Why Should Businesses Check WHOIS History?

0
85

Let’s look at the answer to the question “why should businesses check WHOIS history?” The most common reason for looking up a website’s WHOIS data is to know who owns its domain name. The challenge today, however, is that you would most likely encounter privacy-protected WHOIS records, especially now that the Internet Corporation for Assigned Names and Numbers (ICANN) encourages registrars to protect the privacy of domain name owners.

But did you know that historical WHOIS records can also provide a glimpse into any domain’s ownership? Domain name history can help businesses in several ways, including:

  • Avoiding domain names previously used in malicious campaigns
  • Lessening third-party risks
  • Avoiding domains previously owned by shady individuals and entities

We discussed each of these reasons for checking WHOIS history in the succeeding sections.

Lessen Third-Party Risks

Third parties have increasingly become a reason for cyber intrusions. The infamous Equifax data breach, for example, was blamed on a third-party software the company was using. A malicious download link found on its website was attributed to another third-party vendor. The supply chain of every company thus needs inspection to avoid data breaches and other risks.

Domain ownership history should be included in the investigation to ensure that the domain is not associated with risky entities and activities. 

The domain history of non-chris[.]tripod[.]com, for instance, shows that it is owned by 

Lycos NIC Admin since 2012. While Lycos is a legitimate mail service and web hosting company, it has been cited for security vulnerabilities. The domain non-chris[.]tripod[.]com, in particular, was reported as a valid phishing site on PhishTank.

By looking into the WHOIS history of a domain that has now been redacted, companies can investigate third-party vendors, suppliers, and other entities that are part of its supply chain better.

Avoid Domains Owned by Shady Registrants

Domain names are one of the most important aspects of maintaining any business, as they carry a company’s brand and thus affect their reputation. Aside from checking a domain name’s availability, it’s also essential to look into its historical WHOIS records. Who owned the domain name in the past? Were any of its previous owners involved in suspicious or malicious activities?

Using a domain name previously owned by a shady personality or entity could have put it in a blacklist. Take, for example, the domain name lebass[.]net. It is available for registration as of the time of writing and can be used by any interested party.

Before buying the domain name, however, we advise that you look into its WHOIS history. Its domain ownership history shows that lebass[.]net was registered on 5 February 2015 and remained active until 5 February 2017. Throughout this period, the owner was someone whose name appears on the Federal Bureau of Investigation (FBI)’s most wanted list. The alleged cybercriminal is from Iran, and the same registrant country is indicated in the domain history.

Avoid Malicious Domains

Malicious domain names have figured in cybercriminal activities, such as phishing, business email compromise (BEC) scams, and malware campaigns. Using these domains for your business could result in reputational damage, not to mention have an adverse effect on your search engine optimization (SEO) and marketing efforts.

The domain in our previous example, lebass[.]net, may have been used in malicious activities. Although there are no reports, a good rule of thumb is to avoid domains associated with malicious entities, as they could also be malicious or, at the very least, suspicious.

Investigate Malicious Domain Names

There may be instances where businesses need to investigate a malicious domain name to lessen the risk of threat actors using it again.

Let us take a look at the WHOIS history of pacan[.]gofreedom[.]info to illustrate. Historical WHOIS records reveal that six different registrants have owned the root domain since 23 August 2012. In July 2016, it was cited for its involvement in a malware campaign. It served as a gateway to an exploit kit.

A few months before that, it was briefly owned by a certain A. Alves with the email address ******alves@protonmail[.]ch. A few weeks later, the domain was registered under Go Freedom Info. Such details could help investigators as part of their research.

Domain name history can help businesses in more ways than one, which is why they should make it a habit to check historical WHOIS records. Such data could intensify their brand protection measures, helping them ensure that they don’t use domain names that were once associated with malicious registrants. Domain history could also be used to enrich third-party risk assessment and help lessen the cyber risks from their supply chain.