Why You Should Check WHOIS History Before Buying Domain Names

Young lady showing paper with www

A domain name serves as a person’s or an organization’s address in the virtual world. It tells others where to go so they can check out products, services, and other offerings. Therefore, domain names are an integral part of every entity that wants to establish an online presence.

You may choose a new domain name because it sounds catchy, marketable, and suitable for your business. In addition to these criteria, you might want to check its historical WHOIS data. Actually, here are some reasons why it’s probably a good idea to investigate domain name history first.

The Domain Is Not Really New

Just because a domain name is available for registration does not mean that it has never been used before. Using an old domain name could be helpful for search engine optimization (SEO) purposes, but if its previous owners engaged in blackhat SEO, you might suffer.

If you are keen on using a brand new domain name, it’s better to dig deeper to check domain history details.

Let’s look at compraycambia[.]com as an example. The domain seems like a good fit for retailers in Spanish-speaking locations as it literally translates to “buy and change” in English, and it is available for registration (at the time of writing) based on a domain availability checker.

However, the domain name is not brand new, as revealed by its WHOIS history data, which can be traced back to several years back. It has been owned by different entities and changed registrars various times.

The Domain Could Be Associated with Malicious Activities

Since domain names are among the things that make the Internet work as we know it, they have become a favorite weapon of threat actors. Malware, such as viruses, Trojans, ransomware, and spyware, often infect a computer through a malicious domain or link a victim clicked.

When a domain name is dubbed a malware carrier, it appears on blacklist sites to warn security professionals and their organizations. Hence, if you purchase a domain that figured in malicious activities in the past, your business could be severely affected.

The domain ownership history of earthsolution[.]org, for example, revealed that it had three different owners. In 2014, its historical WHOIS records showed a registrant email address associated with a hacking group called “APT1.” The domain earthsolution[.]org is also tagged “malicious” on VirusTotal.

The Domain Could Have Ties to Convicted Cybercriminals

Even when the domain name you are interested in has not figured in malicious activities, you still need to check if a known cybercriminal owned it. The fact that a threat actor once owned the domain could mean that it was once part of his/her arsenal.

Checking domain ownership history for associations with certain threat actors can be relatively easy since law enforcement agencies like the Federal Bureau of Investigation (FBI) publish convicted felons on their websites.

You can then use a domain name history tool for a WHOIS record that matches the name, nickname, and other details associated with a specific cybercriminal. Fujie Wang was indicted on 7 May 2019 for his involvement in hacking attacks against large businesses in the U.S., for example. A WHOIS history database revealed that the name is in the historical WHOIS record of these domain names that are available for registration as of the time of writing:

  • crestwang[.]net
  • fj515[.]com
  • ks021888[.]com
  • wangfujie[.]net

These domains can be purchased by any organization looking to build its online presence, not knowing that they could be tied to a convicted cybercriminal.

It’s not enough for a domain name to be available and sound catchy. Checking domain name history could also save you from the repercussions of being associated with malicious domains.