Blog & How To Guides | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
WhoisXML API Predictive Threat Intelligence
Predictive Threat Intelligence

Detect and block access to and from dangerous domain names before malicious actors can weaponize them. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.

Learn More
×
Contact Us
API docs Integrations Pricing Blog

DNS & DNS History Blog

Name Server Concentration: Who Controls the Domain Name System?

Name servers (NSs) play a crucial role in how the Internet works, directing traffic to the correct destinations. Specifically, NS records tell recursive resolver servers which authoritative NS is responsible for a specific domain name. The resolver would then contact the authoritative NS to obtain the domain's corresponding IP address.

While having a small number of entities control a large portion of the DNS can increase efficiency, it could also result in choke points, where a single disruption could significantly impact a large portion of Internet traffic.

Continue reading

Exploring IoCs and Their DNS Narratives

No matter how stealthy attackers try to be, they almost always leave a trail behind—digital breadcrumbs known as “indicators of compromise (IoCs)” after a cyber attack or an attempted intrusion.

Let's take the Black Basta ransomware attacks as an example. Cybersecurity authorities like the Cybersecurity and Infrastructure Security Agency (CISA) identified hundreds of IoCs associated with this ransomware-as-a-service (RaaS) variant. These IoCs include cyber resources like file hashes, domain names, and IP addresses, and serve as digital footprints pertaining to the attackers’ activities. They provide invaluable clues for cybersecurity professionals, helping them understand what happened and prevent similar attacks in the future.

Continue reading

Who Runs Email Communications? A Look at the Prevalence of MX Records

Email remains a vital part of modern communication, with 347.3 billion emails sent and received daily worldwide in 2023. For each email to reach its intended recipient, mail exchange (MX) records direct it to the correct mail server.

While individual email users can create their own mail servers, most people use email services from established email service providers (ESPs) to avoid the complexity of running their own servers. These services typically provide storage, security features, and user-friendly interfaces, all without burdening users with maintenance.

Continue reading

Importing Premium DNS 365 into ClickHouse

This project aimed to upload data from DNS_Premium_365 dataset to a local ClickHouse database for efficient, optimized and rapid querying capabilities.

Continue reading

Our Full Premium DNS Database Peaks at 116 Billion Records in Q2 2024

We’re thrilled to announce a significant upgrade to one of our market-leading services, Premium DNS Database Download. We’re expanding the coverage of our full database files from 90 to 365 days, giving users access to as many as 116 billion historical DNS records as of Q2 2024.

Continue reading

Premium DNS Database Coverage Increased by 578%

We are thrilled to announce that the coverage of our premium DNS Database Download significantly improved over the past few months. The most recent measurement in 2024 showed that the database’s total number of DNS records increased by 578% compared to May 2023. 

Continue reading

Passive DNS: A Complete Primer

The Domain Name System (DNS) is essential for the operation of the Internet. It enables the assignment of hostnames to IP addresses: the numerical identifiers of network nodes (computers, cell phones, IoT devices, etc.). As for the detailed description of the Domain Name System we refer to our Domain Name System primer white paper. 

Continue reading

Access Our Premium DNS Database with the Largest, Most Unique DNS Coverage in the Market

WhoisXML API recently launched Premium DNS Database, a passive DNS database download variant with expanded coverage that is now expected to be the largest on the market with the highest number of unique fully qualified domain names (FQDNs).

This significant improvement is part of our ongoing efforts to help make the Internet safer and more transparent. With our Premium DNS Database, enterprises can gain an even more comprehensive view of the DNS, where ongoing Internet activities are recorded as they occur at a massive scale.

Continue reading

Demonstrating bulk reverse passive DNS lookup with PowerShell for IT security investigations: the case of the Phorphiex botnet

IP addresses are straightforward input data for IT security investigations: they are technically necessary for nodes of the Internet to communicate. Hence, if they are not deleted in some tricky way after cybercrime has been committed, or they are to be found in any of the logs before the commitment, they help a lot to unfold what has actually happened. 

IBM Xforce exchange is a forum reporting many security incidents that are relevant for those who are in charge of maintaining IT security. In the present blog we shall pick one of their reports and check how we can extend the given information with WhoisXML APIs using PowerShell which comes installed on Windows and can be used on Linux and Mac OS X, too. We assume lower intermediate skills of PowerShell programming to follow the description below. 

Continue reading

WhoisXML API Now Offers 6 Files for its DNS Database Download Service

WhoisXML API made its DNS database download available in six different files, each for different DNS record types. Doing so makes the DNS database files easier to integrate and analyze and enables particular use cases.

The resource records you can download as database files are:

  • A records: An A record directs a domain or subdomain to an IP address. It is possibly the most basic type of DNS record, as all domains should resolve to an IP address to become accessible.
  • Mail exchanger (MX) records: This type of record specifies the mail server where email messages meant for a specific domain are accepted.
  • Nameserver (NS) records: The NS record determines the authoritative DNS server for the domain name.
  • Text (TXT) records: This type of DNS record was initially allotted for human-readable information about a domain that serves as notes for administrators. Its use has, however, evolved to include serial numbers, codes, and server names.
  • Canonical name (CNAME) records: A CNAME allows website administrators to provide aliases to domain names by pointing them to another domain. The domain blog[.]example[.]com, for example, can be given the alias or CNAME example[.]com.
  • Start of Authority (SOA) records: SOA records contain administrative details about a particular domain’s zone. This record helps manage zone transfers and contains the primary nameserver, serial numbers, and timestamps.

This tutorial looks into the six types of DNS databases now available for download.

Continue reading

Get reverse NS (aka passive DNS) records for a list of IPs in Python

Passive DNS introduced by Florian Weimer in 2005 is now a central resource in IP security investigations, security of the operation of the domain name system (DNS), and many more. A Passive DNS database contains observed events whenever an IP resolves to a domain name in a DNS communication. Hence, it is a database independent from the current state as well as the physical infrastructure of the DNS itself. In addition, it contains time information: the date and time when such a resolution was first and last observed; this cannot be found out from the DNS. 

One of the easiest ways to obtain such data is by using WhoisXML API's services. In the present blog, we focus on the reverse lookup: using an IPv4 address we want to reveal the domain names that these IPs belonged to on certain dates. 

Continue reading
DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

Earlier this year, we saw several cyberattacks target European and Middle Eastern governments and other organizations. Their modus operandi? DNS hijacking. The attackers intercepted Internet traffic going to the victimized websites, likely enabling them to obtain unauthorized access to the intended targets’ networks.

That’s just one of the many occasions when organizations fell prey to DNS hijacking attacks. More can succumb to the threat if we’re to consider that 34% more companies in 2019 alone suffered from a DNS attack (not limited to DNS hijacking) compared to 2018, costing each victim an average of almost $1.1 million.

DNS hijacking notably occurs when hackers tamper with the Domain Name System (DNS) to redirect a target website’s visitors to fake login pages designed to capture their passwords and other information they may unknowingly fill in.

But to what extent can DNS hijacking affect organizations with a widespread online presence?

This post aims to answer this question by looking into eBay’s potential domain attack surface and the numerous subdomains that contain its brand aided by passive DNS and publicly accessible data.

Continue reading
Web Hosting Infrastructure and SEO: 3 Factors That Reverse IP Lookup Can Help Improve

Web Hosting Infrastructure and SEO: 3 Factors That Reverse IP Lookup Can Help Improve

Landing on the first page of search engine results is critical for any company operating online, especially given that 75% of Internet users don’t bother to check succeeding pages when querying information. This calls for great SEO, but SEO processes can be tricky as there are multiple parameters to consider. One of these parameters is your web hosting infrastructure, which can become more transparent with a tool such as Reverse IP Lookup.

In particular, Reverse IP Lookup helps users avoid using oversubscribed IP addresses. Oversubscription could affect a website’s standing, speed, and accessibility, three factors that can make or break SEO efforts.

Continue reading
3 Steps in Using Reverse IP/DNS Checks to Create an Attack Profile

3 Steps in Using Reverse IP/DNS Checks to Create an Attack Profile

Knowing the enemy, as they say, is winning half the battle. But in the world of cybersecurity, identifying the enemy can be very difficult sometimes. That said, creating an attack profile to know what type of enemy you could be up against is a good starting point. For all you know, a cyber attacker could be halfway around the world or right next door.

For that reason, organizations should enlist all possible resources to help them create an attack profile. Reverse IP/DNS API, which performs reverse IP/DNS checks, is one resource worth looking into. In a nutshell, the program allows cybersecurity experts to get a list of all domains that share the same IP address. As such, it could help unmask connections between indicators of compromise (IoCs), specifically, IP addresses and domain names.

Continue reading
Make the Most Out of SEO with a Reverse IP Search Tool

Make the Most Out of SEO with a Reverse IP Search Tool

Today, it is no longer enough for organizations to advertise their products and services online. Markets are pretty saturated, and so companies need to put extra effort into making sure they come out on top. In particular, businesses need to drive traffic to their websites, much like brick-and-mortar shop owners convince would-be customers to come through their doors.

One of the most effective ways to do that is by making your company’s domain rank with the help of innovative search engine optimization (SEO) strategies. Apart from just stuffing content with the right keywords for search engines to track, SEO has a technical aspect to it as well, and a reverse IP search tool like Reverse IP/DNS Lookup can help enhance it.

We’ll delve into the more technical aspect of SEO in this post, but first, let’s discuss why SEO is vital for any organization that does business online.

Continue reading
Try our WhoisXML API for free
Get started