Skip to content

Domain Profile

The Domain Profile panel serves as a comprehensive snapshot of all domain-related data in one location. It provides a quick overview of key attributes, making it especially useful for initial domain assessment.

What's included

The Domain Profile displays:

  • Domain name: The fully qualified domain name
  • Domain Risk Score: Calculated risk assessment
  • Screenshot: Current website screenshot
  • Recent Passive DNS resolutions: Latest DNS records
  • Dates: First Seen, WHOIS Create Date, Expiration Date
  • Email address(es): Registration and administrative contacts
  • Registrant Organization: Organization name from WHOIS
  • Registrar: Domain registrar
  • Registrar Status: Current registration status
  • Name Servers: Authoritative name servers
  • IP addresses: Current A record resolutions
  • IP location: Geographic location of IP addresses
  • ASN: Autonomous System Number
  • WHOIS History summary: Count of historical records
  • Website title and server type: Web server information
  • "Raw" WHOIS record: Complete WHOIS text

RDAP content

RDAP record displayed in Domain Profile
RDAP record displayed in Domain Profile

The Domain Profile includes RDAP (Registration Data Access Protocol) support at the bottom of the panel.

Parsed RDAP record

A new element shows the most recent parsed RDAP record. You can:

  • Toggle between RDAP and WHOIS views
  • Copy the raw RDAP record's JSON to the clipboard
  • When the Parsed RDAP record uses data from both registry and registrar, choose which record to copy

For more information about RDAP support, see RDAP Overview.

Use the Domain Profile

Initial assessment

The Domain Profile is ideal for quick domain assessment:

  1. Select a domain from the Pivot Engine.
  2. Review the Domain Profile for overview.
  3. Identify areas requiring deeper investigation.
  4. Navigate to specialized panels for details.

Key indicators

Pay attention to these indicators:

Risk Score : High scores (70+) indicate potentially malicious domains

Registration dates : Recently created domains may be suspicious : Expiration dates show domain lifecycle

Infrastructure : IP addresses and ASN reveal hosting patterns : Name servers may indicate shared infrastructure

Contact information : Email addresses and registrant data enable pivots : Privacy-protected WHOIS may limit investigation

Web presence : Screenshot shows current website state : Server type and title provide context

Pivot from Domain Profile

Right-click any field value in the Domain Profile to open the Operations Menu and:

  • Create new searches based on that value
  • Narrow or expand your current search
  • Exclude results containing that value
  • Navigate to related panels

Common pivots from Domain Profile:

  • Email addresses: Find other domains with same contact
  • Registrant: Discover related registrations
  • IP addresses: Identify shared hosting
  • Name servers: Find domains on same infrastructure
  • Registrar: Search by registrar

Update content

The Domain Profile includes an Update Content button to manually trigger web crawler data collection.

To update web-related data:

  1. Navigate to the Domain Profile.
  2. Select Update Content.
  3. The web crawler queues the domain for data collection.

The web crawler gathers:

  • Screenshot
  • Website title
  • Website response code
  • Redirect domain
  • Server type
  • Website trackers
  • SSL certificate aspects

For more information, see Web Content Updates.

The Domain Profile provides quick links to specialized panels:

  • WHOIS History: View historical registration records
  • pDNS: Examine DNS resolution history
  • SSL Profile: Analyze SSL certificates
  • Screenshot History: Browse historical screenshots
  • IP Profile: Detailed IP information

Best practices

Efficient workflow

  1. Start here: Use Domain Profile as your entry point for domain analysis.
  2. Scan quickly: Review all fields for anomalies or interesting patterns.
  3. Identify pivots: Note values worth investigating further.
  4. Navigate strategically: Move to specialized panels based on findings.

What to look for

Suspicious indicators:

  • High risk scores (70+)
  • Recently created domains (< 30 days)
  • Privacy-protected WHOIS
  • Unusual hosting locations
  • Shared infrastructure with known malicious domains
  • Mismatched website content and registration

Investigation opportunities:

  • Unique email addresses (good pivot points)
  • Specific registrars or registrants
  • Hosting patterns
  • SSL certificate details
  • Historical changes

Common patterns

Legitimate domains:

  • Established registration dates
  • Consistent WHOIS information
  • Professional hosting
  • Valid SSL certificates
  • Appropriate website content

Suspicious domains:

  • Recent registration
  • Privacy-protected WHOIS
  • Shared hosting with many domains
  • Self-signed or invalid SSL
  • Mismatched or suspicious content

See also