WHOIS

How it works

A WHOIS lookup returns who registered a domain, when, through which registrar, and which abuse contact handles it. Privacy rules like GDPR now redact much of the personal data, but the registrar and dates remain, which is enough to route a takedown. A newly created domain that mimics your brand is a strong early signal.

Registration and certificate data together let monitoring spot threats as they appear.

How it relates to brand impersonation

WHOIS is foundational to both detection and enforcement: it tells you a lookalike was just registered and who to send the takedown to. Basic WHOIS alerts are common, but they only cover exact strings, not the full lookalike space.

How nebty helps

nebty goes beyond basic WHOIS alerts by generating and watching the whole lookalike space around your brand, then using registration data to drive on-demand takedowns.

What WHOIS still tells you after GDPR

Privacy rules changed WHOIS but did not make it useless. Since GDPR, most registrars redact the personal registrant fields, so you rarely get a name or email for the owner anymore. What remains is still useful for enforcement: the registrar, the creation and update dates, the nameservers, and the abuse contact you need to file a takedown. The creation date is one of the strongest signals you have, because a domain that mimics your brand and was registered yesterday is far more likely to be hostile than one that has existed for years. Combined with Certificate Transparency data, WHOIS lets monitoring flag a fresh lookalike and route a report to the right registrar, even without knowing who is behind it.