Domain Registrar Status
Medium SeverityWhat This Check Measures
This check analyzes the domain's registration information via WHOIS lookups to identify potentially suspicious domains, such as newly registered domains often used in phishing campaigns.
Why It Matters
- Phishing Detection — Phishing domains are often registered days before attacks
- Domain Expiration Risk — Expiring domains may be hijacked
- Ownership Verification — Identify who controls the domain
- DNS Hijacking Risk — Check for unauthorized domain transfers
- Brand Protection — Identify typosquatting domains
How Data Is Obtained
Source Files
src/checks/safety.check.js— Placeholder checksrc/checks/whois.check.js— Full WHOIS implementation
Function in safety.check.js
SafetyCheck.analyze(url)
Current Implementation
// Informational - requires WHOIS lookup
checks.push({
name: 'Domain Registrar Status',
status: 'info',
description: 'Domain registration status requires WHOIS lookup',
severity: 'medium'
});Related Agent
For full WHOIS data, see the WHOIS Agent (whois.check.js) which retrieves:
- Domain registrar name
- Registration date (creation date)
- Expiration date
- Nameservers
- Registrant information (when available)
Status Values
| Status | Meaning |
|---|---|
| info | Informational only in the Safety section. Full WHOIS data is available through the WHOIS Agent. |
Severity: Medium
This check has medium severity because:
- Domain age alone doesn't determine if a site is malicious
- Many legitimate new businesses have new domains
- WHOIS privacy protection is legal and common
- Combined with other signals, it's more meaningful
WHOIS Data Points
Registrar
The company where the domain was registered. Some registrars are known for lax abuse policies.
Creation Date
When the domain was first registered. Domains less than 30 days old are higher risk for phishing.
Expiration Date
When the registration expires. Domains about to expire may indicate abandonment or instability.
Updated Date
Last time domain records were modified. Recent changes may indicate ownership transfer.
Red Flags in WHOIS Data
Suspicious Indicators
- Domain registered within the last 7-30 days
- Short registration period (1 year only)
- Registrar known for hosting malicious domains
- Registration in country different from claimed business
- Recent nameserver changes
- Free TLDs (.tk, .ml, .ga, .cf)
Impact on Category Score
Currently returns info status with neutral impact on the Safety & Threats score. The WHOIS Agent provides more detailed domain information in its own category.