Blog about Web Design and SEO

Jonathan Zhang

4 Reasons Why Digital Marketers Should Start Using a WHOIS History Search Tool among Others

In recent years, the growth of the Internet has caused tremendous changes in the marketing industry. Digital marketing has taken over traditional forms of advertising, as more and more people go online to look for products and services. These changes led to the increased reliance on digital marketing campaigns, which require significant investment in terms of time and effort. It involves doing careful market research to identify a target audience, build content, and plan how this will all work as part of a sales funnel.

One of the most reliable ways to carry out a digital marketing campaign is to partner with other websites to promote one’s products and services. Digital marketing can, however, be detrimental if the site you partner with has a checkered past. That is avoidable with the help of solutions such as a WHOIS history search tool and others.

Reason #1: Boost the Efficiency of SEO Campaigns

If you want to boost your SEO campaigns quickly, getting an old or expired domain can be a good option. Why? Some old domains already have good rankings with Google. Newly created websites often take years to rank, on the other hand. However, you cannot just get any expired domain to use for your campaign. You have to verify if your chosen domain has a clean track record.

Using a domain name history search tool can help you check if the website you’re eyeing has any associations to known individuals or registrants involved in criminal or illegitimate activities. You can also use a threat intelligence platform to check if it has been featured on phishing and malware data feeds to get a full picture.

Reason #2: Protect Your Domain’s Reputation

Ensuring the success of your marketing campaign involves using a domain that has a good reputation. If your domain has associations with suspicious domain names, it can tarnish your brand.

By checking a domain’s WHOIS history together with domain reputation checker tools like Domain Reputation API, digital marketers can double-check if it shares an IP address with a known malicious domain. If that’s the case, it might be best to choose another domain to avoid being mistakenly associated with cybercriminals. Digital marketers can also use a WHOIS lookup tool to check current records.

Reason #3: Verify Third-Party Legitimacy and Credibility

Most digital marketers use content and influencer marketing tactics to widen audience reach. Before partnering with a third party, they can first use a WHOIS history search tool to see if their domains are legitimate and credible. The tool helps you know when and where a domain was registered and see if its owner is who he/she claims to be. 

You can also know if the domain has connections to malicious domain names or if its owner has a shady past that you must know about, notably by using a tool like Reverse WHOIS Search — which lets you see which domains are connected (some of which might be considered malicious) to a given registrant’s name and other details.

Reason #4: Ensure Cybersecurity Protection

Cybersecurity is no longer a concern for IT officers alone. Even digital marketers have a role to play in not associating their brand with criminal undertakings. With a domain history search tool, they can investigate domains that they may want to use for a campaign prior to buying it. 

Let’s consider a hypothetical scenario in which your company is about to launch a new product site and is interested in a domain that had prior registrants. You can run it through the tool and found if it has been used by any individual or organization (or any known pseudo that they’ve used) tied to current malicious activity. You can also use a domain reputation checker to identify other possible vulnerabilities.

With the growing intensity and sophistication of cyber attacks, everyone in the organization must be well-informed about risks. One way by which digital marketers can help is to make sure that every domain they use for their campaigns is trustworthy and legitimate, something that is easily doable with the help of a WHOIS history search tool among others


Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.

The post 4 Reasons Why Digital Marketers Should Start Using a WHOIS History Search Tool among Others appeared first on SiteProNews.

Uncovering Fake News Sites with WHOIS Search

A majority of news sites are susceptible to domain spoofing via techniques such as typosquatting. Typosquatting allows fake news peddlers to entrap readers who mistype news sites’ domains into their browsers. 

And these typosquatters make it a point to copy the sites they spoof carefully from the domain name down to the logo and layout of their fake news pages. Possible motivations include extracting personally identifiable information (PII) from fake subscription forms, spreading malicious information, or dropping malware onto victims’ devices.

How Fake News Site Proliferate

Fake News Site Creation

Malicious actors first register a domain name that is as close as possible to that of the site they want to spoof. We have seen real news sites even report on how hackers attempted to pass off misinformation by banking on their reputation. An example would be Foreign Policy (FP)’s experience with pro-Iran hackers to cast Saudi Arabia and Tehran as aggressors just this May.

From the real FP site

From the site spoofing FP

While there are stark differences in the banner and font, any reader who does not subscribe to FP would still be fooled by the fake news page. Anyone who doesn’t scrutinize domains can also easily fall for the ruse. The real FP site’s domain is foreignpolicy[.]com, while that of the spoofed site is foreignpolicy[.]net.

Content Theft

Once the website is ready, the fake news producers fill it with content. Some fake news sites create all of its own content, passing each one off as real news. But others who only want to spread one or a few fake articles, for instance, opt instead to steal the content, preferably of the site they are spoofing.

Social Media Promotion and Advertising

Like real news reporters, fake news writers need to make a living. So some fake news sites publish ads. Then again, they would need readers to click those ads and they may use social media to promote their publications.

Our Investigative Tool: WHOIS Search

We’ve seen the perils of believing in fake news such as instigating riots, causing fake memories, distorting truths, and more, but people still keep falling for them. Maybe people’s judgment skills can be supplemented by technology, especially in the workplace.

We obtained a list of confirmed fake news sites from GitHub and subjected some of these to WHOIS Search checks. We compared the WHOIS records of (the real deal) with a spoofed version of it, fox-news24[.]com.

Real Fox News site

Fake Fox News site

The table below sums up the differences between both domains:

Clearly, fox-news24[.]com is not owned by Fox News Network, nor does it have any ties to the media giant. Why is that? First off, fox-news24[.]com has a recent registration date. Note that it’s common for cybercriminals to use newly-registered domains as part of their fraud. 

Additionally, the information on the spoofed domain is redacted. It can be because site owners are hiding from law enforcement as more than half of existing fake news sites in this study have used a WHOIS privacy protection service to hide their personal details. However, a lot of websites use domain privacy services and are entirely legitimate, as in the case of The Republican-American (rep-am[.]com), a Pulitzer-prize winning site.

Still, it’s interesting to note that established media outfits like foxnews[.]com typically have age-old operational sites and tend to make their contact details public. 

Based on this brief analysis, it may be a good idea to block the spoofed domain fox-news24[.]com from your corporate network so employees won’t land on a potentially harmful, not to mention dishonest, site.

WHOIS Search is a great tool to start investigating the veracity of suspicious domains since it can identify who is behind a website. By digging deeper into the WHOIS records of a domain name, users can make sure that they are not patronizing fake news sites. Integrating its restful API counterpart, WHOIS API, into security solutions, can also help companies prevent employees from landing on dubious sites automatically. 

Other products can also bring a deeper perspective on a domain’s past as some news sites become crooked only after they change hands. Bearing this in mind, domain ownership history can be monitored with WHOIS History Search and WHOIS History API.


Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.

The post Uncovering Fake News Sites with WHOIS Search appeared first on SiteProNews.

Warding Off Cyber Propaganda with WHOIS Search

Cyber propaganda refers to using modern electronic means to manipulate events or influence public perception toward a particular point of view. In the past, propagandists took to radio and television stations and newspapers (mostly tabloids) to further their ideologies.

Today, aided by advancements in technology and the ubiquity of the Internet, rumormongering is mostly carried out through fake news sites. 

Cyberpropaganda, Fake News, and WHOIS

Two main tactics used by cyber propagandists nowadays are database & system hacking and spreading fake news. Database & system hacking can be difficult to orchestrate; it requires advanced technical know-how that not all propagandists have.

It’s often easier to spoof reputable news sites and publish fake stories then entice readers with sensational headlines to make them click the links to the bogus articles. The sad thing is that almost half of readers believe what they read and spread these before realizing they are fake. Could this happen to you?

Say you come across some breaking news that appears odd and you want to establish authenticity before spreading it. The story might come from a pretending established media outlet. Or it might be published on a website you never saw before. 

Either way, though nothing seems amiss with the site at first (i.e., the design is ok, other posts make sense, etc.), a deeper investigation checking the WHOIS record of the domain in question can help dispel your doubts.

Our Investigative Tool: WHOIS Search

WHOIS Search reveals pertinent information about a domain’s owner, including his/her contact details, how old the domain is, and more.

For this post, we identified the publisher of one of 2018’s biggest fake news stories, abcnews[.]live, which posted “Protesters Vandalize Kavanaugh’s House, $11,000 Damage.” 

The domain looks credible in comparison to the real online property,, which is ABC News’s online news portal, a subsidiary of Disney Media. Note, however, the distinct TLDs in use by the fake and the actual site — “.live” vs. “.com.” New gTLDs are often part of domain name abuses and impersonation schemes. 

Here are some extracts of both sites’ WHOIS records:

What do the results tell us? The site that produced the fake news is by no way associated with the reputable site it’s trying to pass for. Let’s see why.

With over 8,000 days since it was first registered, is a much older domain than abcnews[.]live. In comparison, abcnews[.]live has only had 441 days of existence at the time of writing.

Note that 441 days can be already be considered a long time in the cybercriminal world. Possibly the registrant may have fooled people with his or her site for a while already. Or he or she may have waited for a bit before starting to post fake news so the domain wouldn’t be spotted as a totally “fresh” registration.

If the latter reason happens to be true, a long-term reader of may still find strange that such a long-lasting organization as ABC News has only been operating the site for a year only. 

Looking at Registrant Contact for abcnews[.]live on its own doesn’t allow us to draw any reliable conclusion. The information is redacted either because the registrant is using a domain privacy service or the registrar is complying with new privacy rules following the entry in force of the General Data Protection Regulation (GDPR).

Yet, should a user wonder whether abcnews[.]live may be a spinoff of, the difference in Registrant Organization—ABC, Inc. vs. Disney Enterprises, Inc.—shows that it’s unlikely.

While it may be difficult to prove the integrity of an alternative news publisher, disproving their ties to big-named media outfits is possible with WHOIS Search. Apart from adhering to known best practices such as considering the source, reading beyond, and checking the author, learning more about a domain’s registration details can give a definite answer.


Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.

The post Warding Off Cyber Propaganda with WHOIS Search appeared first on SiteProNews.

Domain Reputation API: Scoring High Points for Deliverability and Security

As scary as it may seem, everyone is a target on the Web. Worse, your susceptibility to cyber-attacks, when not promptly addressed, marks you not just as a target but can even lead others to consider you as a threat.

How so?

When mismanaged, for example, some of your email communications can end up being perceived as spam by servers refusing to deliver your emails. In the long run, Internet service providers (ISPs) may even decide to block your domains altogether. Sounds like something to avoid, and here’s where domain reputation comes in and allows you to plug the holes that leave you open to suspicion and attacks. Let’s see how.

Domain Reputation Is a Measure of Your Trustworthiness

First off, domain reputation is a precise estimation of whether you as a company can be trusted to do business with on the Web or not. It tells others if your domain is free from malware or malicious connections, or if it’s been involved in any questionable activity in the past. It can warn or encourage prospective customers or business partners who may have no previous experience dealing with you and therefore have nothing else to base their decisions on. 

Furthermore, your domain reputation can inspire confidence since it shows your domain’s ability or readiness to repel cyber threats and support marketing efforts. But the problem is that such factors like host configuration problems, malware exposure, connected domains, and so on, can affect your domain reputation and must, therefore, be thoroughly investigated before they get out of hand.

You can handle these issues manually one by one, or you can get a comprehensive assessment of your domain reputation through a domain reputation API service. The latter allows you to test a domain through multiple parameters — most of which are scrutinized across several feeds coming from major data sources plus an external configuration audit procedure using threat intelligence. We’ll talk about it more in detail in the next sections, but before we do, let’s discuss another important aspect of checking one’s domain reputation.

Checking the Safety of Other Domains

While maintaining a positive domain reputation score, it is equally important for organizations to use a domain reputation API to oversee the ratings of the domains that they interact with to make sure that they can be trusted.

One reason is that this can help companies save time and money by reducing the risk of potential threats. For instance, employees can efficiently pay attention to the safety of the websites they deal with, mitigating the dangers of interacting with malicious sources. C-level decision makers can also use the information to guide them in making safe investments and acquisitions.

But the technique is also relevant for the following reasons:

  • Protection from dangerous domains – Huge losses result from data breaches when you interact with fraudsters. Checking for domain reputation allows you to monitor the flow of data traffic and avoid potentially malicious domains.
  • Taking actions against risky domains – Domains, IP addresses, and URLs that are deemed dubious due to their domain reputation scores can provide leads into their malicious activities and cohorts. A domain reputation API allows users or automated security safeguards to have a basis for deciding whether to block, allow access, or resolve a connection subject to certain conditions. Forensic investigators are also able to focus on areas that are potentially malicious.
  • Safeguarding e-commerce operations – The practice of making automatic domain-to-domain transactions can be disastrous and lead to huge losses when dealing with dangerous domains. A check with an entity’s domain reputation can prevent such costly mishaps.

Leave No Stone Unturned

Now let’s see how a domain reputation API works. When a domain or an IP address goes through a domain reputation software it’s not only subjected to a battery of tests. It may be more precise to say that it goes through the eye of the proverbial needle, as the domain reputation API leaves no stone unturned to gauge its worth.

This instrument investigates domains on their different properties, beginning from the times they were first registered in order to uncover any probable risks or threats that may have been overlooked. Here are the tests being applied in the process: 

  • WHOIS and DNS name servers match
  • WHOIS domain status
  • WHOIS domain check
  • SSL vulnerabilities
  • SSL certificate validity
  • Malware databases check
  • Host configuration issues
  • Name servers response
  • Name servers configuration meets best practices
  • Name servers configuration check
  • Mail servers configuration check
  • Mail servers response
  • Mail servers Reverse IP addresses match
  • Mail servers real-time blackhole check
  • Open ports and services
  • Potentially dangerous content
  • SOA record configuration check

As a result, a list of warnings that have been detected during the course of the tests will be provided to users supplying them with various insights.

A WHOIS domain check, for instance, may reveal that a domain owner’s details are publicly available which means that the entity is potentially open to identity theft. 

Or let’s say the API discovered that a domain’s SSL certificate may have been recently obtained or is subject to serious vulnerabilities such as not forced HTTPs connections, or the Heartbeat extension being disabled. The first point out to the lack of security while the second tells you that the network could be damaged by a Heartbleed bug capable of stealing sensitive information.

These are just a few examples to illustrate you the thoroughness with which the tests are conducted. Moreover, it’s important to understand that no matter, if it’s your domain being scrutinized or that of your potential partner, keeping an eye on such details, is crucial in order to prevent potential issues.

The Result: Domain Reputation Score

So what happens when the tests are over? Well, the exhaustive testing process results in a domain reputation score that ranges between 0 (low risk) and 100 (high risk), making it easy to identify risky domains — i.e., those with malicious owners, misconfigurations, or those containing potentially dangerous content, just by looking at their scores.

Moreover, the rating is based on the analysis of numerous factors. They include the WHOIS records of the domain being tested, the name server’s configuration, the infrastructure of the target domain’s IP address, the content of the website and how it’s related to other domains and the host configuration, and the result of a Reverse IP lookup. Also looked into are an assessment of the danger posed by the domain based on numerous malware data feeds from all over the Web, the configuration of DNS MX records and their corresponding mail servers, and the different aspects of the domain’s SSL certificate including its connection and configuration.

A positive domain reputation is, therefore, earned. It does not come by accident but is the reward of diligent and proactive efforts to ensure a domain’s safety and security not just for its own sake but also for those of the other domains that it comes in contact with.

Key Benefits of Keeping an Eye on Domain Reputation

Now that we have an understanding of how a domain reputation API works and where it can be applied, let’s gather all the reasons why monitoring domain reputation with the help of such software can be useful. 

Stay ahead of attacks

Regularly tracking your domain reputation is essential because of the rapidly-changing nature of attacks. Periodic checks on your systems are required to assess their vulnerability to emerging dangers and, as a result, to keep your domain reputation score high.

Secure email deliverability

Maintaining a positive rating is also a major factor in ensuring the delivery of your emails. Messages sent out from domains with low reputation may not make it to the inbox, eroding the results of your marketing initiatives or lead to customer dissatisfaction when transactional emails are not received.

Avoid mail server issues

A domain reputation API allows evaluating and fixing mail server configuration issues, thus raising your deliverability profile and facilitating the uninterrupted flow of communication to and from your organization.

Get precise results

The resulting score is an accurate measure of a domain’s trustworthiness based on hundreds of parameters and numerous tests. Users can rely on the data to identify dubious domain owners and IP addresses and avoid putting themselves at risk.

Use as a forewarning instrument

Domain reputation API allows you to assess domains, subsequently blocking or avoiding doing business with them on the basis of the probable risks that their resulting domain reputation score may pose.

Instantly check results

Domain reputation API is a quick-response tool that can be easily integrated into your existing business processes and can instantly provide an assessment of a domain’s risk profile.

Quick Tips for Making a Query

To get the domain reputation score of a domain or IP address, you need to secure a personal API key from a provider’s website. You then have to input the domain’s name or IPv4 address into the domain reputation API which will accurately assess its score using the parameters and tests that have been discussed earlier. 

You can also check your target domain using ‘fast’ or ‘full’ mode. Fast mode would conduct heavy testing while data collectors are disabled. Full mode, on the other hand, processes all the data and tests. The output is well-parsed and available in either JSON or XML.

Your domain reputation can enhance your business profile and help you score points on the Web. You can individually review the different parameters that combine and build your domain reputation score, or you can use the Domain Reputation API to simultaneously check external hosts as part of a comprehensive cybersecurity risk profile.


Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.

The post Domain Reputation API: Scoring High Points for Deliverability and Security appeared first on SiteProNews.

WHOIS History Search and Lookup: What You Can Learn from a Domain’s Past

Imagine this scenario: You just put up your online business and now you’re looking for the perfect domain for your website. You obviously want something that’s easy to remember and fits your company to a tee. So how do you find that perfect domain to get things going?

You can, of course, go directly to a known domain registrar to do the search for you. It will save time and effort. But did you know that even the most reputable of domain registrars have had ties to a cybercrime or a cyber attack at one point in time? And because their main goal is to sell as many domains as possible, they’ll probably leave that juicy tidbit out of their sales pitch. So now the question is, how do you make sure the domain you’re purchasing doesn’t have a shady past? It’s simple really, all you need to do is a WHOIS history search tool.

First off, let’s go down memory lane to see why looking back on a domain’s past is critical if you want your business to have a bright future.

Skeletons in a Registrar’s Closet

A quick search for the top domain registrars in 2019 will give you this list:, GoDaddy, Hover, Dynadot, Namecheap, and Google Domains. Though I’m sure they never wanted to get their brands dragged in the mud, the ubiquity of cybercrime and cyber attacks has caused them trouble at one time or another.

Among the registrars identified, GoDaddy, Google Domains, and Namecheap unfortunately landed on the APWG’s list of registrars with 100 malicious domain registrations with a 75 percent malicious ratio overall in 2016. That is not to say that they are not trustworthy, it just means they were also abused by threat actors. And just because the others on the top registrars list isn’t on APWG’s report doesn’t mean they’re threat-free. These days, no business with an online presence is safe from cyber attacks, they probably just don’t make the headlines.

What possible reasons you may ask could lead to domain registrar abuse? Well, cybercriminals won’t hesitate to provide false information on their WHOIS records short of using a victim’s credentials to do so. And let’s face it, if you’re a domain registrar that handles hundreds or thousands of domain names each day, you may not have the time to dig that deep into every record. Besides, once you’ve signed the agreement with your chosen registrar, responsibility and accountability for a domain and all of its subdomains are passed on to you. It’s your duty to prevent them from being used in online crimes.

That’s in the present and future though. What if you ended up buying a domain that has had a shady past you weren’t informed of? How would you convince the World Wide Web that it has turned a new leaf? It’s time you dug into your domain’s past.

Digging into a Domain’s Past

The first thing you need to do to find out everything there is to know about your business’s new home on the Internet is to get hold of a WHOIS history lookup or search tool. This particular tool is easy to use and registration is free so you can start digging at once.

More specifically, what can you expect? The tool will provide details on every update your newly purchased domain has gone through. How old it is, what changes (registrant or owner, affiliated company, etc.) it has gone through over the years, the name servers it has had ties to, and more. At least 10 years’ worth of historical data on your domain can be viewed and downloaded in PDF format.

The tool also keeps tabs not just on commonly used TLDs, but also thousands of newly created gTLDs and ccTLDs. And with a database containing billions of well-structured and regularly updated records, you can get all the information you need on practically any domain registered anywhere in the world.

Let’s put WHOIS History API to use. First, look each piece of data up on the Web to see if it has been used in a cybercrime or a cyber attack. Find out all you can about those attacks and include a disclaimer of sorts indicating your and your business’s noninvolvement in them. It’s always easier to expose than to keep skeletons in your closet. Coming out into the open about your domain’s shady past will prevent your future customers from distrusting you should they find out on their own.

Of course, it would have been better if you did the digging before taking the plunge and buying that domain. It always helps to be a little paranoid these days knowing that even the biggest brands are not immune to phishing and other malware-based attacks. That doesn’t mean though that just because your company is small you’re automatically off the cybercriminals’ radar. When launching attacks against targets, cyber attackers consider a small business just as good a catch as a large enterprise.

Size Doesn’t Matter

Though the latest stats reveal that the five most-spoofed brands for phishing attacks—Microsoft, Google, Facebook, Apple, and PayPal—are all industry giants, small and medium-sized businesses or SMBs still shouldn’t let their guards down. Why? Because cybercriminals don’t discriminate when it comes to choosing targets. Case in point, 43 percent of breach victims are small businesses. This isn’t surprising given the fact that SMBs may not have the latest and greatest security tools nor cybersecurity personnel to safeguard their virtual realms.

Social-engineering-based attacks like phishing work because they bank on what has been dubbed security’s weakest link—the human factor. Victims are bound to click links to sites that offer freebies, discounts, and similar promises, especially if the messages they’re embedded in come from trusted sources. That’s why it’s important to educate your staff on the dangers lurking in the Web. And if that doesn’t work, rely on the power of technology.

This is another benefit you can enjoy from a WHOIS history lookup tool. If you lack the resources necessary to secure your domain—essentially the gateway to your business—then you’d do very well to constantly monitor your visitor logs and cross-check suspicious-looking traffic sources via your WHOIS history search tool. Make sure nothing’s amiss with the domain. Ask yourself questions like, “Does this have a shady past?”; “Is any of its listed contacts trustworthy?”; “Has it been updated recently?”; “Is it connected to an identified malicious domain?”; and so on. Don’t stop with known TLDs though, sift through subdomains as well. Phishers and other cybercriminals often mask their crimes by abusing subdomains that domain owners often fail to pay attention to. The only way you can secure your company and customers against online threats is by protecting your business’s core—your domain.

Cybercrime isn’t going to die down as long as there are individuals and companies, regardless of size or scale, to prey on. And it’s up to you to keep threat actors from stealing your personal and other confidential data (intellectual property, usernames, passwords, credit card details, etc.); or breaching your network’s walls; and compromising your employees’, customers’, partners’, and other stakeholders’ safety. That said, don’t just focus on the now, not even the future, look to the past too. There’s a reason behind the cliche, “Life can only be understood backward, but it must be lived forward.”


Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.

The post WHOIS History Search and Lookup: What You Can Learn from a Domain’s Past appeared first on SiteProNews.