Look up domain registration details including registrar, nameservers, creation date, and expiry. Track changes that could indicate domain hijacking.
What is WHOIS and Why Should You Monitor It?
WHOIS is a query protocol that provides registration information about domain names. When you register a domain, your registrar records details like the registrar name, registration date, expiry date, nameservers, and contact information in a public WHOIS database.
Monitoring WHOIS records is a critical security practice. Unauthorized changes to your domain's WHOIS data — especially changes to nameservers or registrar — can indicate domain hijacking. In a hijacking attack, the attacker modifies your domain's DNS to redirect traffic to their servers, intercept email, and impersonate your organization.
Since GDPR (2018), most registrars redact personal information from public WHOIS records by default. However, the technical fields (registrar, nameservers, dates) remain visible and are the most important ones to monitor for security purposes. GuardHound baselines these fields on your first scan and alerts you when anything changes.
Frequently Asked Questions
What is WHOIS and what information does it contain?
WHOIS is a public database that stores domain registration information. It typically includes the registrar name, registration and expiry dates, nameservers, and sometimes contact information for the domain owner (though many use privacy protection services to hide personal details).
Why should I monitor WHOIS records?
Changes to WHOIS records can indicate domain hijacking — where an attacker transfers your domain to their control by modifying the registrar, nameservers, or contact information. Monitoring WHOIS changes gives you early warning of unauthorized modifications.
What is domain hijacking?
Domain hijacking is when an attacker gains unauthorized control of a domain by exploiting weak registrar security, social engineering registrar support staff, or compromising the domain owner's registrar account. Once they control the domain, they can redirect traffic, intercept email, and impersonate your brand.
Why is some WHOIS data redacted?
Since GDPR took effect in 2018, most registrars redact personal information from public WHOIS records by default. Domain privacy protection services (offered by most registrars) also hide registrant details. While this protects privacy, it means WHOIS records now contain less useful ownership information than they once did.
Get alerts when WHOIS records change
GuardHound baselines your WHOIS data and alerts you the moment registrar, nameservers, or contact details are modified.
Start Free Monitoring →
Explore More Security Tools
Learn More