Product Blog

How to Build Attacker Profiles By Using Domain Registration History Records

Consider this scenario: You just got wind that a prolific cybercriminal has recently been spotted. You want to avoid joining his/her list of victims, of course. The question is how you go about it. Building attacker profiles, notably with WHOIS, might help.

Of course, that has become harder now that much stricter privacy protection laws like the General Data Protection Regulation (GDPR) are in effect. Typical WHOIS searches for a list of sites to avoid may no longer work since many domain owners, especially in the European Union (EU), can opt to redact their personal information from registration records.

However, using historic WHOIS searches with tools like WHOIS History Search might still be relevant. At least, you can take action against potentially harmful domains registered before WHOIS record redaction became a thing.

In this post, we demonstrate how to build attacker profiles so companies can beef up their existing blocklists.

Knowing a Domain’s Ownership History Can Help You Avoid Getting a Blacklisted Domain

When starting an online business or marketing campaign to reach out to more people, one of the most critical tasks is deciding on what domain name to use. You can’t just choose one on a whim — you need to put a lot of thought and research into it as your domain will carry your brand. Your research needs to include the domain name’s ownership history, among other things.

In short, a domain name can make or break an organization. Experts have pointed out the main characteristics of a good domain name, which include...

How Organizations Can Prevent Site Blacklisting with WHOIS History Search and WHOIS History API

Maintaining the overall health of your site is no mean feat. Attacks could occur any time, regardless of a company’s size. Cyberattackers can hack into your network and compromise your site for use in their nefarious activities without your knowledge. Sometimes, you’ll only know what happened when search engines like Google put your site on a blacklist. And that can be detrimental to any business. Blacklisted sites may lose around 95% of their usual amount of organic traffic, which can negatively affect their sales. Apart from that, first-time visitors or potential customers can get discouraged if they learn that your site is considered malicious.

Brand Monitoring: Defending Your Company Against Cybersquatting

Cybersquatting made headlines in recent weeks when Facebook filed a lawsuit against domain registrar OnlineNIC Inc. and its proxy service IDShield for cybersquatting and copyright infringement. The lawsuit concerned domain names that use the word “Facebook,” “Instagram,” or variations of Facebook’s brands with the intent to trick users into thinking that they are legitimate sites of the complainant.

The domain names in question include www-facebook-login[.]com, facebook-mails[.]com, login-intstargram[.]com, and hackingfacebook[.]net. When we ran hackingfacebook[.]net on WHOIS API, the report stated that the registrar was indeed OnlineNIC Inc., which registered the domain in February 2010. However, the details of Domain ID Shield Service were the ones used as registrant information.

Domain ID Shield is a product of OnlineNIC Inc. that essentially replaces the registrant, as well as technical, and administrative details of the client with its own. So instead of taking legal action on individual registrants, which is difficult in this case, Facebook lashed out at OnlineNIC Inc. as it’s connected to complaints of domain abuse and for seemingly tolerating cybersquatting.

Facebook’s case is just one of the thousands of cybersquatting incidents that plague the Internet. And in this post, we explored what cybersquatting is, and how to detect it using tools such as Brand Monitor. We also examined some real-life cases of domain name fraud.

The Treepex Case: Learning More About Fake News Proliferators By Using Domain Search Lookups

Back in 2017, a startup presented a revolutionary product to the world, one that would allegedly change the way people breathe. Treepex, a portable device that cleans the air as you breathe sparked many conversations, causing it to become viral. Thousands of people viewed the product video. And the startup founders, Bacho Khachidze and Lasha Kvantaliani, even appeared in interviews from big news sites, including the Associated Press (AP) and The Huffington Post.

The irony is that Treepex never existed, at least not as a physical device. In an interview with Inc., Khachidze and Kvantaliani admitted that their goal was to prevent products like Treepex from needing to exist. The Georgian duo shared that their business has to do with planting trees instead. And they exerted effort to make Treepex go viral only to raise awareness about the growing issue of pollution.

They did that. They tricked people and even reputable news sites into thinking that their offer was real. (Note: Both AP and The Huffington Post subsequently removed the interviews from their sites).

Google and Facebook Scams: Preventing Employees from Falling for Invoice Fraud with Domain Intelligence Tools

Business email compromise (BEC), also known as CEO fraud, whaling, email account compromise (EAC), or invoice fraud, is a tried-and-tested attack method. Since 2013, BEC scams have been responsible for close to $12 billion in company losses. And this figure continues to rise, as, in 2018 alone, the said scams cost victims $1.3 billion.

In this post, we will look more closely at two cases of invoice fraud that caused Facebook and Google to almost lose a total of $123 million just this year. We will also demonstrate how our Domain Research Suite (DRS) can help companies prevent their employees from falling for such attacks.

Avoid Ties to Malicious Activity by Knowing the History of a Domain’s Ownership

While search engine optimization (SEO) experts often advise first-time site owners to use an old domain to gain instant authority on the Web, security professionals would caution that the practice can be risky.

That said, we do think there’s a way for site owners to enjoy the benefits of using old domains with as few risks as possible. In this post, we’ll tell you how knowing the history of a domain’s ownership by using tools like WHOIS History Search can help. But first, let’s take a look at why cybersecurity specialists may have reservations about using old or expired domains.

The Equifax Settlement Case: Shielding Financial Service Customers from Phishing with Domain Research Monitoring

Data breaches continue to plague organizations today. In the first six months of 2019 alone, 3,813 data breaches were recorded, exposing more than 4.1 billion records. This figure translates to more than a 50% increase in victim volume over the past four years. Worse still, three of these recently recorded data breaches made it to the all-time list of top incidents.

Of all these unfortunate events, we decided to take a closer at Equifax’s case. First, because it has been the financial sector’s biggest breach victim to date. Second, because it shows how cybercriminals insist on exploiting every vulnerability there is. It’s indeed possible that malicious entities are now trying to trick victims into disclosing more personally identifiable information (PII) on fake Equifax settlement websites.

We then used the Domain Research Suite (DRS) to show how potential targets can avoid falling prey to instances of phishing and cybersquatting attacks.

Avoiding Adverse Effects on SEO through Domain Name Ownership History Checks

When building their online presence, entrepreneurs and website owners are bombarded with tips and advice on search engine optimization (SEO) ranking. Among them are the publishing of high-quality and relevant content regularly, using metatags and alt tags, and using long-tail keywords.

All these are valid and effective, but your SEO ranking strategy should begin at the very first stage of website creation—choosing a domain name. In this post, we explored the effects of domain name ownership history on an organization's SEO ranking, and how a simple check using WHOIS History Search can help users avoid related challenges.

Using Domain Ownership History to Secure Next-Gen Firewall Estates

Firewalls are an essential pillar of any enterprise network security strategy. They sift traffic coming in and going out of corporate networks, offering round-the-clock perimeter protection.

Even better are today’s next-generation firewalls (NGFWs), which bring interoperability and contextualization into the mix. These hybrid firewalls provide a more effective layer of protection as they combine both traditional firewalls with newer types.

Unfortunately, NGFWs and older versions for that matter are not the “be-all and end-all” of enterprise network security. They serve as a good starting point, but they also need to be appropriately configured to work — along with the right data feeds, which can include WHOIS history data, as this post will suggest.

That is why experts recommend taking a phased approach to high-end firewall deployment. Otherwise, compatibility issues may arise, which could expose the network to computer viruses, or worse still, advanced persistent threats (APTs).

E-Commerce and Online Brands: How to Avoid and Tackle Trademark Infringement Issues with Brand Monitor

With all of the business growth opportunities that the Web provides for e-commerce sites and brands operating online in general, also come responsibilities and risks.

Customer privacy and data, for one thing, must be safeguarded against cyber attacks — notably phishing and spam campaigns that could lead to fraud and information and identity theft. Indeed, personally identifiable information (PII) such as Social Security and driver’s license numbers, health records, and payment card information, among others, are often stolen and sold in underground markets or used in attacks. A quick black market survey, for instance, revealed that health records and passport information are sold for as much as $1,000 per set in cybercriminal one-stop shops.

But apart from securing the overall health of their sites against vulnerabilities and exploits, e-commerce site owners and brands also face the daunting task of protecting their image and reputation against trademark, copyright, and other forms of intellectual property infringement.

We have seen cybercriminals time and again ride on their popularity for fraud. Banking on their customers’ loyalty and trust, unsuspecting users are convinced to divulge their personal details to attackers. Unfortunately, threat actors are not the only ones companies should be wary of. It is also common for competitors to mimic domain and brand names in hope of getting more customers illegitimately.

In light of these instances of brand abuse, this post shows how domain name infringement can affect companies of all sizes. It also shows how applications like Brand Monitor and Domain Research Suite can help website owners protect their reputation.

Yahoo! Data Breach Settlement: A Deep Dive into Fake Websites through Domain Name Monitoring

The massive Yahoo! data breach that lasted from 2012 to 2016 is one of the most notable data breaches to date, with 3 billion accounts compromised. Users’ names, birthdays, email addresses, phone numbers, and even encrypted and unencrypted security questions and answers were just some of the information stolen and potentially peddled in underground markets.

The good news is that those who have been affected can now claim benefits for the damages and losses they incurred. They can get two years of free credit monitoring or US$100–25,000 in cash as settlement for theft and potential fraud. Those interested can check if they are eligible for settlement payment by contacting the administrator of the official data breach settlement site, yahoodatabreachsettlement.com.

It seems those who suffered from the Yahoo! compromise could rest easy, right? Probably not as new threats arose shortly after the breach settlement announcement. Much like the case when Equifax announced its breach settlement details and informed victims where they could file claims, several fake websites mimicking Yahoo!’s settlement website surfaced. Those who are not careful could end up exposing even more personally identifiable information (PII) instead of obtaining remuneration from what they already lost.

To better illustrate this point, we have used various of our domain intelligence tools to study what the emerging threat environment around Yahoo! settlement site looks like and present recommendations on how to mitigate the resulting risks.

Criminal Profiling and Evidence Gathering with Website and Domain Name Monitoring Tools

Cybercrime is a major threat to all sectors of the community, including government institutions, businesses, and non-profit organizations. It continuously hurts the global economy by sucking up billions of dollars each year, prompting the head of the U.K.’s Government Communications Headquarters (GCHQ) to declare that fighting cybercrime should be accorded the same priority as fighting terrorism.

But is it really possible to “fight” cybercrime? Some security experts have long ceded and started focusing on cyber-resilience (the ability to bounce back after a cyber attack) instead of cybersecurity (the prevention of a cyber attack). Aside from business continuity, part of cyber-resiliency should be the legal ramifications that the victim must set in motion against the attacker. Herein lies a big challenge — discovering who the cybercriminals are.

The fact that investigators find it challenging to unmask the people behind a cybercrime has given attackers more confidence. As more and more cybersecurity solutions are developed to counter them, cybercriminals always seem to be finding new methods to get around the said solutions because they believe they can’t be caught.

In this article, let’s examine the profile of cybercriminals and their targets, as well as briefly illustrate how domain research and threat intelligence tools such as Website Screenshot API and Reverse WHOIS Search can help investigators identify attackers.

Avoid Website Blacklisting with Whois History Search, Domain Research Suite, and Other Tools

Unfortunately, most website owners only discover they are on a blacklist if customers report seeing warnings. More often, they may not even be alerted at all, as some blacklisted sites are no longer included in search results. Search engines automatically remove them from their indexes.

If you’ve been losing traffic and suspect that your website is on a blacklist, you can take immediate steps. This post also discusses best practices to prevent your website from ending up on a blacklist in the first place.

Domain Research Suite Keeps Track of Nefarious Activities Around Your Domains

Domain infringement has become a real concern for businesses operating online. While new web technologies made it easy for brands to engage with customers, progress has also opened the door to a variety of cyber risks and attacks known as domain threats.

Are You Keeping An Eye On Your & Your Adversary’s Domain Activity? – Part 2

In the last blog, we discussed the various features of all the Online Monitoring & Search tools that you can avail with our Domain Research Suite. The next question is naturally, how professionals from different industries can take advantage of these power tools to enhance their domain research? So, today we will be covering several use-cases of DRS to help make you understand its importance in today’s day & age.

Are You Keeping An Eye On Your & Your Adversary’s Domain Activity? – Part 1

If the answer to the above question is “no”, “looking forward to, but don’t know how”, or god forbid, “why would I want to do that?”, then you are just in the right place! Businesses always need to protect their brand from bad actors who can spoil their reputation, while at the same time, also try & stay a step ahead of their competition. And why only businesses, security teams also need to constantly keep a track of threats in order to pre-empt & proactively curb online attacks. The internet has made a lot of information easily accessible, but getting relevant, timely & proactive Intel is the key for staying a step ahead whether it is to protect your brand or to prevent a hacker from committing an online crime. Reactive in today’s day & age is longer a solution for success.

If you want to be a notch above the rest, Domain Research Suite (DRS) is just the tool for you. DRS provides a bundle of tools in the form of an easy-to-use web-app which will definitely benefit your domain investigation & management with automated monitoring & timely alerts combined with extensive research tools!

4 Roles of Domain Name Monitoring in Making Cybersecurity Decisions

You might be surprised to find out, but there’s a lot you can tell about a domain name or a group of them from the cybersecurity standpoint. You may attempt to understand what the intentions of a registrant are, check for the consistency of data provided across touchpoints, get some insights into the scale of online operations, and more.

Overall, gathering and applying domain intelligence allows cybersecurity specialists to decide whether it’s in the company’s best interests to let information flow with unknown external agents. Or if, on the contrary, the risks outweigh the benefits so much that interactions should be at least heavily scrutinized or blocked altogether.

This post explores a variety of more specific situations where domain intelligence can help in making the right cybersecurity call at different levels of the organization and beyond it.

The Domain Research Suite That Aids Financial Fraud Investigations

Bitsane, a cryptocurrency exchange based in Ireland, vanished in the June of 2019. Its founders took with them the crypto deposits of 246,000 users. The platform traded an average of $7 million each day.

Worldwide, fraudsters stole nearly $1.5 billion’s worth of cryptocurrencies in the first two months of 2018 alone. It’s estimated that since then, criminals have made off with an average of $9 million a day.

So how can law enforcement authorities, legitimate financial institutions, and even individuals know whether a cryptocurrency exchange is planning to steal customer investments?

WHOISXMLAPI.com’s Domain Research Suite can reveal indicators that financial institutions like cryptocurrency exchanges may be committing fraud.

The Role of Domain Search and Monitoring in Enabling MDR and MSSP Teams

Based on findings by ESG, more than 80% of cybersecurity professionals today agree that their organizations are seeking to enhance their threat detection and response capabilities. In fact, 77% said their business managers are constantly pressuring them to do so.

The problem, however, is that enhancing threat detection and response is no mean feat. In fact, 76% of those surveyed mentioned that this has become more challenging compared to a couple of years back. Cybersecurity professionals are pointing to concerns such as the surge in the sophistication and volume of threats, a growing attack surface, and increasing workload. Additionally, many firms lack the right skills and staff to make significant changes in this area.

So rather than deploy new tools that they are not even sure to work, many CISOs are now turning their attention toward asking third-party service providers for help. This is where managed detection and response (MDR) and managed security service providers (MSSPs) come in.

But despite their growing demand and popularity, these services face some major challenges that can hinder many providers and have already done so.

In this post, we’ll take a look at the hurdles these two are contending with right now and how domain search and monitoring tools can enhance their overall effectiveness.

How Brand and Domain Name Monitoring Can Counteract Cybersquatting

The Web is a huge and unregulated space made up of countless online content locations. There are more than 300 million active websites today with an additional 25 million registered each year. It’s only inevitable then that there will be intense competition between registrants and, therefore, demand for domain names, especially for those that use the most recognizable words and identifiers.

In fact, conflicts between trademark holders and domain registrants looking to own the rights to specific domains are common. Numerous disputed domains nowadays are registered either by accident or with the intent to gain money from those who are interested in them. This tactic is known as “cybersquatting,” which can have severe consequences for your brand if you don’t pay attention to it.

In this article, we’ll discuss cybersquatting and how domain name monitoring can protect your business from it.

Brand Monitor and Brand Alert API: How to Combat Brand Misrepresentation in the Retail Fashion Industry

Misrepresentations together with negative brand equity are probably the biggest nightmares of today’s most prominent companies — and more often than not, that’s connected to cybersecurity and data breaches.

For example, the latest stats show that one in every 99 emails you get each day has ties to a phishing attack, the majority of which come laced with malware specially crafted to harvest victims’ financial credentials or use popular brands as social engineering bait.

A great example would be an email offering a considerable discount that the victim may find very hard to resist. So she clicks the link to a site where she’s asked to fill in her personal data, including the credit card, for instance, that she plans to use to purchase goods. She doesn’t get the items she supposedly bought and so complained to the store via all possible means — email, phone, and social media.

What’s worse, others who fall for the same ruse join the frenzy, dragging the brand’s name through the muck. What can the victimized company do? Could it have prevented the phishing attack? These are just some of the things this article answers by analyzing Zara’s real-life case study.

Research Any Domain’s History with WHOIS History API!

With thousands of new domain names registered every day, billions and billions have been registered over the years. And these have undergone multiple ownerships or even registration changes over time. These could be modifications to the domain’s registrar or associated name servers or even changes in contact details, to name just a few.

Aging domains have a history and we at WhoisXML API can help you delve deeper to understand a given domain’s past with WHOIS History API. Professionals conducting research for cybersecurity or investment purposes can hugely benefit from uncovering a domain’s lifecycle to find out if it has ever had a checkered past or draw connections that may not be easy to see at the surface level.

Brand Monitor: Typo generation FAQ

Expand your monitoring field by adding automatically generated typos to all possibly misspelled domain names. Prevent abuse of your brand by identifying typosquatting and blocking IDN homograph attacks. Learn more about our new feature: automatic typos generation.

Protecting Brands & Trademarks On The Internet!

The ease & gigantic potential that the Internet provides to businesses to expand their reach amongst their customers and tap markets that traditionally would have required way too much effort & resources is definitely remarkable. Being present on the Web via their websites has become a cornerstone for businesses to create brand awareness, showcase their products & service and also for selling their offerings directly online. And with each passing day, people are beginning to rely more and more on this virtual presence of brands and are increasingly interacting with them.

Domain names to that effect have become a very critical component for expanding and building a brand identity online. And just like any valuable asset in plain sight, there are a lot of bad guys who either want to cause harm or exploit your brand’s potential for their own benefit. Which is of course not a great news for you!

Uncover Domain Spoofing Using AI Driven Predictive Monitors

Spoofing is a situation in which an entity (person or software program) successfully impersonates and masquerades as another successful one, with the purpose of gaining an advantage with regards to personal or business information or brand goodwill. Domain spoofing occurs when an attacker appears to use a company’s domain to impersonate and masquerade a company and or its products or brands. The domain spoofer may later use the deceived domain name to induce fraudulent practice like phishing i.e. sending deceptive emails pretending to be from a reputed company in order to induce individuals to reveal passwords, credit card numbers or download malicious files.

Reverse WHOIS in action:
find all domains or websites of a company, and more

See Reverse WHOIS service in action by searching for all Internet domains a company owns or is related to. We shall use the web-based reverse WHOIS service. An alternative would be to use the reverse WHOIS API, a RESTful solution which is also available with the same capabilities. We shall pick a popular brand, the Eastman Kodak Company, as an example for our investigation, although it works for any other one you might be interested in. If you are a domainer, a marketer, a legal investigator, an IT security expert, or anyone interested in or working with Internet domains, you are in the right place. We present the Swiss Army knife designed to fit in your very pocket.