How to Find Out Who Actually Owns a Domain Name?
Disclaimer: The information shared in this article is for information purposes only. The names of the companies and individuals used in these examples have been changed to protect their identities, and I am not implying that they are doing something wrong or illegal. My intention is to demonstrate how you can double-check who is behind the tools and raise awareness among web-application and web-tool users
Dozens of new chrome extensions and web applications are brought to life every day. And if you work in the recruitment field, you know that every week you see some new tool that promises to make your work easier, your sourcing faster, and your message irresistible.
Recruitment is quite competitive, and if dozens of companies are looking for similar candidates, then anything that will give you an advantage is welcomed. That’s why many recruiters are searching for new tools that help them find contact details for the potential candidates they found on LinkedIn or another social site.
Many of these free tools offer free credits or even more for one simple registration. You are literally one click away from using them. The only thing you need to do in exchange is to input your email address and create a password. And you probably skip reading the terms because they are boring and long, and you want to be the first to start using the tool to get an advantage over your competition.
But you should know that many of the companies and individuals behind these tools are not transparent about who really owns the tools. And when you create an account on their site, you freely gave your data to somebody who is trying to hide their identity and remain anonymous.
You don’t even know where your data will end up or how they will use it.
Why They Are Hiding the Real Owner
For a few weeks, I tried to find out who are the real owners behind several of these tools, applications, and chrome extensions. And why they are hiding so hard who they are.
Those companies and individuals are hiding their real owners for various reasons. They know that they are operating in the gray area, and they can be easily accused of breaking the GDPR or scraping LinkedIn profiles through their users (in exchange for a few free credits but without the users’ knowledge).
Some of them built a tool that is competing with their current employer (or their employer wouldn’t permit these activities), or they are just a shady business that is ready to close up shop if things go south. Some of those tools may also have affiliations with a third party (hackers or foreign governmental entities), and they don’t want to market that they are just a shell corporation to steal data.
How to Check Who Is Behind It
I always want to know who is behind the tools, so I can make my own decision about whether to create an account or not. That’s why I want to show you a few basic methods I use to get more information about these tools and their owners.
The rule of thumb is that if you need to spend more than a few minutes finding out who owns the tool you are planning to use, it’s not worth it.
I will demonstrate these simple methods on a few web apps and Chrome extensions that you are probably already using or have used in the past.
- Company A: i****.*o
- Company B: m***.*s
- Company C: c****.*m
Note: As I mentioned in my disclaimer, I will not show the names of the companies or people behind these applications. That’s why I’ve hidden much of the information in the attached photos.
1. Company Website
When you find a new tool, app, or extension, you should check its website as a first step. Your first red flag is a missing Contact Us page, pages without any company credentials (name, address, etc.), or missing information, even in the footer of the home page. In most cases, you will only find a simple Contact Us form—no names and no email address or phone number, just a contact form.
I also recommend targeting generic URLs, such as example.com/contact, example.com/gdpr, example.com/terms, and example.com/privacy-policy. It doesn’t matter if those pages are not mentioned on the company’s website or don’t show up on Google. In most cases, developers automatically add these pages because they know the company will need them in the future. Again, our habits, the way we do things, are working against us. But you will be able to find more information during your research.
2. Plagiarism Checker
I use two plagiarism checker for my articles and this type of research: Unicheck and Grammarly. These plagiarism checkers are two of the best I have found.
Unicheck showed me that Company A is using terms from its competitor, Company C, which is also trying to cover its tracks and hide its location.
These two companies are not connected, even though they offer similar services. I discussed this company C with other recruiters living in the US, and all of them believed that Company C is based in the US, but its true location is in Hong Kong. And based on other feedback I received from several people, the company is tied with China. And it appears that none of the recruiters were aware of the terms they accepted, such as “Any dispute arising in connection with the Site or these Terms will be litigated exclusively in the courts located in Hong Kong.”
That’s why it is also important to check the terms of companies you are using if you are extending the contract for another year.
When I checked the terms of Company B in Grammarly, I found that another company was using the same terms. This discovery led me to a page that has 81% similar text. In many cases, this could mean that the company took the text from a previous project or a similar project, and they just rebranded their tool and presented it under the new name. This was not the first case I saw.
This similar project (Company D) has employees on LinkedIn. Even though it is are also hiding information about the company on its website, you can see that the people are real (at least, their LinkedIn profiles don’t look fake, and those people have strong digital footprints). I even reached out and asked them about this second tool and the company’s affiliation with it. You can trust them or not, but I didn’t find any connection between these companies during my research.
Note: Companies should share the data protection officer’s address. Thanks to Google Street View, you can find if that address exists.
3. Public Search
One of the fastest ways to find some extra information is to use Google. Start with targeting the URL of the company you are researching. The simple search string site:example.com will show you all the company pages indexed by Google and reveal their information.
If it’s a new website, like Company B’s project, you will find only a few pages, but you can find its test servers, where you can find more information. That’s why you should also run the search string intitle:Name (e.g., intitle:ACME). With the intitle: operator, you will target all pages on Google that include the application’s name.
If you only get an IP address, that’s even better because it could give you additional information about the company.
Tip 1: Always check the company’s source code. In many cases, it will provide some extra information, such as the name of the person who coded it, the company developing the project for them, or the URL of the testing environment.
Tip 2: During my research of Company B, I was also able to find a few people who had their tools mentioned in presentations. Not only were they able to confirm my findings, but they were also able to provide extra information. Other people are usually the best source of additional information.
4. DNS and IP Tools
Because of the GDPR, you can hide a domain owner and protect all public information, such as the owner’s name, address, or email address. However, there are ways to get some information, such as where the domain is hosted. You can even access historical data and see if the company changed hosting providers.
I saw several cases where the company developed its product in its home country and, when it was ready, moved it to Amazon, DigitalOcean, or other cloud hosting to hide the country of origin.
WHOIS Domain History
One o tool that will help you find where these sites were previously located is IP History https://viewdns.info/iphistory/. As I tracked the people behind Company A, I was able to get information about their first location and when they changed hosting providers over the years.
Another great tool is the Reverse IP. It will help you find domains sharing the same IP address. It will also help you find IPs, DNSs, etc. used by other domains.
If you can find the company’s Google Analytics code in the code of their website, and you see a number behind the last dash (e.g., UA-XX8X5X9X-10), it is a hint that other websites are using a similar code. You can use the Reverse Analytics ID tool to find those domains sharing the same Analytics ID.
Another great tool is SecurityTrails. This tool will show the subdomains for the targeted domain and historical data for A, AAAA, MX, NS, SOA, and TXT records that could provide more information. During the research, the data for Company B revealed the location of the company connected to this application and the location where the company is located.
Also, other records like subdomains, SOA records are also a great source of additional information; they can reveal tool customers or owners.
Another great tool is DNSDumpster. It will help you find more information about the companies you are targeting. In the examples below, you can see the DNS location of Company A and Company B and where they are hosted.
Company A also shows a subdomain leading to another server, and this is a great source of additional information.
For Company B, I targeted its DNS server to find out more about it. This helped me find the location (country) and the company behind it. With all information I had collected so far, I was able to put enough information together to identify the person behind this tool.
Again, people are creatures of habit, and they tend to use the same DNS servers for most of their domains. That’s why you can target the DNS records and get extra information about all the domains connected with the same DNS.
There are many other tools you can use for your search. You can find other sites hosted on a web server by entering a domain or IP address at Reverse IP Domain Check, or you can use many OSINT tools or Intelligence X.
5. Social Sites Research
You can run an x-ray search on Google, or search on LinkedIn via People Search and Content Search to see if people have mentioned the URL or name of the application and see who is sharing this information and if a profile is connected to the tools. Most of the profiles I found on LinkedIn connected to the tools I was researching were fake or incomplete. I usually had more luck finding the owners via Facebook and their Facebook profiles.
People who share their projects via Facebook are not using their real names connected to their applications. Instead, they are sharing posts about their apps in Facebook groups with the help of fake profiles. That means there is no connection between them and their product.
Over several weeks of research, I found that the owners or people affiliated with a project were among the first three people to like that post. They want to give their project a boost and get better visibility through social proof. Keep a list of the first people to react to each post. Pay special attention to those who give different types of like reactions (hearth or clapping) instead of basic thumbs up.
Maybe you don’t see an issue with people and companies hiding or trying to keep their internet presence low, but here is a scenario for you: A new user is asked to sign up with a company email address (not a Gmail. address or any other email address) and a password. Most people use the same password for multiple websites, so let’s assume our user enters the same password as the one uses for ATS, their company email address, the company CRM, etc. And the company behind that tool is not encrypting user passwords, and now they know this new user’s password.
That’s why you should use a password manager such as LastPass, 1Password, or any other one to create unique passwords and use 2-step authentication as an extra layer of security every time you have that option.
What is the main reason why people hide those behind an application? From what I was able to find, the primary reason is the legal one: it is hard to sue a company or individual that you can’t easily find. Even if you do sue them, they can shut down the site, change the design and name, and start again.
Some of these tools are not even GDPR-compliant like they state on their website or registration page. They are not following any GDPR rules, and their servers are in locations that are not compliant with GDPR. A small portion of these projects are just shady businesses made with only one intention: to collect information about their users.
You should always try to find who is behind these tools and apps, before installing it or creating an account. Some of these apps are disguised as legitimate applications, but in reality, they are malware to steal your data.
A simple check for the owner could protect you from spending hours removing malware and protecting your employer from security incidents caused by the tools. “Cyber-Security is much more than a matter of IT.”, Stephane Nappo.