Threat intelligence API Docs Pricing Resources Contact us

Blog

Read the other articles

Assessing Domain Reputation and Building Trust with Threat Intelligence Sources

Assessing Domain Reputation and Building Trust with Threat Intelligence Sources

When a small business enlists a payroll processing solution, it trusts the software provider to take the utmost care of all the sensitive data it obtains access to. The same holds true for business-to-consumer (B2C) transactions that pass through an application. For instance, when customers purchase a venti espresso macchiato from Starbucks, they trust that the drink they get is clean and tastes exactly like the ones they’ve ordered before. 

In short, all business transactions are based on trust. People tend to shy away from business organizations they don’t trust. While several factors affect the trustworthiness of a company, ensuring its internet domain name’s reputation or integrity is one that often gets overlooked. Companies mostly focus on generating positive online reviews to convince their target markets of their trustworthiness. But domain integrity could also affect their target’s perception of their organizations.

In this post, we delved into the factors gleaned from threat intelligence sources that affect whether one may trust (or not) a website and its domain name. That way, businesses can focus on improving their trustworthiness. We also discussed what could happen to companies that neglect their domain’s integrity.

4 Factors That Affect an Organization’s Domain Reputation

Threat Intelligence Platform (TIP) is one of the most comprehensive threat intelligence sources that can give organizations pertinent insights into their domains’ reputation. Among others, the platform checks these four factors:

1. IP Resolutions

TIP checks your domain’s name and mail servers and subdomains to obtain a list of all of the IP addresses that your domain resolves to. To illustrate, we analyzed apexhcm[.]com as an example, the domain name of an HR and payroll solutions provider who fell victim to a ransomware attack in 2019. The domain resolves to six IP addresses as shown in the screenshot below.

IP Resolutions

All these IP addresses can provide companies with more information about their digital infrastructure. Cybersecurity analysts could build threat intelligence reports on each IP address to see if any of them have vulnerabilities. If your domain resolves to a suspicious IP address, then clients who use threat intelligence platforms and other security systems might be alerted to its status and refrain from accessing it.

2. Other Domains on the Same IP Address

TIP also gives a list of domain names that resolve to the same IP address. Apexhcm[.]com, for instance, shares its IP address with ten other domains. Users can build threat intelligence reports for these domains.

Other Domains on the Same IP Address

If any of the domains that resolve to the same IP address is malicious, your domain reputation could also suffer. Some organizations block access on the IP level, so your domain could also end up blocked, causing you to lose business opportunities.

3. Website Content

One of the most critical indicators of threat intelligence is a website’s content, which TIP can help assess. In the process, the platform analyzes metatags, JavaScript source code, and HTML directives to identify which content management systems (CMS) and other technologies figured in the website’s development.

Considering apexhcm[.]com, the following was found:

Website Content

If Apex HCM did not set up redirects to other websites, then that could mean someone else found a way to inject such functionality into its website or pages, and visitors could end up redirected to malicious websites. Threat actors are known for intercepting a visitor’s click to open a malicious site in a new window.

4. Secure Sockets Layer (SSL) Certificates

Lastly, the configuration of a domain’s SSL certificates is another way for clients to tell if they should trust your company or not. For apexhcm[.]com, the platform discovered that it has a recently obtained certificate, which doesn’t mean it’s malicious, although this fact may deserve some attention. TIP also identified several SSL vulnerabilities that threat actors could exploit:

Secure Sockets Layer (SSL) Certificates

Bringing These Factors Together

These factors, along with other data that TIP analyzes through its built-in domain reputation API, caused the domain to obtain a score of 86.27%. All organizations should strive for a rating as close as possible to 100% to be considered trustworthy.

Bringing These Factors Together

---

Ensuring domain integrity is essential to gain customer trust. In apexhcm[.] com’s case, paying attention to that is even more critical in light of the ransomware attack its owner faced last year. As in any cyberattack, that could have caused some clients to lose faith in the company. One way to rebuild trust is to improve domain integrity and address vulnerabilities and warnings that TIP detected.

Besides, are there other reasons to improve one’s domain reputation? Generally speaking, improving domain integrity has a positive impact on a company’s email marketing campaigns and sales. When a domain is deemed reputable, organizations won’t block emails coming from users associated with it. Marketing collaterals would, therefore, be more likely to reach their intended audiences, thereby increasing the company’s chance of success.

Read the other articles
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.