I am looking for a domain name registrant. Where can I look it up?
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
I would like to transfer my domain name to another registrar. What is the procedure?
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
The details registered about me/my company are incorrect or out of date. How can I get them updated?
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
Why is my domain name in quarantine?
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
What conditions do I have to meet as a registrar?
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
We first analysed use of the Netherlands' fifty biggest brand names* within the .nl domain back in 2016. That study detected 675 domain names that we suspected of being used or intended for use in phishing. Since then, the number of suspect names has gradually risen. When we scanned again last month, we found 1,079 dubious domains with names resembling the fifty biggest brands, plus 91 that had already been taken down by the relevant hosting firms.
However, the study brought some good news as well: monitoring and intervention does seem to be suppressing visible abuse such as phishing. Cybercrooks are apparently shifting their focus to less conspicuous malpractices, such as spamming.
Profile
2016 (%)
2018 (%)
2020 (%)
Normal website
60.20
53.58
55.45
Unused domain name
7.20
6.37
9.64
Parking website
16.10
12.97
9.31
Unresponsive
5.50
7.73
6.06
Adult website
unknown
unknown
unknown
(Possible) phishing site
2.20
4.00
4.35
'For sale' site
3.00
3.45
3.52
Unclassified
unknown
0.31
2.56
Advertising network
1.40
6.34
2.13
E-mail only
2.40
2.97
1.59
Redirect to original domain name
1.30
2.19
0.73
Removed
0.70
0.06
0.37
Table 1. Domain names resembling the Netherlands' top 50 brands.
Classification
Websites were classified using a profiler developed by SIDN Labs in collaboration with TNO. The profiler classifies suspicious domains by analysing both the domain names themselves and the technology and content of the associated websites. Each domain is scored on a number of classifiers. The scores are then weighted and combined into a profile, which reflects the purpose for which the domain name is probably being used. The thinking behind the system is that, by combining a number of individually insignificant pieces of information about a domain name, it's possible to ascertain how the name is being used. The profiler assigns each domain name to one of the following categories:
Profile
Description
Normal website
Domain name is linked to an ordinary website belonging to the brand owner or another legitimate party.
Unused domain name
No information about the domain name is available from the DNS; no IP address and no mail server. The domain name has been registered, but nothing more.
Parking website
Registrant is not currently making active use of the domain name, which is linked to the hosting firm's standard parking page.
Unresponsive
Unresponsive A web server IP address is linked to the domain name, but the server does not respond.
Adult website
Adult Domain name is used for content unsuitable for minors.
(Possible) phishing site
Domain name is possibly linked to a website that is used for phishing.
'For sale' site
Domain name is for sale.
Unclassified
Profiler cannot classify the domain name.
Advertising network
Domain name is linked to a website made up of advertising links.
E-mail only
Domain name is not linked to a website, but does have a mail server.
Redirect to original domain name
Users are redirected to the original domain name.
Removed
Website linked to the domain name has been taken down by the hoster.
Table 2. Description of categories in which websites are classified by the profiler.
Very little discernible phishing now
In 2016 and 2017, analysis revealed that a significant number of the detected sites remained visibly active, distributing malware, using logos without authorisation and so on. In 2020, however, we found very little activity like that. The suspect domains that we came across appeared to be in use for activities that could go 'under the radar'. Sending spam, for example. In many cases, the associated web servers redirected to external IP addresses linked to the mimicked brand's own website. That's a common tactic adopted by scammers, so that mail recipients who check out the sending domain get the impression that the sender is legitimate. The only visible difference between the scam domain name and the brand's official domain name is that the fraudulent one isn't registered to the brand owner.
Unclear registrant details make action difficult
It can be difficult to act against scam domains of the type described, partly because of false positive detections: some of the domains that our scans highlight as suspicious are in fact legitimate. For example, we recently came across a domain name that incorporated the name of a bank. The name was used for a website whose landing page featured the bank's logo. However, the domain wasn't registered to the bank and the landing page was very amateurish and insecure. Understandably, alarm bells started ringing. However, an internal investigation by the bank revealed that the site had been created by an intern, who had registered the domain name personally. In fact, it turned out that the bank was using lots of domains that weren't registered in its name, because staff didn't know what the correct registration procedure was.
Anti-abuse activities are effective against visible phishing
One of the reasons for the decline in visible abuse is that companies are defending their brands more actively. In 2016, organisations in the Netherlands were using SIDN BrandGuard to protect 47 brands; today the figure is 264. Increasingly, therefore, cybercrooks are turning to other domain name extensions, using domain names that resemble trade journals, or snapping up irrelevant names with established traffic flows to use for their fake webshops. However, targeted countermeasures are making those tactics less attractive as well: tools such as the SIDN BrandGuard are nowadays able to pick up malicious registrations outside .nl. We're also co-investing in systems that can detect fake webshops.
Figure 1. Many leading Dutch brands now use SIDN BrandGuard to protect their reputations on line. This graph shows how the number of protected brand names has increased over time.
