Jump to content


 

Photo
- - - - -

Don't Be Lazy - Check Whois Data!


  • This topic is locked This topic is locked
No replies to this topic

#1 Colaro

Colaro

    PHF Co-Admin

  • Administrators
  • 4,852 posts
  • LocationFrance

Posted 08 September 2014 - 12:48 PM

Hello everyone,

Such a small thing called WHOIS, but in the same time it can tell you so much. I'm sure, not that much people even know how to use WHOIS data and with this article I will try to explain some key information what you can find out from WHOIS.

I will start with quick announcement that I will not go into technical details of WHOIS, if you are interested in technical details than you can check Wikipedia page over here. I will just explain how you can use WHOIS as your advantage.

Many HYIP players would say that it is not worth to check WHOIS details because HYIP administrators will hide WHOIS data anyway. Yes, I agree that in the most cases HYIP administrators will hide contact information and if they does it than you will not be able to contact person who registered domain name via e-mail or phone. Situation actually is very tricky here - since there are many places where you can register domain name anonymously than actually there is no difference either administrator hides contact information or not because he can type in any fake information in WHOIS contact details. Personally I would not like to agree that WHOIS is useless, actually turns out that you can "extract" pretty much information out of it and with this information you can understand administrator and his intentions way better.

Where to check WHOIS data?
I usually use http://whois.domaintools.com/ webpage where I can see pretty everything what I need.

First of all you can check for how long time administrator has purchased domain name, yes the biggest amount of HYIP administrators usually purchase domain name just for one year what is just normal if we take into account that today some part of HYIPs have quite a short lifetime. If administrator have purchased domain name for a longer period of time than it is just a good sign, but of course on the other hand it does not mean much, because for example ".com" domain some costs just $15 per year (on GoDaddy.com).

This information usually looks like this:
Updated Date: 2014-03-25 04:56:55Z
Creation Date: 2014-03-25 11:56:00Z
Registrar Registration Expiration Date: 2015-03-25 11:56:00Z

Second and the biggest thing what you should check is so called "name servers", name servers can explain a lot about financial situation of HYIP administration. There is three things what you can find out when you check name server records. First thing what you can "extract" from WHOIS information is server type of project (dedicated or shared). If name server records looks like this - "NS1.DDOS-GUARD.NET", "NS2.DDOS-GUARD.NET" or "NS13.KODDOS.COM", "NS14.KODDOS.COM" than most likely project is using shared hosting together with some other websites (usually HYIPs) on one server. But if records looks like "NS1.HYIPTITLE.COM", "NS2.HYIPTITLE.COM" most likely project uses dedicated server. Shared hosting for HYIP administrator is way cheaper option, but in the same time it is more vulnerable. For example, if on one server are hosted four HYIP projects and one of these four undergo DDoS attack than other three websites will not be accessible during the time of DDoS attack as well.

Second big thing what you can find out from name servers is hosting company. There are countless companies out there what accepts HYIP projects, the most popular ones in HYIP industry are companies what offers so called "joint packages" where in one package is included hosting, DDoS protection, sometimes also domain name and SSL certificate. Such companies for example are koddos.com (NS??.KODDOS.COM), ddos-guard.net (NS??.DDOS-GUARD.NET) and rivalhost.com (NS??.RIVALHOST.COM). All of these three (but there are many more) offers joint packages. Usually basic joint package starts from around $200 what is not that much for average HYIP administrator. Of course better option is dedicated server, but in this case you will see name server records like this - "NS?.HYIPTITLE.COM", "NS?.HYIPTITLE.COM", in such case you must take a look at fields called "IP Location" and "ASN", and they will show company where project is hosted. Sometimes you will see respected companies such as blocklotus.net or staminus.net where one dedicated server monthly could start sometimes even from approximately $600 what is not that affordable amount for average HYIP administrator. As you see there is difference in price at least three times between cheaper and more expensive hosting provider.

Third thing what you can find out is does project have or not have DDoS protection. If project is using hosting from one of joint package providers than at least some DDoS protection is included. The same stands if project is using companies such as blocklotus.net or staminus.net, but if you see some details about company like GoDaddy.com or some other unknown company what actually does not provide any DDoS protection than maybe it is better to stay away from such HYIP.


Yes, there is some exceptions about "NS" cases, for example if project is using CloudFlare DDoS protection what you will see like "lara.ns.cloudflare.com" in name server records than actually it is impossible to find out either it uses dedicated server or not, is there another layer of DDoS protection or not. Many HYIP admins use CloudFlare as cover for cheap hosting provider, so if HYIP project looks cheap than do not expect dedicated server or another layer of DDoS protection behind CloudFlare protection.

One another common exception is protection from BlockDoS.net what costs something around $500 and more monthly. This company actually resells blocklotus.net and staminus.net protection, but in the same time they are not that affordable for very cheap administrators.

This information usually looks like this:
Name Server: ROCKW.BL1.BLOCKDOS.COM
Name Server: ROCKW.BL2.BLOCKDOS.COM
Or:
Name Server: NS1.DDOS-GUARD.NET
Name Server: NS2.DDOS-GUARD.NET
Name Server: NS3.DDOS-GUARD.NET
Name Server: NS4.DDOS-GUARD.NET
Or:
Name Server: NS1.HYIPTITLE.BIZ
Name Server: NS2.
HYIPTITLE.BIZ


Yes, there are a lot exceptions when we talk about WHOIS and is not possible to cover everything in one article, but I hope I gave at least some insight how to use WHOIS details because in most cases they aren't any different from my given examples. Of course WHOIS will not say everything to you, but in the same time you will be able to see approximately how much money administrator has spent for some part of HYIP development, and more he spent more time it will take him to earn invested capital back and it will be necessary to keep project online longer period of time.

David

View the full article
  • Rossman01 likes this