Blog & How To Guides | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

×
Contact Us



WhoisXML API Blog

follow us in feedly
All posts Product launches and updates Partnerships Domain activity highlights Deep dives For developers Product blogs
Detect Possible Domain Spoofing and Homograph Attacks with Typosquatting Data Feed

Detect Possible Domain Spoofing and Homograph Attacks with Typosquatting Data Feed

Charles Caleb Colton once said that imitation was the sincerest form of flattery. This proverbial expression finds its origins in the 19th century and other historical writings before that. What likely wasn’t foreseen at the time, however, was that certain forms of imitation in the 21st century could give organizations terrible headaches. We are talking about domain spoofing and homograph attacks.

Imitators in our contemporary context can register one or several domain names highly similar to that of an established brand and use these to deceive people and trick them into sharing sensitive information or even transfering funds to fraudulent bank accounts.

Registering copycat domain names of known brands and organizations isn’t the only way to fool victims, though. At the height of coronavirus-themed attacks, the Typosquatting Data Feed proved useful in spotting potentially dangerous footprints containing thousands of domain names with word strings such as “covid” and “coronavirus” combined with “mask,” “vaccine,” “donation,” “lawsuit,” and plenty of others.

In this post, we put the feed’s capabilities to the test to detect spoofed domain names, including Punycode domains, that could be used to abuse employees, customers, and other parties who regularly interact with Lloyds Bank and Apple. We will also show how other sources of intelligence can help learn more about possible impersonators and the infrastructure they use.

Continue reading
How to Conduct a Website Domain Search for Cybersecurity Purposes

How to Conduct a Website Domain Search for Cybersecurity Purposes

WHOIS lookups are a viable way for cybersecurity professionals to analyze domains’ integrity. Though they may seem less exciting than, say, deploying some nifty pen-testing tools, WHOIS lookups remain useful as a first step in catching threat actors. 

In fact, identifiers in WHOIS records can clue investigators in on a domain’s past usage and allow them to pinpoint indicators of compromise (IoCs) residing within their networks. With WHOIS data, they can also identify domain associations and effectively map attacks that happened or could happen on their infrastructure. Read on to learn more about why conducting website domain searches is critical to your digital operations, and how WHOIS API and WHOIS Lookup can facilitate it.

Continue reading
How to Find My or Someone Else’s IP Range with IP Netblocks WHOIS Database and IP Netblocks API

How to Find My or Someone Else’s IP Range with IP Netblocks WHOIS Database and IP Netblocks API

Hackers are known to hijack IP addresses for use in various illegal activities. They could thus use your IP address in a malicious campaign, but that doesn’t mean you’re guilty. And so, your infosec team needs to gather enough evidence to counter accusations of foul play against you. You may also need to help the authorities by looking into who is behind a threat. 

The first step in that direction is answering the question: What is my IP range? Solutions like IP Netblocks API or IP Netblocks WHOIS Database could be of help. That’s not where the buck stops, though, you’ll need to use a host of IP and domain intelligence tools next. For this reason, we created this guide for you.

Continue reading
Cyber Threat Intelligence in Action: Malicious COVID Footprint Enrichment, Expansion, and Infrastructure Analysis

Cyber Threat Intelligence in Action: Malicious COVID Footprint Enrichment, Expansion, and Infrastructure Analysis

We have been monitoring COVID-19 cyber threats for several months now. More recently, we partnered with GeoGuard to enrich a dataset of coronavirus-themed URLs and IP addresses with WHOIS data and domain reputation scoring, followed by a passive DNS analysis to enlarge the malicious footprint under the study. The three sections in this post discuss the results of our research in greater depth.

Continue reading
WHOIS History Lookup: 3 Types of Domain Names to Avoid for the Sake of Cybersecurity

WHOIS History Lookup: 3 Types of Domain Names to Avoid for the Sake of Cybersecurity

Expanding one’s business online footprint with the right domain names should not just be left to business decision-makers, but also involve cybersecurity experts. Though old domains can bring benefits to the table, no enterprise wants to end up with those having a sinister past. WHOIS history queries via solutions such as WHOIS History Lookup, Search (from the Domain Research Suite), or API can help avoid that.

How so? Digging into a domain’s WHOIS history allows you to gather more context about its past ownership, including whether it may have belonged to threat actors at some point and should therefore require greater scrutiny.

We compiled a list of domain history no-nos that can put a strain on your ventures’ success (possibly landing your website on blacklists) or even cause harm to whoever might get into contact with them.

Continue reading
What You Can Find Out from a WHOIS IP Search

What You Can Find Out from a WHOIS IP Search

Did you know that an IP address can be a good starting point for a cybercrime investigation or even just a routine check of suspicious activities? For instance, when you go to malware data feeds, or any threat intelligence site, one of the usual indicators of compromise (IoCs) you’ll see are known malicious IP addresses.

However, like any threat data, an IP address becomes utterly useless when it doesn’t provide any meaningful details. What then? Tools such as WHOIS Lookup might help to dig deeper. 

So, what exactly is WHOIS Lookup, and what information can it provide about an IP address?

Continue reading
Why You Need an IP Netblocks WHOIS Database for IoC Enrichment

Why You Need an IP Netblocks WHOIS Database for IoC Enrichment

Indicators of compromise (IoCs) are anomalous network or computer artifacts such as malware signatures, file hashes, or domains that point to a possible breach. This data is aggregated from multiple external threat feeds and log files from internal applications and systems. The analysis of IoCs is part and parcel of an infosec professional’s daily workload. After all, an organization’s security hinges on its ability to detect and act on IoCs that could lead to full-blown cyber attacks timely.

Every day, analysts encounter IoCs of varying severity, as reported by their organization’s security orchestration, automation, and response (SOAR) and security information and event management (SIEM) solutions. The problem with such alerts is that some may be associated with old IoCs that are no longer active or are now being used for legitimate purposes.

That explains the need for constant IoC management. By monitoring IoCs in context, security analysts can find out which ones warrant their attention most as the volume of alerts can easily overwhelm an understaffed security team. But was does “context” mean here? And which sources of data can support in providing it? 

Among other data feeds, IP Netblocks WHOIS Database can ease the burden of IoC enrichment activities for analysts. Let’s find out how.

Continue reading
Web Hosting Infrastructure and SEO: 3 Factors That Reverse IP Lookup Can Help Improve

Web Hosting Infrastructure and SEO: 3 Factors That Reverse IP Lookup Can Help Improve

Landing on the first page of search engine results is critical for any company operating online, especially given that 75% of Internet users don’t bother to check succeeding pages when querying information. This calls for great SEO, but SEO processes can be tricky as there are multiple parameters to consider. One of these parameters is your web hosting infrastructure, which can become more transparent with a tool such as Reverse IP Lookup.

In particular, Reverse IP Lookup helps users avoid using oversubscribed IP addresses. Oversubscription could affect a website’s standing, speed, and accessibility, three factors that can make or break SEO efforts.

Continue reading
follow us in feedly
Try our WhoisXML API for free
Get started