A lot of thinking and energy often goes into finding the “best” Internet domain name for a new brand, product, or service. So, isn’t it wonderful when the perfect match turns out to be available right away for purchase with any big registrar?

What business managers and executives may not know, however, is that a domain’s past can affect its new owners, and adversely so. Using WHOIS History Lookup in this post, we consider two ways how a domain’s ownership history can negatively impact new registrants—even if they’d think it’s safe to purchase their dream online property because nobody told them otherwise.

Reputational Damage

Any organization, regardless of the industry it belongs to, strives to gain an excellent image to attract clients. But perhaps companies involved in charitable and spiritual activities put the most stock on their reputation.

Consider the domain heartspacespiritualcenter[.]org. It would fit an organization that focuses on spiritual well-being and rehabilitation. And it is available for registration when you run it on a domain availability tool.

Typically, buying the domain would be the next step after finding out that it’s available. But, what would happen if you add one more step by checking its registration history? Using WHOIS History Lookup, you can get a glimpse of the domain’s ownership history. Heartspacespiritualcenter[.]org belonged to an individual named Al Perkins of St. Helier, Jersey, United Kingdom.

What can you make out of this information? A simple Google search using the search term “Al Perkins domains” would return these headlines:

Al Perkins is an alias that cybersquatter Wesley Perkins uses. One of his techniques involves buying domain names that companies accidentally fail to renew and redirecting traffic to adult sites before demanding thousands of dollars when the previous owner starts negotiating.

Because Perkins owned it, there is a possibility that the domain heartspacespiritualcenter[.]org once redirected visitors to adult sites. Such association with unreputable content could damage the spiritual organization’s reputation, maybe even today.

Connections to Cybercrime

Investigating domain ownership history would also ensure that your organization won’t have any ties to cybercrime. Keep in mind that cybercriminals use 7 out of 10 newly registered domains (NRDs) to spread malware or launch phishing attacks.

When malware and threat intelligence databases detect and block these weaponized domains, threat actors usually drop them, thereby making them available to future owners. And unknown to a new registrant, a domain with connections to malicious activities could even be the target of cybercriminal investigations.

Take, for example, the domain name onenewpost[.]com, which came up as available on Domain Availability API. Checking out its domain ownership history reveals that Xinxin Co. owned it in the past.

Because the domain is relatively old, we used WHOIS History Search to gather as much information we could about it. We found that the domain was first registered in September 2015 by a privacy-protected individual based in Panama—a popular off-shore country for domain registration. Many businesses and organizations tend to register domain names there for various reasons. One of these is enhanced data privacy, which unfortunately attracts miscreants as well.

In October 2016, another anonymous owner, this time from Washington, U.S., obtained the domain. In September 2017, Xinxin Co. finally took ownership of the domain.

Although the redaction of WHOIS ownership details is not a telltale sign of cybercrime, the change of hands that involved two offshore countries could be considered a red flag. Further investigation should ensue.

It turned out that the domain is tagged as “malicious” by Threat Intelligence Platform (TIP) and VirusTotal. Digging deeper, we found out that onenewpost[.]com is one of the indicators of compromise (IoCs) connected to Magecart Group 5, a gang of cybercriminals who specialize in credit card skimming.

In the two scenarios explored above, organizations that purchase both domains after verifying that they are available would most likely face unwanted consequences. The new owners of heartspacespiritualcenter[.]org could, for instance, start operating and gaining new clients and donors with the possibility of being associated with inappropriate adult content later on.

The hypothetical new owners of onenewpost[.]com, on the other hand, may wonder why their email marketing strategies do not work. Recipients could be blocking their emails since the domain is deemed malicious on threat intelligence databases. They could even end up part of an investigation since Magecart Group 5 is not a small-time hacker group.