A method is implemented by a content centric network (CCN) naming layer executed by a network device. The naming layer is configured to enable processing of regular expressions as part of a hierarchical CCN name, where regular expressions are sequences of characters that form a search pattern. The method processes regular expressions utilized in a one to many scenario between a plurality of CCN clients and at least one CCN serving node. The method includes receiving a CCN interest from a CCN forwarding layer, accessing a forwarding information base (FIB) to find FIB entries matching a path of the CCN name and the regular expression, accessing a content store to find content objects matching the FIB entries, and creating a new CCN interest for each of the FIB entries not found in the content store.

A domain name registrar, preferably with website hosting capabilities, may assist a customer in creating and planning for a new Internet business. The registrar may analyze various data from one or more successful competitor businesses selected by the customer to create and display a product usage timeline of the successful competitor businesses. In addition, the registrar may offer for purchase similar products and/or services used by the selected successful competitor businesses to assist the customer in planning and growing the customer's own Internet business.

Domain name variants may be generated and/or displayed by accessing historical domain name information and identifying, based on the accessed historical domain name information a set of swap options. The swap options may include one or more graphemes. Variants of a domain names may be determined based on the identified set of swap options.

Various techniques for improving security of domain name records are disclosed herein. In one embodiment, a method includes receiving a request to modify a domain name record containing a first domain name server to containing a second domain name server. In response to the received request, the first and second domain name servers are individually queries for corresponding first and second security records. The method can also include receiving the first and second security records from the first and second domain name servers, respectively and determining whether to allow the domain name record to be modified based on a comparison of the first and second security records.

In one embodiment, a tokenized list holder enables privacy-preserving querying with denial of existence functionality. Both an information requester and the tokenized list holder access related (or identical) tokenizing algorithms to generate tokenized terms based on original terms. Prior to receiving a query for information based on a tokenized query term, the tokenized list holder generates sorted tokenized data terms that are associated with a database. Upon receiving the query, the tokenized list holder determines that the tokenized query term is not included in the sorted tokenized data terms. The tokenized list holder then generates a signed response that specifies a gap in the sorted tokenized data terms to indicate that the information is not included in the database. Advantageously, because neither the query nor the response includes original (i.e., untokenized) terms, the privacy of both the information requester and the database is preserved.

Systems, methods and products for identifying IP mass hosts and determining whether they are good or bad. One embodiment is a method including selecting a first candidate IP address, identifying a set of domains hosted at the IP address, and identifying registrants of the domains. A number of unique ones of the registrants is determined and if the number of unique registrants exceeds a threshold number, the candidate IP address is deemed an IP mass host. Otherwise, the candidate IP address is deemed not to be an IP mass host. For an IP mass host, domains that have bad reputations are identified, and it is determined whether the bad domains comprise at least a threshold percentage of the total hosted domains. If the IP mass host has at least the threshold percentage of bad domains, the IP mass host is deemed a bad mass host.

Disclosed is a domain filter capable of determining an n-gram distance between a seed domain and each of a plurality of candidate domains. The domain filter loads a seed domain n-gram for the seed domain and a candidate domain n-gram for each candidate domain in memory, compares the seed domain n-gram and the candidate domain n-gram to identify any identical grams, removes any identical grams from the seed domain n-gram, and determines how many grams are left in the seed domain n-gram, representing the n-gram distance between the seed domain and the candidate domain. The domain filter then compares n-gram distances thus determined with a predetermined threshold, eliminates any candidate domain having an n-gram distance from the seed domain that exceeds the predetermined threshold, and provides remaining candidate domains to a downstream computing facility such as a user interface or an analytical module operating in an enterprise computing environment.

Methods for transitioning an existing TLD from an existing registry operator to a new TLD of a new registry operator, the new TLD subsequently accessible over a communications network, the existing TLD having a non-operational zone or an operational zone. The method includes: collecting existing registry data for the existing TLD from a plurality of registrars associated with one or more domain names of the existing TLD, such that each of the plurality of registrars provides a respective portion of the existing registry data; aggregating the respective portions of the existing registry data to generate new registry data for the new TLD; generating new zone data for the new TLD; publishing in a first mode the new zone data to nodes of a DNS (Domain Name System), the first mode disabling write functionality of the new zone data while facilitating querying of the new zone data; and publishing in a second mode the new zone data to the nodes of the DNS, the second mode facilitating the write functionality of the new zone data, including the querying and updating of the new zone data, the new zone data of the second mode considered as an operational zone; wherein the new zone data and the new registry data in the first mode as well as in the second mode are accessible by the plurality of registrars over the communications network.

There is disclosed an example of one or more tangible, non-transitory computer-readable storage media, including instructions to: enumerate domain names newly registered in a time window; build a dictionary from the newly registered domain names; cluster the domain names, including performing a spell check with the dictionary to identify similar domain names; for a selected cluster, identify one or more domain names with an assigned reputation; and if a portion of assigned reputations exceeds a threshold of bad reputations, assign cluster-based bad reputations to domains in the cluster with unknown reputations.

The present application provides a system for detecting brand squatting domains with a three-stage detection pipeline having three different classifiers. The provided system helps predict whether an unknown domain will be malicious. The first classifier detects abusive brand squatting domains, such as those that impersonate exact popular brand names, as soon as the domains are registered. The second classifier detects abusive brand squatting domains when hosting information becomes available, in combination with the information available for the first classifier. The third classifier detects abusive brand squatting domains when certificate information associated with domains is available, in combination with the information available for the first and second classifiers. The performance of each classifier improves from the first to the second to the third with the first classifier making determinations with the least information and the third classifier making determinations with the most information.