Detecting Cosmetics Counterfeiting in the DNS | WhoisXML API

Threat reports

Beauty and the Beast: Possible Vehicles for Cosmetic Products Counterfeiting

Fake beauty products have proliferated through illicit websites and social platforms1, putting people and brands in danger. Counterfeit products may contain harmful products, and victims may end up suing the impersonated brands, according to Cosmetics Business2.

WhoisXML API researchers monitored the DNS for possible counterfeiting vehicles in the form of domains and subdomains. Below are some of our key findings:

  • We found 11,000+ digital properties added since the beginning of the year that use the names of popular beauty brands, including Avon, Clinique, L'Oréal, Nivea, The Body Shop, and 11 others.
  • About 17% of these properties were added from 1 June to 18 July 2022.
  • About 1% of these new domains have figured in malicious campaigns, some of which are still actively resolving to six unique IP addresses.
  • The content of some domains reveals that they are selling beauty products, although their WHOIS records show that they can't be attributed to legitimate brands. 

Download a sample of the threat research materials now, or contact us to access the complete set of research materials.

---

  • [1] https://www.buzzfeednews.com/article/ikrd/tiktok-shop-customers-say-products-fake
  • [2] https://www.cosmeticsbusiness.com/news/article_page/Counterfeit_beauty_Not_a_victimless_crime/202243
Try our WhoisXML API for free
Get started