Whois API Blog http://www.hualong46.com/blog Sun, 29 Dec 2019 07:50:07 +0000 en-US hourly 1 https://wordpress.org/?v=5.1.2 How to Block Inappropriate Websites in a Workplace http://www.hualong46.com/blog/how-to-block-inappropriate-websites-in-a-workplace/ Sun, 29 Dec 2019 07:50:07 +0000 http://www.hualong46.com/blog/?p=2682 Accessing explicit or illegal content from the office network can be a serious liability for your company. Blocking inappropriate websites at a workplace protects your network from malware, legal issues, and low employee productivity. Monitoring workplace Internet activity manually could … Continue reading ]]>

Accessing explicit or illegal content from the office network can be a serious liability for your company. Blocking inappropriate websites at a workplace protects your network from malware, legal issues, and low employee productivity.

Monitoring workplace Internet activity manually could be a time-consuming task. Fortunately, the blocking of inappropriate websites can be automated. We’ll show you how to block inappropriate websites by using five tricks with varying degrees of reliability.

1. Create a transparent Internet-use policy

Before you enforce any rules on workplace Internet activity, make sure these rules are clearly stated. Your employees need to understand which websites are allowed and which are banned during working hours. This also refers to any non-work-related web content, such as social media, online games, gambling, shopping sites, etc.

Even if you decide to grant access to entertainment sites, illegal content should be off-limits for several reasons. Apart from hindering productivity and being inappropriate, such websites are usually a hotbed of viruses and malware. In certain situations, they can also tarnish your company’s reputation.

Your Internet-use policy should be part of the onboarding documentation for every new employee. Also, it should always be readily available to all of your current employees.

2. Block inappropriate websites with DNS filter

Unfortunately, informing employees on the Internet-use policy isn’t usually enough to prevent access to inappropriate websites.

So how do you approach it? You can start by setting up a DNS filter. DNS is the Internet protocol that converts the domain name to an IP address. When you set up a filter, this process is prevented for any blocked or explicit content.

This is the quickest and simplest way to block inappropriate websites. Since DNS protocol is a prerequisite to Internet connection, you can use DNS filters on any device and network.

There are plenty of free and affordable DNS filtering services. However, technically savvy employees are able to bypass them. Also, using these services raises privacy concerns with regard to your company’s sensitive information.

3. Use a safe-search mode to block Inappropriate content

Another way to block explicit content in the office is to set your search engines to “safe search” mode. In the links below, you can find detailed instructions on how to block inappropriate websites on Google Chrome:

Thoroughness is the main perk of using a safe-search filter to block inappropriate content. They don’t stop at blocking websites. The safe-search mode also filters individual Web pages based on headlines, title, description, metadata, reviews, and sets age-restrictions. These tools also come with features such as limiting screen time and monitoring. Safe search mode works across different platforms and devices, including Android devices and iPhones.

Yet, the reliability of this tool is only moderate. The quality of filtering varies based on location and language. Also, users can easily bypass it by logging out of their accounts or by using alternative search engines.

None of the existing content blockers offer protection against viruses, malware, and phishing.

4. Use filtering apps and extensions to enable safe search

Web browser extensions and web filtering apps are more secure ways to block inappropriate websites. They allow you to block specific websites, categories, or URLs that contain inappropriate terms. These add-ons and apps also come with bonus protection against viruses, malware, and phishing.

Compared to the safe-search mode and DNS filtering, these tools are also more customizable. You can play around with the settings and add entertainment and social media to the list of blocked websites. They work in incognito mode as well.

Web filtering apps are superior to browser extensions because browser add-ons are easily bypassed. Even going as far as adding them to every browser isn’t of much help. Employees can easily access inappropriate sites by downloading or by using alternative browsers.

Web filtering apps offer a plethora of possibilities for customization, protection from cyberattacks and malware, as well as limiting access to non-work-related websites.

However, web filtering solutions cannot guarantee 100% safety either.

Safe-search mode, add-ons and web filtering tools often cannot make a difference between allowed and blocked content. Even work-related websites can be mistaken for inappropriate content on the basis of one word or image. This may result in frustration and decreased productivity. An incomplete database of malware and dangerous websites may also put your company in danger.

5. Use website categorization for 100% protection

Website Categorization API is a tool developed by WhoisXMLAPI. Website categorization helps you block inappropriate websites by analyzing web content in three steps:

  • Examining website response during the crawling session
  • Analyzing on-page content and keywords based on natural language processing
  • Authenticating the results through human supervision

Websites are assigned to 1-3 out of 25 different categories. You can set which combinations belong on the list of blocked categories.

With website categorization API, you won’t waste time wondering how to block inappropriate websites effectively. Your web filter will analyze entire domains and individual page content just like a human would. This way, you’ll make sure you are not blocking work-related or safe websites. At the same time, inappropriate websites or pages won’t be able to break through the barrier.

With website categorization, you can feel confident that your office remains a decent, safe place with a great reputation. Click here for a free demo!

How to Trace an IP Address From an Email Explained http://www.hualong46.com/blog/how-to-trace-an-ip-address-from-an-email-explained/ Sat, 28 Dec 2019 06:59:43 +0000 http://www.hualong46.com/blog/?p=2674 Ever felt the need to see what’s happening with the recipient after you sent an email? You may have. In this post, we’ll look at how email tracing is done for different email service providers as well as explore the … Continue reading ]]>

Ever felt the need to see what’s happening with the recipient after you sent an email? You may have. In this post, we’ll look at how email tracing is done for different email service providers as well as explore the reasons why you might find it useful.

How Email Tracing Works, in a Nutshell

Email tracing refers to the process of finding out what actions a recipient performed after getting an email such as when he or she opened or read it. Email tracing also lets senders know if intended recipients clicked on embedded links or downloaded attachments.

Most email service providers allow account owners to trace emails through IP addresses. This feat is accomplished with the simple addition of a single-pixel GIF to an email using the following code:

<img src="https://www.targetdomain.com/singlepixel.php" />

When a user wants to know when a recipient has read his email, the following code is added to the email. This creates or returns a single-pixel GIF on a request or web beacon:




Users can then employ a terminal or a shell (e.g., sendmail cmd) on a previously configured mail server to send traceable emails. As proof of concept (PoC), define the content file (i.e., content.html) in this manner:

To: <target email>
Subject: Tracking Test Email
Mime-Version: 1.0
Content-Type: text/html

<h1>Test email</h1>
The body.
<img src=" https://www.targetdomain.com/singlepixel.php " />

Pipe this command afterward into sendmail by using the code:

$ cat content.html | sendmail -t

Every time a recipient gets an email and opens it, the email client gets the image link at least once. In some cases, a provider can cache this so the same image link is not triggered again. 

Will this Work for All Email Clients?

The simple answer is it won’t. Not all email clients support email tracing. Users can check if their clients’ service provider does by sending an email and then monitoring their web server logs for receipt records (indicated by targetdomain.com in the PoC above).

In general, the majority of clients support email tracing, though at least 30% don’t support IP-based email tracing (i.e., getting images via proxies).

We took a look at whether the most used services enable email tracing. Here are the codes we used:

  • Gmail: Used by 29% of the total number of email service users surveyed in September of 2019. - - [21/Sep/2019:21:01:36 +0000] "GET /singlepixel.php HTTP/1.1" 200 61 "-" "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)"

Note that is not the user’s actual IP address. It is Google’s IP address, which means the provider uses a proxy to fetch a remote image (i.e., GoogleImageProxy), thus preventing us from getting the recipient’s correct IP address.

  • iPhone Apple Mail: Used by 26% of the survey respondents.
xxx.xxx.xxx.xxx - - [21/Sep/2019:21:11:43 +0000] "GET /singlepixel.php HTTP/2.0" 200 28298 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E147"

xxx.xxx.xxx.xxx is the correct IP address of the target’s iPhone, which means Mail allows email tracing.

  • Outlook: Used by 11% of the total number of respondents.
207.180.xxx.xxx - - [21/Sep/2019:21:04:00 +0000] "GET /singlepixel.php HTTP/2.0" 200 150 "https://outlook.live.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

207.180.xxx.xxx is the correct IP address of the target’s system, which means Outlook allows email tracing.

  • Yahoo! Mail: Used by 6% of the total number of survey respondents. - - [21/Sep/2019:21:08:28 +0000] "GET /singlepixel.php HTTP/1.1" 200 61 "-" "YahooMailProxy; https://help.yahoo.com/kb/yahoo-mail-proxy-SLN28749.html" is not a proper IP address. It is Yahoo!’s IP address. Like Google, Yahoo! uses proxies to fetch remote images (i.e., YahooMailProxy). As such, users would not be able to obtain the recipient’s IP address.

  • Private clients: Privately owned email clients (e.g., RainLoop) also disable email tracing by default. RainLoop, however, gives users the option to “Display external images” by explicitly approving their appearance via clicking. Users who do so may enable email tracing in this manner via special configuration using the code:
xxx.xxx.xxx.xxx - - [21/Sep/2019:21:13:48 +0000] "GET /test.php HTTP/2.0" 200 150 "https://www.domain.com/mail/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

xxx.xxx.xxx.xxx is the correct IP address of the target’s system.

Why Would You Want to Trace Emails?

Now that we’ve talked about how it’s possible in some cases to trace emails, let’s see some of the reasons why you may want to do so:


Security researchers and law enforcement agents trace emails to learn more about threat actors involved in phishing, spamming, and other cyber attacks. Emails are, after all, the most commonly used means of entry into target networks. Cyber attackers need only use convincing social engineering lures to trick unsuspecting employees into opening ransomware- or other malware-laced emails; or send money to their accounts while posing as company executives.

By validating the safety of an email address, security professionals can proactively avoid malware infections and fraud. They can block email addresses contained in blacklists, so messages from these won’t even reach their target inboxes.


Email marketing is a proven way to communicate with potential customers. It has been said to yield US$44 for every dollar spent. Then again, marketers need to avoid ending up on email spamming lists by making sure they have low bounce rates.

One way of ensuring that messages are actually read and opened instead of marked as spam (which could lead to ending up in a blacklist) is by enabling email tracing. Recipients who don’t open or read your emails can be taken off mailing lists to keep bounce rates low and thus avoid becoming part of an email blacklist.


Conducting face-to-face interviews can be time-consuming and costly, which is why plenty of research organizations today opt to conduct email surveys instead. With it, they avoid the hassle of setting up appointments and transportation costs. In some ways, they also get more detailed information from respondents.

In the research field, email tracing would hasten the process of checking which recipients actually responded to a survey. It could also simplify identifying who to re-send the questionnaires to or looking for alternative recipients should a pre-identified number of respondents be required for a particular industry.

Email tracing is an excellent means to find out if the intended recipients got your message. Tracing email addresses back to IP addresses generates more information on attackers in the field of cybersecurity, potential customers in marketing, and survey respondents in research. Protecting your organization from threats, knowing your market, and reaching contacts ensure not only safety from attacks but also business success.

Warding Off Threats Spawned by the Abuse of Newly Registered Domains http://www.hualong46.com/blog/warding-off-threats-spawned-by-the-abuse-of-newly-registered-domains/ Fri, 27 Dec 2019 09:13:03 +0000 http://www.hualong46.com/blog/?p=2669 When the Internet Corporation for Assigned Names and Numbers (ICANN) agreed to the addition of new generic top-level domains (gTLDs) in 2012 through the New gTLD Program, the number of spam emails coming from these domains started to rise significantly. In fact, … Continue reading ]]>

When the Internet Corporation for Assigned Names and Numbers (ICANN) agreed to the addition of new generic top-level domains (gTLDs) in 2012 through the New gTLD Program, the number of spam emails coming from these domains started to rise significantly.

In fact, studies revealed that a new malicious site is hosted on a domain with a new gTLD extension every 15-20 seconds. What’s more, seven out of 10 newly registered domains are classified as either suspicious or downright malicious and thus should not be accessed.

A possible reason for said criminal activities is that domains sporting the new gTLDs are relatively cheap in comparison to the more popular .com and .net domains. Another reason is that most credible name entries using traditional TLDs have already been taken. Either way, there seems to be a substantial amount of abusive domains registered using a new gTLD after its sunrise period (the 30 days during which trademark holders are the only ones entitled to register their domains), and, similarly, across registries.

As we know, spammers and phishers need tons of domains to pull off numerous scams at once. Going with cheaper, more available domains lets them cut down on costs, which makes sense from the perspective of threat actors since malicious hosts are often quickly taken down once detected as dangerous.

In this post, we further discuss the threats that come from newly registered domains and illustrate how Domain Reputation API and Newly Registered & Just-Expired Domains Database can help identify and assess potentially dangerous online properties.

Table of Contents

Age-Old Threats Get a New Lease on Life with New TLDs

Newly registered domains and new TLDs didn’t lead to new cybercrime techniques. On the contrary, they have mostly revamped the packaging of the same old threats.

Spam Emails from Newly Registered Domains

Spam emails that regularly flood inboxes are not only a nuisance but they also pose security risks as these can come laced with malware or contain links to phishing and other malicious sites. And we all know that those threats can lead to information and identity theft or a network breach.

To date, the most abused TLDs worldwide by spammers are new gTLDs. These include (from the most to the least abused) .ooo, .desi, .gdn, .bar, .コム (xn--tckwe), .life, .world, .live, .ryukyu, and .work. These had badness index ratings ranging from 3.42 to 6.19 — translating to between 32.9-96.8% of the domains sporting these extensions to be categorized as malicious.

Interestingly, .ooo domains may have been topped one of the most favored new gTLDs for spamming because it has been dubbed “search engine optimization (SEO)-friendly.” This wouldn’t be surprising since, like legitimate registrants, spammers also do their best to end up on the first page of search engine results. That is, after all, an effective means of luring in as many victims as possible.

Debates regarding how to combat spam coming from newly registered domains thus surfaced. Some opine blocking all such domains from accessing their virtual properties. Others think that this could be an extreme measure as companies may inadvertently block non-malicious visitors. It may be wiser to strike a balance between these two approaches.

Phishing Sites Find New Homes in the New gTLD Space

Phishers are always on the lookout for victims who will readily click the links they get from supposedly known contacts. The problem is that even if most people know about phishing, they still fall for scams. In fact, despite the threat’s ubiquity, the number of phishing victims continues to soar over time with increasingly debilitating effects:

But what do these numbers have to do with newly registered domains? Well, reports say the share of phishing attacks stemming from domains using new gTLD extensions, especially .app, .ooo, .xyz, .online, .site, .club, .top, .info, .icu, and .website, has risen by 24% between the first and fourth quarters of 2018.

That’s why, along with traditional anti-spam & anti-phishing solutions, organizations may find it useful to add domain research and monitoring tools to their arsenals. When a database of newly registered/just-expired domains and a domain reputation checker are used in tandem, they can help users to identify which domains are actually malicious based on counterchecks with several threat databases and, therefore, should be denied access to their networks. Said databases would help them determine all connected domains that should be blocked as well.

Malware Hosts in New (gTLD) Clothes

One of the most notorious malware types these days would probably still be ransomware. While the threat is now better understood, it is still causing tremendous losses. Victims, for instance, lost a total of US$3.6 million to ransomware operators in 2018 alone.

What’s more, a 2018 research predicted that as many as 2,126 newly registered domains would play host to Cerber ransomware. GandCrab, a more recent ransomware variant, reportedly used a “.bit” domain for its command-and-control (C&C) server.

Typosquatters’ New Safe Haven: The New gTLD Space

Humans are commonly dubbed “the weakest link in cybersecurity.” A lot of corporate breaches result from human errors that include mistyping a link and causing employees to land on phishing pages. And more often than not, they end up giving their login credentials away to the bad guys.

Indeed, a simple typo could land any company in hot water. How? One plausible scenario would be when an employee uploads a file containing confidential customer data onto the wrong portal.

Let’s say, for example, that a fictional company named “emendario” typically stores customer data on its online database emendario.com. Typosquatters could find this out and create a fake version of that portal, such as emendario.ooo.

They would, most likely, plant a keylogger into this fake portal in case an emendario employee lands on it and inputs his/her username and password. Even if the said employee isn’t able to log in to the fake portal, the simple act of typing in his/her login credentials would already give the criminals what they want. The bad guys can then use the victim’s credentials on the real portal to gain access to all the data stored in it.

You may think that .com and .ooo can’t possibly be mistaken for the other, but what if the user just typed emendario and emendario.ooo ended up as the top result? If the user inattentively clicks that, the hypothetical scenario could turn real very fast.

Combatting New gTLD-Hosted Threats with WhoisXML API Solutions

Indeed, none of the threats discussed above are new. However, the emergence of new gTLDs has opened a lot of possibilities for spammers, phishers, malware distributors/operators, and typosquatters to register new domains that are seemingly looking like those of known brands and entities.

Organizations that rely on the Internet to keep their business going can mitigate the risks these threats pose with the help of at least two of WhoisXML API’s vast array of domain research and monitoring tools — Domain Reputation API and the Newly Registered & Just-Expired Domains Database. Here is how these tools can help spot potentially malicious online properties.

Domain Reputation API at Work

Domain Reputation API can be integrated into organizations’ existing solutions, systems, and portals so that these can automatically determine if a URL is safe to access or not. The tool analyzes each domain or IP address according to several parameters that include:

  • Website content and relation to other domains and host configuration
  • A cross-check against numerous malware data feeds
  • Secure Sockets Layer (SSL) certificate presence and validity, connections, and configuration
  • Domain Name System (DNS) mail exchange (MX) record and server configuration
  • WHOIS record details
  • Nameserver configuration
  • IP address connections

To illustrate how the tool works, let’s look at a few examples following these steps:

  • 1. Go to the Domain Reputation API page (https://domain-reputation.whoisxmlapi.com/api).
  • 2. Type the suspect domain into the input field and click on the search icon. For this demonstration, we used a randomly chosen domain (i.e., googmail.gdn) with a new gTLD extension. Let’s pretend it was used in a spam message that uses an enticing job offer as a social engineering bait. You should see this result:
Domain Reputation API at Work
  • Due to the domain’s listing in the StopForumSpam blacklist, users would do well to consider including the domain in their blacklists too. Doing so would prevent any email using that domain from landing in their inboxes.
  • 3. Deepening the analysis, the use of Domain Reputation API for assessing new gTLDs doesn’t limit itself to a malware database check. Other results that may raise cybersecurity concerns include the following, analyzing a different domain name with another extension:
Domain Reputation API at Work
  • The inconsistency between the domain and the site’s SSL certificate and the presence of SSL vulnerabilities indicates that discretion and possibly blocking might be required in this case.
  • 4. Now, let’s say an employee wishes to purchase office equipment from a long-time supplier but accidentally mistypes the domain name. He/She thus lands on a spoofed site. Thinking the supplier just changed domains, he/she just proceeds like everything is normal and falls into the trap.A Domain Reputation API-enhanced firewall solution could have prevented that employee from landing on the fake site in the first place, because of several warnings that include being listed on the StopForumSpam database and a mismatched SSL certificate:
Domain Reputation API at Work

Newly Registered & Just-Expired Domains Database in Action

Another way to stay on top of the threats posed by newly registered domains pose is by getting access to an extensive database that details all recent domain registration activity in nearly real-time.

With Newly Registered & Just-Expired Domains Database, users can quickly identify domains with new gTLD extensions that should be treated as potential indicators of compromise (IoCs). In order to do so, they can establish connections based on a shared:

  • Domain registrant
  • Contact email address
  • Organization
  • Street address
  • Contact number (fax, phone, or both)
  • Administrative, billing, and/or technical contact name and details

Let’s take a look at an example.

Say, for instance, that the domain avttw20146.info was cited as malicious in the news and is tied to an ongoing BEC campaign. (Note that the domain is not necessarily dangerous and was randomly picked from our sample database for demonstration purposes only.)

Digging further, you found that the email address used to register it was 2512483930@qq[.]com. Consulting the Newly Registered & Just-Expired Domains Database, you then realized that its registrant owns other domains (i.e., avttwbt.info, avttw20156.info, and avttw2018.info). Knowing that 2512483930@qq[.]com is a suspected BEC campaign domain, it would serve your organization to include all of the other domains sharing the email address in your blacklist.

That way, your company would be safe from any email coming from the suspicious email address. In turn, none of your employees would land on sites hosted on the potentially harmful domains because you’ve already blocked them up front.

Domain Reputation API at Work

Concluding Thoughts: Threat Protection and Newly Registered Domains

Threat tactics, tools, and procedures (TTPs) have kept evolving over the years through the expansion of the Web and online properties. To help combat new forms of attacks as they emerge, it’s important not to trivialize what some may consider as “old” threats, including spamming, phishing, and malware. Cybercriminals will use this lack of awareness to conduct fraudulent undertakings that new gTLDs and newly-registered and recently-expired domains can allow.

This post doesn’t imply that all newly registered domains are malicious and should be avoided. After all, traditional TLDs are still widely used as well to conduct lots of cyber attacks. What matters, however, is the ability to discern between perfectly legitimate domain names and those acquired to cause harm.

Domain Reputation API?and?Newly Registered & Just-Expired Domains Database can help in that regard as they provide data points that are relevant for threat identification, assessment, and protection. Would you like to learn more about how our tools can help? Feel free to drop us a line at support@whoisxmlapi.com.

Threat Prediction Based on Domain Registration History http://www.hualong46.com/blog/threat-prediction-based-on-domain-registration-history/ Thu, 26 Dec 2019 09:03:03 +0000 http://www.hualong46.com/blog/?p=2666 There is a tendency to look at the past to anticipate what the future may hold. The historical performance of financial investment products, for example, is always showcased, although with a disclaimer that they don’t guarantee any future results. Athletes … Continue reading ]]>

There is a tendency to look at the past to anticipate what the future may hold. The historical performance of financial investment products, for example, is always showcased, although with a disclaimer that they don’t guarantee any future results. Athletes watch past performance of their would-be opponents, so they know what strategies to formulate for the future encounters.

This train of thought is also applicable, at least to some extent, to the field of cybersecurity. Knowing more about past attacks can help security teams strategize and improve their current and future cybersecurity posture.

To illustrate this point, let’s take a look at how investigating domain registration history through the use of WHOIS History API can help managed detection and response (MDR) teams to anticipate further threats.

Domains as Threat Vectors

Domains should be generally considered as potential threat vectors. They can, after all, be used to launch attacks such as phishing and other malware-instigated campaigns. Phishing, which requires attackers to use domains similar to those of trusted entities, is behind 90% of data breaches. This success rate is just too high, and thus it calls for automatic identification and blocking of malicious domains. But how?

Researchers found that out of the 200,000 newly registered domains (NRDs) per day, 70% are used maliciously or aren’t safe. Yet another study found that of all the registered-level domains (RLDs), 57.6% are reused while the rest are new registrations.

These statistics tell us that while attackers invest in NRDs, many also reuse previously registered domains. These findings highlight the importance of examining a domain’s registration history.

What Information Does WHOIS History API Reveal?

A WHOIS API or lookup tool allows anyone to access our comprehensive WHOIS database and see any website’s domain records. Basic WHOIS records show the following:

  • Registrant details including his/her name and contact details
  • Registrar information such as name and contact information
  • Registration details including the creation and expiration dates as well as the date when the record was last updated
  • Technical, administrative, and billing contact names and details
  • Nameservers

WHOIS History API returns all this information – and more. It also exposes the domain’s registration history records, giving users an idea of the changes in its ownership over the years. WHOIS history data can also be gathered from WHOIS History Search, a component of the Domain Research Suite that gives access to an exhaustive and well-structured database that houses more than 6.7 billion historical WHOIS records. It crawls over 582 million domains and about 3,000 top-level domains (TLD).

How Domain Registration History Helps in Predicting Threat Vectors

Track a Domain’s Historical Footprint

Having access to websites’ historical records allows users to get a glimpse of domains’ historical footprint — valuable information that can reveal past and current owners’ activities. More and more attackers hide behind seemingly innocent domains, either newly registered (misspelled variations) or expired (typically abandoned), to trick victims into believing that those belong to trusted contacts.

A 2017 independent research on abandoned law firm domains (when hacked) could provide attackers with personally identifiable information (PII) from bank notices, corporate debit card statements, business travel reservation documents, invoices, and others.

With historical domain data, security teams can find out if an email sender’s domain is genuinely associated with the entity. Some can reveal past connections to suspicious activities. That way helps to identify possible sources of threats that should be blocked.

WHOIS History API findings can be fed to a company’s security solutions or systems to enable automatic identification and blocking. Then, no employee will receive emails from spotted malicious domains or access the corresponding unsafe websites in the future.

Determine If a Domain Poses Threats

In-depth investigations can be done when an alert is triggered by a domain’s registration history either manually or by using security tools. Organizations can, for instance, use Domain Reputation API to quickly determine a domain’s reputation score.

The reputation score is calculated based on hundreds of parameters, including the domain’s association with malicious domains and mail exchange (MX) server reputation. The tool also checks the domain for links to .apk or .exe files. Domains with low reputation scores can be automatically blocked if the API is configured to do so and integrated into existing security solutions and systems.

Better still, organizations can integrate any of WhoisXML API’s various APIs into MDR solutions or systems so they can gather as much threat intelligence as possible.

Threat prediction is key to prevention and protection. While the word “prediction” implies the mystic ability to see the future, there is such a thing as an intelligent prediction to anticipate where cyber attacks may come from next. MDR and other security teams shouldn’t rely on visceral foresight, but instead examine multiple sources of data, including domain registration history and domain reputation information.

Criminal Profiling and Evidence Gathering with Website and Domain Name Monitoring Tools http://www.hualong46.com/blog/criminal-profiling-and-evidence-gathering-with-website-and-domain-name-monitoring-tools/ Wed, 25 Dec 2019 09:01:37 +0000 http://www.hualong46.com/blog/?p=2663 Cybercrime is a major threat to all sectors of the community, including government institutions, businesses, and non-profit organizations. It continuously hurts the global economy by sucking up billions of dollars each year, prompting the head of the U.K.’s Government Communications … Continue reading ]]>

Cybercrime is a major threat to all sectors of the community, including government institutions, businesses, and non-profit organizations. It continuously hurts the global economy by sucking up billions of dollars each year, prompting the head of the U.K.’s Government Communications Headquarters (GCHQ) to declare that fighting cybercrime should be accorded the same priority as fighting terrorism.

But is it really possible to “fight” cybercrime? Some security experts have long ceded and started focusing on cyber-resilience (the ability to bounce back after a cyber attack) instead of cybersecurity (the prevention of a cyber attack). Aside from business continuity, part of cyber-resiliency should be the legal ramifications that the victim must set in motion against the attacker. Herein lies a big challenge — discovering who the cybercriminals are.

The fact that investigators find it challenging to unmask the people behind a cybercrime has given attackers more confidence. As more and more cybersecurity solutions are developed to counter them, cybercriminals always seem to be finding new methods to get around the said solutions because they believe they can’t be caught.

In this article, let’s examine the profile of cybercriminals and their targets, as well as briefly illustrate how domain research and threat intelligence tools such as Website Screenshot API and Reverse WHOIS Search can help investigators identify attackers.

Unmasking Criminals and Understanding their Targets

Cybercriminals often fall into the following categories:

  • Internet activists, also known as “hacktivists,” who are motivated by political or social agenda;
  • State-sponsored actors who attack the digital territory of a country on behalf of another nation;
  • Criminal groups or individuals who are in it for the money.

Who are they after? According to research, 43% of cyber attacks target small businesses, although large corporations are not exempted.

Indeed, attackers don’t discriminate between small businesses and Forbes-100 listers or government agencies and regular citizens. As long as they see gaps in a system or network, they consider these as wide open doors that allow them to launch attacks.

How to Proceed with Criminal Profiling

Since the identifying of cybercriminals is often tricky, what investigators do is developing criminal profiles based on suspects. The process is similar to non-digital criminal investigations. Investigators collect evidence from the crime scene in the hope of assembling and analyzing them to get an idea of who the suspects are.

Have they committed this crime before? What are their motives? Who are they? Investigators aim to answer these questions as they gather evidence both physically and virtually.

But instead of analyzing an attacker’s emotional, mental, and physical characteristics, cybercrime investigators look for any of these data components that can point them to the domain (and eventually the person) responsible for the attack:

  • IP addresses and WHOIS records: IP addresses are particularly helpful as investigators can easily do a WHOIS search to get all the registration details from their WHOIS records. Investigators can then perform a reverse WHOIS search by using any of the unique identifiers found in the WHOIS record and find all the domain names related to it. Finally, a list of suspects can be created by using the data.
  • Hosting details: Another angle that investigators can examine is the domain’s hosting history. What can be gleaned from this includes transfers of ownership, if any, via changes in IP addresses, registration details, and nameservers.
  • Mail servers: When a mail server has a connection to a suspected IP address or domain, the chances are that it may also host other malicious domains. Mapping all these data points can give investigators an idea of how the cybercrime group or individual behaves.

Domain name registration, nameserver, and Autonomous System Number (ASN) information comprise yet other data points that can help investigators pinpoint who the attackers are or at the very least, create criminal profiles.

Gathering Evidence for Legal Proceedings

When investigators have a substantial list of possible perpetrators or identified the actual attackers, the next step is to collect enough evidence to build a case. Of course, pieces of evidence would have already floated while investigators are profiling the suspects and mapping out their behaviors. But once a final list is obtained or the attacker is identified, solid pieces of evidence such as screenshots of malicious websites are required.

Investigators can get screenshots using Website Screenshot API, which allows them to get full-page and responsive images of any website. The API can get a series of screenshots over time, and when matched with the domain’s date of creation, these can show how long the attack has been going on, which strengthens the case even further.

Cyber-resilience is not only about bouncing back after an attack but as well making sure that the attack won’t happen again. One way to ensure that the cybercriminal is prevented from attacking again is to do everything possible to catch them.

This can be a daunting and seemingly impossible job, but remember that online outlaws are also human beings and are therefore prone to errors. They will eventually leave digital fingerprints in the form of IP and email addresses, ASNs, and other data points.

With the right tools such as Domain Research Suite and Reverse WHOIS Search, among others, cybercriminals can be caught.

Now, You Can Get More Information from Our Updated IP Netblocks WHOIS Database http://www.hualong46.com/blog/now-you-can-get-more-information-from-our-updated-ip-netblocks-whois-database/ Sat, 21 Dec 2019 06:48:16 +0000 http://www.hualong46.com/blog/?p=2659 More comprehensive IP intelligence means more value to our clients. That’s why we are proud to announce an important update on our IP Netblocks WHOIS Database, which now has significantly higher proportions of non-empty or non-redacted fields across IP netblocks. Empty … Continue reading ]]>

More comprehensive IP intelligence means more value to our clients. That’s why we are proud to announce an important update on our IP Netblocks WHOIS Database, which now has significantly higher proportions of non-empty or non-redacted fields across IP netblocks.

Empty and redacted fields can create significant challenges for IP netblocks users. Cybersecurity professionals, for example, may not be able to check if certain IP addresses in a given netblock belong to the same registrant or someone else. When investigating an attack involving several individuals, it may also be harder, for example, to pinpoint if several compromised addresses are all from one IP netblock and are, therefore, linked.

Marketing professionals, on the other hand, could make the mistake of bundling an IP address with the wrong netblock that’s assigned to a different organization than the one of interest. Other professionals researching specific companies that share a netblock may have a hard time identifying the addresses that actually belong to them. Incomplete data might lead to faulty assumptions and thus results.

In short, we know how vital IP intelligence information is to organizations and how the lack of it can spell trouble for different types of professionals.

With higher proportions of non-empty or non-redacted fields across RIRs, IP netblocks users can now get more actionable information from their queries. With that in mind, let us elaborate on what has changed exactly and the corresponding benefits.

Better Results from Our IP Netblocks WHOIS Database

Here is an overview of the improvements achieved after completing the data enrichment process of IP WHOIS Netblock Database:

  • Africa:?The percentage of non-empty or non-redacted fields for IP netblocks information from African countries in our database grew from 0% to 99%.
  • Europe and West Asia:?The percentage of non-empty or non-redacted fields for IP netblocks information from Europe, West Asia, and the former USSR is now 89% complete.
  • Latin America:?Our coverage of IP netblocks with non-empty or non-redacted fields for Latin America and the Caribbean grew from zero to 61%.
  • Asia Pacific:?We maintained a 100% coverage of non-empty or non-redacted fields for IP netblocks in Asian-Pacific countries.
  • Canada and the United States:?Our coverage of IP netblocks with non-empty or non-redacted fields for Canada, the U.S., and several Caribbean and North Atlantic islands remains at 5%.

Overall, the proportion of IP netblocks data we offer with meaningful non-empty or non-redacted fields across all regions more than quadrupled, from 14% to 59% in total.

Who Can Benefit from Our Updated IP Netblocks WHOIS Database

Cybersecurity Investigators

Cybersecurity staff in charge of conducting in-depth investigations on incidents need as much information as they can have to catch cyber attackers. They can now get more from our updated?IP Netblocks WHOIS Database?to create more detailed attacker profiles and get a clearer picture of their infrastructures.

With more thorough data, blocking entire IP netblocks is easier, for instance, in a situation where an entire organization’s network is compromised and used in attacks. Approaching blocking this way can save a lot of time compared to going through lists of individual IP addresses and proceed with blacklisting one address at a time.

Marketing Professionals

Our updated?IP Netblocks WHOIS Database?also provides marketing professionals with more useful information when crafting targeted campaigns for customers within the same organization or geographical location. With better-targeted marketing strategies, it’s possible to increase conversion rates and improve sales.

By integrating?IP Netblocks API?into their websites, marketers can also quickly find out about trends in website traffic. They can identify specific users belonging to the same netblock and devise better strategies to implement personalized ad banners, for example. Marketing professionals can also keep an eye on their competitors’ moves and adjust their strategies using IP intelligence accordingly.

Website Owners

Any ties to malicious activities can get organizations in big trouble. With a comprehensive?IP Netblocks WHOIS Database, however, it is possible to ensure that the IP address your company is using does not belong to a suspicious IP netblock. It can help reduce your organization’s chances of being suspected of foul play.

Law Enforcement Agencies

When law enforcement agents hit dead ends in ongoing investigations, IP addresses and ranges can serve as starting points. Our recently updated?IP Netblocks WHOIS Database?can provide much-needed clues, especially if they’re dealing with a criminal group. By looking at entire IP netblocks, investigators can see the bigger picture and find connected individuals and their devices.

Sifting through troves of incomplete data can be frustrating. That’s why we always strive to provide users with as much information as possible. With a more exhaustive IP Netblocks WHOIS Database, cybersecurity investigators, marketing professionals, website owners, and law enforcement agents can get better insights to meet their objectives.

Improved Data Gathering through Behavioral Targeting with IP Geolocation Lookup http://www.hualong46.com/blog/improved-data-gathering-through-behavioral-targeting-with-ip-geolocation-lookup/ Fri, 20 Dec 2019 06:45:41 +0000 http://www.hualong46.com/blog/?p=2655 The increasing use of the Internet caused a shift in how people do business. At present, business owners have to deal with stiffer competition and stricter regulations. Tracking users on the Web, while sometimes considered an infringement of privacy, is … Continue reading ]]>

The increasing use of the Internet caused a shift in how people do business. At present, business owners have to deal with stiffer competition and stricter regulations. Tracking users on the Web, while sometimes considered an infringement of privacy, is widely done by most sites today. For some organizations, tracking user behavior and patterns is actually crucial in keeping their businesses up and running.

Google (60.3%) and Facebook (27.1%) were two of the major trackers of online user behavior. Tracking online behavior has a lot to do with creating buyer personas that allow site owners to craft advertising campaigns that target their audience accurately. This technique is known as “behavioral targeting.”

This post discusses what behavioral targeting is, how it helps businesses to succeed, and how IP Geolocation Lookup can help with it.

What Is Behavioral Targeting?

Behavioral targeting is a marketing effort that zeroes in on Internet users’ browsing activities and shopping behavior. Companies benefit from it by creating advertising or content marketing campaigns that are sure to be relevant to users’ online habits and interests. Behavioral targeting systems compile users’ Internet search and purchasing histories, frequently visited sites, and geographical location to build complete user profiles.

Advantages of Behavioral Targeting

While behavioral targeting is perceived to be highly data-centric, its benefits are more tangible than abstract scale measurements. Aside from helping advertisers refine their efforts, it can help business owners as well.

Personalize Content with Ease

One of the ways in which companies increase site traffic is by personalizing content. Tracking online user behavior can help them improve their website analysis. By knowing where most of their visitors come from, for instance, they can adjust their content to improve user experience.

With the users’ IP addresses, marketers and advertisers will know what time they visit sites, what pages they view, whether they purchased goods or availed of services, what language and currency they use, and more. That said, using an IP geo lookup tool would make it easier for businesses to cater to the specific preferences of a target audience with highly personalized content. It enhances their user experience and motivates them to keep coming back to the site.

Increase User Engagement

Engagement increases when visitors find the site content highly relevant. E-commerce sites, for instance, can improve engagement by letting visitors know when seasonal sales are ongoing in their areas.

Various countries have different holidays. Knowing where visitors come from aided by IP address geo lookup can help stores serve the right content at the right time. This approach will help businesses ensure that a sale alert for the U.K. users, for example, would not pop up for Asian visitors. As such, the Asians would not feel alienated while those from the U.K. would feel more engaged and thus be more likely to buy products.

Publish Content at the Right Time

Analyzing online user behavior also allows site owners to identify when visitors flock to their portals. They can use this information to time when new content is published to generate more page views and increase user engagement.

IP geo lookup can help with this by timing publishing based on where the majority of visitors originate. If most of the readers of a publishing site based in India, for instance, come from the U.S., its owner can schedule post publishing to when most U.S. readers are awake and ready to read the news.

Improving a Data Management Platform with IP Geolocation Lookup

A data management platform (DMP) enables behavioral targeting. This tool allows business owners to harvest data, keep it for analysis, and use the results to come up with sound behavior-based advertising recommendations. It does so in these five stages:

  • Data collection: This step involves gathering data via APIs, event trackers, and server-to-server integration. Most of the information collected comes from data brokers, demand-side platforms, and other DMPs.
  • Data normalization and enrichment: This step organizes data into a structured format to enhance its quality and value. Normalization involves analyzing the cookies and eliminating redundant or useless data. Enrichment refers to making the data relevant to the users. A site owner can, for instance, use an IP geolocation lookup tool to extract the user’s network name from his user agent string.
  • Profile building: Data analysts use the data collected to build new user profiles or add to existing ones. If an IP address turns up twice, for instance, but gives out different information, the new behaviors observed can be added to that IP address’s existing profile.
  • Data storage: This step involves storing all data, which can be challenging when the amount is enormous. Users need to make sure that none of the data gets lost in transit.
  • Segmentation: This step classifies users. Site owners can, for instance, group them by geographical location. Segmenting target audiences this way can help them personalize content and offerings based on their profiles.

Data gathering is an essential step in creating marketing and advertising campaigns. Researchers and data analysts who use efficient data gathering tools, such as IP geo lookup tools and cookie IDs, can arrive at more accurate results. Accurate analyses can allow them to come up with comprehensive user profiles that will help them cater to specific customer needs, thus enhancing engagement and satisfaction and ensuring their business’s success.

How to Improve Your Website’s SEO Using Cyber Intelligence http://www.hualong46.com/blog/how-to-improve-your-websites-seo-using-cyber-intelligence/ Thu, 19 Dec 2019 07:42:08 +0000 http://www.hualong46.com/blog/?p=2649 If you’re a newcomer, by now you’re probably well-acquainted with the fact that a great website or product means nothing if nobody’s going to see it. If you want to get in front of your prospective customers, you have to … Continue reading ]]>

If you’re a newcomer, by now you’re probably well-acquainted with the fact that a great website or product means nothing if nobody’s going to see it. If you want to get in front of your prospective customers, you have to know two things: who they are and how to find them.

There are two ways to reach your audience via search engines: organically, through a wise SEO strategy, and using paid ads.

While paying for the ads may be the easiest way, it is not a sustainable long-term solution. That is why improving your website’s SEO content is the best way to grow your online presence and business.

In this article, we’ll talk about two core strategies and unique cyber intelligence API tools you can use to boost your SEO. As the world of digital marketing is changing due to new privacy regulations, the way websites gather data on its users has to evolve. Cyber intelligence is a revolutionary way to adjust to these changes and get ahead of your competitors. Want to find out more? Keep on reading!

Why your website needs to be SEO-friendly

Search engine optimization (SEO) is the process of generating large, high-quality traffic to your website by boosting the website’s visibility in search engine’s results. Users search for information by entering specific keywords. If they search for financial advisors in Dallas, every financial advisor in Dallas has one goal – to be on top of the list they see.

Why? Because 70% of marketers say SEO is more effective at driving sales than pay-per-click (PPC). How? Well think about it this way – generating high traffic is a great thing, but if it doesn’t result in sign-ups or sales, you’re wasting your time. PPC and social media can bring people to snoop around your website because the ad caught their attention. The traffic that comes from organic search carries more weight.

If people are searching for something relevant to your product and service, they are interested in your offer from the get-go. If your website content covers a lot of keywords related to your product, potential customers can repeatedly find you, sign-up for your email list, and turn into loyal customers.

This doesn’t mean you have to give up on PPC ads – PPC and SEO give the best results in combination. However, the traffic from PPC ads is like a flower – it’s blooming as long as you’re watering it (in this case, paying for it). Once you cut the flow, the traffic stops. Organic traffic is there whether you pay for it or not.

Now, the challenge of SEO is that there are surely a lot of financial advisors in Dallas who want to get into the top 10. So how do you make sure you’re the one to make it there?

There are plenty of ways to make your website more user-friendly, some of which are concerned with the structure of your site and other technical details. However, almost three-quarters of SEO marketers consider content to be the most important factor for an SEO-friendly website. This is why we will focus on this aspect of SEO and show you how to make sure you create high-quality, relevant content and rank it in the top ten results.

What kind of content is SEO-friendly

Google’s ranking algorithms go through continuous changes. The algorithm is getting smarter by the day. Ten years ago, you could easily rank if you simply crammed your article with the focus keyword and its related variations.

Nowadays, Google’s become more inquisitive – it is looking at the page content, headings, images, image descriptions, length, and how they relate to the focus keyword and adjacent related keywords. The goal for each piece of your content is to create something that is expert, authoritative, and credible. The more high-quality content your website has, the better your SEO score is.

How does Google determine whether your content is high-quality? Apart from analyzing text and images, it also analyzes the way users interact with your page. If they click on it, it means the headline captured their attention and fits their search intent. From that point on, Google also analyzes whether users stick around on your page. The more time they spend there, the higher the quality of the content.

Finally, as your blog post or article gains traction, Google will track whether it will earn backlinks (references) from other websites. With all these factors ideally intertwined, your page should start ranking among the top 10 search results.

This is easier said than done, so in the following sections, we’ll show you how to focus on two golden foundations of improving your website SEO content – keyword research and link building.

Improve SEO content with keyword research

Keyword research is the alpha and omega of SEO. You may be writing the most amazing blog posts and articles in the world, but if they are not optimized for relevant keywords, they won’t find their way to any readers. However, it’s not just about keyword optimization. You also have to pay attention to the competition. If you want to target popular keywords that receive millions of searches on a monthly basis, it will be much harder to rank among the top ten. But we’ll get to that in a minute.

Now, let’s do some practice. Let’s go back to the example from the beginning of our story. If you’re a financial adviser, your goal is to create content that will educate your audience and help you sell your services. So, there will be plenty of topics you want to cover.

Start off by writing down a list of things your service covers: financial plans, risk management, health insurance, retirement plans, etc. Each of these topics has a plethora of questions that need answering. For example, typical questions about retirement plans refer to the right time to start, how to withdraw money, how much to invest, etc.

Now, put in each of these words into Google search, but don’t click Enter. There will be a dropdown menu showing you some of the most common relevant long-tail keywords.

Improve SEO content with keyword research

As you may notice, some of these keywords reveal different search intent. For example, risk management courses, jobs, and certifications are obviously common searches among finance professionals. This means that you will write content that fits their needs and interests. On the other hand, keywords containing risk management plan and process are searches that are coming from your potential customers seeking to get information.

Write down all of these suggestions in the categories for each topic. Keep in mind that Google’s suggestions are limited. While they give you an idea of what your customers are looking for, you may need some extra intelligence.

Use a?keyword research tool?and start looking for more suggestions. This neat little tool allows you to search for a specific keyword and get a list of related keywords, autocomplete suggestions and questions containing the keyword.

Improve SEO content with keyword research

Here is a list of keywords related to the keyword “financial advisor”.

List of keywords related to the keyword “financial advisor”

You may notice those numbers and wonder what they mean. We won’t deal with CPC and PPC because these metrics are useful for paid ad campaigns. The first one refers to the number of searches for the keyword on a monthly basis. It basically represents your traffic potential. If you rank among one of these keywords, you can ideally bring tens of thousands of people to your website. Sounds easy?

Now, the difficult part – the last column. The number you see there is keyword difficulty – a score based on domain authority, page authority, citation flow, and trust flow. Sounds complicated? It’s not that bad. It basically calculates the overall strength of every website that ranks among the top 10 results for the selected keywords. Long story short, it shows how difficult it is going to be to surpass your competitors. In the following section, we’ll show you how to boost your page and domain authority, as well as the number of backlinks.

On this list, you can see that retirement planning is assigned a score of 58 – meaning it’s difficult to outrank your competitors. On the other hand, “independent financial advisor” boasts a score of 36, meaning it is possible to outrank other blog posts.

If you’re only starting to optimize your website content for SEO, your goal is to aim for keywords that have a difficulty score as low as possible. If your main focus keyword is too complex, a list of related keywords can show you opportunities for similar keywords you can easily target. For example, if “retirement planning” is out of reach, you can choose “how many types of retirement plan” and write an article that’s optimized around this question.

Create a list of high search volume and low difficulty keywords – at least 50 of them. Start creating content. Give it time. A blog post takes around a month to start being ranked. In the meanwhile, track important Google Analytics metrics such as:

  • Bounce rate – the percentage of visitors who navigate away from your site after viewing only one page. You will want to keep it as low as possible – no higher than 70%.
  • Time spent on-page – the amount of time visitors spend reading your blog post or interacting with your page. It is a good indicator of the quality of your content.
  • Average pages per session – the number of pages a visitor views during a session. If people stick around on your website after landing on a blog post, it shows you have highly relevant content and good targeting.
  • Goal conversion rate – the percentage of visitors who take action after viewing a specific page, such as sign-up or sale.

If you notice a high bounce rate and low time on page, it means your content needs revising. It may have to fit search intent better or offer more high-quality information.

If you see that users are actively engaging with your content, website, and taking action as a result of this engagement – keep up the good work.

In a while, you’ll notice that some articles are doing well, leading to sign-ups or even sales. Also, you may feel that a certain article warrants a battle for high ranking despite vying for a high-difficulty keyword.

That’s when you move on to link building.

Build links with cyber intelligence

Link building is the process of securing backlinks or external links from other websites to your content pieces. They contribute to the page’s and website’s domain authority. Think about backlinks as real-life recommendations. If industry leaders and reputable websites are referring to your articles for valuable advice, opinions, and information, your reputation grows and it reflects positively on your SEO.

However, link building is a difficult process that requires a lot of time, research, and patience. But don’t worry. Just like with keywords, there are tools that can make it easier and quicker. While you can pay for mentions and links, we won’t address this tactic because, just like PPC, it doesn’t have anything to do with SEO.

Google algorithm and keyword research tools (like the one we mentioned in the previous section) will assess your link profile based on the total number of backlinks you get, their quality, diversity of their sources, and other metrics. So, how can you ensure you get high-quality links that count?

  • Backlinks should be natural. This means that other websites are referring to your blog post because it contains valuable information. This information may be statistics, experiment results, tutorials, well-organized educational content, industry news, etc. This type of link is earned through the sheer quality of content – but there are always ways you can push your agenda a bit further.
  • Backlinks should ideally come from the same industry. It’s great to get a backlink from the best plumbing site in your area, but it doesn’t mean much if you’re in finance. So, when you’re collecting backlinks, you want them to be from the same or related and adjacent industries.
  • Anchor text should reflect the topic of your post. If somebody is linking to your website, the anchor text should be natural.
  • Backlinks should generate high-quality traffic. High-quality traffic means that visitors peruse your website or take action such as sign-up or purchase.

Now, let’s move on to the difficult part. While earning backlinks organically is a great thing, most of the time you have to push things a little. Here’s how to do it.

Create a list of articles you want to promote. Depending on your goal – traffic, sign-ups, or sales, you will pick different articles. Don’t pick too many – up to three is a good beginning.

Find customer and partner links

The first helping hand you should reach out to are, naturally, your existing business partners. Take a look at their websites and blog posts. Use the search feature on their site, if available, and look for content that references something close to your blog post topic.

Ask your partners to edit their article and include a link to your page. For example, an article about different insurance plans could contain a reference to “certified financial advisers”. This anchor text could lead to your website or an article that describes which qualifications a trustworthy adviser should have.

You can also ask them to publish a case study that promotes your business.

Check for mentions

The second step is to check for dormant mentions of your business that could turn into backlinks. Of course, this is an option only if your business has been around for a while. How are you going to do it? Use a simple Google search and see who is talking about you. You can reach out to these websites and ask them to include a backlink to your homepage or specific blog post you want to boost.

Analyze your website visitors

Now let’s dive deeper. The best way to see who could reference you is to simply look who’s visiting your website. Using Website Categorization API you can analyze your website visitors and pinpoint domains that come from other businesses. You can also use this tool to investigate the selected domain’s security credentials and purpose.

If some of the visitors are associated with business domains in your industry, you can add them to your link building list. To get contact info, you can use Website Contacts API, which parses millions of web pages, SSL certificates, and corresponding social network profiles to obtain contact information such as name, email, and address.

This tool also allows you to identify threats and repeated visits from malicious websites.

Look for industry-related domains

For a broader search for potential backlink partners, you can use?Reverse Whois API. It will conduct large scale research based on topics, categories, keywords, names, emails, etc. For example, if you put a keyword “retirement plan” into reverse lookup, you get more than 270 results.

Look for industry-related domains
Look for industry-related domains

You can easily shorten this list by categorizing websites according to your needs. Website categorization classifies websites into 1-3 groups out of 25 groups that are available at the moment.

For example, this financial advising firm from Dallas is classified into three categories.

Financial advising firm from Dallas is classified into three categories

So, if you want a final list of websites for your link building campaign, you can include sites that belong to one or two categories you see fit for the promotion of your business. As we mentioned, with the contacts API tool, you can easily extract all the information.

There you go! With a fresh combo of powerful tools, research that would normally take days or even weeks now takes a few hours. Now, the final step.

Create an outreach campaign

Creating an outreach email may seem like it requires great wisdom, but in fact, it’s very simple. Be simple, straightforward, and get to the point. Whether you’re reaching out to a well-known industry authority or a small business, there’s always something valuable you can offer in return.

Present yourself, say who you are and explain why you chose to reach out to this particular website. Perhaps, there is an article about health insurance plans that mentions the importance of consulting a qualified financial adviser. You can ask them to include a backlink to your blog post about “10 Things That Make Your Financial Adviser Trustworthy”. You can offer a backlink or some other kind of favor in return. For example, it is common for business beginners to offer their software free of charge to big names in the industry. In exchange, they get a case study, backlink and promotion.

You can find some great examples of link building outreach emails here or if you are looking to hire SEO consultants who can help you with outreach and SEO strategy, check this blog.


Sounds like a lot of work? It is indeed. While tools may make your job easier, you will still have to put a lot of thought and planning into your SEO strategy.

Don’t feel discouraged if you don’t see the results immediately or people don’t answer your emails. Fine-tune your content, send follow up emails, and be very patient. When it comes to SEO content, good things come to those who wait – and work hard.