Security Sponsored Technology

Find Out Who’s Trying to Knock Your Site Offline with a WHOIS Database Download

Any company that has an online presence tracks how much traffic flows through its infrastructure on a regular basis for various reasons that include getting to know customers better to improve their user experience, identifying the most-read pages to improve SEO, track where most leads and sales come from to focus on the right markets, improving your cybersecurity posture, and many more. That said, any organization would know how many site visitors they normally get each day.

Of course, there may be periods when your site visitor volume spikes. This happens when you promote a page on social media, launch a new product or service, hold a sale, or advertise. But have you ever gotten baffled as to why a certain article that hasn’t done well in the past, for instance, is suddenly gaining a lot of traction? Cyber attackers may be trying to knock your site off the Web via a DDoS attack. How do you find out so you can address the issue? I would suggest looking for a WHOIS database download.

Choose one that contains billions of WHOIS records that span the entire TLD space (includes gTLDs and ccTLDs) so you can get relatively complete and accurate results. A WHOIS database that keeps track of not just newly registered domains but also provides detailed historical information on old domains would also be ideal. Make sure the WHOIS database download product of your choice comes in a format that you can easily compare with your website visitor log. Run a comparison and identify suspicious-looking domains among the unusual site visitors.

After pinpointing possible sources of a DDoS attack. Check your website for signs of DDoS activity, which include:

  • Slow access to files whether you’re inside or outside your office network
  • Long-term lack of access to a certain site or page (404 error)
  • Internet disconnection or timeout
  • Lack of access to connected sites and pages
  • An unusually large number of spam

List down the domains used in spam. Any of them look like those in your suspect list? Try manually blocking user access from them to your site and pages if your security solution doesn’t. Check if this did the trick. If it did, then you’ve just survived a DDoS attack.

DDoS attacks have been plaguing Internet users for 20 years now. And though much has been said and done to prevent them, they still manage to get the better of companies with insufficiently secured websites and pages. In fact, reports say the number of DDoS attacks that lasted more than an hour increased by 487 percent from 2018 to 2019. This isn’t surprising at all because cybercriminals and attackers always rely on what works.

There are several reasons why your company can be subjected to a DDoS attack, which include:

  • Extortion: The attackers want you to pay to gain back normal site operations.
  • Unscrupulous business practices: Cybercriminals sometimes offer DDoS services to take out a competitor’s websites or disrupt its operations.
  • Punishment for undesired actions: You may have thwarted another attack attempt on your network and the bad guys want payback.
  • Expression of anger and criticism: You may have aroused the ire of hacktivists and so they’re getting back at your company.
  • Training ground for other attacks: The attackers may be practicing on your site before going after their real target.
  • Distraction from other malicious acts: The attackers could just be diverting your attention from more nefarious intrusion activities they may be performing in your network.

Whatever the attackers’ motivation is for targeting your website, you can prevent them from succeeding with a WHOIS database download. You don’t have to lose face or opportunities due to a DDoS or any other cyber attack if you take a proactive stance toward securing your domain infrastructure. Start regular domain monitoring now.

About the author


Alexandre Francois

Alexandre François is Senior Content Manager at He is knowledgeable about technologies that permit tracking IP addresses and other relevant data to ensure better cybersecurity protection and marketing campaigns.