, we will take a look at how legal analysts can best utilize WHOIS records gleaned from WHOIS Database Download to build their cases. But first, let us dig into why WHOIS records are an indispensable resource for the legal industry.

What Are WHOIS Records?

Put simply, WHOIS records refer to an Internet domain’s registration data, e.g., that of a website. These function as a phonebook and reveal a domain’s creation and expiration dates; registrar; hostnames; registrant name, address, and organization; technical, billing, administrative, and abuse contacts; and more.

By retrieving the WHOIS data of the offending site’s domain or e-mail sender address, researchers can construct associations between domains, people, specific geographic locations, and criminal operations. The details contained in WHOIS records can constitute clear and convincing evidence for the following types of cybercrime:

• Phishing
• Identity theft
• Online fraud
• Cybersquatting
• Hacking
• Denial-of-service (DoS) attack
• Cyberterrorism
• Cyberstalking

Let us further discuss the applications of WHOIS data to help you get a better idea. WHOIS records can figure in path-based analyses of network-related attacks. With just the nameserver of a particular domain, for example, researchers can pinpoint other connected domains that may have ties to the same breach. They can track down the hosting provider or registrar for further information, such as the real-world identity and location of the domain’s registrant. In the event of fraud or trademark infringement, a domain’s WHOIS records can also help estimate a perpetrator’s location or identify entities that can provide more information.

Why WHOIS Database Download Is Worth Looking Into

Legal analysts can rely on a cybersecurity research tool such as WHOIS Database Download to support their case materials. The database enables the prosecution to obtain valid evidence that it can use to meet the standard of proof in some cases. With it, they can dig deeper into the ownership background of a given domain so they can move their case forward.

Here are other notable features of the database:

• Comprehensive: WHOIS Database Download contains in-depth information on several billion WHOIS records for millions of active domains currently in use. The database covers hundreds of generic, legacy, and newly released top-level domains (TLDs), along with country-code top-level domains (ccTLDs).
• Adaptable: WHOIS Database Download offers users the versatility to access datasets through a relational database such as MySQL. Users also have the option to download and view the database as is in the form of a comma-separated values (CSV) file, which can be imported to virtually any kind of generic or custom software, ranging from office spreadsheets to custom data mining solutions. More advanced users, meanwhile, such as security operations centers (SOCs) or managed security service providers (MSSPs) can integrate the database into their clients’ existing security architectures.

How to Use WHOIS Database Download

To use WHOIS Database Download, researchers can load it in a format they are comfortable with. Users can then implement filters to narrow down results to match the specific data points they are looking for.

Let us take a look at an example. Roman Seleznev is a notorious cybercriminal who is serving multiple sentences for fraud and identity theft. While already serving a 27-year prison sentence, he received another 14-year sentence in 2017 for peddling stolen card information.

He owned the carding marketplace carder[.]su, which was presumably taken down following his conviction. When we looked for the said domain in WHOIS Database Download, however, we found that an undisclosed registrant re-registered it in 2018. The registrar maintaining the domain is a Russian-based infrastructure provider, RU-CENTER. With the domain’s registrar name and its contact details on hand, we can request more information about the domain’s new owner.

When we searched for Seleznev’s full name in the database, we also discovered the domain names ada-org[.]com, arkom-org[.]com, and rutver[.]org. Legal researchers can look into each of these domains if they haven’t done so already. They may find other conclusive evidence against Seleznev.

WHOIS records have proven useful in supplementing evidence, authoritative texts, and other case literature for legal analyses time and time again. Enterprise-grade cybersecurity research tools like WHOIS Database Download empower legal associates to back their client’s claims with certainty.