1 Introduction
A domain name is like the name on a mailbox. Instead of remembering a complex street address (the IP address), you use a human-readable name to reach a website. When you type "google.com" into your browser, the DNS system translates that friendly name into the IP address where Google's servers actually live. Domains are a cornerstone of the internet -- and a key target for attackers.
350M+
Registered domain names worldwide
1,500+
Top-level domains (TLDs) available
70%
Of phishing attacks use deceptive domains
2 How It Works
Use the domain analyzer below to inspect any domain name. You can see its DNS records, registration information, and security configuration. Understanding a domain's structure helps you spot impostors and malicious sites.
Anatomy of a domain name
mail.example.com
Optional prefix
The chosen name
Top-level domain
You type a domain name in your browser
DNS servers translate the name into an IP address
Your browser connects to the server at that IP
3 Detailed Analysis
Key domain concepts
TLD (Top-Level Domain)
The last part of the domain (.com, .org, .net). Country-code TLDs like .uk or .de indicate a geographic region. Newer TLDs like .xyz or .top are often abused by attackers because they are cheap to register.
Subdomain
A prefix added before the main domain (e.g., "mail.google.com"). Organizations use subdomains to organize services. Attackers create subdomains like "login.yourbank.evil.com" to trick users.
FQDN (Fully Qualified Domain Name)
The complete domain name including all parts: subdomain + domain + TLD. Example: "www.example.com." (note the trailing dot, which represents the DNS root).
WHOIS
A public database that stores who registered a domain, when it was created, and when it expires. Often the first check an analyst performs on a suspicious domain.
Domain lifecycle
A domain goes through several stages: registration, active use, expiration, and eventually deletion or re-registration. Attackers often watch for expiring domains that once belonged to legitimate companies, then re-register them to inherit residual trust and traffic.
Try it on mlab.sh
Scan any domain to view its DNS records, WHOIS information, SSL certificates, and security configuration. Apply the domain analysis skills you just learned.
Scan a domain on mlab.sh4 Red Flags
Recently registered domain
A domain created just days or weeks ago is far more likely to be malicious. Legitimate businesses rarely use brand-new domains for critical services.
Lookalike domain (typosquatting)
Domains like "g00gle.com" or "paypa1.com" use visual tricks to impersonate real brands. Always check the spelling carefully.
Suspicious TLD
TLDs like .xyz, .top, .buzz, or .tk are disproportionately used in phishing and malware campaigns because they cost almost nothing to register.
Hidden WHOIS information
While privacy protection is legitimate, a domain with hidden ownership combined with other red flags (new, unusual TLD) is especially suspicious.
Random-looking domain name
Domains like "xk7j2m.com" or "a3b8c9d.net" that look like random characters are often generated automatically by malware for command-and-control communication.
Related Modules
What is DNS?
The Internet's phone book: how DNS translates domain names into IP addresses.
Analyzing a suspicious domain
Techniques for evaluating whether a domain is legitimate or potentially malicious.
Recognizing a phishing link
Techniques for detecting fraudulent URLs that mimic legitimate websites.
Source: mlab Academy — Cybersecurity Awareness Platform
URL: https://academy.mlab.sh//page/domain
Module: What is a domain? — Fundamentals
Disclaimer: This content is for awareness purposes only.