Find Out More About an IP Address via WHOIS Lookup and WHOIS API

Find Out More About an IP Address via WHOIS Lookup and WHOIS API

IP addresses are unique identifiers for devices hooked to the internet. These addresses, which are represented by numerical values, allow computers to communicate over the Transmission Control Protocol via IP (TCP/IP). The protocol routes users looking for Internet-connected hosts or websites to the right destinations using IP addresses as a reference. 

However, notably because of inherent design flaws, attackers can spoof IP addresses with the intention of, for example, misdirecting users to dangerous sites. For this reason, among others, it is critical to routinely scan IP addresses passing your network filters to ensure their integrity and identify any potential links to malicious campaigns or networks. 

As part of this process, it is possible to do an IP lookup via WHOIS Lookup and WHOIS API to extract the ownership details of a given address for further inspection. What’s more, both products permit gathering all sorts of relevant details such as if an IP address hosts a domain and which regional Internet registry (RIR) manages the resource.

image_pdfDownload PDF version of this blog post

ProPrivacy Open Data Project: Mapping Malicious Coronavirus Domains Using WHOIS Data

ProPrivacy Open Data Project: Mapping Malicious Coronavirus Domains Using WHOIS Data

The COVID-19 pandemic has driven many people to do almost everything within the confines of their homes. Nearly exclusive reliance on digital means to work, study, shop, and communicate amid uncertainty opened many avenues for cybercrime to take place—notably through the use of coronavirus-related domain names.

To demonstrate this trend, ProPrivacy has partnered with WhoisXML API and VirusTotal to investigate the extent to which cybercriminals are weaponizing the Domain Name System (DNS) in an open data project called “COVID-19 Malicious Domain Research Hub.”

image_pdfDownload PDF version of this blog post
Relieving Network Concentration Risks Aided by IP Netblocks Lookup

Relieving Network Concentration Risks Aided by IP Netblocks Lookup

It is normal for large enterprises, especially multinational corporations (MNCs), to maintain an IP netblock or several IP ranges for their website hosting requirements. This approach allows them to quickly set up sites as the need arises. There might be problems, though, when a company relies on a single service provider. Any operational disruption on the provider’s part means a halt to its business as well.

This post tackles the challenges that relying on a single web host brings and how access to an IP Netblocks WHOIS database may help alleviate them. In case you are not fully familiar with the notion of netblocks, check this post for an introduction to the subject.

image_pdfDownload PDF version of this blog post
Detect Possible Domain Spoofing and Homograph Attacks with Typosquatting Data Feed

Detect Possible Domain Spoofing and Homograph Attacks with Typosquatting Data Feed

Charles Caleb Colton once said that imitation was the sincerest form of flattery. This proverbial expression finds its origins in the 19th century and other historical writings before that. What likely wasn’t foreseen at the time, however, was that certain forms of imitation in the 21st century could give organizations terrible headaches. We are talking about domain spoofing and homograph attacks.

Imitators in our contemporary context can register one or several domain names highly similar to that of an established brand and use these to deceive people and trick them into sharing sensitive information or even transfering funds to fraudulent bank accounts.

Registering copycat domain names of known brands and organizations isn’t the only way to fool victims, though. At the height of coronavirus-themed attacks, the Typosquatting Data Feed proved useful in spotting potentially dangerous footprints containing thousands of domain names with word strings such as “covid” and “coronavirus” combined with “mask,” “vaccine,” “donation,” “lawsuit,” and plenty of others.

In this post, we put the feed’s capabilities to the test to detect spoofed domain names, including Punycode domains, that could be used to abuse employees, customers, and other parties who regularly interact with Lloyds Bank and Apple. We will also show how other sources of intelligence can help learn more about possible impersonators and the infrastructure they use.

image_pdfDownload PDF version of this blog post

How to Conduct a Website Domain Search for Cybersecurity Purposes

WHOIS lookups are a viable way for cybersecurity professionals to analyze domains’ integrity. Though they may seem less exciting than, say, deploying some nifty pen-testing tools, WHOIS lookups remain useful as a first step in catching threat actors. 

In fact, identifiers in WHOIS records can clue investigators in on a domain’s past usage and allow them to pinpoint indicators of compromise (IoCs) residing within their networks. With WHOIS data, they can also identify domain associations and effectively map attacks that happened or could happen on their infrastructure. Read on to learn more about why conducting website domain searches is critical to your digital operations, and how WHOIS API and WHOIS Lookup can facilitate it.

image_pdfDownload PDF version of this blog post
How to Find My or Someone Else’s IP Range with IP Netblocks WHOIS Database and IP Netblocks API

How to Find My or Someone Else’s IP Range with IP Netblocks WHOIS Database and IP Netblocks API

Hackers are known to hijack IP addresses for use in various illegal activities. They could thus use your IP address in a malicious campaign, but that doesn’t mean you’re guilty. And so, your infosec team needs to gather enough evidence to counter accusations of foul play against you. You may also need to help the authorities by looking into who is behind a threat. 

The first step in that direction is answering the question: What is my IP range? Solutions like IP Netblocks API or IP Netblocks WHOIS Database could be of help. That’s not where the buck stops, though, you’ll need to use a host of IP and domain intelligence tools next. For this reason, we created this guide for you.

image_pdfDownload PDF version of this blog post
Cyber Threat Intelligence in Action: Malicious COVID Footprint Enrichment, Expansion, and Infrastructure Analysis

Cyber Threat Intelligence in Action: Malicious COVID Footprint Enrichment, Expansion, and Infrastructure Analysis

We have been monitoring COVID-19 cyber threats for several months now. More recently, we partnered with GeoGuard to enrich a dataset of coronavirus-themed URLs and IP addresses with WHOIS data and domain reputation scoring, followed by a passive DNS analysis to enlarge the malicious footprint under the study. The three sections in this post discuss the results of our research in greater depth.

image_pdfDownload PDF version of this blog post
WHOIS History Lookup: 3 Types of Domain Names to Avoid for the Sake of Cybersecurity

WHOIS History Lookup: 3 Types of Domain Names to Avoid for the Sake of Cybersecurity

Expanding one’s business online footprint with the right domain names should not just be left to business decision-makers, but also involve cybersecurity experts. Though old domains can bring benefits to the table, no enterprise wants to end up with those having a sinister past. WHOIS history queries via solutions such as WHOIS History Lookup, Search (from the Domain Research Suite), or API can help avoid that.

How so? Digging into a domain’s WHOIS history allows you to gather more context about its past ownership, including whether it may have belonged to threat actors at some point and should therefore require greater scrutiny.

We compiled a list of domain history no-nos that can put a strain on your ventures’ success (possibly landing your website on blacklists) or even cause harm to whoever might get into contact with them.

image_pdfDownload PDF version of this blog post