Blog & How To Guides | WhoisXML API



WhoisXML API Blog

DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

Earlier this year, we saw several cyberattacks target European and Middle Eastern governments and other organizations. Their modus operandi? DNS hijacking. The attackers intercepted Internet traffic going to the victimized websites, likely enabling them to obtain unauthorized access to the intended targets’ networks.

That’s just one of the many occasions when organizations fell prey to DNS hijacking attacks. More can succumb to the threat if we’re to consider that 34% more companies in 2019 alone suffered from a DNS attack (not limited to DNS hijacking) compared to 2018, costing each victim an average of almost $1.1 million.

DNS hijacking notably occurs when hackers tamper with the Domain Name System (DNS) to redirect a target website’s visitors to fake login pages designed to capture their passwords and other information they may unknowingly fill in.

But to what extent can DNS hijacking affect organizations with a widespread online presence?

This post aims to answer this question by looking into eBay’s potential domain attack surface and the numerous subdomains that contain its brand aided by passive DNS and publicly accessible data.

Step-by-Step Guide to Getting Started with NRD 1.0

Domain intelligence gleaned from WhoisXML API’s Newly Registered & Just Expired Domains can help companies in multiple ways, including but not limited to:

  • Supporting threat intelligence collection and correlation;
  • Looking into domain registration trends and market shares;
  • Enhancing brand and trademark protection strategies;
  • Gathering data for competitor analysis and anticipating the rivals’ next moves.

We tackle these use cases with illustrations in this in-depth guide, along with details on how to access such a source via flexible pricing plans.

A toolkit for testing domains and their webpages

A toolkit for testing domains and their webpages

In the present blog, we demonstrate how to perform a variety of technical and security tests against a domain by using WhoisXML API's Domain Reputation API. It is a RESTFul API that can be used in a broad range of popular programming environments, including e.g., BASH shell scripts, Windows PowerShell, Python, Java, C++, to name a few. It can be seen as a toolkit performing many tests ranging from DNS checks through revealing e-mail and web server configuration shortcomings to safe web browsing issues such as SSL problems or the presence of the domain in blacklists. The API has recently been updated to provide numeric codes for various tests and warnings; let us see what they can be good for.

HOW Does IPv6 Compare with IPv4 Geolocation?

IP geolocation databases can provide the physical location of a computer or device connected to the Internet. This data is useful for targeted advertising and implementing location-specific features or obtaining usage statistics. Despite becoming the Internet Standard in July 2017, IPv6 remains less commonly used and documented than IPv4 worldwide. Therefore, the available IP geolocation lookup data tend to be more accurate for IPv4 than for IPv6.

Geo Targeting: How Is It Helping Businesses Improve The Bottom Line?

Geo Targeting: How Is It Helping Businesses Improve The Bottom Line?

Maximizing the profit is the ultimate goal of every business—and there are several ways to achieve that. For instance, you can reduce your expenses and product costs or increase your product or service prices. But generally, these strategies should be accompanied by techniques that seek to increase sales and find new customers too.

There are existing technologies in the digital world that can help you meet your business goals, and IP geolocation is one of them. In a nutshell, geolocation is the process of identifying the physical location of online users.

Whether intentional or not, businesses with an online presence—that is to say, almost all businesses have become global. Right now, people from any part of the world could be browsing your website! You can confirm that by looking at your traffic analytics.

The question is, how can you convert this traffic into sales to improve your bottom line? Geo targeting or geotargeting (regardless how you spell it) might be the key to that.

IP Geolocation analysis in Python made simple

WhoisXML API's IP geolocation services are powerful, reliable, and competitively priced sources of IP geolocation data. In particular, the IP geolocation API has a strong Python support: the simple-geoip package relies on this API, and it provides maybe the easiest way to get IP geolocation information in Python. 

Powering Asset Discovery with Domain and Subdomain Intelligence Sources

Powering Asset Discovery with Domain and Subdomain Intelligence Sources

Everyone leaves digital footprints behind while using Internet-based technologies. Besides, in the process of improving digital services, acquiring new companies, and doing business in general, organizations inadvertently create digital trails. When threat actors pick up the scent, the result could be devastating and costly.

Asset discovery can help organizations keep track of their technological assets, so they can apply the necessary protection and keep their overall infrastructure safe from malicious actors. How so? Let’s take a closer look.

Cybersecurity Forensics Analysis Using Domain Intelligence Sources

Forensic science has crossed over to the digital world in what is now called “digital or cybersecurity forensics.” And just like their physical crime scene counterparts, cybersecurity forensics experts need to hold on to whatever evidence they have and use it to get one step closer to catching the perpetrator.

Evidence comes in many different forms, but cybercriminals often use domain names and Domain Name System (DNS) infrastructure since those assets are practically what makes the Internet work.

When creating botnets for a distributed denial-of-service (DDoS) attack, for example, threat actors need to infect hundreds or thousands of devices. Each of these devices has an IP address, and the requests they send to the target’s server may sometimes contain the command-and-control (C&C) server domain. Even with their most effective entry point - phishing emails - the bad guys need to use domain names and subdomains.

Try our WhoisXML API for free
Get started