Blog & How To Guides | WhoisXML API

WhoisXML API Blog

Website Categorization Explained - Complete Guide For Your Business

Great attention has been directed lately towards website categorization; a cybersecurity practice which has been around for a while, but it wasn’t until recent times that it started to be increasingly used in marketing and business.

Website categorization is, in essence, the act of putting websites related by their content and function into similar categories. With that in mind, sites like Amazon and Ebay are grouped as Ecommerce sites; CNN, BBC and the likes are classified as news sites; Twitter and Facebook are tagged as social media sites, while Reddit and Quora are Forums (Message Boards) and so on.

However, what some people might not realize is that website categorization is a totally different ball game from Search Engine Optimization and Alexa rankings. Each is different and should be approached in that light - and not be confused.

Continue reading

Domain Parking and the Typosquatting Feed

In an earlier post, we described the key elements of the domain parking ecosystem and discussed the risks typically stemming from a lack of appropriate regulation of this area. In the present post, we shall conduct a particular investigation revealing the connection between typosquatting, bulk domain registrations, and domain parking, by using WhoisXML API's Typosquatting Data Feed

The Typosquatting Data Feed takes all second-level domains in all generic Top-Level Domains (TLDs) and some of the country-code TLDs that started to operate on the Internet on a given day. That is, these are newly registered or re-registered domains. It performs a lexical similarity-based clustering in search of groups of domains so that all domains in a group have similar names. Hence, the domain feed provides groups of newly registered domains that have been registered on the same day, are similarly named, and are frequently parts of bulk domain name registrations. 

We have found that these sets of domains are closely related to many illicit or semi-legal activities on the Internet that deserve attention, including typosquatting, but also phishing, malware activity, etc. In addition to that, since 1 July 2020, the data are available in an "enriched" fashion, that is, part of the WHOIS information, and the IP addresses associated with the domains are also provided. We shall see below that this is very useful. So, let us see how it relates to domain parking. 

Continue reading
Company Marketing Intelligence from Subdomain DNS Records

Company Marketing Intelligence from Subdomain DNS Records

Marketing intelligence refers to any information about a company’s market base. It not only reflects industry trends but also refers to any information about the organization’s target market, existing customers, and even competitors. In particular, 94% of companies invest in competitive intelligence, a significant part of marketing intelligence.

While there are several marketing intelligence sources in existence, one less tapped source is the Domain Name System (DNS). DNS records, such as mail exchange (MX) and TXT entries and subdomains, can help companies answer these questions:

  • What external services do competitors or key industry players use?
  • Are other industry players set to launch new products? What are these?
  • Are there potential mergers and acquisitions (M&A’s)?

In this post, we demonstrated how Subdomain DNS Record lookup tools that glean data from a DNS database could help enrich marketing intelligence.

Continue reading

Domain parking: A look at the business model and cybersecurity implications

In this white paper, we describe the notion of domain parking, introduce its motivation, stakeholders, and ecosystem. We go through the main security issues it poses, discuss the detection of parked domain names, and comment on the possibility of mitigating the risk posed by them.

Continue reading

WHOIS running the Internet from May 25, 2018 onwards?

The virtual space of the Internet is a relevant scene of our everyday life. And the elements of reality and their virtual counterparts – friends with social media contacts, shops and web shops, companies and websites, etc. – are becoming more and more confusable. Albeit this must have been in principle already expected by the founding fathers and mothers of the Internet, in many respects the Internet has been developing not quite as they had envisaged.

For instance, it had been clear from the very beginning that there should be a link between Internet domains and the real-life people and entities responsible for them. In the beginning, the motivation was mainly technical, of course: if something went wrong on the network, the operators needed to know whom to contact. This demand gave birth to the WHOIS protocol, a standard way to learn who is responsible for a high-level Internet domain.

Continue reading

DRS Video Tutorial #1 — A Brief Overview

Check out this explanatory video looking at a series of examples and DRS queries for security and other purposes.

Continue reading

What is email verification or validation and how does it work?

The verification or validation of email addresses is a fundamental need in many applications, ranging from protection against phishing and various other email-based threats through the validation of data filled in into an online form to the purification of marketing or other email lists from invalid addresses to maintain sender reputation and avoid bouncing or other unnecessary email traffic. These have been illustrated in detail in several other blogs

Continue reading
DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

Earlier this year, we saw several cyberattacks target European and Middle Eastern governments and other organizations. Their modus operandi? DNS hijacking. The attackers intercepted Internet traffic going to the victimized websites, likely enabling them to obtain unauthorized access to the intended targets’ networks.

That’s just one of the many occasions when organizations fell prey to DNS hijacking attacks. More can succumb to the threat if we’re to consider that 34% more companies in 2019 alone suffered from a DNS attack (not limited to DNS hijacking) compared to 2018, costing each victim an average of almost $1.1 million.

DNS hijacking notably occurs when hackers tamper with the Domain Name System (DNS) to redirect a target website’s visitors to fake login pages designed to capture their passwords and other information they may unknowingly fill in.

But to what extent can DNS hijacking affect organizations with a widespread online presence?

This post aims to answer this question by looking into eBay’s potential domain attack surface and the numerous subdomains that contain its brand aided by passive DNS and publicly accessible data.

Continue reading
Try our WhoisXML API for free
Get started