How to Conduct Regulatory Due Diligence with Domain Intelligence: DIY Domain Research Suite (DRS) Guide
Businesses worldwide must follow certain regulations typically defined by different government agencies and international organizations. Otherwise, they may face legal issues and notably be levied with monetary fines.
DNS intelligence can help businesses conduct regulatory due diligence through domain research and monitoring techniques. How? We’ll take you through the process using the Domain Research Suite (DRS) and information provided by the Office of Foreign Assets Control (OFAC), so you can also perform the same screening for your company.
Step #1: Screen Domains Using Their WHOIS Records
To check who owns particular domains and if they are connected to sanctioned countries, follow these steps:
1. Go to WHOIS Search.
2. Type the domain name into the input field and click Search.
3. Scroll down to the Registrant Contact details and copy the registrant organization.
4. On another browser tab, go to OFAC’s Sanctions List Search.
5. Paste the registrant organization’s name into the Name field and press Enter.
6. Scroll down to see the lookup results. The domain we’re investigating, khabr-jobs[.]ir, is registered by Mahan Air, which is found on OFAC’s sanctions list at the time of this writing.
Step #2: Find Domains Related to a Sanctioned Entity (with a Specific Website)
If you need to get a list of domains connected to a sanctioned organization with a website specified by a regulatory entity, follow these steps:
1. Go to WHOIS Search.
2. Type the domain name provided by OFAC. In our demonstration, we used salcocompany[.]com, a website associated with South Aluminum Company.
3. Scroll down to the Registrant Contact details.
4. Click an unredacted registrant data point and pivot off that by selecting Build current Reverse WHOIS report.
5. This action will return a list of domains currently registered by the same entity.
6. [PRO TIP]: If the registrant contact details are currently redacted or hidden by WHOIS privacy protection services, use WHOIS History Search to look for more public records.
Step #3: Find Domains Related to a Sanctioned Entity (without a Specific Website)
Regulatory entities’ listings do not always include a website, so you may only have an address, a phone number, an organization’s name, or a person’s name on hand. In cases like that, you can still uncover connected domains by following these steps:
1. Go to Reverse WHOIS Search. Go to the Advanced search tab and toggle the In specific WHOIS fields radio button on.
2. Under Search term(s), select the WHOIS record you have available. To illustrate, we looked for domains whose registrant street address matches “Gorbunova d. 2, str. 3,” which is tied to the sanctioned entity Analiticheskii Tsentr Katekhon.
3. Make sure to select Current so the results are limited to domains that currently contain the specific WHOIS record detail. For our demonstration, we found 27 domains related to the sanctioned entity.
4. [PRO TIP]: You can use other WHOIS data points as search terms. You can also combine multiple WHOIS fields. For example, you can get a list of domains whose registrant organization contains “Analiticheskii Tsentr” and whose registrant country is “Russia.”
Step #4: Monitor the Domain Activities of Sanctioned Entities
While regulatory entities continue to update its Specially Designated Nationals and Blocked Persons (SDN) list, you may feel the need to keep track of a sanctioned person’s or organization’s domain activities. Follow these steps to do that:
1. Go to Registrant Monitor.
2. Type the entity name you want to monitor and click Add to monitoring. It takes up to 24 hours for the tool to detect newly added, dropped, or updated domains containing the registrant name.
3. Since we started monitoring the entity on 18 November 2022, Registrant Monitor picked up several dropped or updated domains.
—
Whether you are interested in investigating sanctioned entities, identifying connected footprints, or keeping tabs on new domain activities, DRS can give you access to the search and monitoring tools you need to conduct a DIY investigation.
Are you interested in doing a similar investigation to support your regulatory compliance? Access DRS if you are an existing user or sign up if you are a first-timer.