Abuse Manager: Evidence Gathering
Evidence gathering is incredibly important when managing a case of potential domain name abuse. So, carrying on from our recent blog post on the automatic screenshot functionality in iQ Abuse Manager, today we expand a bit more on other data points available to you from within each domain's case view.
Helping you save time and build a strong case against potential bad actors.
Domain "lifecycle"
From within this section, you will find information such as when the domain was registered, updated, when it expires and when last the whois was checked.
This can be useful to understand the patterns of abuse specific to your organisation.
While the tendency is for domains to be registered, used for nefarious means and then dropped, we also see older domains being used for abuse. So having the domain lifecycle information can be useful to create your own profile.
EPP status
Abuse manager provides visible EEP status codes so you can quickly see the status of a domain. As you progress the case, these may change and this feature ensures you're always keep up to date and informed.
This section also provides name server information and any additional authentication methods are enabled e.g. DNSSEC
Whois
While much of the Whois data obfuscated as part of privacy legislation requirements or commercial privacy services, we still provide the full Whois data which can provide additional clues for your case. The Whois data is a live lookup, ensuring you have the latest information at your fingertips.
Date reported, Date Ceased and Previous cases
Having the date of when a report was created for a domain in one of the threat feeds is important of course. But in Abuse Manager, we go a bit further. We also check to see when reports drop out of these feeds, and show them front and centre, so you know there is no longer a threat.
Furthermore, if a domain has older cases attached to it, they will also be shown, but easily identifiable as old cases via a differently coloured case id
Details from the Threat Feed
Each threat feed provides a data payload, which is then collected and organised within each domain name's case.
For each report, Abuse Manager provides a Details section, so you can review this data. This will be made up of information such as the date added, date last verified, threat feed that reported the issue, the category of threat, the domain name and where available the full URL
Threat Timeline
One of our favourite features, the threat timeline provides a visual representation of when current and past threats were identified, as well as other information such as any domain lifecycle data and updates.
DNS information
Abuse Manager provides, where available, name server details, A records, MX records TXT records and ASN numbers.
Providing you with the data to understand where the domain is registered and also where the various associated services such as email or the website are located.
Case notes
As outlined in a previous blog post, iQ Abuse Manager's case page, provides the opportunity to save notes throughout the case management process. As well as internal notes, the case notes section allows you to also add notes and files from 3rd parties.
Further building up the amount of evidence you need to take the appropriate action, whether the domain is being used for abusive purposes or not.
.....and of course, let's not forget the aforementioned screenshot taking, functionality!
Ensuring that you and your team have as much information at hand, to make the best decision possible, to the benefit of your customers, brand and the internet as a whole.
We hope you found this post useful. So, please let us know if have any questions & comments!
