Domain Holdings Brokers The Domain For $125,000

October 9th, 2015 Comments off has brokered the domain name for $125,000 according to a blog post. The purchaser of the domain name is The blog post gives a few  details on the negotiation and sale. The post also says: On par with adopting of the single word variety there are: I think […]

Implementing the Continuous Security Model

October 8th, 2015 Comments off

In honor of cyber awareness month, the DomainTools team felt it important to share an effective approach when it comes to sustaining and maintaining a healthy security posture. As Lex Luthor once said, “the man of tomorrow is forged by his battles today.” This mentality is easily likened to a robust approach to continuous security, as past, present, and future all figure in our capacity to identify, attribute, and block cyber attacks.

Past, Present, Future

Before running through techniques that employ data from the past, present, and future in a continuous security model, it’s necessary to understand where and what types of data can fuel your investigations. The good news is the majority of the data you need to apply a continuous security model can be obtained from the kinds of open source intelligence (or OSINT) that fills the DomainTools databases (as well as other sources). Examples of the OSINT data include (but are not limited to):

  • Whois records
  • DNS records
  • Dig results
  • MX records
  • Search engine results
  • Malware analysis

Many of these pieces of data are available online at no cost, but if you’re looking to scale your OSINT security strategy, it is likely you will invest in systems that will allow you to automate collection and querying of data. These commercial solutions allow you to scale your efforts quickly and efficiently.

OSINT in Continuous Security

In a continuous security-style cyber strategy you will need to:

  1. Actively detect initial indicators and expand to connected assets
  2. Return to past data and review archives for earlier occurrences of indicators from expanded threat networks
  3. Proactively monitor cyber squatters or other threat actors and block new threat infrastructure


Below is a quick example from a well-known APT and the steps your team could take in a continuous security model:

  1. FireEye’s excellent APT 28 report states: “We have seen APT28 register at least two domains mimicking the domains of legitimate organizations in the Caucasus…One APT28 domain imitated a key Chechen-focused news website, while the other appeared to target members of the Armenian military by hosting a fake login page.” (Page 11). The team quickly detected the present threat.
  2. Using Whois lookups, passive DNS, and commercial providers, the team quickly identified there was an opportunity to expand on the data from the two domains mentioned above and understand the extent of the threat based on past data. In this situation, there were 17 other sites hosted on the same IP address, 54.255.143[.]112, and the domain names had a clear focus on Google, Yahoo and Microsoft branded web-pages. As a result of pivoting on said 17 domains, the team had 17 targets to search for (instead of 2) in old logs to spot earlier incursions or to block related malicious attacks.
  3. Finally, the data collected from OSINT sources can be used to block or anticipate future attacks, by either a) blocking this IP address outright, or b) monitoring the IP and blocking new domains that appear on it.

We have obviously condensed a lot of activity into a bite sized chunk here! In summary, attributing attacks or conducting adversary analysis is a valuable exercise that allows you to use a healthy mix of threat intelligence data and a continuous security posture in your efforts to understand present and past risks or incursions, and ultimately to prevent and block future attacks.

Be safe out there!


Frank Schilling (FTS, Corp) Now Owns 5.5% Of Rightside

October 8th, 2015 Comments off
According to a SEC filing (Schedule 13D), a corporation out of the Cayman Islands FTS, Corp (FTS) now owns over 5.5% of the outstanding shares of publicly traded Rightside Group, Ltd. (Nasdaq: NAME). FTS is the initials of Frank Schilling and the form is signed by a Ria Scott Blyth who according to their Linkedin […]

.NYC One Year Anniversary Is Today; Collision List Drops & City Issues Updated Stats

October 8th, 2015 Comments off
To mark the one-year anniversary of .nyc, the City of New York published the latest statistics on the state of the .nyc domain name. The ICANN Collision list for .NYC is being released today for registration today as well. It will be interesting to see how many get registered. Here are the more interesting stats […]
Categories: .NYC, External Articles, new gTLDs Tags:

CSC October’s New gTLD Utilization: 5,340 New gTLD Sites in Alexa Top 1M

October 8th, 2015 Comments off
CSC’s Published Its October New gTLD Utilization Report,  showing the pace of .brand registrations accelerating with a 50% increase since their September report. The report was prepared by Vincent D’Angelo Director, Brand Advisory Team CSC Here are the highlights, you can read the entire report here “”Registrations of .brand/closed TLDs are continuing to increase significantly […]
Categories: csc, Domains, External Articles, new gTLDs Tags:

Domain Movers:,, + Twitter, Walmart & Disney Buys

October 8th, 2015 Comments off
In today's Domain Movers we see large corporations like Caterpillar Inc. register a bunch of "drone" domain names, Wells Fargo's mismanagement of the domain name asset and Nike registering the domain name Covers .Film & 1st Domains; &

October 7th, 2015 Comments off just covered the launch of the new gTLD .Film “So far, two new movies will be the first to debut the .film web extension: Osgood Perkins’ February starring Emma Roberts, Kiernan Shipka and Lucy Boynton (; and Wayne Blair’s Septembers of Shiraz starring Salma Hayek and Adrien Brody (” Yesterday, .film was officially launched […]
Categories: External Articles, new gTLDs Tags:

Minds + Machines To Go With An 8 Day Early Access Program For .Law/.Abogado

October 7th, 2015 Comments off
Minds + Machines announced today for the first time, they will be running an Early Access Program (EAP) as part of the launch of .law and .abogado (spanish). The EAP period will run 8 days from 12-18 October. During this EAP period an extra fee will be charged in addition to the standard annual charge […]

.Club To Auction C.Club & 24 Double Letter Domains

October 7th, 2015 Comments off
According to a press release that is just out, C.Club and twenty-four 2-character .CLUB domain names are set to hit the auction block on October 29, 2015 in a series of five fast-moving auctions with each auction lasting three days. “This auction will be held on the Chinese platform, and marks the first time […]

Tagheuer Loses URS Which Now Seems Limited To Domains Parked or Offered For Sale

October 7th, 2015 Comments off
Tagheuer has become the latest trademark holder to lose a Uniform Rapid Suspension (URS) proceeding on the domain name Ho-Hyun Nahm, as Examiner found in favor of the domain holder although the domain did not resolve finding: “Passive holding can be considered as an indication of bad faith. However, in case of the disputed […]
Categories: External Articles, URS Tags: