WHOIS
WHOIS is a protocol that returns registration information for a domain or IP address — including registrant, registrar, registration and expiration dates, and nameservers. Threat analysts use WHOIS to investigate ownership, identify registration patterns of malicious actors, and find related infrastructure.
Frequently Asked Questions
What is WHOIS?
WHOIS is a protocol that returns registration information for a domain or IP address — including registrant, registrar, registration and expiration dates, and nameservers. Threat analysts use WHOIS to investigate ownership, identify registration patterns of malicious actors, and find related infrastructure.
How is WHOIS related to Domain Reputation?
WHOIS and Domain Reputation are both key concepts in threat intelligence. Domain reputation is a classification of a domain based on its history of malicious activity, registration patterns, and content. Factors include age, registrar, phishing/malware associations, WHOIS data, and appearance on threat feeds.