WHOIS dates in alert emails

We're excited to announce that we've started trialling WHOIS created dates in our alert emails. This has been a popular requested feature and we hope it provides more of the valuable intelligence you need to quickly triage alerts.

This feature is heavily dependent on real-time access to external data sources and so — despite our extensive testing — we may not always be able to include this information for every new domain. This is something we're continuing to work on, but for now please consider this feature in beta.

We will be rolling this out to all paid subscriptions over the next 24 hours and we're keen to hear your feedback on its performance and utility!

API deprecation notice

Sadly dnswister.report is no longer able to present Google Safe Browsing API results. Google recently blocked automated access to their free API endpoint, removing our ability to share a simplified representation of these results with you.

We will endeavour to find a replacement solution for domain reputation lookups, but in the meantime we are including a notice in the API results and marking them as errors. We will remove the endpoint itself shortly.

IP muting

We're proud to announce the release of IP and IP-range muting!

This has been a popular customer request and it's now available within the settings of each of your subscriptions. You can mute individual addresses (like 93.184.216.34) or whole ranges (like 190.12.13.14/24) and any new or updated domain notifications that match will be omitted from your emails. We're still refining the UI for direct linking to this from your email alerts, but we wanted to share this functionality as soon as it was live.

What's next?

We're prioritising the features that we know you're excited about and next up we're adding WHOIS-sourced registration dates in emails and alerting on at-registrar new domain registrations (i.e., before DNS have been created), including partial domain matches.

Both of these improvements will support informed and efficient decision-making and we can't wait to get them in your hands!

Search algorithm improvements

We're excited to announce the released of another update to our search algorithms!

The update expands our search radius to include a collection of commonly abused domain prefixes derived from our analysis of phishing trends.

We have also invested a lot of effort behind the scenes improving how we make these changes and we're looking forward to introducing regular algorithm updates this year, including some developed directly from your feedback.

Export changes

In early 2023 we will be changing our search export functionality to only support CSV format, and changing how this export functionality is accessed. This functionality was originally created to support exporting the results of user-driven searches but our analysis has shown that 99% of the calls to the current JSON and CSV format links are from crawlers and other automated software.

The CSV format will remain as it's the most consumable by other software (i.e. Microsoft Excel), and we've recently improved the exported content's coverage, quality and speed to better serve the intended use-case. In doing so, we've also change the path for CSV exports so it will no longer be exposed to the majority of crawlers and other automated software.

If you're currently consuming the /search/[hex]/json or /search/[hex]/csv endpoints in software you can achieve the same functionality using the /api/fuzz/[hex] endpoint to get the complete set of similar domains, and by following the links within that response you can achieve exactly the same functionality as the current JSON and CSV export links, but with significantly better performance.

Search updates

To celebrate and send out the year we've just released a large number of small, but important, updates to our public search and export functionality, aligning the results more closely across the different interfaces and making sure the performance and experience is as good as it can be.

Through next year we're excited to bring a number of expansions to our search algorithms, targeting more of the most insidious typosquatting techniques, and you'll see this through announcements in your alert emails and the newly_monitored flag in API calls.

Have a safe and enjoyable Christmas and New Year!

Public API changes

During March 2022 we received a significant spike in bot-based abuse of our public APIs, forcing us to implement some pretty harsh rate limiting while we got a handle on the situation. This rate limiting also impacted some of our legitimate users, especially through the last two weeks of March.

The silver lining is this abuse pushed us take greater advantage of CloudFlare's "edge" computation and DoS protection, and in migrating the majority of our public API endpoints to CloudFlare we were able to make a number of significant performance and quality updates too.

The "fuzz" and "parked" routes received the greatest improvement, the former with a 100-fold performance increase and the latter benefiting from improvements to our parked-website detection algorithm.

This might result in some requests returning slightly different responses than before, but those responses are now more accurate which we're sure you'll appreciate!

Welcome to 2022!

From all of us at dnstwister we hope you've had a pleasant Christmas and New Year, and we wish you all a safe year ahead.

Through the end of 2021 we released a number of small updates and bugfixes including extending our public API's "fuzzing" endpoint to include common phishing TLDs (a feature already available on our paid subscription plans) and publishing a transparent security page.

In 2022 we're planning to push out a lot more tools to support our subscribers with alert-response and we're continuing to broaden the tooling on this site too. As always please don't hesitate to let us know if there's something we can do to help you with your dnstwister use-case.

Feature Announcements

Since the last update we've been working hard on two updates to dnswister.report: STIX2 indicators and a light UI refresh.

STIX2 indicators

We have just launched our first Threat Intelligence integration - STIX2.1 indicators for all search results.

For each result you can view or download (via permalink) a STIX2.1 indicator for the domain in question, the domain's IPv4 Address or URLs starting with that domain.

We're hoping to add further indicators in the future as you let us know what would help you. Right now STIX2 indicators can be accessed off any dnstwister search result and will be coming to paid-tier subscriptions and APIs soon!

These is an exciting new feature so if you've got any feedback - and as always - please don't hesitate to let us know.

UI updates

Since the last update we've also rolled out a refreshed UI with improved search progress and a number of other layout and mobile consistency improvements, hopefully you're also finding dnstwister.report easier on the eyes and easier to use.

Feature Announcement: Alerts History

We're excited to announce that that all paid-tier subscribers now receive 30-day retention of their dnstwister alerts.

Every alerted-for domain in your emails now links back to its last 30 days of DNS A and MX record resolution history.

We're hoping this will be especially useful for subscribers who have hidden all alerts except those for new registrations when they experience a domain known to be registered becoming temporarily unresolvable and then re-alerting as "new" when it is next resolved without the critical context of why they are seeing it again.

This is an exciting new feature so if you've got any feedback please don't hesitate to let us know.

Welcome

Welcome to our brand new news section!

We'll be publishing product updates and announcements here for those of you that don't follow us on Twitter.

If you have any questions or want to know more about anything we publish here, please reach out.