The deal was three weeks from closing. Then someone on the legal team ran a routine check and found that the domain had changed registrants four months earlier. That check took eleven minutes. We had not run it in three weeks of due diligence.
The domain belonging to our target partner had changed registrants four months earlier. Not the website. Not the branding. The underlying ownership. We had been building a commercial relationship with a company whose domain — and everything attached to it — was already in someone else's hands.
When someone asks how to find out who owns a domain, they are almost never asking about registration mechanics. They are asking because something does not add up.
Domain ownership questions in B2B contexts are trust questions in disguise. The reason they matter more in 2026 than five years ago is not that ownership has become more complicated — it is that the mechanisms for obscuring it have become more accessible, and the cost of missing a critical ownership signal has become more concrete.
This is about reading those signals accurately — not the version that stops at a WHOIS lookup and accepts whatever returns. The version that understands what was removed, what was left intact, and what alternative signals exist.
For most of the internet's commercial history, WHOIS was the definitive answer to domain ownership questions. In May 2018, GDPR changed that. The common characterisation — GDPR killed WHOIS — is imprecise in ways that matter practically.
Always visible regardless of privacy configuration. Tells you who sold the registration — and which registrars serve corporate vs. consumer clients.
Always visibleVisible in all WHOIS and RDAP output regardless of redaction. A domain that lapsed and was re-registered signals a potential change in control. A recent multi-year renewal signals ownership confidence.
Always visibleDNS name servers are always public. Enterprise organisations managing portfolios frequently configure all domains — subsidiaries, product brands — through the same name server infrastructure. Shared configuration on custom servers signals shared operational control.
Always visibleRegistrations made by legal entities — incorporated companies — are treated differently by many registrars. Several continue to expose organisation names and corporate contact information for gTLD registrations even post-GDPR, because the obligation attaches to personal data, not organisational data.
Frequently visible for corporate registrantsRDAP replaced WHOIS as the technical standard for registration queries in 2019. It provides structured, machine-readable output. The data availability question remains a policy matter governed by ICANN and individual registrars — RDAP changed the format, not what is accessible.
Most domain ownership queries conflate two fundamentally different things.
The accredited organisation through which the domain was registered. Always visible in WHOIS and RDAP regardless of privacy configuration. Tells you nothing about who bought it — but its identity carries its own signal about the buyer type.
The entity that purchased and controls the registration. Post-GDPR, this may be redacted depending on whether the registrant is an individual or legal entity, which registrar processed it, and which TLD the domain sits under.
When WHOIS returns registrant information pointing to Domains By Proxy LLC, WhoisGuard Inc., or similar entities, you are looking at a privacy proxy service. What they genuinely conceal: direct registrant contact information in WHOIS output. What they cannot touch:
Organisations managing multiple domains — subsidiaries, product brands, regional entities — frequently configure all of them through the same name server infrastructure. This signal is meaningful when the shared name servers are custom or private; large public DNS platforms like Cloudflare serve millions of unrelated domains and shared use of them carries no ownership inference.
Every SSL certificate issued is recorded in public certificate transparency databases — a browser security requirement, not a registration system. Queryable through crt.sh. These logs record the organisation field submitted in the certificate signing request, and exist outside privacy legislation governing registration data. For a domain with fully redacted WHOIS, certificate history frequently surfaces an organisation name visible nowhere else in public records.
Exists outside GDPR scopeDomain TXT records used for Microsoft 365 tenant verification, Google Search Console, and third-party service integrations reveal operational platform relationships. A Microsoft 365 tenant verification TXT record contains a tenant identifier tied to a specific organisational account. These records tell you about the operational owner — the entity running the domain's services — which is frequently more relevant to B2B research than the legal registrant.
There is one domain ownership signal almost universally overlooked in B2B research — not because it is obscure, but because it sits entirely outside the standard domain intelligence workflow.
A company on your target list has a domain that resolves cleanly and passes every verification check. Certificate transparency records show an organisation name that does not match the company name on your list. DNS records reveal name servers shared with fourteen other domains, several of which belong to a parent entity you recognise from the market.
A company you are three weeks from a significant commercial commitment with has a domain that, on registration date analysis, lapsed for twenty-eight days eleven months ago before being re-registered. The website looks identical. The branding is unchanged.
Every signal in this piece carries a different confidence level. Getting domain ownership research right means understanding what each signal confirms and what it does not.
| Signal | Confidence | What to Know |
|---|---|---|
| WHOIS org data (corporate, non-redacted) | High | Definitive where it survives redaction |
| Corporate registration database (strong jurisdiction) | High | Definitive where accessible — varies by country |
| Name server clustering on custom infrastructure | Medium | Meaningful but requires corroboration |
| Certificate transparency organisation field | Medium | Useful — reliability varies by provisioning care |
| Historical WHOIS (pre-2018 archives) | Medium | Confirms past ownership only — not current state |
| SOA record administrative contact | Low | Most DNS platforms populate this with generic defaults |
The methodology that produces accurate conclusions in 2026 is not finding more signals. It is combining the signals available and weighting each one honestly against what it actually confirms — rather than what you need it to say.
The legal team member who ran the check that changed our deal assessment did not have access to anything sophisticated. Three steps. Eleven minutes of triangulation against signals that had been publicly available throughout the three weeks we had not looked at them.
Check registrar identity, registration date, expiration date. Look for lapses, recent re-registrations, or enterprise registrars that signal corporate ownership.
Query the domain on crt.sh. Check the organisation field across certificate history. Surfaces entity names invisible in post-GDPR WHOIS output.
Compare name server configuration against domains already known to belong to related entities. Custom shared name servers are a meaningful shared-control signal.
Domain ownership verification is not a discipline reserved for legal due diligence or enterprise compliance functions.
It is the check that sits between resolving a domain and building a commercial relationship on top of it — and in most B2B workflows, it is the check that never gets run until something has already gone wrong.
The signals are there. The question is only whether you look at them before the decision or after it.
FindCompanyDomain resolves company names to verified, MX-confirmed domains with confidence scoring — so you know what you are building on before you build anything.
