1

Is it possible to spoof or change backwards Domain Registration Date that can be looked up in online whois tools and databases?

deevee
  • 353
  • 1
  • 3
  • 10
  • Have you read [this question](http://webmasters.stackexchange.com/questions/47460/how-do-companies-fake-a-domain-registration-date)? – Purefan Feb 16 '17 at 13:43
  • @Purefan Thanks for your comment, I actually didn't run into this one. So as it appears from the answers it can't be done? – deevee Feb 16 '17 at 13:57

2 Answers2

1

Your question lacks a lot of details, but in short if you read it correctly the domain expiration date is managed by a registry, for the given TLD, and to make it deliver a spoof element of data means someone found a way to crack it and alter some data in store or in transit, in some way.

While nothing is 100% impossible nowadays, the above seems not the most probable cause as there is many others ones. For example, many people are not aware where to go to retrieve authoritative data, and will use any thirs party website to do a whois query, which could return any kind of garbage as it would not be authoritative in any way.

There is only one authoritative and relevant database for this data, it is the registry one. It is certainly online in some way but can not be queried directly by the public (registrars do have a more close access to it through registration protocol such as EPP). It can be queried using the whois protocol, with a whois client, when you query directly the registry whois server. There is quite always a web version of it, but, again, you need to visit the registry whois website, not any third party.

Patrick Mevzek
  • 1,748
  • 2
  • 10
  • 23
0

Yes, very easy for unregistered domains, the registrar can fill in date up to a few days prior to it actually being registered, ESPECIALLY regarding non-working days.

I would say it is basically impossible for already currently registered domains (i.e has been registered for at least a few working days)

E.g-

Domain Registrar gets a search for a good domain name.com, they front run the domain name, it happens to be a saturday night, they spoof the reg date to previous few days thursday, thus somewhat veiling their front running activites.

The registrar fills in information in a form, and then sends the form to a Registry operator/ICANN. They can put whatever information in the form they want, so long as it is coherent/feasible.

E.g - A possible LEGITMATE reason this would happen, a domain gets register request on thursday at 1 minute before office closing time, it isn't until the next day a CSR actually looks at this request, they then fill in the form to be sent to the registry operator and fill in the date as 'Thursday' even though infact, it was registered on Friday. --- This would be typical for public holiday/possibly Sunday(?)

Dwsav
  • 1
  • 1