5.2 Locating the Host Server of Phishing Page:
The Pguard technique locates the host server of a phishing page using a WHOIS query. WHOIS is a query or response protocol that is widely used for querying an official database. The WHOIS database consists of autonomous system numbers, IP addresses, organizations or customers that are associated with these resources. The Pguard technique runs the WHOIS query on the URL that is contained within the phishing email. While phishing emails may give erroneous FROM emails addresses, this type of attack requires that they provide a genuine/legitimate website address for the victim to interact with. This therefore is the vulnerability in a Phisher’s attack which a Pguard can exploit. A WHOIS server listens on (Transmission Control Protocol) TCP port 43 for requests of the host server and related contact information sent through web-based referrals. Once the output is finished, the WHOIS server closes its connection. The TCP connection that was closed indicates the client that the response has been received.