CSV export
The following contains explanations of each field in the CSV output generated by the Lookup and NXDOMAIN tools.
Schema
Section titled “Schema”The output contains detailed information on analyzed domains, including typosquatted permutations, IP data, classifications, and more.
domain
Section titled “domain”type: string Required
The typosquatted or analyzed domain
Example
Section titled “Example”exaample.com
permutation
Section titled “permutation”type: string Required
Describes the method used to generate the domain permutation.
| Permutation | Description | Example |
|---|---|---|
Addition | Adds an extra character to the end of a domain name | examplez.com |
Bitsquatting | Exploits binary similarities between characters | examp1e.com |
DoubleVowelInsertion | Adds characters between vowel pairs | exaample.com |
Homoglyph | Substitutes visually similar characters | еxample.com (Cyrillic е) |
Hyphenation | Inserts hyphens into the domain | exam-ple.com |
Insertion | Adds a character at the start of the domain | zexample.com |
Keyword | Adds commonly associated keywords | secureexample.com |
Mapped | Maps certain letters to predefined substitutions | exannple.com |
Omission | Removes a character from the domain | examle.com |
Repetition | Duplicates characters in the domain | exampplle.com |
Replacement | Substitutes characters in the domain | exemple.com |
Subdomain | Uses subdomains to mimic legitimate domains | login.example.com |
Tld | Replaces the top-level domain (TLD) | example.org |
Transposition | Swaps character positions | eaxmple.com |
VowelSwap | Swaps vowels in the domain name | ixample.com |
VowelShuffle | Shuffles vowels in the domain name | axample.com |
distance
Section titled “distance”type: integer Required
The Levenshtein distance between the original domain and the typosquatted domain, measuring the number of edits needed to transform one string into the other.
Example
Section titled “Example”7
type: string Optional
A comma-separated list of IP addresses associated with the domain.
Example
Section titled “Example”3.33.130.190,15.197.148.33
ips.geo.region
Section titled “ips.geo.region”type: string Optional
A comma-separated list of geographical regions corresponding to the IPs in the ips field.
Example
Section titled “Example”NA,EU (North America, Europe)
ips.geo.country
Section titled “ips.geo.country”type: string Optional
A comma-separated list of country codes (ISO 3166-1 alpha-2) corresponding to the IPs in the ips field.
Example
Section titled “Example”US,DE (United States of America, Germany)
ips.geo.asn.number
Section titled “ips.geo.asn.number”type: string Optional
A comma-separated list of ASN (Autonomous System Number) values corresponding to the IPs in the ips field.
Example
Section titled “Example”10732,16509
ips.geo.asn.org
Section titled “ips.geo.asn.org”type: string Optional
A comma-separated list of organization names corresponding to the ASNs in the ips field.
Example
Section titled “Example”TIERRANET,Amazon
httpBanner
Section titled “httpBanner”type: string Optional
The HTTP banner grabbed from the domain, providing details about the web server or service running on it (if available).
Example
Section titled “Example”Apache/2.4.46 (Unix)
classification.legitimate
Section titled “classification.legitimate”type: number Optional
A value between 0.0 and 1.0 representing the likelihood the domain is legitimate.
Example
Section titled “Example”0.9 (95% likely to be legitimate)
classification.parked
Section titled “classification.parked”type: number Optional
A value between 0.0 and 1.0 representing the likelihood the domain is parked.
Example
Section titled “Example”0.05 (5% likely to be parked)
classification.phishing
Section titled “classification.phishing”type: number Optional
A value between 0.0 and 1.0 representing the likelihood the domain is used for phishing.
Example
Section titled “Example”0.05 (5% likely to be a phishing domain)
type: string|object Optional
Contains RDAP JSON data or WHOIS data retrieved for the domain. This may include details such as registration status, expiration dates, and ownership information.
Example
Section titled “Example”{ "objectClassName": "domain", "handle": "2336799_DOMAIN_COM-VRSN", "ldhName": "EXAMPLE.COM", "links": [ { "value": "https://rdap.verisign.com/com/v1/domain/EXAMPLE.COM", "rel": "self", "href": "https://rdap.verisign.com/com/v1/domain/EXAMPLE.COM", "type": "application/rdap+json" } ], "status": [ "client delete prohibited", "client transfer prohibited", "client update prohibited" ], "entities": [ { "objectClassName": "entity", "handle": "376", "roles": [ "registrar" ], "publicIds": [ { "type": "IANA Registrar ID", "identifier": "376" } ], "vcardArray": [ "vcard", [ [ "version", {}, "text", "4.0" ], [ "fn", {}, "text", "RESERVED-Internet Assigned Numbers Authority" ] ] ], "entities": [ { "objectClassName": "entity", "roles": [ "abuse" ], "vcardArray": [ "vcard", [ [ "version", {}, "text", "4.0" ], [ "fn", {}, "text", "" ], [ "tel", { "type": "voice" }, "uri", "" ], [ "email", {}, "text", "" ] ] ] } ] } ], "events": [ { "eventAction": "registration", "eventDate": "1995-08-14T04:00:00Z" }, { "eventAction": "expiration", "eventDate": "2025-08-13T04:00:00Z" }, { "eventAction": "last changed", "eventDate": "2024-08-14T07:01:34Z" }, { "eventAction": "last update of RDAP database", "eventDate": "2024-11-25T21:05:46Z" } ], "secureDNS": { "delegationSigned": true, "dsData": [ { "keyTag": 370, "algorithm": 13, "digestType": 2, "digest": "BE74359954660069D5C63D200C39F5603827D7DD02B56F120EE9F3A86764247C" } ] }, "nameservers": [ { "objectClassName": "nameserver", "ldhName": "A.IANA-SERVERS.NET" }, { "objectClassName": "nameserver", "ldhName": "B.IANA-SERVERS.NET" } ], "rdapConformance": [ "rdap_level_0", "icann_rdap_technical_implementation_guide_0", "icann_rdap_response_profile_0" ], "notices": [ { "title": "Terms of Use", "description": [ "Service subject to Terms of Use." ], "links": [ { "href": "https://www.verisign.com/domain-names/registration-data-access-protocol/terms-service/index.xhtml", "type": "text/html" } ] }, { "title": "Status Codes", "description": [ "For more information on domain status codes, please visit https://icann.org/epp" ], "links": [ { "href": "https://icann.org/epp", "type": "text/html" } ] }, { "title": "RDDS Inaccuracy Complaint Form", "description": [ "URL of the ICANN RDDS Inaccuracy Complaint Form: https://icann.org/wicf" ], "links": [ { "href": "https://icann.org/wicf", "type": "text/html" } ] } ]}Domain Name: EXAMPLE.COMRegistry Domain ID: 2336799_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.iana.orgRegistrar URL: http://res-dom.iana.orgUpdated Date: 2024-08-14T07:01:34ZCreation Date: 1995-08-14T04:00:00ZRegistry Expiry Date: 2025-08-13T04:00:00ZRegistrar: RESERVED-Internet Assigned Numbers AuthorityRegistrar IANA ID: 376Registrar Abuse Contact Email:Registrar Abuse Contact Phone:Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibitedDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibitedDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibitedName Server: A.IANA-SERVERS.NETName Server: B.IANA-SERVERS.NETDNSSEC: signedDelegationDNSSEC DS Data: 370 13 2 BE74359954660069D5C63D200C39F5603827D7DD02B56F120EE9F3A86764247CURL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/screenshot
Section titled “screenshot”type: string Optional
A URL pointing to a screenshot of the domain’s landing page.
Example
Section titled “Example”https://screenshots.haveibeensquatted.com/1234567890
simhashDistance
Section titled “simhashDistance”type: integer Optional
The Simhash distance between the original domain’s DOM and the typosquatted domain’s DOM. A lower number indicates more similarity.
Example
Section titled “Example”42