Hey, everyone, welcome back to the course. So in this video, we're just gonna use a tool called who is to do some domain name Lookups. Now, when you Google search for who is you should see several different websites. You're gonna be looking for the ICANN one. That's the one that you want to use.
And here we're just gonna search for a pretty popular domain name, which is gonna be Microsoft dot com and see what kind information we get back. We're specifically looking for any information we confined about name servers, a zwelling contact information for the organization itself. Now, with Microsoft, you can
pretty much rest assured that
there's gonna be a good amount of security around these name servers as well as that. They're gonna be using a third party organization. You see here, mark monitor to handle any register information and any complaints etcetera for the communication.
When you're focused on targeting smaller organizations, sometimes you can actually get
real contact information and then you can impersonate impersonate that individual as well as you could spoof the the email address on there. So why would we wanna look up this information? We wanna potentially be able to do domain transfers. So if I can get these name servers and get this domain transfer to my name servers
instead, then when somebody types of Microsoft dot com maybe they come to my website That's, uh,
Microsoft's dot com or something, right? Maybe I had an extra s at the end to do some domain squatting or something,
but that's what we're trying to look for here Now. If we do smaller organizations like I said, we might get some additional information about this. So let's search for Las Vegas newspapers.
All right, So what you notice when we search for Las Vegas newspapers dot com is we again get some name server information?
Um, you also notice that we've got the organization's name here, and you'll also notice that they're not using a third party. Right? So you're getting the actual email address
with the organization, along with a telephone number as long a swell as a physical address or at least a mailing address for them that looks like it's more than likely a physical address for them as well.
So what you're seeing here is that let's say that we wanted to target
this Las Vegas review. Now, if we just looked up the domain name and we found that Las Vegas Review Journal like Okay, let's go target them. Now we have an address we could potentially go to.
We have a telephone number. We also have information here that we can use as part of social engineering. So we can say, Yeah, we're from the Las Vegas Review Journal. Yeah, you can call us back at 702 etcetera, etcetera, that you see here on the screen or Hey, you could even miles back at
this email address. Or we could just spoof that email address and pretend it's coming from them to the potential target. So there is some good information here that we can use for Austin. So that's why we go to the Who is, uh, tool toe. Look this information up because this information usually about domain servers, depending on the organization,
we can also see the contact information.
Uh, and again, some companies like Microsoft, for example, use a third party. If people are using, like, go Daddy a lot of times as their domain registrar, then a lot of times they'll just pay for the extra fee to have their domain be private, so you can't get the information again. It'll just show a third party there. But you see, in this instance, we were able to
get some good information about this potential target