Domain Research Suite Blog & How To Guides & FAQ
DRS Video Tutorial #1 — A Brief Overview
Check out this explanatory video looking at a series of examples and DRS queries for security and other purposes.
Domains & Subdomains Discovery web tool tutorial
Domains & Subdomains Discovery Lookup allows you to identify all domains and subdomains that contain all the Include terms and none of the Exclude terms. You can discover domains only, subdomains only, or both. Also, you can specify where the search term should be placed in the domain name: start with, end with, contains, contains the word, to narrow down the results according to your needs.
Brand monitor Web tool tutorial
This tool allows you to track any keywords associated with your brand, trademark, or product. It tracks newly registered/modified and also recently expired domains containing all the Include terms and none of the Exclude terms in their domain name.
Registrant monitor Web tool tutorial
This tool allows you to monitor domain registrations, updates, renewals or expirations made by registrants according to search criteria.
Domain monitor Web tool tutorial
This tool allows you to monitor changes in the selected domain WHOIS records and track both existing and not yet registered domains.
How to Find Out Who Owns a Domain Name with Reverse WHOIS Search and WHOIS Database Download
In the past, there was no way for users to find out what other domains, if any, a particular registrant owns without first translating a domain name into an IP address. But with the shortage of available IPv4 addresses, which resulted in the assignment of shared IP addresses to unrelated individuals or even companies, that approach has become riddled with difficulties.
Even if you can pinpoint the owner of an IP address, a shared one would provide users with a list of domains that may take a lot of time to sift through. If that IP address turns up as an indicator of compromise (IoC) in a publicly accessible report, affected users would have to go through each related domain’s WHOIS records to get to the bottom of the issue. Imagine how long that would take if you had 30 domains or more to scrutinize.
This post shows how users can find out who owns a domain name in five simple steps.
How to Trace a Privately Registered Domain’s Owner By Using a WHOIS History Lookup Tool
With a myriad of free readily tools available online, it’s not so difficult to find out if someone else already owns a domain you’re eyeing or if that domain is available for purchase or registration. But that’s where most tools stop. Sometimes, more details such as a domain’s ownership history, including current and past registrants’ names and contact details, are hidden since most domain owners opt for privacy protection.
There are instances, though, when it’s critical to obtain registrant information. For one, website owners who are interested in buying new domains need to know who to contact if someone already owns the domain they want to purchase. Another reason is when a domain of interest was used (typically misused or abused by cybercriminals) in attacks. In such cases, the domain’s owner needs to be alerted to the situation for remediation. Finally, investigations launched by law enforcers or cybersecurity specialists may require more information on the domain registrant’s identity.
These specific cases may require digging into a domain’s WHOIS records. Problems arise, however, when pertinent details are not shown. For law enforcers who can subpoena for missing data, that may not be a problem. But for those who were victimized by attacks or turned into unwitting accomplices, that option might not be available. Specialized tools that obtain historical domain data might help there.
This post details how tools such as WHOIS History Search can help users uncover otherwise hidden registrant details without going through a potentially long and arduous legal channel.Continue reading
How to Retrieve Domain WHOIS History Data After Redaction
WHOIS information is indispensable for any cybersecurity researcher. It is an essential resource for tracking down registration owners for a variety of reasons that range from settling trademark and cybersquatting disputes to configuring websites. With WHOIS records, a security analyst or website administrator can quickly get in touch with a registrant owner to resolve or file a dispute, transfer a domain with ease, or set up a valid Secure Sockets Layer (SSL) certificate.
With the General Data Protection Regulation (GDPR) implementation, however, the Internet Corporation for Assigned Names and Numbers (ICANN) was compelled to modify its policies for WHOIS data availability. ICANN’s implementation of the Temporary Specification for Generic Top-Level Domain (gTLD) Registration Data in 2018 resulted in the redaction of millions of WHOIS records from the public domain.
Under the new rule, both registrars and registries must explicitly state that a domain’s ownership details have been “Redacted for Privacy,” unless, of course, the domain owner consents to share his or her registrant information publicly. This policy applies to all data accessible via WHOIS or Registration Data Access Protocol (RDAP) protocols.
WHOIS lookups have become more complicated ever since. What was once an activity that took a couple of minutes now involves hours of Internet research and hopping from one application or database to another. Fortunately, there are other ways through which analysts can obtain this critical domain data, such as a WHOIS history search tool.Continue reading
How to Build Attacker Profiles By Using Domain Registration History Records
Consider this scenario: You just got wind that a prolific cybercriminal has recently been spotted. You want to avoid joining his/her list of victims, of course. The question is how you go about it. Building attacker profiles, notably with WHOIS, might help.
Of course, that has become harder now that much stricter privacy protection laws like the General Data Protection Regulation (GDPR) are in effect. Typical WHOIS searches for a list of sites to avoid may no longer work since many domain owners, especially in the European Union (EU), can opt to redact their personal information from registration records.
However, using historic WHOIS searches with tools like WHOIS History Search might still be relevant. At least, you can take action against potentially harmful domains registered before WHOIS record redaction became a thing.
In this post, we demonstrate how to build attacker profiles so companies can beef up their existing blocklists.Continue reading
Knowing a Domain’s Ownership History Can Help You Avoid Getting a Blacklisted Domain
When starting an online business or marketing campaign to reach out to more people, one of the most critical tasks is deciding on what domain name to use. You can’t just choose one on a whim — you need to put a lot of thought and research into it as your domain will carry your brand. Your research needs to include the domain name’s ownership history, among other things.
In short, a domain name can make or break an organization. Experts have pointed out the main characteristics of a good domain name, which include...Continue reading
How Organizations Can Prevent Site Blacklisting with WHOIS History Search and WHOIS History API
Maintaining the overall health of your site is no mean feat. Attacks could occur any time, regardless of a company’s size. Cyberattackers can hack into your network and compromise your site for use in their nefarious activities without your knowledge. Sometimes, you’ll only know what happened when search engines like Google put your site on a blacklist. And that can be detrimental to any business. Blacklisted sites may lose around 95% of their usual amount of organic traffic, which can negatively affect their sales. Apart from that, first-time visitors or potential customers can get discouraged if they learn that your site is considered malicious.Continue reading
Brand Monitoring: Defending Your Company Against Cybersquatting
Cybersquatting made headlines in recent weeks when Facebook filed a lawsuit against domain registrar OnlineNIC Inc. and its proxy service IDShield for cybersquatting and copyright infringement. The lawsuit concerned domain names that use the word “Facebook,” “Instagram,” or variations of Facebook’s brands with the intent to trick users into thinking that they are legitimate sites of the complainant.
The domain names in question include www-facebook-login[.]com, facebook-mails[.]com, login-intstargram[.]com, and hackingfacebook[.]net. When we ran hackingfacebook[.]net on WHOIS API, the report stated that the registrar was indeed OnlineNIC Inc., which registered the domain in February 2010. However, the details of Domain ID Shield Service were the ones used as registrant information.
Domain ID Shield is a product of OnlineNIC Inc. that essentially replaces the registrant, as well as technical, and administrative details of the client with its own. So instead of taking legal action on individual registrants, which is difficult in this case, Facebook lashed out at OnlineNIC Inc. as it’s connected to complaints of domain abuse and for seemingly tolerating cybersquatting.
Facebook’s case is just one of the thousands of cybersquatting incidents that plague the Internet. And in this post, we explored what cybersquatting is, and how to detect it using tools such as Brand Monitor. We also examined some real-life cases of domain name fraud.Continue reading
The Treepex Case: Learning More About Fake News Proliferators By Using Domain Search Lookups
Back in 2017, a startup presented a revolutionary product to the world, one that would allegedly change the way people breathe. Treepex, a portable device that cleans the air as you breathe sparked many conversations, causing it to become viral. Thousands of people viewed the product video. And the startup founders, Bacho Khachidze and Lasha Kvantaliani, even appeared in interviews from big news sites, including the Associated Press (AP) and The Huffington Post.
The irony is that Treepex never existed, at least not as a physical device. In an interview with Inc., Khachidze and Kvantaliani admitted that their goal was to prevent products like Treepex from needing to exist. The Georgian duo shared that their business has to do with planting trees instead. And they exerted effort to make Treepex go viral only to raise awareness about the growing issue of pollution.
They did that. They tricked people and even reputable news sites into thinking that their offer was real. (Note: Both AP and The Huffington Post subsequently removed the interviews from their sites).Continue reading
Google and Facebook Scams: Preventing Employees from Falling for Invoice Fraud with Domain Intelligence Tools
Business email compromise (BEC), also known as CEO fraud, whaling, email account compromise (EAC), or invoice fraud, is a tried-and-tested attack method. Since 2013, BEC scams have been responsible for close to $12 billion in company losses. And this figure continues to rise, as, in 2018 alone, the said scams cost victims $1.3 billion.
In this post, we will look more closely at two cases of invoice fraud that caused Facebook and Google to almost lose a total of $123 million just this year. We will also demonstrate how our Domain Research Suite (DRS) can help companies prevent their employees from falling for such attacks.Continue reading
Avoid Ties to Malicious Activity by Knowing the History of a Domain’s Ownership
While search engine optimization (SEO) experts often advise first-time site owners to use an old domain to gain instant authority on the Web, security professionals would caution that the practice can be risky.
That said, we do think there’s a way for site owners to enjoy the benefits of using old domains with as few risks as possible. In this post, we’ll tell you how knowing the history of a domain’s ownership by using tools like WHOIS History Search can help. But first, let’s take a look at why cybersecurity specialists may have reservations about using old or expired domains.Continue reading
The Equifax Settlement Case: Shielding Financial Service Customers from Phishing with Domain Research Monitoring
Data breaches continue to plague organizations today. In the first six months of 2019 alone, 3,813 data breaches were recorded, exposing more than 4.1 billion records. This figure translates to more than a 50% increase in victim volume over the past four years. Worse still, three of these recently recorded data breaches made it to the all-time list of top incidents.
Of all these unfortunate events, we decided to take a closer at Equifax’s case. First, because it has been the financial sector’s biggest breach victim to date. Second, because it shows how cybercriminals insist on exploiting every vulnerability there is. It’s indeed possible that malicious entities are now trying to trick victims into disclosing more personally identifiable information (PII) on fake Equifax settlement websites.
We then used the Domain Research Suite (DRS) to show how potential targets can avoid falling prey to instances of phishing and cybersquatting attacks.Continue reading
Avoiding Adverse Effects on SEO through Domain Name Ownership History Checks
When building their online presence, entrepreneurs and website owners are bombarded with tips and advice on search engine optimization (SEO) ranking. Among them are the publishing of high-quality and relevant content regularly, using metatags and alt tags, and using long-tail keywords.
All these are valid and effective, but your SEO ranking strategy should begin at the very first stage of website creation—choosing a domain name. In this post, we explored the effects of domain name ownership history on an organization's SEO ranking, and how a simple check using WHOIS History Search can help users avoid related challenges.Continue reading
Using Domain Ownership History to Secure Next-Gen Firewall Estates
Firewalls are an essential pillar of any enterprise network security strategy. They sift traffic coming in and going out of corporate networks, offering round-the-clock perimeter protection.
Even better are today’s next-generation firewalls (NGFWs), which bring interoperability and contextualization into the mix. These hybrid firewalls provide a more effective layer of protection as they combine both traditional firewalls with newer types.
Unfortunately, NGFWs and older versions for that matter are not the “be-all and end-all” of enterprise network security. They serve as a good starting point, but they also need to be appropriately configured to work — along with the right data feeds, which can include WHOIS history data, as this post will suggest.
That is why experts recommend taking a phased approach to high-end firewall deployment. Otherwise, compatibility issues may arise, which could expose the network to computer viruses, or worse still, advanced persistent threats (APTs).Continue reading
E-Commerce and Online Brands: How to Avoid and Tackle Trademark Infringement Issues with Brand Monitor
With all of the business growth opportunities that the Web provides for e-commerce sites and brands operating online in general, also come responsibilities and risks.
Customer privacy and data, for one thing, must be safeguarded against cyber attacks — notably phishing and spam campaigns that could lead to fraud and information and identity theft. Indeed, personally identifiable information (PII) such as Social Security and driver’s license numbers, health records, and payment card information, among others, are often stolen and sold in underground markets or used in attacks. A quick black market survey, for instance, revealed that health records and passport information are sold for as much as $1,000 per set in cybercriminal one-stop shops.
But apart from securing the overall health of their sites against vulnerabilities and exploits, e-commerce site owners and brands also face the daunting task of protecting their image and reputation against trademark, copyright, and other forms of intellectual property infringement.
We have seen cybercriminals time and again ride on their popularity for fraud. Banking on their customers’ loyalty and trust, unsuspecting users are convinced to divulge their personal details to attackers. Unfortunately, threat actors are not the only ones companies should be wary of. It is also common for competitors to mimic domain and brand names in hope of getting more customers illegitimately.
In light of these instances of brand abuse, this post shows how domain name infringement can affect companies of all sizes. It also shows how applications like Brand Monitor and Domain Research Suite can help website owners protect their reputation.Continue reading
Yahoo! Data Breach Settlement: A Deep Dive into Fake Websites through Domain Name Monitoring
The massive Yahoo! data breach that lasted from 2012 to 2016 is one of the most notable data breaches to date, with 3 billion accounts compromised. Users’ names, birthdays, email addresses, phone numbers, and even encrypted and unencrypted security questions and answers were just some of the information stolen and potentially peddled in underground markets.
The good news is that those who have been affected can now claim benefits for the damages and losses they incurred. They can get two years of free credit monitoring or US$100–25,000 in cash as settlement for theft and potential fraud. Those interested can check if they are eligible for settlement payment by contacting the administrator of the official data breach settlement site, yahoodatabreachsettlement.com.
It seems those who suffered from the Yahoo! compromise could rest easy, right? Probably not as new threats arose shortly after the breach settlement announcement. Much like the case when Equifax announced its breach settlement details and informed victims where they could file claims, several fake websites mimicking Yahoo!’s settlement website surfaced. Those who are not careful could end up exposing even more personally identifiable information (PII) instead of obtaining remuneration from what they already lost.
To better illustrate this point, we have used various of our domain intelligence tools to study what the emerging threat environment around Yahoo! settlement site looks like and present recommendations on how to mitigate the resulting risks.Continue reading
Criminal Profiling and Evidence Gathering with Website and Domain Name Monitoring Tools
Cybercrime is a major threat to all sectors of the community, including government institutions, businesses, and non-profit organizations. It continuously hurts the global economy by sucking up billions of dollars each year, prompting the head of the U.K.’s Government Communications Headquarters (GCHQ) to declare that fighting cybercrime should be accorded the same priority as fighting terrorism.
But is it really possible to “fight” cybercrime? Some security experts have long ceded and started focusing on cyber-resilience (the ability to bounce back after a cyber attack) instead of cybersecurity (the prevention of a cyber attack). Aside from business continuity, part of cyber-resiliency should be the legal ramifications that the victim must set in motion against the attacker. Herein lies a big challenge — discovering who the cybercriminals are.
The fact that investigators find it challenging to unmask the people behind a cybercrime has given attackers more confidence. As more and more cybersecurity solutions are developed to counter them, cybercriminals always seem to be finding new methods to get around the said solutions because they believe they can’t be caught.
In this article, let’s examine the profile of cybercriminals and their targets, as well as briefly illustrate how domain research and threat intelligence tools such as Website Screenshot API and Reverse WHOIS Search can help investigators identify attackers.Continue reading
Avoid Website Blacklisting with Whois History Search, Domain Research Suite, and Other Tools
Unfortunately, most website owners only discover they are on a blacklist if customers report seeing warnings. More often, they may not even be alerted at all, as some blacklisted sites are no longer included in search results. Search engines automatically remove them from their indexes.
If you’ve been losing traffic and suspect that your website is on a blacklist, you can take immediate steps. This post also discusses best practices to prevent your website from ending up on a blacklist in the first place.Continue reading
Domain Research Suite Keeps Track of Nefarious Activities Around Your Domains
Domain infringement has become a real concern for businesses operating online. While new web technologies made it easy for brands to engage with customers, progress has also opened the door to a variety of cyber risks and attacks known as domain threats.Continue reading
Are You Keeping An Eye On Your & Your Adversary’s Domain Activity? – Part 2
In the last blog, we discussed the various features of all the Online Monitoring & Search tools that you can avail with our Domain Research Suite. The next question is naturally, how professionals from different industries can take advantage of these power tools to enhance their domain research? So, today we will be covering several use-cases of DRS to help make you understand its importance in today’s day & age.Continue reading
Are You Keeping An Eye On Your & Your Adversary’s Domain Activity? – Part 1
If the answer to the above question is “no”, “looking forward to, but don’t know how”, or god forbid, “why would I want to do that?”, then you are just in the right place! Businesses always need to protect their brand from bad actors who can spoil their reputation, while at the same time, also try & stay a step ahead of their competition. And why only businesses, security teams also need to constantly keep a track of threats in order to pre-empt & proactively curb online attacks. The internet has made a lot of information easily accessible, but getting relevant, timely & proactive Intel is the key for staying a step ahead whether it is to protect your brand or to prevent a hacker from committing an online crime. Reactive in today’s day & age is longer a solution for success.
If you want to be a notch above the rest, Domain Research Suite (DRS) is just the tool for you. DRS provides a bundle of tools in the form of an easy-to-use web-app which will definitely benefit your domain investigation & management with automated monitoring & timely alerts combined with extensive research tools!Continue reading
4 Roles of Domain Name Monitoring in Making Cybersecurity Decisions
You might be surprised to find out, but there’s a lot you can tell about a domain name or a group of them from the cybersecurity standpoint. You may attempt to understand what the intentions of a registrant are, check for the consistency of data provided across touchpoints, get some insights into the scale of online operations, and more.
Overall, gathering and applying domain intelligence allows cybersecurity specialists to decide whether it’s in the company’s best interests to let information flow with unknown external agents. Or if, on the contrary, the risks outweigh the benefits so much that interactions should be at least heavily scrutinized or blocked altogether.
This post explores a variety of more specific situations where domain intelligence can help in making the right cybersecurity call at different levels of the organization and beyond it.Continue reading
The Domain Research Suite That Aids Financial Fraud Investigations
Bitsane, a cryptocurrency exchange based in Ireland, vanished in the June of 2019. Its founders took with them the crypto deposits of 246,000 users. The platform traded an average of $7 million each day.
Worldwide, fraudsters stole nearly $1.5 billion’s worth of cryptocurrencies in the first two months of 2018 alone. It’s estimated that since then, criminals have made off with an average of $9 million a day.
So how can law enforcement authorities, legitimate financial institutions, and even individuals know whether a cryptocurrency exchange is planning to steal customer investments?Continue reading
The Role of Domain Search and Monitoring in Enabling MDR and MSSP Teams
Based on findings by ESG, more than 80% of cybersecurity professionals today agree that their organizations are seeking to enhance their threat detection and response capabilities. In fact, 77% said their business managers are constantly pressuring them to do so.
The problem, however, is that enhancing threat detection and response is no mean feat. In fact, 76% of those surveyed mentioned that this has become more challenging compared to a couple of years back. Cybersecurity professionals are pointing to concerns such as the surge in the sophistication and volume of threats, a growing attack surface, and increasing workload. Additionally, many firms lack the right skills and staff to make significant changes in this area.
So rather than deploy new tools that they are not even sure to work, many CISOs are now turning their attention toward asking third-party service providers for help. This is where managed detection and response (MDR) and managed security service providers (MSSPs) come in.
But despite their growing demand and popularity, these services face some major challenges that can hinder many providers and have already done so.
In this post, we’ll take a look at the hurdles these two are contending with right now and how domain search and monitoring tools can enhance their overall effectiveness.Continue reading
How Brand and Domain Name Monitoring Can Counteract Cybersquatting
The Web is a huge and unregulated space made up of countless online content locations. There are more than 300 million active websites today with an additional 25 million registered each year. It’s only inevitable then that there will be intense competition between registrants and, therefore, demand for domain names, especially for those that use the most recognizable words and identifiers.
In fact, conflicts between trademark holders and domain registrants looking to own the rights to specific domains are common. Numerous disputed domains nowadays are registered either by accident or with the intent to gain money from those who are interested in them. This tactic is known as “cybersquatting,” which can have severe consequences for your brand if you don’t pay attention to it.
In this article, we’ll discuss cybersquatting and how domain name monitoring can protect your business from it.Continue reading
Brand Monitor and Brand Alert API: How to Combat Brand Misrepresentation in the Retail Fashion Industry
Misrepresentations together with negative brand equity are probably the biggest nightmares of today’s most prominent companies — and more often than not, that’s connected to cybersecurity and data breaches.
For example, the latest stats show that one in every 99 emails you get each day has ties to a phishing attack, the majority of which come laced with malware specially crafted to harvest victims’ financial credentials or use popular brands as social engineering bait.
A great example would be an email offering a considerable discount that the victim may find very hard to resist. So she clicks the link to a site where she’s asked to fill in her personal data, including the credit card, for instance, that she plans to use to purchase goods. She doesn’t get the items she supposedly bought and so complained to the store via all possible means — email, phone, and social media.
What’s worse, others who fall for the same ruse join the frenzy, dragging the brand’s name through the muck. What can the victimized company do? Could it have prevented the phishing attack? These are just some of the things this article answers by analyzing Zara’s real-life case study.Continue reading
Research Any Domain’s History with WHOIS History API!
With thousands of new domain names registered every day, billions and billions have been registered over the years. And these have undergone multiple ownerships or even registration changes over time. These could be modifications to the domain’s registrar or associated name servers or even changes in contact details, to name just a few.
Aging domains have a history and we at WhoisXML API can help you delve deeper to understand a given domain’s past with WHOIS History API. Professionals conducting research for cybersecurity or investment purposes can hugely benefit from uncovering a domain’s lifecycle to find out if it has ever had a checkered past or draw connections that may not be easy to see at the surface level.Continue reading
Brand Monitor: Typo generation FAQ
Expand your monitoring field by adding automatically generated typos to all possibly misspelled domain names. Prevent abuse of your brand by identifying typosquatting and blocking IDN homograph attacks. Learn more about our new feature: automatic typos generation.Continue reading
Protecting Brands & Trademarks On The Internet!
The ease & gigantic potential that the Internet provides to businesses to expand their reach amongst their customers and tap markets that traditionally would have required way too much effort & resources is definitely remarkable. Being present on the Web via their websites has become a cornerstone for businesses to create brand awareness, showcase their products & service and also for selling their offerings directly online. And with each passing day, people are beginning to rely more and more on this virtual presence of brands and are increasingly interacting with them.
Domain names to that effect have become a very critical component for expanding and building a brand identity online. And just like any valuable asset in plain sight, there are a lot of bad guys who either want to cause harm or exploit your brand’s potential for their own benefit. Which is of course not a great news for you!Continue reading
Uncover Domain Spoofing Using AI Driven Predictive Monitors
Spoofing is a situation in which an entity (person or software program) successfully impersonates and masquerades as another successful one, with the purpose of gaining an advantage with regards to personal or business information or brand goodwill. Domain spoofing occurs when an attacker appears to use a company’s domain to impersonate and masquerade a company and or its products or brands. The domain spoofer may later use the deceived domain name to induce fraudulent practice like phishing i.e. sending deceptive emails pretending to be from a reputed company in order to induce individuals to reveal passwords, credit card numbers or download malicious files.Continue reading
Reverse WHOIS in action:
find all domains or websites of a company, and more
See Reverse WHOIS service in action by searching for all Internet domains a company owns or is related to. We shall use the web-based reverse WHOIS service. An alternative would be to use the reverse WHOIS API, a RESTful solution which is also available with the same capabilities. We shall pick a popular brand, the Eastman Kodak Company, as an example for our investigation, although it works for any other one you might be interested in. If you are a domainer, a marketer, a legal investigator, an IT security expert, or anyone interested in or working with Internet domains, you are in the right place. We present the Swiss Army knife designed to fit in your very pocket.Continue reading