There are multiple services available for searching for information regarding registered and unregistered domain names. Among these services is a protocol called “WHOIS,” that has existed since the formation of the Internet. The WHOIS protocol queries databases for owner information associated with the registrant or assignee information of registered Internet domain names in a top level domain (TLD). Initially, the Internet contained only a few TLDs such as .com, .net, and .org. As the Internet has expanded, however, many new TLDs have been added, including .gov, .edu, .cc, .tv, .jobs, and many others.
Since its creation a number of WHOIS related issues have emerged. These issues include lack of a structured format for WHOIS responses and the public exposure by WHOIS of Personally Identifying Information (PII) for registrants and other contacts associated with a registered Internet domain name. Consequently, the Internet Engineering Task Force (IETF) has generated the Registration Data Access Protocol (RDAP) specifications to address WHOIS issues and serve as a replacement for the WHOIS protocol.
The Internet Corporation for Assigned Names and Numbers (ICANN), which is the nonprofit organization that oversees the use of Internet domains, has selected the RDAP protocol for its Registration Data Directory Services (RDDS), which are required for all generic Top-Level Domain (gTLD) registries. RDDS requires the collection and display by the registry of all data associated with both the registrant of a domain name and the domain registration information. Registrant information may include PII.
An RDAP Service's primary purpose is to provide defined RDAP search and response capabilities for a constrained set of domain-related data that is defined in a search request, similar to the domain-related data that a WHOIS service provides. The constrained data could be composed of, for example, data that is relevant to specific top level domain (TLD); data relevant to IP addresses known to the RDAP service; data related to a set of entities of which the RDAP service is aware; or data related to the servers needed for operating a DNS registry, such as domain-name-server names and IP addresses.
A conventional RDAP service that is implemented according to the IETF RDAP specifications, however, has no capability to analyze the search requests that are submitted to the service relative to the identity of the entity submitting the search requests. Consequently, a conventional RDAP service also does not have any capability to improve or beneficially change its standard technical operation, e.g. its operation as specified by the RDAP protocol, in reaction to an analysis of submitted search requests associated with specific entities to identify activity patterns.
To rectify abnormal, undesirable, or malicious interactions with the RDAP service, among other reasons, it is desirable to provide systems, devices, and methods that analyze RDAP search requests and technically react to identified activity patterns in a non-standard or unconventional manner.