Domain and IP attribution in UpGuard
UpGuard uses a variety of sources to attribute a domain and IP addresses to an organization.
Domain attribution
Domains are attributed using the following methods:
- WHOIS Registrant Lookups
- DNS Nameserver Analysis
- MX Records
- SPF Record Parsing
- TXT Record Analysis
- CAA Record Analysis
- Certificate Transparency Logs
- Redirect Tracking
Subdomains are attributed via their parent domain. For example, if UpGuard owns upguard.com, the subdomain help.upguard.com also falls under UpGuard.
IP address attribution
IP addresses are attributed via reverse DNS lookups. If a reverse DNS lookup is unavailable, UpGuard uses certificates associated with the IP address for attribution through fingerprints and common names.
Third-party hosted assets
In some cases, an asset managed by a third party may appear under your profile or a vendor’s profile. This happens when UpGuard determines the asset is functionally associated with the organization, even if it is hosted by an external provider.
For example, this knowledge base is hosted by HubSpot but appears under UpGuard’s profile in the platform. Although HubSpot hosts the site, customers interact with it as an UpGuard resource—any issues identified here represent a potential risk to UpGuard’s customers.
Risks identified on third-party hosted assets can be addressed in two ways:
- Send a remediation request to the third party that manages the asset, the same way you would for any other vendor risk.
- Create a risk waiver if you want to accept the risk. Note that a risk waiver only affects the score in your UpGuard account—it does not remove the risk from your profile as seen by other UpGuard customers.