WHOIS Monitoring

WHOIS monitoring is the automated, periodic querying of WHOIS (or [[rdap|RDAP]]) records for one or more domains to detect changes in registrant contact details, [[nameserver|nameservers]], [[domain-status-codes|status codes]], expiration dates, or sponsoring [[registrar|registrar]]. Any unexpected change—such as the registrant organization name updating without authorization—can indicate account compromise, unauthorized transfer, or [[domain-hijacking|domain hijacking]], making early detection critical. WHOIS monitoring services baseline the current record and trigger [[domain-alert|domain alerts]] whenever a diff is detected, providing a timestamped audit trail that is invaluable during incident response. Coverage gaps exist for some ccTLDs that rate-limit or restrict WHOIS queries.