Sleuthing Tools & Resources

Research Tools & Tips
  • Learn more about specific Internet domains and the parties behind them through WHOIS data. Use sites such as to research prospective partners' domains. Exercise extra scrutiny with domains that exhibit any of the following characteristics:
    • Domain was registered recently
    • Domain registrant's name and contact info is hidden behind a privacy company or uses a false address
    • Unusual registrant details, such as the following:
      • Contact email address doesn’t match domain (e.g. @gmail, @yahoo etc instead of @domain)
      • Registrant has unexpectedly high number of domain registrations (eg. there are 5 domains at the same IP but the registrant's email address has been used for 20, 30 or more domains)
    • Reverse-IP-lookup shows suspicious-looking domains hosted on the same IP address (same applies to authoritative name server)
    • Reverse-IP-lookup shows unrelated domains hosted on the same IP address (e.g. domains pertaining to clothing brands and prescription drugs hosted on one IP address—and the same applies to authoritative name server)
  • When doing background checks on prospective partners and their domains, look them up in the Malvertising Research Engine. If a partner or domain you're researching appears in a search result there, we recommend you take a closer look at the party in question before accepting their ad into your network.
  • Scan Flash, JavaScript, and PDF files using sites such as and to learn more about their content. (Please keep in mind that Google has no connection with these sites or scanning tools and cannot guarantee their effectiveness.)
Troubleshooting Tools
  • Web debugging proxies capture snapshots of HTTP traffic between your browser and the Internet. Examples include:
    • Charles to capture snapshots of HTTP traffic in Firefox/IE (Mac/Windows/Linux)
    • FiddlerCap and Fiddler to capture snapshots of HTTP traffic in IE (Windows only)
  • Identify settings-changes that may have been caused by unwanted or malicious software with TrendMicro's HijackThis, a free scanning tool for Windows (upload and analyze HijackThis logs at
General Security Tools
Learn From Experts
  • You can learn more about malvertising by reading the Spyware Sucks blog, written by well-known independent researcher Sandi Hardmeier.
Stay Connected