Jonathan Zhang

Jonathan Zhang

Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com
Joined on January 7, 2019
Total Post Views: 306,723

About

Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP)—a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.

Except where otherwise noted, all postings by Jonathan Zhang on CircleID are licensed under a Creative Commons License.

Featured Blogs

Domains Under the Most-Abused TLDs: Same Old DNS Abuse Trends?

While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus's 10 most-abused TLDs for spamming. WhoisXML API researchers recently built on this list by analyzing 40,000 newly registered domains (NRDs) that sported some of the listed unreputable TLDs. We called this study "DNS Abuse Trends: Dissecting the Domains Under the Most-Abused TLDs." more

A Three-Step Process to Chase Compulsive Domain Brand Squatters

Domain brand squatting can be defined as the unauthorized or dishonest use of a brand or company identifiers in domain names. It is often linked to the use of look-alike domains in bad faith, and we see it all the time. The threat actors behind these domains are called different names, though a prevalent one would be “typosquatters.” The Hot on the Trail of Compulsive Brand Squatters webinar showcased how these people are infiltrating the Internet. The first page of PhishTank’s valid phish search alone as of this writing tells us that domain brand squatting is a real and present danger. more

The Risk of Descriptive Subdomains: Are We Revealing Too Much?

Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more

Could Bulk-Registered Typosquatting Domains Be Connected to .ORG DNS Abuse?

Public Interest Registry (PIR) announced the creation of the DNS Abuse Institute about two months ago as it believes that "every .ORG makes the world a better place" and "anything that gets in the way of that is a threat," notably in the form of Domain Name System (DNS) abuse. To show support for the initiative, WhoisXML API analyzed monthly typosquatting data feeds for December 2020, January 2021, and February 2021 to identify .ORG domain trends... more

What Are the Connections to Identified Hafnium Malicious IP Addresses?

Cyber attackers are very skilled at infiltration. They'd find ways into a house through cracks and holes that the homeowner doesn't know about. Analogically speaking, that's what the new cyber attack group dubbed "Hafnium" did when they identified several zero-day Microsoft Exchange vulnerabilities to get into target networks. With thousands of users for every Microsoft Exchange server, the attack has far-reaching implications. First, it establishes the presence of a new threat actor group in town. What else could they be up to? more

WHOIS Record Redaction and GDPR: What’s the Evolution Post-2018?

We all use the Internet daily. Practically every element of our reality has its equal in the virtual realm. Friends turn into social media contacts, retail establishments to e-commerce shops, and so on. We can't deny that the way the Internet was designed, to what it has become, differs much. One example that we'll tackle in this post is the seeming loss of connection between domains and their distinguishable owners. more

What Are the Connected Assets of Confirmed Fake FBI Domains?

Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020. more

An Investigative Analysis of the Silent Librarian IoCs

The Silent Librarian advanced persistent threat (APT) actors have been detected once again, as the academic year started in September. With online classes increasingly becoming the norm, the group's phishing campaigns that aim to steal research data and intellectual property could have a high success rate. Dozens of phishing domain names have been reported, although some may have already been taken down. more

A Brief Look at the Domain Attack Surface of Streaming Media Companies

The term "attack surface" is often heard in cybersecurity conversations. It refers to the sum of all possible attack vectors or the vulnerabilities that threat actors can exploit to penetrate a target network or damage an organization somehow. An unused and forgotten subdomain, for instance, can become an attack vector when taken over. Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. more

Hundreds of “George Floyd” and “Black Lives Matter” Domain Names Appear in the DNS

Trending news and global events impact domain registration behaviors. We observed a slew of coronavirus-themed domain name registrations, for example, as early as January. George Floyd's death, which sparked several Black Lives Matter movements, is no different. Three days after George Floyd died, our data feed started detecting George Floyd-themed domain names... We retrieved all domain names that contain the strings "eorge," and "lackliv" from 28 May to 7 June and found 402. more

Collaboration: A Means to Boost Enterprise Network Protection

In an age where cyber threats and attacks have reached a point of ubiquity, managing your organization's network security single-handedly may no longer be sufficient. The increasing volume and sophistication of threats, not to mention the continuous advancement in attack tools and their perpetrators' skills and know-how, has led to concerns on whether potential targets can keep up. more

How Domain Data Helps Thwart BEC Fraud

It's true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year. Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? more

Proactive Cybersecurity: What Small Businesses Can Actually Do

In the business world, there are two main paths a company can take with cybersecurity -- the reactive and the proactive approach. The problem with a purely reactive attitude is that it can easily put companies in constant firefighting mode. And for small companies with limited resources, this can turn out to be an increasingly uncomfortable place to be in.
With that in mind, experts today suggest proactive cybersecurity by monitoring suspicious activity and identifying risks before they turn into full-blown attacks. more

Threat Intelligence in Latter 2019: Overcoming the Same and New Challenges

Does threat intelligence (TI) work? I looked into that question last year, exploring the reasons why it actually doesn't and what can be done to remediate the situation. Since then, more companies have incorporated TI into their security processes, and many are still not getting the benefits they expect. What's causing the dissatisfaction? Interestingly, pretty much the same aspects... more

The Pros and Cons of Introducing New gTLDs

Every time new concepts are introduced, much debate ensues as to the advantages and disadvantages such a change would bring forth. We've seen that happen with the launch of IPv6. Detractors and supporters rallied to make their respective arguments heard. One thing is sure though. The need for a much larger IP address space is something both parties are in agreement with. more

WHOIS Database Download: Proactive Defense Against the Rising Tide of BEC Fraud

How many times have you heard that humans are the weakest link in cybersecurity? The headlines have proven that over and over again. In particular, business email compromise or BEC (also known as email account compromise or EAC) scams, which typically target an employee with access to the financial resources of his company -- this could be a C-level executive or any high-ranking officer -- for fraud are still on a constant uphill trend. more

A Quick Look at the 4 Most Prevalent Types of Threat Intelligence

You won't go far with your cybersecurity when you're relying on the wrong intelligence. This is simply because not all types of threat intelligence are equal. You might have experienced this yourself; investing time and resources into just one only to receive meagre results in the end. Sadly, many organizations fail to realize that depending on just a single source of information is a big mistake. more

Threat Intelligence Platform in Action: Investigating Important Use Cases

As technology gets more and more sophisticated, tech-savvy cybercriminals are having a field day devising increasingly ingenious ways to steal confidential data from ill-prepared targets. What this means is that an equally sophisticated cybersecurity response is needed to keep attackers at bay. This would involve re-examining reactive cybersecurity practices and adopting a proactive approach towards an active search for risks and vulnerabilities with the help of threat intelligence (TI). more

How Do You Know if You’re Choosing the Best IP Geolocation API?

If you can't address your customers and the people interacting with your network face to face, at least know where they are -- anywhere in the world, anytime you want to. That's possible with geolocation technology, and many businesses are keen on acquiring the best IP geolocation API for cybersecurity and other purposes. However, before committing to a particular solution, each product needs to be carefully evaluated according to the exact needs of a prospective buyer. more

Efficient Threat Intelligence: Learning the Secrets

How can our threat intelligence platform deliver more? This is a question many business professionals employing threat intelligence practices are asking themselves as their companies continue to fall short against the machinations of modern-day cybercriminals. The truth is that while threat intelligence is certainly not a silver bullet, organizations often make a mistake when they opt for a platform without considering several important factors that can help them evaluate the market better and deploy the practice more effectively. more

Why Passive DNS Matters in Cybersecurity

Imagine a scenario. Your website analysis shows that your page has stopped receiving visitors, yet there are no complaints that your domain is unreachable. Strange, isn't it? You are certainly wondering: What's going on? Where are my customers? You see, what happened is that you are facing the consequences of the lack of domain name system (DNS) security. more

Domain Related Crime: The 4 Steps of Effective Investigations

There is no rest for the wicked. If you think that 2018 was the climax of cybercrime, wait until you see what happens in the next few years as cybercriminals are constantly learning new ways to strike. Take for instance domain-related attacks now coming in a variety of forms. There's domain hijacking which involves gaining of access to domains and making changes without owners' permission. You have typosquatting where phishing is often utilized to steal valuable information. more

Investigating Domain Name Crime: Challenges and Essential Techniques

Who would think that so much could go wrong with something as seemingly innocent as a domain name? As cybercrime continues to evolve, causing devastating reputational and financial losses to businesses and organizations, web addresses are used as a weapon -- and it's not always easy to notice their many faces. In this article, let's take a look at the domain name crime landscape, discuss the current challenges investigators and legitimate registrants face, and talk about some useful techniques. more

How to Track Online Malevolent Identities in the Act

Want to be a cybersleuth and track down hackers? It may sound ambitious considering that malevolent entities are extremely clever, and tracing them requires certain skills that may not be easy to build for the typical computer user. But then again, the best defense is offense. And learning the basics of sniffing out cybercriminals may not only be necessary nowadays, it has become essential for survival on the Web. So where can you begin? more

WHOIS Detractors and Advocates: Today’s Viewpoints Post-GDPR

Opposing parties continue to debate whether WHOIS should stay after the General Data Protection Regulation (GDPR) took effect across the EU in May 2018. While the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees WHOIS, is looking for ways to be GDPR compliant, experts from various fields are contemplating the problems pointed out by officials. more