In May 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) implemented WHOIS record redaction. The policy meant that when you do a WHOIS lookup on a domain name such as mydomain[.]com, you would see the phrase “Redacted for privacy” instead of the registrant details. The decision was a response to the implementation of the General Data Protection Regulation (GDPR) adopted by the European Union (EU) countries.
ICANN’s adaption to the GDPR was somehow problematic to law enforcement, cybercrime investigators, and other entities who rely on readily available WHOIS data. Nevertheless, there are still tools that can provide a glimpse of a domain name’s WHOIS records. For one, domain name registration history from WHOIS history lookup tools by https://whois-history.whoisxmlapi.com/ allow you to see WHOIS data before record redaction.
3 Areas Where Businesses Can Use Domain Name Registration History
Domain name registration history can give you an idea about a domain’s ownership changes. Such data is vital in several business processes, including the three we’ll discuss below.
Third-Party Risk Assessment
The business practice of outsourcing has made companies vulnerable to third-party risks. These days, third-party risks have become too prevalent that solutions to address them created a whole sector on its own. The third-party risk management market is projected to reach USD$6.8 billion by 2024.
Historical WHOIS records comprise a data source that can enhance third-party monitoring. Domain name registration history may reveal important information about a vendor.
Consider a hypothetical scenario where a company is about to partner with a payroll provider whose domain name is utecs[.]com. WHOIS lookup only reveals a registrant address in Ukraine, while the owner’s name or organization is not publicly available.
Domain name registration history from WHOIS History Search, on the other hand, shows that from 2012 to 2017, the domain name has the following WHOIS data:
- Registrant name: Artem Malyshev
- Registrant street: Kasiyana str.
- Registrant city: Kiev
- Registrant state/province: UA
- Registrant postal code: 02191
- Registrant country: UKRAINE
- Registrant email address: artem***@yahoo[.]com
- Registrant phone: 380394***
Artem Malyshev could be one of the Russian individuals indicted for alleged hacking and disinformation activities. He was also believed to be one of the 12 Russian military officers suspected of interfering with the 2016 U.S. elections.
Only looking at WHOIS lookup records wouldn’t have revealed the hypothetical payroll provider’s possible association with a shady individual.
Forensic Evidence Gathering and Investigation
In the same way that we unveiled the domain name registration history of utecs[.]com, WHOIS History can also help uncover additional data points for investigators. When you encounter a suspicious domain, for instance, you can dig into its historical WHOIS records to deepen your investigation.
For utecs[.]com, domain name registration history also revealed that Artem Malyshev also used [email protected][.]com as his administrative contact email address. Furthermore, from 2018 until the time of writing, the registrant’s address is still in Ukraine, although the name, email address, and other information have been redacted.
With this additional email address, investigators can dig up three other associated domains using Reverse WHOIS Search. The domains o2img[.]com, push-master[.]com, and smartphone-sync[.]com contain the same Gmail address in their WHOIS records. As such, they can be considered as additional data points for investigation.
Lastly, domain name registration history helps companies protect their brand image and reputation. Historical WHOIS data ensures that the entities you partner with do not have a shady past or a suspicious registrant. Although domain name registration history is not an absolute determining factor of the domain’s current activities, it does provide you with more information to work with. Hence, you can make a more informed and well-researched business decision before committing to anything.
Even before the GDPR implementation and the redaction of WHOIS records, domain name owners already had the option to employ privacy protection companies’ services. Seeing companies like WHOISGuard and Domains By Proxy, LLC, as part of registrant contact details, is nothing new. But as we’ve shown, historical whois can unveil essential information about a specific domain’s past and current ownership for security investigations and other purposes. And you can access such data by using tools such as WHOIS History.