Home / Industry

Reverse WHOIS: A Powerful Process in Cybersecurity

The future continues to look bleak as the total amount lost to cybercrime is expected to keep growing. It will, in addition, put incentives for innovation and investment at risk, making cybercrime more profitable than ever.

What’s worse is that we’re seeing this prediction unfold. In less than half of this year alone, we’ve already seen reports of breaches that could expose huge numbers of users at great peril.

An example would be a Facebook breach that publicly exposed the records of 540 million users reported just this April. Another would be the Fortnite—a popular MMORPG developed by Epic Games—breach reported in January that put a large number of its players in danger. Even ransomware continues to improve and wreak havoc as evidenced by the recent debut of LockerGoga. And cybercriminals won’t stop attacking anyone online as long as it proves profitable for them.

So what can businesses do? That is the age-old question, isn’t it? Let’s take a closer look at the three scariest threats of 2019 so far.

The Facebook Felony

Based on threat reports, cybercriminals got their dirty hands on two third-party Facebook app data sets. One came from Mexico-based media company Culture Colectiva and the other from an integrated app called “At the Pool.” This attack shows just how important doing a thorough background check on potential third-party suppliers and partners is.

Even if you only have a company’s name, an effective reverse WHOIS search tool can already provide you with information to start your partner profiling. Building a basic reverse WHOIS report will give you a detailed list of all of the domains a potential partner owns. With that in hand, you can launch a deeper investigation by looking at the historical data on every domain tied to the organization. You can even look into the registrant’s background to make sure he doesn’t have ties to malicious or downright illegal activities.

And if you wish to do this same kind of background check on all of your potential partners—which is highly advisable as the most recent Facebook breach showed—you can also subscribe to a regularly updated and accurate Reverse WHOIS API that you can easily integrate into your existing security infrastructure. But if you want the most out of reverse WHOIS lookups, you can opt for an entire set of domain research tools such as WhoisXML API’s Domain Research Suite.

In today’s connected world, trust has become even harder to earn. Because you can never be too sure of a potential partner’s intent or reputation, you need tools that could lessen the risks your business takes. Keep in mind that cybercriminals don’t discriminate when it comes to choosing targets. As long as they can make money off you, you’re not safe. Securing your business will cost a lot less than if you suffer a breach.

The Fortnite Foible

The more popular a site is, the greater its chances of registering on cybercriminals’ radar. Online games, especially those that use virtual currencies for in-game purchases, are a prime cybercrime target because serious players put a lot of money in their virtual game wallets. One of this year’s biggest gaming hacks—the Fortnite breach—could have exposed the personal data, including financial information, of its 250 million users (as of February this year alone) at great risk.

Fortnite’s foible was attributed to a sophisticated cross-site scripting or XSS attack. The cybercriminal behind the ruse exploited a vulnerability in some of Epic Games’ subdomains, which allowed him to gather players’ credentials (username and password) with just a mere mouse click on a link the attacker sent.

This attack shows how important securing all of your domains, including subdomains, is. The bigger a company is, the more domains it usually has, making this job a tad tedious. Keeping track of your own domains (regardless of number) and their security posture is, however, easy with the aid of a Reverse WHOIS Search or Reverse WHOIS API tool. All it takes is typing your organization’s name into the Search box and you’ll see all the information you need. These tools are exemplified in this Reverse WHOIS in Action piece.

With the reverse WHOIS report in your hand, you can not only see all of your domains but check if anything is amiss. Are there domains that you didn’t register? Who’s operating them? If you find anomalies like seeing domains you don’t actually own on the report or unknown persons tied to domains your organization uses, flag these for blocking. That way, your customers won’t end up accessing their potentially malicious domains instead of your legitimate ones for gameplay.

Making sure your clients are constantly protected from threats is one way of ensuring their loyalty. Constantly keep an eye out for the bad guys with additional Domain Research Suite features such as Brand, Domain, and Registrant Monitor and save your brand from being the next headline.

The LockerGoga Lockup

Ransomware has been at the top of the cybersecurity nightmares list since 2016. Though we haven’t seen attacks of the same magnitude as WannaCry this year doesn’t mean ransomware masterminds have given up their game. Case in point, a new ransomware variant called “LockerGoga” recently debuted by targeting industrial and manufacturing firms that operate actual physical systems.

LockerGoga reportedly forced at least five firms, including Norwegian aluminum manufacturer Norsk Hydro and manufacturing companies Hexion and Momentive, to switch to manual operations in separate attacks earlier this year. It’s particularly disruptive in that it not only locks out users, but also entirely shuts down a system. Worse, unlike most ransomware strains, LockerGoga makes it difficult for even those who are willing to pay the fine to do so. Attacks like this could prove detrimental not just to an organization’s operations but to its equipment and their operators.

Though LockerGoga’s entry point into a system has yet to be officially identified, security researchers have surmised that due to the attacks’ targeted nature, the ransomware’s operators could already have the victims’ credentials on hand prior to the intrusion. These could have been obtained via the usual phishing tactics or purchased from other hackers. Once access was gained, the hackers used a number of tools, including the Metasploit and Cobalt Strike toolkits and Mimikatz (all easily obtainable in the Deep Web or the many underground markets scattered the world over), to gain an even bigger foothold into the target’s network.

But could an attack such as this have been prevented? Cybercriminals, regardless of skill, are always after one thing—personally identifiable information or PII. And one way of protecting your PII from theft is making sure you don’t fall for known phishing domains, something a simple reverse WHOIS lookup can help you with.

Threat reports typically come with a list of domains and IP addresses related to a cyber attack. Using this list and a reverse WHOIS API that’s integrated into your security architecture or an interactive reverse WHOIS search service, you can easily identify and block access to and from the domains on that list to make sure you don’t become their next victim. Building reverse WHOIS reports so you can get more detailed information such as the registrant’s name, company, and contact details would be even more useful in monitoring cybercriminals who could do your organization harm.

* * *

Information is the new currency. Anyone on the Internet is a likely cybercrime target for login credentials, especially if these are tied to financial accounts. That said, you can never be too careful or even paranoid these days. Just as cybercriminals are always on the lookout for the latest technological tools that they can use to compromise targets, so should you invest in tools that would allow you to thwart their every move. Prevention, after all, is always less costly than the cure.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix


Sponsored byDNIB.com