Home / Industry

How Much of a Fortune 500 Company's Digital Footprint Can Be Publicly Attributed to It?

Not all of the domains that contain a company's brand are under its control. A portion of them — sometimes even the vast majority — is typically registered by unidentifiable third parties with masked WHOIS records. Arguably, WHOIS redaction might also be preferred by the companies themselves for privacy purposes. But to which extent is this the case?

We conducted a short study to explore this question at the enterprise level, looking at the WHOIS records of the top 25 Fortune 500 companies' official domain to check if public attribution was possible. Next, we aimed to uncover the related digital footprint of those companies, assessing the ratio that could also be publicly attributed. Last, we looked at a subset of non-attributable domain names that presented signs of maliciousness.

The Subjects

See the list of the top 25 Fortune 500 companies with their corresponding domains below.

Table 1: Top 25 Fortune 500 Companies and Their Respective Domains
RankCompanyDomain
1Walmartwalmart[.]com
2Amazonamazon[.]com
3Exxon Mobilexxonmobil[.]com
4Appleapple[.]com
5CVS Healthcvshealth[.]com
6Berkshire Hathawayberkshirehathaway[.]com
7UnitedHealth Groupunitedhealthgroup[.]com
8McKessonmckesson[.]com
9AT&Tatt[.]com
10AmerisourceBergenamerisourcebergen[.]com
11Alphabetabc[.]xyz
12Ford Motorford[.]com
13Cignacigna[.]com
14Costco Wholesalecostco[.]com
15Chevronchevron[.]com
16Cardinal Healthcardinalhealth[.]com
17JPMorgan Chasejpmorganchase[.]com
18General Motorsgm[.]com
19Walgreens Boots Alliancewalgreensbootsalliance[.]com
20Verizon Communicationsverizon[.]com
21Microsoftmicrosoft[.]com
22Marathon Petroleummarathonpetroleum[.]com
23Krogerkroger[.]com
24Fannie Maefanniemae[.]com
25Bank of Americabankofamerica[.]com

The Tools

Three specific intelligence tools were used for this study, namely:

  • Bulk WHOIS Lookup: To determine if any of the WHOIS records of the top 25 Fortune 500 companies have been redacted or privacy-protected.
  • Reverse WHOIS Search: To find out how many domains containing their brand names each company owns.
  • Typosquatting Data Feed: To obtain lists of new bulk-registered domains that may be mimicking the companies' domains.

The Findings

The Bulk WHOIS Lookup for the top 25 Fortune 500 companies revealed that only two organizations (Walmart and Berkshire Hathaway) or 8% of the sample hid their registrant details from the public. Walmart opted not to disclose its domain registration information, while Berkshire Hathaway's records were privacy-protected by Perfect Privacy, LLC.

We then used Reverse WHOIS Search to come up with two data sets so we can compare the ratio of domains containing the companies' brands to the domains publicly known as under their control (those that can be publicly attributed to them based on the registrant organization indicated in the domains' WHOIS records). Note that we took out Walmart and Berkshire Hathaway from the sample as they did not reveal their registrant organization names in their WHOIS records.

Table 2: Top 23 Fortune 500 Companies and Their Respective Registrant Organizations
RankCompanyRegistrant Organization
2AmazonAmazon Technologies, Inc.
3Exxon MobilExxon Mobil Corporation
4AppleApple Inc.
5CVS HealthCVS Pharmacy, Inc.
7UnitedHealth GroupUnitedHealth Group Incorporated
8McKessonMcKesson Corporation
9AT&TAT&T Services, Inc.
10AmerisourceBergenAmerisourceBergen Corporation
11AlphabetGoogle LLC
12Ford MotorFord Motor Company
13CignaCigna Intellectual Property, Inc.
14Costco WholesaleCostco Wholesale Membership, Inc.
15ChevronChevron Corp.
16Cardinal HealthCardinal Health
17JPMorgan ChaseJPMorgan Chase & Co.
18General MotorsGeneral Motors LLC
19Walgreens Boots AllianceWalgreens
20Verizon CommunicationsVerizon Trademark Services LLC
21MicrosoftMicrosoft Corporation
22Marathon PetroleumMarathon Petroleum Company
23KrogerThe Kroger Co.
24Fannie MaeFannie Mae
25Bank of AmericaBank of America

We compared the two Reverse WHOIS Search data sets to determine each of the 25 companies' potential domain attack surface. The first data set lists all domains that contain the company names shown in Table 2, while the second contains all domains that have the registrant organizations listed in the same table. See the figure below for the results of the comparison.

Apple, AT&T, Alphabet, Walgreens Boots Alliance, Verizon Communications, Microsoft, and Bank of America were taken out of the sample as they owned more of the domains included in the reverse WHOIS search results than not.

Based on the reverse WHOIS search results, the 14 companies left (Exxon Mobil, UnitedHealth Group, McKesson, AmerisourceBergen, Ford Motor, Cigna, Costco Wholesale, Chevron, Cardinal Health, JPMorgan Chase, General Motors, Marathon Petroleum, Kroger, and Fannie Mae) appeared in the WHOIS records of 63,215 domains. Of these, only 41,664 domains or 66% contained their legally recognized organization names as registrants. This means that cyber attackers could theoretically use 21,551 domains for phishing, business email compromise (BEC), or other malware-enabled schemes.

We sought to identify additional threat vectors by consulting typosquatting data feeds from 1 — 31 October 2020. While only three of the 25 companies (Amazon, JPMorgan Chase, and Verizon Communications) had typosquatting domains that month, we can't say for sure if the others are threat-free in previous or upcoming months.

None of the 58 domains that contained the three companies' brands indicated their official organization names as registrants. We can say then that none of the bulk-registered domains in October are "proven" to be under their control.

A check on the nature of the 58 look-alike domains on VirusTotal revealed that 40 or 69% of them have been cited for various malicious activities like phishing. A breakdown for Amazon, JPMorgan Chase, and Verizon Communications is shown by the figure below.


Domains that contain a company's brand but are not under its control increases its exposure to cyber attacks. These domains can figure in phishing, spam, BEC, and other cyber attacks that could put their customers at risk of identity or financial theft. That could lead to loss of trust and a damaged reputation that are preventable with the help of robust domain intelligence.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

DNS Security

Sponsored byAfilias

Brand Protection

Sponsored byAppdetex

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform