WHOIS Database Research Articles

Types (Disinformation)

Types (Disinformation)

THE INTERNET ADDRESSES OF AGROTOURISTIC FARMS AND THEIR INFORMATIVE VALUE

Purpose. The analysis of information available in the Domain Name Registry and the digital archive on selected internet domains of agrotouristic farms. The answer to the question whether this information can be helpful in choosing a specific offer. Method. The analysis of the domain’s history – digital copies of websites of chosen agrotouristic farms recorded in the Wayback Machine web archive. The analysis of data available in the WHOIS database. Findings. The analysis of data available in the Research and Academic Computer Network (NASK) does not allow to clearly assess a counterparty’s credibility. Tracking the domain’s history enables to record how artwork, contents and technique of performing agrotouristic farm websites have changed and also how their business type has evolved. Irregularities connected, among others, to the operator being the domain’s customer were noticed in the set of analysed websites. Research and conclusion limitations. 10 addresses of agrotouristic farm websites accessed on 19 December 2016 from the first tab of searching results in one of public website catalogues were examined. As the Wayback Machine web archive collects copies of archival websites regardless of the domain where they are available, the WHOIS database only contains information about national domains of the highest level (.pl). Practical implications. Survey methods used in the paper are universal – they can be helpful in evaluation of credibility of any subject promoting services on the website within a national domain of the highest level. They can be also used to verify history of any web domain which can be helpful before its registration. Originality. The concept of using the Wayback Machine digital archive to evaluate a counterparty’s credibility and potential value of an internet domain. The concept of using the WHOIS registry to estimate credibility of an agrotouristic offer. Type of paper. The paper presents the results of empirical surveys. A case study.

Phishing or Hijacking? Forgers Hijacked DU Journal by Copying Content of Another Authenticate Journal

2 Hijacked journals are journals that are created by forgers and use same name and ISSN similar authenticate journals. These journals publish papers of authors by requesting publication charges without any peer review because they have financial goals. In many cases, forger select journals that have print version and create the fake website then cheat authors (1- 3). We found a new hijacked journal that name Journal. Original DU journal is Thomson Reuters indexed and has Arts & Humanities Citation Index. This journal is established by DU Verlag, Steinackerstrasse in Switzerland. Journal's ISSN is monthly ISSN: 0012-6837 and available at this URL: http://www.du-magazin.com. Fake journal is placed in this URL http://dujournal.eu.pn. DU journal is Scopus indexed, and we cannot find papers of evaluated URL (http://dujournal.eu.pn) in Scopus database. Also in Thomson Reuter's website we cannot find any link to website. By using a Whois databases, we detect that fake website is created in Jul 2007 by a hosting company and use ns1.freehostingeu.com as a name server, it means that website use free hosting service. Often Phisher and forgers use free hosting to be anonymous. Domain of the fake journal is a free domain too. In other words, forgers used free domain and hosting for fake journal. We can find similar hijacking technique for another hijacked journal that name Journal. Ephemera Journal is placed in this server and uses free hosting and domain such as DU journal. It is high probability that a person is a forger of these two journals. In fake DU journal, two volumes are accessible, and some issues only have one paper. It seems that forgers are creating a website or are searching for victims to publish their papers in these volumes. In contact section of the website, there are three email addresses; du.editor@swissmail.com, du.customer@swissmail.com and info@dujournal.eu.pn. Forgers used swissmail.com server as official email addresses to convince authors that journal is belonged to Switzerland, and journal is authenticated while swissmail.com server, is free email service such as Google, Yahoo and other free email services, that is created by mail.com and any people can create email account in it. In main page of the fake website, there is an image from a certificate, we searched this image and other images of this site in Google and found that these images are belonged to journal of Siberian federal university (http://journal.sfu-kras.ru/en). Hijackers used Siberian federal university Journal' website content and created faked DU journal. This type of hijacking is very similar to deceptive phishing attacks. In information security literature, phishing is a social engineering based attack where the attacker tries to steal victims' sensitive information by means of different techniques (4, 5). In deceptive phishing attacks, phisher use content of other websites and create the fake website then redirect victims to the fake website by using of social engineering techniques.

Efficient suspicious URL filtering based on reputation

Enormous web pages are visited each day over a network and malicious websites might infect user machines. To identify malicious web sites, the most reliable approach is honeypot, an execution-based method. The vast amount of http traffic makes sandboxing all the web pages impossible. It is not practical in the real environments as it consumes too much computational resource and time. Only 1.3% of websites are malicious. Crawler-based approach might be not easy to find malicious websites effectively, as it has no clue if they are visited by users. Therefore, the proposed system examines only user web requests, not from crawler, in order to catch the real drive-by download web attacks. The challenge is that the web traffic is huge in real networks and an efficient filtering is desired to process large scale user requests efficiently.Based on our observation, the domains of drive-by download attacks often are unreliable and exhibit distinct attributes from the normal. To classify massive volume of web traffic in a real network, this study proposes a two-stage drive-by download attack detection mechanism: first identifying suspicious websites based on domain reputation and then sandboxing only the suspicious ones to reduce the detection time. Such detection not only reduces the required computation resources and time, but also remains the efficiency benefited from sandbox-based detection. As WHOIS database is not reliable for not every domain query can be resolved. Therefore, this study relies on queries from DNS server and proposes novel reputation attributes to distinguish the benign and the suspicious. The experimental results show that the proposed filtering yields the accuracy of 94% in simulated real network environment and efficiently saves more than 12 times of the computing time with the comparison of an improved sandboxing approach. Such two-stage detection system implemented in a real network environment with 560 thousand URL requests per day demonstrates its practicality and efficiency under large scale web requests. During the deployment on the real network, unknown malicious websites are identified which are not listed in the public accessible blacklist websites.

Internet domain names and the interaction with intellectual property

This is the first in a series of articles looking at the interaction between domain names and intellectual property. This article defines and summarises the various types of domain names, how they are registered, the legal effects of registration, the WHOIS databases and, briefly, the interaction between domain names and intellectual property. Subsequent articles will consider the preferential “sunrise periods” for registration of certain domains by trade mark owners, the various kinds of disputes that arise in relation to domain names, dispute resolution procedures and legal proceedings for registered trade mark infringement and “passing off” in the UK.

ICANN's role in controlling information on the internet

Controlling information within a society is an essential part of the process of social control, as it serves to prevent the proliferation of thoughts and expressions that can undermine a society's overall goals. In the online environment the phenomenon of controlling information takes on new dimensions. Since the Internet is a zone that knows no national boundaries, no government can reign autonomously over it, yet governments have managed to come together to exert some control. A prime example of this control lies in the management of the domain name system (DNS) by the Internet Corporation for Assigned Names and Numbers (ICANN). In particular, the mandatory character of the Uniform Dispute Resolution Procedure (UDRP), the decisions taken in cases heard under the UDRP regarding freedom of speech, and the operation of the WHOIS database all serve to exemplify the control ICANN has over information on the Internet. Indeed, despite a lack of autonomy from the US Government in the interim, ICANN has a lot of power. Whilst ICANN does not directly implement the controls itself, the systems are operated on behalf of ICANN and as such it exerts a substantial amount of control over the ‘inhabitants’ of cyberspace.

Rucas over privacy of domain name registration

Enormous web pages are visited each day over a network and malicious websites might infect user machines. To identify malicious web sites, the most reliable approach is honeypot, an execution-based method. The vast amount of http traffic makes sandboxing all the web pages impossible. It is not practical in the real environments as it consumes too much computational resource and time. Only 1.3% of websites are malicious. Crawler-based approach might be not easy to find malicious websites effectively, as it has no clue if they are visited by users. Therefore, the proposed system examines only user web requests, not from crawler, in order to catch the real drive-by download web attacks. The challenge is that the web traffic is huge in real networks and an efficient filtering is desired to process large scale user requests efficiently.Based on our observation, the domains of drive-by download attacks often are unreliable and exhibit distinct attributes from the normal. To classify massive volume of web traffic in a real network, this study proposes a two-stage drive-by download attack detection mechanism: first identifying suspicious websites based on domain reputation and then sandboxing only the suspicious ones to reduce the detection time. Such detection not only reduces the required computation resources and time, but also remains the efficiency benefited from sandbox-based detection. As WHOIS database is not reliable for not every domain query can be resolved. Therefore, this study relies on queries from DNS server and proposes novel reputation attributes to distinguish the benign and the suspicious. The experimental results show that the proposed filtering yields the accuracy of 94% in simulated real network environment and efficiently saves more than 12 times of the computing time with the comparison of an improved sandboxing approach. Such two-stage detection system implemented in a real network environment with 560 thousand URL requests per day demonstrates its practicality and efficiency under large scale web requests. During the deployment on the real network, unknown malicious websites are identified which are not listed in the public accessible blacklist websites.