CSV export
The following contains explanations of each field in the CSV output generated by the Lookup and NXDOMAIN tools.
Schema
The output contains detailed information on analyzed domains, including typosquatted permutations, IP data, classifications, and more.
domain
type: string Required
The typosquatted or analyzed domain
Example
exaample.com
permutation
type: string Required
Describes the method used to generate the domain permutation.
| Permutation | Description | Example |
|---|---|---|
Addition | Adds an extra character to the end of a domain name | examplez.com |
Bitsquatting | Exploits binary similarities between characters | examp1e.com |
DoubleVowelInsertion | Adds characters between vowel pairs | exaample.com |
Homoglyph | Substitutes visually similar characters | еxample.com (Cyrillic е) |
Hyphenation | Inserts hyphens into the domain | exam-ple.com |
Insertion | Adds a character at the start of the domain | zexample.com |
Keyword | Adds commonly associated keywords | secureexample.com |
Mapped | Maps certain letters to predefined substitutions | exannple.com |
Omission | Removes a character from the domain | examle.com |
Repetition | Duplicates characters in the domain | exampplle.com |
Replacement | Substitutes characters in the domain | exemple.com |
Subdomain | Uses subdomains to mimic legitimate domains | login.example.com |
Tld | Replaces the top-level domain (TLD) | example.org |
Transposition | Swaps character positions | eaxmple.com |
VowelSwap | Swaps vowels in the domain name | ixample.com |
distance
type: integer Required
The Levenshtein distance between the original domain and the typosquatted domain, measuring the number of edits needed to transform one string into the other.
Example
7
ips
type: string Optional
A comma-separated list of IP addresses associated with the domain.
Example
3.33.130.190,15.197.148.33
ips.geo.region
type: string Optional
A comma-separated list of geographical regions corresponding to the IPs in the ips field.
Example
NA,EU (North America, Europe)
ips.geo.country
type: string Optional
A comma-separated list of country codes (ISO 3166-1 alpha-2) corresponding to the IPs in the ips field.
Example
US,DE (United States of America, Germany)
ips.geo.asn.number
type: string Optional
A comma-separated list of ASN (Autonomous System Number) values corresponding to the IPs in the ips field.
Example
10732,16509
ips.geo.asn.org
type: string Optional
A comma-separated list of organization names corresponding to the ASNs in the ips field.
Example
TIERRANET,Amazon
httpBanner
type: string Optional
The HTTP banner grabbed from the domain, providing details about the web server or service running on it (if available).
Example
Apache/2.4.46 (Unix)
classification.legitimate
type: number Optional
A value between 0.0 and 1.0 representing the likelihood the domain is legitimate.
Example
0.9 (95% likely to be legitimate)
classification.parked
type: number Optional
A value between 0.0 and 1.0 representing the likelihood the domain is parked.
Example
0.05 (5% likely to be parked)
classification.phishing
type: number Optional
A value between 0.0 and 1.0 representing the likelihood the domain is used for phishing.
Example
0.05 (5% likely to be a phishing domain)
whois
type: string|object Optional
Contains RDAP JSON data or WHOIS data retrieved for the domain. This may include details such as registration status, expiration dates, and ownership information.
Example
{ "objectClassName": "domain", "handle": "2336799_DOMAIN_COM-VRSN", "ldhName": "EXAMPLE.COM", "links": [ { "value": "https://rdap.verisign.com/com/v1/domain/EXAMPLE.COM", "rel": "self", "href": "https://rdap.verisign.com/com/v1/domain/EXAMPLE.COM", "type": "application/rdap+json" } ], "status": [ "client delete prohibited", "client transfer prohibited", "client update prohibited" ], "entities": [ { "objectClassName": "entity", "handle": "376", "roles": [ "registrar" ], "publicIds": [ { "type": "IANA Registrar ID", "identifier": "376" } ], "vcardArray": [ "vcard", [ [ "version", {}, "text", "4.0" ], [ "fn", {}, "text", "RESERVED-Internet Assigned Numbers Authority" ] ] ], "entities": [ { "objectClassName": "entity", "roles": [ "abuse" ], "vcardArray": [ "vcard", [ [ "version", {}, "text", "4.0" ], [ "fn", {}, "text", "" ], [ "tel", { "type": "voice" }, "uri", "" ], [ "email", {}, "text", "" ] ] ] } ] } ], "events": [ { "eventAction": "registration", "eventDate": "1995-08-14T04:00:00Z" }, { "eventAction": "expiration", "eventDate": "2025-08-13T04:00:00Z" }, { "eventAction": "last changed", "eventDate": "2024-08-14T07:01:34Z" }, { "eventAction": "last update of RDAP database", "eventDate": "2024-11-25T21:05:46Z" } ], "secureDNS": { "delegationSigned": true, "dsData": [ { "keyTag": 370, "algorithm": 13, "digestType": 2, "digest": "BE74359954660069D5C63D200C39F5603827D7DD02B56F120EE9F3A86764247C" } ] }, "nameservers": [ { "objectClassName": "nameserver", "ldhName": "A.IANA-SERVERS.NET" }, { "objectClassName": "nameserver", "ldhName": "B.IANA-SERVERS.NET" } ], "rdapConformance": [ "rdap_level_0", "icann_rdap_technical_implementation_guide_0", "icann_rdap_response_profile_0" ], "notices": [ { "title": "Terms of Use", "description": [ "Service subject to Terms of Use." ], "links": [ { "href": "https://www.verisign.com/domain-names/registration-data-access-protocol/terms-service/index.xhtml", "type": "text/html" } ] }, { "title": "Status Codes", "description": [ "For more information on domain status codes, please visit https://icann.org/epp" ], "links": [ { "href": "https://icann.org/epp", "type": "text/html" } ] }, { "title": "RDDS Inaccuracy Complaint Form", "description": [ "URL of the ICANN RDDS Inaccuracy Complaint Form: https://icann.org/wicf" ], "links": [ { "href": "https://icann.org/wicf", "type": "text/html" } ] } ]}Domain Name: EXAMPLE.COMRegistry Domain ID: 2336799_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.iana.orgRegistrar URL: http://res-dom.iana.orgUpdated Date: 2024-08-14T07:01:34ZCreation Date: 1995-08-14T04:00:00ZRegistry Expiry Date: 2025-08-13T04:00:00ZRegistrar: RESERVED-Internet Assigned Numbers AuthorityRegistrar IANA ID: 376Registrar Abuse Contact Email:Registrar Abuse Contact Phone:Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibitedDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibitedDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibitedName Server: A.IANA-SERVERS.NETName Server: B.IANA-SERVERS.NETDNSSEC: signedDelegationDNSSEC DS Data: 370 13 2 BE74359954660069D5C63D200C39F5603827D7DD02B56F120EE9F3A86764247CURL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/screenshot
type: string Optional
A URL pointing to a screenshot of the domain’s landing page.
Example
https://screenshots.haveibeensquatted.com/1234567890
simhashDistance
type: integer Optional
The Simhash distance between the original domain’s DOM and the typosquatted domain’s DOM. A lower number indicates more similarity.
Example
42