Whois API Blog http://www.5zhiq.site/blog Fri, 08 Nov 2019 10:21:27 +0000 en-US hourly 1 https://wordpress.org/?v=5.1.2 A Website Classification Database: An Ideal Source of Threat Data http://www.5zhiq.site/blog/a-website-classification-database-an-ideal-source-of-threat-data/ Tue, 05 Nov 2019 18:09:51 +0000 http://www.5zhiq.site/blog/?p=2464 A simple rule applies in today’s infosec environment: organizations must consider the effectiveness of their threat data sources. In fact, this should be a primary concern, especially if they wish to get the most out of their threat intelligence platform. But … Continue reading ]]>

A simple rule applies in today’s infosec environment: organizations must consider the effectiveness of their threat data sources. In fact, this should be a primary concern, especially if they wish to get the most out of their threat intelligence platform. But not all companies know which sources of threat intelligence can benefit them.

TIPs are critical for many enterprises. A TIP is capable of collecting and managing threat data coming from multiple external sources. It lets companies correlate the information with one another to come up with insightful findings. This process allows them to identify which threats they need to prioritize. A TIP can also reduce risks by answering who is responsible for and what comprises an attack.

So, just like any data analytics software, what organizations get from a TIP largely depends on what goes into it. After all, TIPs consume threat intelligence, which is why the sources they get them from should be topnotch.

But how can one distinguish good threat intelligence sources from bad ones? Let’s take a look at the following four criteria.

Backed by a Qualified and Trusted Third-Party Provider

Many organizations lack the capability to gather, organize, and analyze threat data on their own. That is why they make use of TIPs to do all of these activities for them.

A reputable third-party provider should be behind your threat intelligence source. The provider should vet its data sources for accuracy because if it doesn’t, the results they give can overwhelm analysts with false positives.

Should Provide Information on Active Campaigns

Most companies today already have a good understanding and information on exploits, vulnerabilities, malware, and other kinds of threats. What they may lack are insights into active campaigns. This information will tell them who is behind the attack, what vectors the perpetrators used, where the attack comes from, when ше began, and how to address the threat. The best kind of insight is one that is relevant to the organization’s structure and business context.

Should Provide Relevant Insights to Users

Most types of threat intelligence provide an overview of the risks and business impacts related to threats. But such insights are only useful if they are relevant to the organization. For instance, threat data related to technologies that it doesn’t use is meaningless. As such, threat intelligence sources should match a user’s systems, processes, and assets.

Utilizes an Algorithmic Approach

Algorithm research has come a long way in giving products the capacity to explore and analyze a vast amount of data. Algorithmic approaches not only allow users to collect threat data from multiple sources at a rapid rate, but also provide for automatic and near-real-time analysis. As such, TIPs that employ artificial intelligence (AI) and machine learning (ML), for instance, are highly recommended.

WhoisXML API Offers an Excellent and Relevant Source of Threat Intelligence

Websites are an essential part of any threat actor’s arsenal. Cyber attackers can’t launch attacks without them. Therefore, it is only natural that those working against them should study website data.

WhoisXML API provides a well-structured database that contains extensive information on websites. Its product uses a machine learning (ML) engine with natural language processing capabilities. It can retrieve website content as well as metatags while assigning categories to domains for website classification purposes. Its Web crawlers parse millions of pages regularly to obtain active domain name contact information. This data can be used for many security functions but is particularly handy in identifying malicious domains. It also provides more detailed insights for threat investigations.

At present, our web categorization service classifies domains into 25 different categories. Categories that show up include arts, beauty, home, people and society, sports, shopping, recreation, news and more. These categories get updates on a regular basis, and users can always request new ones as the need arises. Besides these, you can also find meta-information, social media accounts, and emails related to the websites.

All of the information in the database is well-parsed and normalized to a standard format. Users can get them either parsed or raw, depending on their needs. The downloads can come as data dumps or as comma-separated values (CSV) files. As such, the database can be easily integrated into existing business processes and systems. Since the data sets are standardized, users can quickly correlate them without the need to translate or reformat. Easy integration is, after all, highly essential, especially with the growing complexity of today’s technologies.

Finding the right data source for a TIP is essential so organizations can use their threat intelligence solutions to the fullest. After all, what use is a TIP that cannot keep up with today’s cyber threats?

A reliable threat intelligence repository, like our website classification database, can help. With it, cybersecurity teams can ensure their web threat insights are legitimate and up-to-date.

Would you like to know more about how our database can benefit you? Send us a message today for more information.

Using Website Contacts and Categorization Tools for More Effective Digital Rights Management http://www.5zhiq.site/blog/using-website-contacts-and-categorization-tools-for-more-effective-digital-rights-management/ Tue, 05 Nov 2019 14:58:50 +0000 http://www.5zhiq.site/blog/?p=2455 Digital rights management (DRM) is a systematic approach to copyright protection for all kinds of digital media. It prevents unauthorized redistribution of digital media and stops consumers from copying the content they purchase. DRM products were developed in response to … Continue reading ]]>

Digital rights management (DRM) is a systematic approach to copyright protection for all kinds of digital media. It prevents unauthorized redistribution of digital media and stops consumers from copying the content they purchase.

DRM products were developed in response to a rapid rise in online piracy of commercially marketed materials aided by the widespread use of peer-to-peer (P2P) file exchange applications, more widely known as torrent clients.

DRM is typically implemented by embedding code in materials to prevent users from copying them. At times, it limits the amount of time when content can be accessed or the number of devices the media can be consumed on. Despite its widespread use, however, online piracy still runs rampant.

So, what can digital media producers do to protect their intellectual property from online pirates? Would limiting access to their distribution platforms help? How do they make sure that they’re not keeping legitimate consumers out along with the digital pirates? These are just some of the questions that this post answers.

Table of Contents

The Case: The Kickass Torrents Story

Kickass Torrents, also known as “KAT,” was a website that provided users with a directory for torrent files and magnet links to facilitate P2P file sharing via the BitTorrent protocol. It was founded in 2008 and by November 2014 became the most visited BitTorrent directory in the world, knocking down The Pirate Bay from the number 1 spot.

Over time, KAT consistently received complaints from content owners for infringement. And though it claimed to comply with the igital Millennium Copyright Act (DMCA) by removing reported torrents, it kept changing domains — a tactic to avoid takedown. The following list shows the various domain changes KAT went through over the years:

  • 2008: kickasstorrents.com
  • 21 April 2011: kat.ph (probably in response to the seizure of the DemonoidTorrentz, and other similar domains in the U.S.)
  • 2011–2013: ka.tt (part of the seizure-evasion tactic employed by KAT every six months or so)
  • 14 June 2013: kickass.to (a likely response to the U.K. move to block access to KAT and other torrent sites countrywide)
  • December 2104: kickass.so (a response to being delisted by Google and after other countries, including Belgium, Ireland, and Malaysia, followed the U.S. and the U.K.’s move to block access to it)
  • 9 February 2015: kickass.to (a move made after kickass.so was banned on the WHOIS database)
  • 23 April 2015: kickasstorrents.im (a response to blocking on Steam)
  • 24 April 2015: kat.cr (a move made after the Isle of Man domain was blocked)
  • June 2016: .onion address (a response to the removal from Google search results, further blocking in Portugal and on Google Chrome and Mozilla Firefox browsers
  • December 2016: katcr.co

KAT went offline on 20 July 2016 when the U.S. government seized its domains. Its proxy servers were shut down by its staff at the same time. Its alleged owner, Artem Vaulin, a 30-year-old Ukrainian man, was arrested in Poland. Going by the nickname “tirm,” Vaulin was charged with four counts of criminal indictment. Soon after the domain’s takedown, multiple unofficial mirrors were also rendered offline despite having no official connections to the case as an additional measure against copyright infringers.

The Victims: The Media Producers Who Suffer from Online Piracy

Watching your favorite shows and movies, using the best software, reading books and other published works, and listening to your favorite music artists for free is the primary reason why torrent and other P2P sharing sites abound. What consumers may not know or care about, however, if they do is that they’re ultimately hurting the content creators by violating their intellectual property rights.

It takes many resources to produce a film, and most independent filmmakers struggle to pitch their work for financing and global distribution all the time. So, when online pirates steal and illegally distribute their work to the public, the studios don’t earn enough to at times even pay for production costs. The result? The studio folds, its staff members lose their jobs, your favorite actors don’t get paid, and the world no longer gets to enjoy quality movies.

The same thing happens in the publishing, music, and other media industries. Authors, singers, musicians, directors, and other creative artists, not to mention the people behind the scenes (camera operators, editors, etc.) lose not just their livelihood means but also their pensions due to online piracy.

Things get even worse when work leaks out before its official launch. That was the case with “Expendables 3.” By the time it was shown, an estimated 70 million viewers could have already watched it. How could the filmmakers earn if the pirates even beat them to the punch? Is DRM the answer?

A Potential Solution: How Website Contacts and Categorization Tools Can Enhance DRM Solutions

DRM may well be an excellent means to combat online piracy but let’s face it, gauging by how fast and easy digital pirates can move their infrastructure from one location to another (as KAT’s domain changes showed), it’s not a foolproof solution.

DRM allows media owners to:

  • Restrict or prevent users from editing, saving, forwarding, and printing content;
  • Only allow content viewing, printing, or copying up to a limited number of times;
  • Disallow users from creating screenshots or screengrabs of content;
  • Set an expiration date on content after which users will no longer be able to access it; this is possible to do by limiting the number of uses a consumer has;
  • Lock access only to specific IP addresses, locations, or devices;
  • Watermark content to establish ownership and identity.

While those steps are effective, limiting access to content can still be improved. First, media owners need to realize that online pirates are mostly content consumers too. A KAT staff member can, for instance, subscribe to a streaming service, thus legally consuming content. He would only differ from a regular user in that he somehow manages to copy the said content and distribute it to others.

One way of preventing copyright infringement is by screening content consumers for malicious intent. While this could be a tedious process and riddled with guesswork, it should afford better security. It’s hard to confirm a consumer’s motives, but intelligent assumptions can still be handy. For instance, a regular content consumer would most likely work for a living (he can’t just sit all day, say, watching movies). If that’s the case, he’d need to rest and do other things (run errands, interact with others, etc.) to survive. So, a regular content consumer is likely to have a maximum of eight hours (providing he or she has no social life and doesn’t travel long distances to get to work and back home) for leisure time. If (s)he’s an avid movie fan, (s)he can only watch 4–6 movies back-to-back in a day. That said, a streaming service provider can automatically flag a user who consumes more than that as a potential online pirate.

The next step would be confirming one’s suspicions. This process is where a website categorization tool may come in handy. A website contacts and categorization database, for instance, can provide a media owner with a site owner’s personal information and more. A website categorization API, meanwhile, instantly tells users if a particular site is malicious. Both tools can help media owners block access from unwanted domains (tied to suspected pirates’ names, email addresses, etc.) to their portals, thus preventing online pirates from preying on their content.

Let’s take a closer look at how Website Categorization API works.

1. Access the tool by logging in to https://website-categorization-api.whoisxmlapi.com

2. Let’s say that you discovered that one of your streaming service customers is a KAT employee. For all intents and purposes, you weren’t entirely sure that KAT is a torrent provider and so you launch an investigation on the site. For this demonstration, let’s use KAT’s latest domain, katcr.co.

3. After you’ve successfully logged in to the tool, click Give the API a try. You should see the bottom of the page where you can start using the product.

After you’ve successfully logged in to the tool, click Give the API a try

4. Type the domain in the Search field then hit the Enter key. You should see at least one category that the domain falls under. In this case, that is Arts and Entertainment.

Type the domain in the Search field then hit the Enter key.

If you’re comfortable viewing API results in code or would like to integrate these into your existing DRM solution, you can do so by clicking XML or JSON. The result in the XML format looks like this:

The result in the XML format looks like this.

If you’re more comfortable with the JSON format, you can opt for this instead:

The result in the JSON format looks like this.

5. It seems pretty harmless, right? Let’s say you’re not convinced. You did flag the domain for a reason. So, you do a Web search for the domain to corroborate your findings with news reports. You may end up finding this:

You may end up finding this.

6. Your suspicion is then confirmed. You may be under attack by an online pirate. Now, you can safely blacklist any customer with ties to the site from accessing your network.

7. Follow the same steps with every suspicious user to rid your network of online pirates.

Now, that is a resource-intensive process, but there may be a faster way to eliminate unwanted access from your network. If you want to get a comprehensive list of similar domains, you can download a website contacts and categorization database.

Unlike the API that gives information piecemeal, Website Contacts & Categorization Database gives you all of the domains classified as Arts and Entertainment sites. It can help you filter the good from the bad (in this case, torrent sites). It also provides more information on a domain you’re digging deeper into, apart from the categories (top 3) it falls under, such as:

  • Domain name
  • Meta title and description
  • Social media links (Facebook, Instagram, Twitter, and LinkedIn)
  • Email address and description
  • Phone numbers
  • Postal address
  • Company name
  • Country

In the CSV format, the database looks like this:

In the CSV format, the database looks like this.

Using the database, an analyst can obtain more information on a domain of their interest. In this particular case, that is katcr.co. We already know it’s a P2P sharing site, something that’s illegal in many countries. So, if you are a media provider, it’s a sure bet you don’t want anyone from it accessing your content.

For less obvious potential threats, though, the Website Contacts & Categorization Database serves as a useful reference for determining your site visitors’ motives. A legitimate business, for instance, would typically use social media to promote its products or services. That said, a domain that doesn’t have social media ties could be hiding under the radar, and you should therefore deny access from thus identified sites to your network.

Filtering the contents of the database by company name, registrant, email address, or social media accounts also allows users to pinpoint relationships among online pirates. If one of a registrant’s domains proves malicious, for instance, blocking his other domains from accessing your network is a good idea. The database is an excellent means for users to spot visitors who may be using clever disguises to take advantage of your content.

The Verdict: Lessons Learned from the Kickass Torrents Case

Vaulin was caught when an IP address he used for an iTunes transaction was also used for logging in to KAT’s Facebook page. FBI agents also posed as an advertiser to obtain information on bank accounts associated with the site. They also seized full copies of KAT’s hard drives, including its email server.

Ties to social media and email accounts, as you know by now, can easily be determined with the Website Contacts & Categorization Database — something that proved critical to the investigation. Protecting against threat actors largely depends on determining where threats come from and what the perpetrators’ motives are. Without good sources of threat intelligence, thwarting cybercrime and other cyber attacks won’t be as effective.

We’ve seen this in KAT’s case, for instance, as in December 2016, former staff members revived the community by creating a website with its predecessor’s features and appearance. Putting its creator behind bars clearly isn’t enough. Making sure your content databases remain unreachable to threat actors with DRM solutions and rich threat intelligence sources, however, is.

4 Roles of Domain Name Monitoring in Making Cybersecurity Decisions http://www.5zhiq.site/blog/4-roles-of-domain-name-monitoring-in-making-cybersecurity-decisions/ Tue, 05 Nov 2019 13:27:18 +0000 http://www.5zhiq.site/blog/?p=2447 You might be surprised to find out, but there’s a lot you can tell about a domain name or a group of them from the cybersecurity standpoint. You may attempt to understand what the intentions of a registrant are, check … Continue reading ]]>

You might be surprised to find out, but there’s a lot you can tell about a domain name or a group of them from the cybersecurity standpoint. You may attempt to understand what the intentions of a registrant are, check for the consistency of data provided across touchpoints, get some insights into the scale of online operations, and more.

Overall, gathering and applying domain intelligence allows cybersecurity specialists to decide whether it’s in the company’s best interests to let information flow with unknown external agents. Or if, on the contrary, the risks outweigh the benefits so much that interactions should be at least heavily scrutinized or blocked altogether.

This post explores a variety of more specific situations where domain intelligence can help in making the right cybersecurity call at different levels of the organization and beyond it.

1. Prevent Social Engineering Scams

With people generally considered the weakest link in cybersecurity, scammers often pretend to be someone the victim trusts to steal a company’s confidential data. Particularly worrisome is the rising number of targeted attacks such as business email compromise (BEC) where a fraudster poses as a high-ranking company officer.

The trick here is about using authority to compel victims to transfer funds to their own accounts. But there are ways to deceive the recipients. For example, they may be prompted in downloading attachments containing malware or clicking on links that appear legit but redirect to forged sites.

Domain data can prevent such phishing and spoofing attempts by serving as a means to verify if emails actually originate from where they appear to be. More precisely, internal security teams and outsourced providers can check a suspicious sender’s domain with its WHOIS records. Some signs of alerts include private or incoherent registrant details or suspiciously recent registrations.

2. Protect Trademarks from Typosquatters

Your trademarks and other intellectual properties are online assets that identify your brand or company. As such, they are attractive targets for copyright infringers eager to cash in on your popularity or avid competitors looking to tarnish your reputation.

Typosquatters typically register domains that are strikingly similar to yours in the hope that your typos-prone customers land on them instead of your website. A brand monitoring tool can help you spot misspelled variations of your domain name practically in real time. Being aware of new registrations allows you to be more proactive — e.g., warning your customers, opening a domain dispute, etc.

This undertaking is particularly relevant in light of the emergence of countless new gTLDs that give lots of room for the impersonating of brands and misleading of customers. In fact, a recent domain abuse and activity report from the Internet Corporation for Assigned Names and Numbers (ICANN) found that more than half of all security threats emanate from new gTLDs.

3. Prevent Supply Chain Attacks

Confirming the trustworthiness of the people and companies that you do business with is important because dubious characters can infiltrate your company if you don’t. With that in mind, domain monitoring can help you screen potential partners, suppliers, resellers, and other stakeholders.

You can work with our Domain Research Suite dashboard to check the history of a domain name. This information lets you know if someone you thought you knew may be trying to fool your employees.

A technique scammers may use, for example, is purchasing the domain name of a company that ceased to exist or changed its branding and is now operating under a different registration. By getting familiar with domain history, you can find out about any recent new owner with whom you actually never did business before.

4. Enhance Managed Security Services

MSSPs brings in security specialists and technological tools and systems for detecting and responding to threats on behalf of their clients. However, these professionals are heavily reliant on the information made available to them to speed up detection and response as well as to avoid false positives and negatives.

Domain name feeds offer them a rich source of threat intelligence to thwart intrusion attempts and identify the entities behind them accurately. Moreover, these sources can indicate the existence of established criminal networks and nation-state hackers through the identification of malicious connections. Connected domains may, for example, have been registered on the same day, share the same physical address, or are owned by characters or organizations with questionable reputations.

Securing a business operation is no mean feat if you don’t have the right tools or have no idea where threats could come from and in what form. Bad actors are becoming really ingenious at disguising themselves, and stopping them requires access to domain intelligence that can contribute to their identification.

Comprehensive domain information contained in our enterprise packages offers a versatile cybersecurity solution to identify, investigate, and respond against bad actors and threat indicators. Contact us for more information.

How an IP Location API Can Bolster Content Personalization http://www.5zhiq.site/blog/how-an-ip-location-api-can-bolster-content-personalization/ Tue, 05 Nov 2019 12:16:06 +0000 http://www.5zhiq.site/blog/?p=2442 These days, people are all about personalization. The more personalized the content is, the more customers would want to visit the site. Increased website traffic means more income, and for most website owners and developers, that’s the goal. For businesses … Continue reading ]]>

These days, people are all about personalization. The more personalized the content is, the more customers would want to visit the site. Increased website traffic means more income, and for most website owners and developers, that’s the goal. For businesses that not only cater to online clients but also have physical stores, the goal is to bring online visitors to their brick-and-mortar establishments. But how can they effectively do this without compromising the quality of their service? Let’s take a closer look.

The Emerging Trend of Content Personalization

Content personalization improves customers’ retail experience. While e-commerce shops are causing a dent in the revenues of brick-and-mortar stores, some still cannot fully replicate the in-store experience. Then again, astute business owners know that they can use their online stores to benefit their physical shops. Brands are, in fact, using immersive retail experiences by providing links between their online and physical stores to drive their sales. They know that content personalization and customer engagement can be effectively brought to the cyberspace with the right tools.

A Smart Insights report revealed that consumers spend 48% more if they get a personalized experience. Gartner, likewise, revealed that organizations which spend time crafting personalized messages to help customers boost their incomes by 16% compared with those that do not. The research firm also believes that by 2020, smart personalization engines that help recognize customer intent can contribute a 15% increase in profits.

That said, investing in content personalization tools can effectively generate more revenue for any business. And one effective way of improving content personalization is using an IP location API.

How an IP Location API Improves Content Personalization

The crafting of an effective content personalization strategy requires starting from and building around these three primary standards:

  • Capturing customer information: The easiest yet the most crucial component of content personalization is capturing customer information. That is where an IP location API can benefit your business immensely. This tool allows users to identify any customer’s geographical location, including time zone, country, city, postal code, and more. Knowing this information, shop owners can easily customize the language and currency to each customer, depending on where he or she resides.
  • Data analysis: The customer data gathered can then be analyzed to create customer profiles. These profiles allow users to categorize customers and tailor-fit content to their specific requirements. Data analysis is crucial to know what products customers search for and buy, among other things. Knowing that, shop owners can easily customize any visitor’s experience, depending on his or her purchasing history.
  • Actionable insights: After successfully analyzing customer data, store owners need to act on the insights by building a marketing strategy that follows the buyer’s journey. One action can be directing those who prefer to shop in-store to the nearest establishment to where he currently is, be it at home, at work, or on the go. That is possible with the help of an IP location API, which can be accurate at the city or even street level.

The Power of Content Personalization

One specific example of online stores that exert a lot of personalization effort is Amazon. The site is heavily laden with a wide variety of personalized content that is meant to hook its prospective customers right away.

Upon visiting the website, customers instantly get a personalized greeting that uses their name. Amazon also has a Wish List tab that pools their customers’ frequently bought or favorite items. It also has several local versions based on the customers’ current geolocation as well as a list of products, wherever they may be. The site offers alternatives to products that are not available in certain locales as well. Shipping fees are also automatically computed and shown, depending on the customers’ current location.

Amazon has also successfully introduced collaborative filtering. It currently recommends what others in the same area have bought recently. These recommendations typically appear under “Visitors who viewed this product also viewed” sections, which is believed to generate more revenue. This tactic works because it makes customers feel a sense of belonging, especially if they reside in the same location.

The Bottom Line

Data gathering, analysis, and insight application aided by an IP location API can largely benefit any organization because when these three work together, they bring the highest possible return on investment (ROI). However, website owners and developers must realize that while they have to keep up with the personalization trend, they also need to do so without infringing on a customer’s privacy. An IP location API can help them do just that.

The retail landscape is bound to become even more competitive as the Internet continues to grow. Therefore, any business that wants to stand out has to effectively communicate with its customers on a personal level. They need to learn to harness the power of automation to enhance their customers’ experience and keep them coming back for more.

What to Consider When Choosing a Web Categorization API Vendor http://www.5zhiq.site/blog/what-to-consider-when-choosing-a-web-categorization-api-vendor/ Fri, 01 Nov 2019 06:03:53 +0000 http://www.5zhiq.site/blog/?p=2438 Organizations committed to becoming a leader in the Web filtering market need to provide adequate and secure Web access, which applies to unified threat management (UTM) appliance manufacturers, managed detection and response (MDR) service providers, or any other network security … Continue reading ]]>

Organizations committed to becoming a leader in the Web filtering market need to provide adequate and secure Web access, which applies to unified threat management (UTM) appliance manufacturers, managed detection and response (MDR) service providers, or any other network security vendor.

For a security provider, the protection of users is critical to success. Any vendor should be aware of the nature of online threats that include malware, botnets, and more. Since threats are continually evolving, a successful provider needs to offer a product or service that exceeds clients’ expectations.

Two critical elements of an ideal filtering solution are its domain database and classification technology. These enable users to distinguish good traffic from bad. Therefore, to improve their Web filtering capabilities cybersecurity companies need the help of a reliable third-party provider.

In this post, we listed the essential considerations when evaluating potential website categorization technology partners.


Coverage is an essential quality indicator when evaluating a website categorization database. Comprehensive coverage means that a provider has a system that monitors even the most recently launched websites.

Protecting customers against malicious threats requires a solution that covers the entire top-level domain (TLD) space. Although Web filtering and categorization tools don’t actively detect malicious code or quarantine malware, they still help identify and block access to threat sources before they can cause damage. A filtering solution that isn’t expansive enough won’t be able to serve as a good data source.

Performance and Speed

Performance and speed are also crucial to a website categorization API. A vendor that wants to become a Web filtering market leader should enable users to run shorter, more focused tests on questionable sites for quick results. They should, however, also be able to conduct longer tests for local software development kits (SDKs) or APIs. In any network, traffic flows at different speeds and only a solution that can cope with these can be considered adequate.


Accuracy is the primary indicator that separates the best website categorization technologies from the rest. Vendors claiming an accuracy rate of 99% or more are confident that their product is finely tuned for service. Validating a tool’s accuracy with manual verification is a good test. Companies should choose a vendor that confidently claims a high accuracy rating.

Additional Considerations

Besides the parameters mentioned above, here are other things to consider when choosing a website categorization partner:

  • Number of categories supported: The higher the number of unique categories supported by the product, the better its filtering capabilities are.
  • Threat detection: Website categorization APIs should be capable of detecting malicious activity. Since threat life spans vary, continuous analysis and reevaluation are needed to stay abreast of status changes.
  • Supported languages: A web filtering technology provider that supports various languages is essential due to the global nature of the Internet.

What WhoisXML API Offers

WhoisXML API provides cybersecurity companies with a machine learning (ML)-based website categorization API. It is capable of retrieving website content and assign categories using natural language processing. The company parses more than 152 million websites and crawls 4 million sites daily.

Besides domain names, users can also find the contact information of the owners in the database. This data includes the domain registrant’s name and contact details, along with dates of registration and expiration, and more. A reliable database contains information on all active domains. Users don’t need to do manual queries as such since the API does that for them.

The product currently supports 25 categories, which should be more than enough for most users. However, if a particular category isn’t listed, users are free to submit requests.

All of the information provided by the API are normalized and follow a standard format. Users can acquire both parsed and raw databases through downloads. Databases can come in the form of database dumps or CSV files. This allows for easy integration with existing business applications and processes.

The API can help teams block access to malicious content and its sources. It does so by providing security solutions with response queries that categorize URLs as safe to access or otherwise. It also performs well even under heavy load.

In a nutshell, our web categorization products can help users improve their own cybersecurity.

The characteristics mentioned above are just some of the things a company needs to consider when choosing a Web filtering partner.

It’s important to remember that no solution is foolproof. Not all providers are equally good and some are certainly better than others as the former use more advanced technologies and tools. What’s important is finding a website categorization partner that best meets your needs.

WhoisXML API’s website categorization offerings may be what you need to enrich your products’ capabilities. We have been gathering domain and website records for more than 10 years, accounting for our vast data set. If you want to learn more about our products, contact us at

How DNS Filtering and Website Categorization Lists Can Empower In-House Cybersecurity Teams http://www.5zhiq.site/blog/how-dns-filtering-and-website-categorization-lists-can-empower-in-house-cybersecurity-teams/ Mon, 28 Oct 2019 06:48:05 +0000 http://www.5zhiq.site/blog/?p=2435 The IT security climate these days is pretty unpredictable. A study by the University of Maryland states that a security incident occurs every 39 seconds. Companies around the world are, in fact, increasingly suffering from Web-based attacks, not to mention … Continue reading ]]>

The IT security climate these days is pretty unpredictable. A study by the University of Maryland states that a security incident occurs every 39 seconds. Companies around the world are, in fact, increasingly suffering from Web-based attacks, not to mention the fact that the average cost of a data breach has skyrocketed.

The good news is that there is a wide range of measures that in-house cybersecurity professionals can employ against threats. One effective solution is Domain Name System (DNS) filtering.

Depending on how it is implemented, DNS filtering can provide advanced network setting controls to enhance online safety. It can protect organizations from threats like botnet, phishing, and other malware-instigated attacks. The great thing about it is that a website categorization database can supplement it. Such a database is thus an excellent resource for managed security service providers (MSSPs) and the like.

DNS Filtering Basics

In essence, DNS filtering is a method of blocking or restricting access to specific domains or websites on the Internet. By doing so, this approach provides organizations with the protection they need to ensure a safer working environment.

DNS filtering can effectively allow companies to employ advanced network security configurations at the domain level. For instance, users arriving at a malicious website are instead redirected to a secure page by a DNS filtering solution. This will, of course, depend on how the solution is configured.

DNS filters can also be employed to block access to web pages under specific categories. Pages with content related to pornography, gambling, illegal file sharing, and the like can be tagged as unsafe. Because classification needs to happen in real time, a DNS filter needs to be a low-latency solution. It should not delay access to websites, particularly those that are considered safe.

By default, most DNS filtering solutions offer a certain level of protection against malware. There are also more advanced solutions that can detect and block access to phishing websites and other malicious pages.

The Benefits of DNS Filtering

A DNS filtering solution offers several key advantages. One of the most important is the ability to block access to compromised websites and other malicious domains. These pages include “objectionable” sites such as those that host content related to violence, terrorism, and others.

DNS filtering solutions are also scalable, fast, and lightweight. Enterprise-level offerings come with even greater flexibility for customization. With these, security teams can easily input their desired configurations.

Proactively blocking potentially malicious websites may, however, be the main advantage of using a DNS filtering solution. This practice is especially crucial since human error has been identified as the most common cause of cyber incidents. When complemented by a website categorization list, for instance, internal security teams can improve defenses against online threats.

Company owners also get the added benefit of preventing employees from accessing prohibited materials such as those that decrease productivity or are offensive to others during work hours.

DNS Filtering Limitations

Despite being a powerful technology, DNS filtering does come with its limitations. Since it is tied to DNS, its filtering and protective approaches are restricted to DNS boundaries. It can only act on the domain and subdomain levels. It does not offer users any visibility at the page level. As such, teams won’t tag a domain as dangerous if only one page on it has a malicious payload.

Blocking harmful content requires website categorization. DNS filtering solutions on their own don’t analyze websites for redirection or blocking. They depend on an external source of data for that. If you plan to employ a DNS filtering solution, you should first understand the security and granularity that it offers.

It can, however, go a long way in improving an in-house security team’s capabilities. It does so by providing them with the essential infrastructure to protect both the network and its users. However, DNS filtering requires organizations to have a robust strategy and help from trusted third parties (APIs, feeds, etc.).

By itself, DNS filtering lets companies enforce comprehensive and forward-thinking Internet usage policies. These same policies let them block access to potentially harmful websites and threats. Any company is always a potential target, but it can significantly reduce the chances of being compromised.

WhoisXML API offers a machine learning (ML)-powered website categorization API and database that complements DNS filtering solutions. We parse more than 150 million websites and crawl millions more on a daily basis.

All of our data sets are well-parsed and normalized for consistency. Users can download both parsed and raw data in the form of a CSV file or a database dump. Our consolidated and coherent data makes integration with existing systems and processes easy. If you’d like to learn more about what we have to offer, contact us today.

The Domain Research Suite That Aids Financial Fraud Investigations http://www.5zhiq.site/blog/the-domain-research-suite-that-aids-financial-fraud-investigations/ Thu, 24 Oct 2019 18:10:14 +0000 http://www.5zhiq.site/blog/?p=2419 Cryptocurrency Exchanges Go Unregulated Bitsane, a cryptocurrency exchange based in Ireland, vanished in the June of 2019. Its founders took with them the crypto deposits of 246,000 users. The platform traded an average of $7 million each day. Worldwide, fraudsters stole … Continue reading ]]>

Cryptocurrency Exchanges Go Unregulated

Bitsane, a cryptocurrency exchange based in Ireland, vanished in the June of 2019. Its founders took with them the crypto deposits of 246,000 users. The platform traded an average of $7 million each day.

Worldwide, fraudsters stole nearly $1.5 billion’s worth of cryptocurrencies in the first two months of 2018 alone. It’s estimated that since then, criminals have made off with an average of $9 million a day.

So how can law enforcement authorities, legitimate financial institutions, and even individuals know whether a cryptocurrency exchange is planning to steal customer investments?

WHOISXMLAPI.com’s Domain Research Suite can reveal indicators that financial institutions like cryptocurrency exchanges may be committing fraud.

Fraud Detection Data Solutions | Whois XML API

WHOISXMLAPI.com researchers decided to apply a combination of traditional online investigation with WHOISXMLAPI.com’s Domain Research Suite to determine whether a current cryptocurrency exchange had intentions to defraud customers. Though perhaps not attributable to luck so much as a high probability of discovery in today’s crypto Wild West, WHOISXMLAPI.com researchers did discover an operational exchange that was already collecting customer complaints.

Though we can’t name the company we investigated, we will show you the tools and publicly available online databases we used to delve beneath the surface hype of the Exchange.

Financial Fraud – Consumers Cheated

Ripoff Report is one of the most popular repositories on the Internet for filing “complaints, reviews, scams, lawsuits, and frauds. It happens to have categories for Bitcoin Fraud and BTC Fraud, among other listings. It’s in these categories that we discovered complaints against what we’ll call ExchangeXYZ (not its real name). Googling “ExchangeXYZ Reviews” revealed even more complaints over the past seven months from customers (with attendant entries from individuals promoting services to reclaim lost funds).

Typical complaints we took as red flags were much like this one:

“… they have held my bitcoin for over 7 months even after going through the verification process[,] they refuse to allow my bitcoin to be sent to my whitelisted wallet … [ExchangeXYZ] has given me every excuse imaginable … [It is] how they are holding value in their Exchange… [ExchangeXYZ] wants to operate in the USA[,] but with my experience I would never recommend putting any crypto currency in this exchange as you will not get it back…”

A look at ExchangeXYZ’s website revealed no contact details: addresses, phone numbers, or even a chat line. However, there are about a half dozen email addresses that have to do with PR relations, product information, coin exchange information, etc. The only means of customer support is through a form on the website. Several of the complainants noted that any responses they received by using the form were clearly from bots, without any human intervention.

Using the Domain Research Suite to Investigate

The WHOISXMLAPI.com Domain Research Suite revealed that the registrar for the company’s website was a registration service based in Denver, Colorado.

Using the Domain Research Suite to Investigate

The Domain Research Suite sports a dashboard with easy-to-use tools that excavate the backgrounds of websites. The tools include:

Reverse WHOIS Search | Domain Research Suite

The WHOIS Search delivers data about the owner of a domain, the owner’s address, as well as the administrator and similar contact information. In the event of a WHOIS Search on ExchangeXYZ, the location of the registrar would initially lead a consumer to believing the company is based in the U.S. At the very least, as we’ve seen from the representative customer complaint above, ExchangeXYZ is servicing consumers in the U.S.

WHOIS Search | Domain Research Suite

According to the WHOIS records of the top ten cryptocurrency exchanges, four of those either used agents to protect their identities or they edited contact information to block prying eyes. So it is not extraordinary that

The U.S. Securities and Exchange Commission (SEC) cites that “…if a platform offers trading of digital assets that are securities and operates as an “exchange,” as defined by the federal securities laws, then the platform must register with the SEC as a national securities exchange or be exempt from registration.” A search of the SEC’s EDGAR database of registered corporations showed no record of ExchangeXYZ. Nowhere on the website does it indicate it has either registered with the SEC or been exempt by the regulatory body. In other words, the SEC could not protect American consumers who traded on the suspect cryptocurrency platform.

The New York State Attorney General also believes that ExchangeXYZ and others are indeed servicing customers in the United States, including New York State. In 2018, the New York State Attorney General released a voluntary survey for 13 cryptocurrency Exchanges to complete about their operations. All but four Exchanges returned the surveys. ExchangeXYZ was one of the four that refused to respond. The Attorney General’s office concluded in its September 2018 report that as their report details, “many virtual currency platforms lack the necessary policies and procedures to ensure fairness, integrity, and security of their exchanges.” The Attorney General’s report detailed how some of the platforms practice overlapping lines of business that present “serious conflicts of interest”. Some, the report observed, traded for their own account on their own venues.

Indeed, Bitwise Asset Management, a cryptocurrency asset advisory and management firm, cited in a report that upwards of 95% of cryptocurrency trading originated from suspect sources. Research firms Crypto Integrity and The TIE concluded that 88% and 75% of reported exchange trading data were suspicious, according to the The Wall Street Journal (WSJ). The WSJ report pointed out that “the unregulated exchanges are inflating trading volume to get a higher ranking on data services like CoinMarketCap and leverage that ranking to attract listing fees.”

In light of its own findings, the New York Attorney General’s office has since formally referred three of the Exchanges to the New York State Financial Services department to investigate whether the Exchanges are operating illegally in New York State. One of the three is ExchangeXYZ.

So why is it that ExchangeXYZ can ignore some of the most powerful financial regulatory agencies in the world? A peek at its domain history may give some clues.

A Look at the WHOIS History of ExchangeXYZ

The WHOIS History shows the domain name was registered in China on April 1, 2017. This occurred during China’s own cryptocurrency Wild West when Mainland Chinese residents were desperate to move their money offshore through cryptocurrency exchanges. The exchanges at the time afforded customers an unregulated way to realize foreign exchange beyond the limits set by the government. The timing also suggests how ExchangeXYZ got so big so quickly. But the Chinese government effectively outlawed cryptocurrency exchanges later in 2017. ExchangeXYZ’s founders had started the business in China at the worst possible time, it seemed.

So it chose to go West.

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on October 2, 2017)

In December 2017, ExchangeXYZ chose to use a professional domain service firm based in the United States to protect the national origin of its domain.

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on December 18, 2017)

Note that the Created and Expired dates of the October 2, 2017 and December 18, 2017 coincide. On December 18, 2017, the domain creator chose to mask the origin of the domain with a U.S.-based service provider. The time frame fits in with the operation wanting to hide its China-based domain registration, more likely from the authorities on Mainland China and, perhaps, even from the Japanese authorities.

So the question remains: is it common practice for cryptocurrency exchanges to hide their provenance? The answer is “no”. Of the ten most popular exchanges, six have made their ownership history explicit in the WHOIS historical record. Two explicitly state their records have been “edited”, while a truly U.S.-based one has used a Panama-based administrator to maintain its current record.

Why, then, would ExchangeXYZ choose to hide its origins from occasional viewers?

Shell Companies, Shell Game

ExchangeXYZ moved its operations to Malta during the spring of 2018, according to its Wikipedia entry. Malta is known best for three things: the 1941 film The Maltese Falcon; its government-sanctioned sales of European Union passports to Russian oligarchs; and its reputation as an offshore banking financial center. Malta’s lax financial regulatory environment is a magnet for companies that wish to escape scrutiny.

However, just because a business is registered in Malta, it isn’t necessarily looking to escape the regulations of other countries.

Perhaps an investment entity is offering local services. A search on Google, however, indicated no website based in the island-nation related to the company, and no business activities to speak of. Further, a search with WHOIS API on the several Maltese business names of ExchangeXYZ did not reveal any domains.

As the noted financial fraud investigator Travis Birch observes:

“These days, it makes sense for almost every business to have a web presence, even if they aren’t dealing directly with end customers. This could be an Alibaba shop, a Yellow Pages listing, a proprietary website, or anything that states the company’s line of business. A lack of effort to promote itself suggests that the company may not want to be known.”

Further, a search on the address of the two Maltese addresses at which ExchangeXYZ entities are registered reveal dozens of companies at the same street address revealed as shell companies in The Offshore Leaks Database. The Database houses the Panama Papers as an indexed repository of the business entities in offshore locations revealed in 2015 as shell companies.



An advanced Reverse WHOIS search on the original company name “ExchangeXYZ” in the Country of Malta revealed more than 20 related domain names. Most of the websites have not been developed, while one is a cryptocurrency exchange to bet on professional sports events. It is entirely feasible that the site is a front for laundering proceeds.



Money Laundering for Tax Avoidance

According to the global companies database OpenCorporates, the oldest legally registered business for ExchangeXYZ was in Hong Kong, dated back to 2017. Database records show the Hong Kong entity currently inactive. However, ExchangeXYZ was very busy from the spring of 2018 to early 2019 establishing business entities in a dozen other countries.

Of greater note are the locations that are well-known offshore centers. In addition to Malta, they have established entities in Jersey, Uganda (well, maybe not so well-known), Singapore, and Switzerland.

Birch also notes that:

“Beneficial owners typically want to keep bank accounts nearby so they’re easier to use, or they may start accounts in places with banking secrecy like Switzerland or Liechtenstein. As a result, shell companies are often domiciled far from associated accounts.”

The Exchange also created three entities in India, the business name of one of which implies an investment in the clubs and resorts industry. The Exchange also has addresses in London.



The London addresses found in the companies incorporation record in OpenCorporates.com reveal residences. Indeed, the address pictured above has had eight other shell companies associated with it, according to the Panama and Paradise Papers.



Reverse WHOIS searches on each of the entity names of the offshore entities did not reveal any related domains; however, searches on Domain Names that included ExchangeXYZ and contained Registrant Contact:Country that included a country name (e.g., India) in some cases displayed domain names related to the ExchangeXYZ domain name. In the overwhelming number of instances in which domain names did display in the Reverse WHOIS results, the domains were inactive.

The circumstantial indicators discussed above should signal to consumers and regulators that business operations at ExchangeXYZ may not be in the best interest of its customers. Instead, it appears that ExchangeXYZ has created itself a financial ecosystem in which business occurs between entities.

Researchers could be forgiven if they were under the impression that the store of wealth the Exchange has accumulated may be stashed in far away and exotic locations. These locations lie beyond the reach of law enforcement authorities in the United States, the European Union, and even China. If and when the Exchange shutters its operations, consumers in the United States may lose hundreds of millions of dollars without legal recourse.

Beyond Cryptocurrency Exchange Fraud

Cryptocurrency fraud is not the only form of online financial crime investigators can apply WHOISXMLAPI.com’s Domain Research Suite to. The FBI cited in its Internet Crime Report for 2019 that the year before had seen a dramatic spike in Internet-based theft and fraud. The report estimated that in 2018 in the United States alone, cybercriminals stole $2.7 billion from consumers and organizations.

WHOISXMLAPI.com’s Domain Research Suite tools and traditional online investigative practices may not stop most of the crimes from happening. However, the integrated approach may help authorities and investors more readily get to the source of cryptocurrency and other forms of financial fraud on the Internet. Possibly, investment recovery rates may rise and the data collected during investigations may inform policymakers about viable ways to bring law and order to the Wild West of the Web.

Web Page Categorization: How Next-Generation Technologies Can Benefit MSSPs http://www.5zhiq.site/blog/web-page-categorization-how-next-generation-technologies-can-benefit-mssps/ Thu, 24 Oct 2019 14:18:29 +0000 http://www.5zhiq.site/blog/?p=2415 The demand for managed security services has been growing by leaps and bounds over the past years. The reason for this trend is that organizations of all sizes need to monitor their IT systems around the clock and manage incidents … Continue reading ]]>

The demand for managed security services has been growing by leaps and bounds over the past years. The reason for this trend is that organizations of all sizes need to monitor their IT systems around the clock and manage incidents and breaches in real time. Yet, they may not have the means necessary to do that on their own as it requires significant investment in infrastructure and human resources.

Adding to that, traditional security measures have a hard time catching up with today’s more advanced threats. The fast-paced and increasingly connected environments require next-generation technologies and techniques, which enable MSSPs to protect their clients’ complex environments.

In this post, we’ll discuss what these next-generation capabilities are, why they are essential, and how web page categorization can improve them.

Next-Generation Technologies Needed by MSSPs

There are at least three primary technologies that MSSPs require to stay on top of the game — big data analytics, automation, and artificial intelligence (AI).

Big Data Analytics

Big data analytics refers to the ability of an organization to analyze vast amounts of information. The process allows data scientists and other users to make sense of potential threat indicators in a way that standard business systems are incapable of.

Time is of the essence in the world of cybersecurity, but legacy systems are not sufficient when it comes to tackling large-scale data sets. Traditional databases are meant to take on predictable information concerning scale and volume — something that today’s data sources do not adhere to.

That is why it is recommended to use systems that are big-data-friendly. However, the ability of a platform to process large amounts of information depends mostly on its built-in big data architecture and what’s fed into it.

Therefore, MSSPs can remain effective by using systems that can handle big data. Also, each tool should be able to adapt to the continuous growth of the databases attached to it.


This process refers to the development and application of technologies that automatically control and keep track of various processes. Automation takes over and performs recurrent tasks previously done by system operators.

Built on these principles, MSSPs can implement automation techniques to work in a more scalable manner. Automation has, in fact, become a standard feature of many of their offerings. It alleviates many of the burdens of data analysts. Bottom line: the more automated MSSP processes become, the better specialists can focus on essential tasks that add more value to their clients.

AI and Machine Learning (ML)

AI is the broader concept of using machines to perform tasks in a so-called “smart” manner. ML, on the other hand, is a byproduct of AI. It refers to entrusting machines to perform data analytics based on predefined steps.

Many cybersecurity professionals are now using AI and ML to automate the performance of repetitive tasks. These allow automation and eliminate a lot of the noise that comes with processing big data.

WhoisXML API Uses Next-Generation Technologies

WhoisXML API is a known provider of updated and well-structured databases that contain information on billions of domains. All of the domains in our website contacts database are classified into 25 different categories. These categories are regularly updated, and users can always request to add more.

Each domain record comes with the contact information of its owner. The database also reveals the registration and expiration dates of domains. Domain records can be particularly helpful in supplementing evidence gathered during investigations.

Our products can be configured to match users’ preferred data set format. It’s possible to acquire the outputs as database dumps or as comma-separated value (.csv) files. Users can also download customized databases that contain only the information they require. 

What’s more, our products come with a built-in ML engine. As such, they crawl website content and meta tags to extract text and categorize a page by using natural language processing. Content analysis is thus easier and performed automatically. Additionally, this means saving time to perform manual queries later on.

MSSPs can use our database to enrich available information that may be related to a wide range of threats. These include incidents of phishing, fraud, and more. Integrating our database into systems can provide users with more detailed information on websites. This data can help analysts determine whether or not sites are safe to access in less time.

Those who are not averse to using third-party APIs, on the other hand, can integrate our web page categorization API into already existing systems. This eases the addition of sources of information to enhance threat correlation.

To stay competitive, MSSPs must keep using next-generation technologies. To support this process, WhoisXML API offers web page categorization products that can enhance MSSPs’ capabilities. Our solutions are particularly useful in detecting and resolving cybersecurity threats. Want to know more? Contact us.