Monitors
Overview
The Internet is an intensely dynamic place—the entities you investigate do not remain frozen after an investigation completes. And, outside of the context of an investigation, there are many IP, domain, and registrant-related events that can be important in many different business contexts. Thousands of domains are registered or dropped every day, and it can be challenging to stay informed.
DomainTools monitoring products track these events and send you alerts as soon as changes are detected. With daily alerts, you can stay on top of your investigations and domain management, with the convenience of an automated email direct to your inbox. This service is available to all Personal and Enterprise members, as well as other DomainTools users with paid subscriptions.
Jump to Section
The Monitors Configuration Page
The initial landing page for Monitors Revision includes a tab for configuration of each monitor:
- Brand Monitor
- Registrant Monitor
- Name Server Monitor
- IP Monitor
When you are not logged in, each configuration tab includes a description of the monitor. When you are logged in, each tab displays the configuration UI for that monitor.
The tabs also include a visual indication of what proportion of your allotment of monitors you have used. Hovering your mouse over the tab gives the exact numbers of monitors used and remaining.
Brand Monitor
Whether looking for a new domain for a product or company, protecting an existing brand from infringement, keeping tabs on competition, or watching for trending registration activity tied to specific words or phrases, Brand Monitor can help you discover any new domain registrations that contain your brand or a relevant keyword string, across most TLDs. Set this monitor as a powerful complement to the Trademark Clearinghouse’s service that covers only new TLDs upon first application.
Common Use Cases:
- Monitor registration activities on domains containing your brand(s) to catch violations
- Spot dropping domains that contain keywords of interest to you
- Track trending registrations based on events, persons, or other terms
- Monitor your competition for new online holdings, or changes to existing ones, before they are publicly announced
Features:
- Monitoring of domains containing specific words, phrases, or partial words
- Coverage of all core generic TLDs, all new gTLDs, and many country code (ccTLDs)
- Email alerts tell you when domains tied to the monitored terms are registered or dropped
- Dashboard displays records of the changes for easy reference
Configuring Brand Monitor
The Brand Monitor configuration UI is arranged as a table in which each row represents a keyword that you wish to monitor. The columns show the rules for matching your keyword, the approximate number of domains that match your keywords, the kinds of activity you are monitoring, and the status (active or inactive) of each monitor.
To add a new term to monitor, click “Add.”
When adding a monitor, you can define rules to help ensure that Brand Monitor finds domains
that are the most directly applicable to your needs. You can enter one or more strings to match.
“Terms that MUST be found” tells Brand Monitor to include one or more terms in the search for matching domains.
For example, entering “Yahoo” will capture all new domains registered with that string anywhere in the domain name. Entering “Goo” and “gle” will capture any domain that has both of those text strings in any location in a domain name, allowing you to capture a domain such as ‘gooooogle.com.’
“Terms that MUST NOT be found” helps filter out domains that are not relevant to you.
For example, if you select “amazon” as a term to match, but your intention is to watch activities of Amazon, Inc., you might wish to ignore any domains that also contain the terms “river” or “rainforest.” Entering those strings as “Terms that MUST NOT be found” filters out irrelevant domains.
Monitoring New or Deleted Domains
You can choose to monitor newly registered domains, deleted domains, or both. For either of these, the matching rules you configured for your terms apply.
Sending Alerts
You can configure Brand Monitor to send you an email alert when it detects new registrations or deletions of domains that match your criteria. If you choose not to receive email alerts, you can still look at recent changes from the Brand Monitor configuration interface.
Viewing Brand Monitor Activity
From the Brand Monitor configuration interface, click Display Alerts History to see a summary view of changes recorded for your monitored terms.
For each day that Brand Monitor detected changes, the interface displays whether those changes were mostly new domains or mostly deleted domains, and clicking the icon for the day provides a detailed view of registration events for that day.
Editing Brand Monitors
You can make quick changes to the individual monitors (“alerts”) you’ve configured by clicking the Edit button. When you are in Edit mode, the Edit button is green. You can then change the status of each keyword row and select/deselect which type of registrations to monitor (New or Deleted domains).
To go back to the normal viewing mode, click the Edit button again.
Registrant Monitor
A powerful way to stay informed about the online activities of an organization, individual, or even a location, is to watch for changes to the monitored registrant information as reflected in the Whois records. A Whois record contains all of the contact information associated with the person, group, or company that registers a particular domain name. Typically, the record will contain information such as the name and contact information of the Registrant (who owns the domain), the name and contact information of the Registrar (the organization or commercial entity that registered the domain name), the registration dates, the name servers, the most recent update date, and the expiration date. Whois records may also provide the administrative and technical contact information (which is often, but not always, the registrant).
Registrant Monitor can be used to track a specific registrant or to alert you to new online holdings before they become active or are publicly announced by parsing through the Whois records of new domain registrations daily and compiling a list of domains that contain the significant term(s) being monitored. This list of matching domains is available via the Registrant Monitor dashboard, where daily email alerts can also be enabled. Use this tool to track a specific registrant or to alert you to new online holdings before they become active or are publicly announced.
Common Use Cases
- Keep a close eye on known or suspected malicious organizations or individuals via the domains they register or drop, including malicious or brand-infringing domains operated by serial violators
- Observe registration activities connected to a physical location or a phone number– which can help track registrants who supply changing name or contact information
- Monitor your competition for new online holdings, or changes to existing ones, before they are publicly announced
Note that Registrant Monitor is NOT recommended for monitoring high-volume registrants such as Privacy or Proxy services.
Features
- Monitoring of many different parameters: contact name, registrant name, email address, physical address or address component (such as postal code), phone number, and more
- Email alerts tell you when domains tied to the monitored registrant term(s) have changes, including new registrations, changes of ownership, or drops/deletes
- Dashboard displays records of the changes for easy reference
Configuring Registrant Monitor
The Registrant Monitor configuration UI is arranged as a table in which each row represents a keyword that you wish to monitor. These keywords can be drawn from any registrant section of a Whois record. The columns show the rules for matching your keyword (s), the status (active or inactive) of each keyword monitor, and a link to see details of any events that Registrant Monitor has previously detected.
To add a new term to monitor, click “Add.”
When adding a monitor, you can define rules to help ensure that Registrant Monitor finds domains that are the most directly applicable to your needs. You can enter one or more strings to match.
“Terms that MUST be found” tells Registrant Monitor to include one or more terms in the search for matching domains.
For example, you can enter whole or partial email addresses, names, postal codes, or telephone numbers. Registrant Monitor will alert on new registrations that include any of your terms.
“Terms that MUST NOT be found” helps filter out domains that are not relevant to you.
For example, if your company shares a large office building with many other companies,
you may wish to monitor your building’s street address, but you may wish to enter your
own company’s name as an exclusion, so that Registrant Monitor will only alert on
registrations of other companies in your building.
Monitoring New or Deleted Domains
You can choose to monitor newly registered domains, deleted domains, or both. For either of these, the matching rules you configured for your terms apply.
Setting Status: Active or Inactive
You can change the status of any monitor rule without deleting the rule entirely. This can be helpful if you wish to temporarily exclude a particular monitor rule from your alert emails.
Viewing Registrant Monitor Activity
From the Registrant Monitor configuration interface, click See Details to see a summary view of changes recorded for your monitored terms.
The Details view shows a monthly calendar display, and for each day that Registrant Monitor detected changes, the day on the calendar is a link. Click the link to see specific registrant events detected for that day.
The table of changes shows the following:
- Domain (linked to the Whois page for the domain)
- Created and Modified dates
- Last owner and Current owner (both linked to Whois History so that, in the case of
changes of ownership, you can verify the change via the Whois records)
Editing Registrant Monitor Rules
You can make quick changes to the individual monitors (“alerts”) you’ve configured by clicking the Edit button. When you are in Edit mode, the Edit button is green. You can then change the active/inactive status of each alert rule. You can also remove the monitor rule.
To go back to the normal viewing mode, click the Edit button again.
Name Server Monitor
A useful way to stay informed about the online activities of an organization is to watch the activity on name servers they own. Among other things, this can often signal new online holdings before they are publicly announced. Name Server Monitor tracks changes on monitored servers, keeping you up to date on hosting changes
Common Use Cases
- Keep a close eye on known or suspected malicious organizations or individuals via the name servers they operate
- Monitor your competition for new online holdings, or changes to existing ones, before they are publicly announced
Features
- Email alerts tell you when the server resolves new domains or drops existing ones
- Coverage of all core generic TLDs, all new gTLDs, and many country code (ccTLDs)
- Dashboard displays records of the changes for easy reference
Configuring Name Server Monitor
The Name Server Monitor configuration UI is arranged as a table in which each row represents a specific domain whose name servers you wish to monitor. The columns show the domain name, the type of alert email (detailed or summary) for each row, the number of domains resolved by the name server, and a link to see details of any events that Name Server Monitor has previously detected.
Note: the “Server” column shows domains, rather than name server hostnames. Name Server Monitor checks the authoritative name servers for the domain as returned by DNS itself.
To add a new domain to monitor, type the server name or domain name, and click “Add.” You can enter more than one server or domain, using spaces to separate them.
Note: If you enter a domain name whose authoritative name server is on a different domain, Name Server Monitor will show a message asking if you wish to monitor the authoritative name server. In the example below, entering “domaintools.com” causes Name Server Monitor to prompt for dynect.com, which hosts the authoritative name server for domaintools.com.
Large Name Servers and Reverse Name Server Reports
In some cases, the number of domains that are managed by the name server in question can be quite large. Name Server Monitor has a limit of 50,000 domains per monitored server. For name servers with more than 50,000 domains, you can purchase a report showing the domains for which the server is authoritative, but the server cannot be monitored.
If you select “Buy a report,” you are directed to the Reverse Name Server Lookup page where the report details (number of domains and price, which is tied to the number of results) and the initial Reverse Name Server results are shown. This page offers the option of downloading a .csv file with the first 1,000 domains on the name server at no additional charge.
Editing Name Server Monitor
You can make quick changes to the individual monitors (“alerts”) you have configured by clicking the Edit button. When you are in Edit mode, the Edit button is green and you can make the following configuration changes:
- Type: Toggle Summary or Detailed format in the email alerts
- Watching: Choose which events you wish to track for each name server (deleted
domains, domains transferred in, new domains, domains transferred out) - Email: Choose whether or not to receive a daily status email for the monitored server
To go back to the normal viewing mode, click the Edit button again.
Summary and Detail View for Email Alerts
The “Type” toggle controls how your email alerts are presented. It does not change what you see on the Name Server Monitor dashboard.
The Summary view in your email alert shows you a graph of activity on the name server (new domains, domains transferred to this name server, domains transferred away from this name server, or deleted domains).
The Details view option in the email alert shows the specific events, by domain name, that were observed on the name server.
Status: Active or Inactive
You can change the status of any monitor rule without deleting the rule entirely. Setting a monitor to “Inactive” excludes that name server from your alert emails. This can be helpful if you wish to temporarily filter a server out of your alert emails without permanently removing the server from your monitors.
Viewing Name Server Activity
From the Registrant Monitor configuration interface, click See Details to see a summary view of changes recorded for your monitored terms.
The Details view shows a calendar control to navigate forward and backward in time, and shows a list of recent changes below the calendar. When you select a date where changes were detected, those changes are listed by domain, action (transferred, deleted, etc) and current and former name servers.
Name Server Monitor Settings
This control allows you to see how much of your allotment of monitors you are currently using, and contains the global control for alert emails. Turning off emails in this control disables all emails, regardless of whether the individual name servers are set to Active or Inactive.
IP Monitor
Another way to stay informed about the online activities of an organization (including your own) is to watch the activity on IP addresses they own or use. IP Monitor tracks changes taking place on monitored IP addresses, saving time (compared to manual lookups) and keeping you up to date on hosting changes.
Major Use Cases
- Keep a close eye on suspect or known malicious IP addresses
- Monitor your competition
- Monitor your own IP space to be sure no unauthorized websites are pointed to your IP addresses
Features
- Email alerts showing when domains are pointed to or away from the monitored IP address
- Tracking of hosting changes for new, existing, and deleted domains
- Dashboard displays records of the changes for easy reference
Configuring IP Monitor
The IP Monitor configuration UI is arranged as a table in which each row represents a specific IP address you wish to monitor. The columns show the following:
- IP address
- Description (Optional)
- Reverse IP: the number of domains hosted on the IP address, and a link to Reverse IP for that IP address
- Activity: a count of recent events observed on the IP address
Adding IP Addresses
To add a new IP address to monitor, type the address in the box, and click “Add.” You can enter more than one IP addresses, using spaces or commas to separate them.
Note: All entries are treated as host addresses. Ranges and subnets are not supported. For example, entering 4.2.2.0 treats that value as a host address, not a subnet.
Description (optional)
As a convenience, you may enter a description of the IP address you are monitoring. This can be helpful as a reminder of why you are monitoring a particular address.
Reverse IP
This column shows the number of domains hosted on the domain as reflected in the DomainTools database. Clicking the link (the number of domains) takes you to the Reverse IP page for that IP address. From that page, you have options to review the domains on the IP, purchase a report, or perform a .csv export of up to 2,000 domains (beyond 2,000, you must purchase a report).
Activity
This column shows the number of recent changes detected on the IP address. Clicking the link brings you to the IP Monitor Details view dashboard.
The Details view shows a calendar control to navigate forward and backward in time, and shows a list of recent changes below the calendar. When you select a date where changes were detected, those changes are listed in a table by domain, action (transferred, new, dropped, etc) and the new or former IP addresses for the domain, in the case of transfers. Domains in the table are listed alphabetically.
Note: above the table of domains is a pagination control, which appears when necessary. Some large hosting IP addresses may have thousands of changes per day, requiring pagination of the display.
Reverse IP Reports
Just as from the Reverse IP page as discussed above, you can purchase a report showing the full list of domains that are currently in the DomainTools database for that IP address.
Editing Monitors
You can make quick changes to the individual monitors (“alerts”) you’ve configured by clicking the Edit button.
When you are in Edit mode, the Edit button is green and you can make the following configuration changes:
- Watching: For each IP address, select which kind of changes you wish to monitor
- Email: Choose whether or not to receive a daily email with status for the IP address
- You can also edit or remove each IP address entry (which you can also do when you are in normal viewing mode)
To go back to the normal viewing mode, click the Edit button again.