A WHOIS record lookup has proven useful to identify the owner of a domain. These days, however, several domain owners hide their identities, so the phrase “redacted for privacy” is often seen instead of registrant details. In some cases, the name of a privacy protection company also may also appear instead of the owner’s name.
This privacy protection measure is not necessarily a dead end for those who want to know more about a registrant, though. It’s still possible to get insights on the domain’s ownership through WHOIS historical data provided by vendors like WhoisXML API. And there are several reasons why people may want to know who owns a domain and need to look into WHOIS historical data. Three of them are explored in this post.
Brand protection is a crucial business process that helps prevent revenue loss and reputational damage. In the cyber world, a company’s domain name carries its brand and name. When you want to buy Nike shoes, for example, you would type nike[.]com on your browser. Since the domain name is an extension of any business, it could affect an organization’s reputation and brand when abused.
Now let’s say that a restaurant chain wants to open a charitable arm to give meals to the homeless. The manager decided to create a website to attract donations and saw that 4meals[.]com is up for grabs. Before negotiating a sale, however, it is essential to look at the domain’s WHOIS historical data.
Why is that?
Well, 4meals[.] com’s WHOIS historical data reveals that from June 2013 to May 2018 it was registered under the name of Al Perkins with a street address in the U.K.
A certain “Perkins” is a known cybersquatter who has a history of buying expired domain names and turning them into adult sites. Using a domain that he once owned and related to such content type could pose risks to the chain’s reputation and may be best avoided.
Third-Party Risk Assessment
Maybe the domain you want to investigate belongs to a potential partner, consultant, or vendor. Checking the WHOIS historical data of third parties’ domain names can help you assess their trustworthiness.
To illustrate, say that an organization with the domain name spacexfoundation[.]com wants to partner with your business. A WHOIS lookup would only reveal that its registrant’s privacy is protected. However, WHOIS historical data shows that the domain was under Nexperian Holding Limited in October 2017. A quick search on the World Intellectual Property Organization (WIPO) website revealed that Nexperian Holding Limited was involved in several Uniform Domain Name Dispute Resolution Policy (UDRP) cases.
A more in-depth investigation would also indicate that spacexfoundation[.]com is suspected of phishing, according to reports on PhishTank and VirusTotal.
Cyber Incident Investigation
In the same way that WHOIS historical data can help with third-party risk assessment, it can also help businesses investigate cyber events. When your security system detects a malicious domain, you can dig into its WHOIS historical data to see past ownership changes.
For the domain spacexfoundation[.]com, for instance, WHOIS historical data would give you the email address that the (past) domain owner used back in 2015. Using this lead, investigators can dig up 63 other domains that share the same address. These domains could also be malicious, so further investigation and utmost caution is recommended.
As seen in this post, WHOIS historical data can provide additional intelligence to crucial business processes—among which brand protection, third-party risk assessment, and cybercrime investigations.