The trend toward the redaction of WHOIS records continues to take place. GoDaddy, for example, began redacting the WHOIS records of all its customers starting 8 June 2020. To recall, the registrar only redacted the WHOIS records of customers affected by the General Data Protection Regulation (GDPR), that is, people within the European Union (EU) in the past. In contrast, other registrars applied privacy redaction to all customers as soon as the GDPR took effect.

While the redaction of WHOIS records has been supported by many, others have expressed concerns that the practice may help abusive registrants or even cybercriminals keep their identity hidden. Looking into WHOIS history, which gives people access to domain ownership history aided by companie such as https://domainnamestat.com/whois-history/, may provide support on this matter in the realm of cybersecurity and law enforcement.

3 Reasons Why Domain WHOIS History Is Important

Because of privacy redaction, the WHOIS records of almost all domains now only show basic information such as the corresponding registrant organization, state, country, and country code. Although domain owners can make their data publicly available, that is not the default nor the most preferred choice.

However, domain ownership history remains accessible with the help of WHOIS history tools. And here are three reasons why this is important.

Boosts Threat Intelligence

One of the most vital threat intelligence sources is domain data. And despite the redaction of WHOIS records, security teams can still gain domain intelligence by looking into historical WHOIS records. As such, WHOIS history helps enrich threat intelligence.

Security teams can gather domains that have been owned by convicted cybercriminals to protect their organizations. The WHOIS records of geoteem[.]com, for instance, only reveal that the registrant is from the Bahamas. This information is not enough for security teams to continue their domain investigations and possibly take action.

However, if they look into the domain ownership history of geoteem[.]com, they would find out that it was owned by an alleged cybercriminal who is currently wanted by the Federal Bureau of Investigation (FBI). The person had an address in Calgary, Canada, and appeared as domain owner in WHOIS records from June 2013 to June 2017.

Integrating historical WHOIS tools into threat intelligence platforms would flag domains whose domain name history reveals ties to suspicious characters.

Strengthens Third-Party Risk Assessment

Similarly, domain history can help organizations avoid vendors, contractors, subcontractors, and other third parties that can pose cyber risks. Past associations with malicious actors could mean that the third party is involved in the same activities. And this is not far from reality. Recent studies revealed that the majority of data breaches were caused by a third party.

Including domain history in third-party investigations or integrating a WHOIS history database into third-party risk assessment tools could help organizations minimize risks of succumbing to a data breach or other cybercrime.

Enhances Brand Protection Strategies

Although historical WHOIS records do not fully reflect a domain’s current activities, contributing to malicious activities in the past does have negative consequences. For instance, when a company uses a domain name that has been used for blackhat search engine optimization (SEO) by previous owners, chances are that domain remains blacklisted. As a result, the new domain owner would also be barred from appearing in search results, thereby negatively affecting SEO strategies.

As such, companies should investigate domain name history. This practice can help protect their brand reputation and keep them from becoming associated with a domain’s ill-reputed past.

---

As mentioned, almost all domain name registrars have redacted all customers’ WHOIS records. The Internet Corporation for Assigned Names and Numbers (ICANN) has also implemented privacy redaction in compliance with the GDPR.

While organizations cannot do anything about such policies anymore, they can employ tools that allow them to look into domain ownership history. This information enriches threat intelligence, improves brand protection strategies, and aids in third-party risk assessment.