August 2022 - Domains | Cybersecurity

Investigating Web Data for Brand Protection Purposes

Alona Borzhemska and Volodymyr Holovash from DomainCrawler on how brand owners can adopt proven best practices to fight online counterfeit sales.

Investigating Web Data for Brand Protection Purposes-web

© Dmitry Kovalchuk |

The World Wide Web is the ideal place for “hijacking” brands, mostly because the online world has seen so little formal policing. According to the Chamber of Ecommerce, counterfeit sales today represent 5 to 7 percent of total world trade in merchandise. The damage inflicted on rightful brand owners goes well beyond revenue and profits: it also threatens national security and human rights. Due to the Internet’s rapid growth — along with instant global reach and anonymity — this situation has significantly escalated.

The number of online spaces available for taking unfair advantage of legitimate brands keeps growing: search engines, social networking, eCommerce, auction and trade board sites, email, blogs, and microblogs. As a result, the online world requires ever closer monitoring and investigation. 

In general, by investigation we mean attempts to find correlations between various pieces of data that will be able to bring us some valuable conclusion or insight.

Correlation is an important word here, since the reality of online investigations, as many of us know, are not always conclusive. Most of the time, such attempts only uncover commonalities — for example, linkages between objects that might be flagged as anomalies. Then it greatly depends on a user's ability to analyze and piece together bits of information, in order to gain real value.

Fortunately, brand owners can adopt their own proven best practices to successfully fight online counterfeit sales. Technology exists for identifying and quantifying worldwide online counterfeiting activity — for both promotion and distribution. If brand owners are armed with the right tools, data and effective strategies, counterfeiters can be defeated.

Good practice for such endeavors online can be listed in the following steps:

  • Global monitoring
  • Connecting the dots
  • Legal enforcement

Step 1: Global Monitoring

Before fighting online scams relating to your brand, you need to be made aware that they exist and then monitor their activities ongoing. Unfortunately, it is quite hard to use ordinary search engines for this task for several reasons including ranking and geolocation. To be presented with a global overview, a search should also include sites that are non-indexed on Google.

A possible answer to those challenges could be scanning the HTML content of sites. HTML or meta tags are snippets of text that describe a page’s content; the meta tags don’t appear on the page itself, but only in the page’s source code. HTML data includes meta description, meta keywords, H1 titles etc. In simple terms, this data reflects up to 90% of the content of the website’s front page.

Using tools that allow you to look through the HTML data, it's possible to view keywords counterfeiters are using to target your brand. It is also important to view the historical change data and whether any other brands are mentioned alongside yours. 

Perhaps the most important thing here is that this method allows brand protection specialists to increase the efficiency of their work, making it possible to scan more sites more quickly.

Step 2: Connecting the dots

Once an entity taking advantage of your brand has been identified, further investigations can reveal whether any other sites are associated with it in order to connect the dots.

It is important to connect sites that possibly belong to the same owner so you can see the bigger picture.

DNS information, specifically information on IP addresses, makes it possible to find websites that belong to one owner or interconnected websites. This is not always accurate however — shared hosting means thousands of websites that belong to different owners can have the same IP address. Nevertheless, often sites that have the same IP address belong to a single owner, especially if there are not many of them.

Another good indicator is a shared name server. The combination of these two things — a shared IP address and name server — can significantly narrow the search.

To investigate even more deeply, it is possible to check the WHOIS history to get a summary of key data about the domain from the WHOIS record itself, which serves as the starting point for all kinds of investigations. Of course, information about the owner of the domain in the WHOIS records might be unavailable for most sites due to the use of the WHOIS protection service by the domain owner. However, it is possible to get the info on the registrar, creation and expiration dates, which is publicly available.

This data can inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.

Step 3: Legal Enforcement

After narrowing down the number of sites to handle, you can then:

  • Take action against ONE site and its other connected sites, social media accounts, payment facilities, HP and/or Registrar. Clients can sometimes join forces with other brands involved.
  • Take action together against numerous non-connected sites hosted on the same IP.
  • Instigate legal action to seize domain names in bulk plus seize assets (i.e., court requests to freeze all PayPal or Mastercard accounts.)
  • Request Google to deindex all domain names with high or low visibility when it's not possible to connect to syndicates.
  • Take action at shopping carts level, i.e., request Magento to block e-commerce services for all sites flagged as selling counterfeit product.


Online counterfeiting can heavily impact any company, affecting revenues, channel relationships, customer experience, marketing effectiveness, legal liability and more. Ignoring it — or just hoping for the best — simply isn’t good business. Fortunately, taking direct action can be fairly straightforward. Implementing best practices as discussed here doesn’t have to involve complex organizational changes or extensive hiring efforts, as data technology providers can help make the effort efficient and supplement internal teams.

Which actions, practices, routines would we suggest in order to help brand owners to protect themselves?  There are many. Generally, we would suggest the following rules:

  • Understand and know what you are looking for. What do counterfeiting sites look like? To what extent is your brand being impacted?
  • Use HTML tools & data to identify suspect profiles.
  • Target domains which have hidden a brand's name in the HTML.
  • Investigate further with WHOIS and DNS record checks.
  • Identify domain ownership, and track it over time, revealing which other domains are related to the same owner. Do this with the help of IP address look ups, name servers etc.
  • Take action to shut down offending sites by implementing legal steps.

The returns — in revenues, profits, and long-term brand value — will certainly make the effort worthwhile.


Alona Borzhemska is an experienced manager and proven relationship builder with a deep passion and curiosity around technology. Using the wealth of her experience and consultative selling skills, she communicates solutions to a highly technical audience. Before joining DomainCrawler, Alona worked with Internet Vikings, the biggest European domain name registrar for the iGaming industry.


Volodymyr Holovash is a proven marketing manager with a profound interest in IT. Prior to his job at DomainCrawler, he worked as a content strategist and assistant marketing manager at Internet Vikings. Volodymyr has a  deep passion for marketing mixed with the advanced skills of a project manager.


Please note: The opinions expressed in Industry Insights published by dotmagazine are the author's/interviewee’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.