Blog & How To Guides | WhoisXML API

DNS & DNS History Blog

Exploring IoCs and Their DNS Narratives

No matter how stealthy attackers try to be, they almost always leave a trail behind—digital breadcrumbs known as “indicators of compromise (IoCs)” after a cyber attack or an attempted intrusion.

Let's take the Black Basta ransomware attacks as an example. Cybersecurity authorities like the Cybersecurity and Infrastructure Security Agency (CISA) identified hundreds of IoCs associated with this ransomware-as-a-service (RaaS) variant. These IoCs include cyber resources like file hashes, domain names, and IP addresses, and serve as digital footprints pertaining to the attackers’ activities. They provide invaluable clues for cybersecurity professionals, helping them understand what happened and prevent similar attacks in the future.

Importing Premium DNS 365 into ClickHouse

This project aimed to upload data from DNS_Premium_365 dataset to a local ClickHouse database for efficient, optimized and rapid querying capabilities.

Our Full Premium DNS Database Peaks at 116 Billion Records in Q2 2024

We’re thrilled to announce a significant upgrade to one of our market-leading services, Premium DNS Database Download. We’re expanding the coverage of our full database files from 90 to 365 days, giving users access to as many as 116 billion historical DNS records as of Q2 2024.

Premium DNS Database Coverage Increased by 578%

We are thrilled to announce that the coverage of our premium DNS Database Download significantly improved over the past few months. The most recent measurement in 2024 showed that the database’s total number of DNS records increased by 578% compared to May 2023. 

Passive DNS: A Complete Primer

The Domain Name System (DNS) is essential for the operation of the Internet. It enables the assignment of hostnames to IP addresses: the numerical identifiers of network nodes (computers, cell phones, IoT devices, etc.). As for the detailed description of the Domain Name System we refer to our Domain Name System primer white paper. 

Access Our Premium DNS Database with the Largest, Most Unique DNS Coverage in the Market

WhoisXML API recently launched Premium DNS Database, a passive DNS database download variant with expanded coverage that is now expected to be the largest on the market with the highest number of unique fully qualified domain names (FQDNs).

This significant improvement is part of our ongoing efforts to help make the Internet safer and more transparent. With our Premium DNS Database, enterprises can gain an even more comprehensive view of the DNS, where ongoing Internet activities are recorded as they occur at a massive scale.

Demonstrating bulk reverse passive DNS lookup with PowerShell for IT security investigations: the case of the Phorphiex botnet

IP addresses are straightforward input data for IT security investigations: they are technically necessary for nodes of the Internet to communicate. Hence, if they are not deleted in some tricky way after cybercrime has been committed, or they are to be found in any of the logs before the commitment, they help a lot to unfold what has actually happened. 

IBM Xforce exchange is a forum reporting many security incidents that are relevant for those who are in charge of maintaining IT security. In the present blog we shall pick one of their reports and check how we can extend the given information with WhoisXML APIs using PowerShell which comes installed on Windows and can be used on Linux and Mac OS X, too. We assume lower intermediate skills of PowerShell programming to follow the description below. 

WhoisXML API Now Offers 6 Files for its DNS Database Download Service

WhoisXML API made its DNS database download available in six different files, each for different DNS record types. Doing so makes the DNS database files easier to integrate and analyze and enables particular use cases.

The resource records you can download as database files are:

  • A records: An A record directs a domain or subdomain to an IP address. It is possibly the most basic type of DNS record, as all domains should resolve to an IP address to become accessible.
  • Mail exchanger (MX) records: This type of record specifies the mail server where email messages meant for a specific domain are accepted.
  • Nameserver (NS) records: The NS record determines the authoritative DNS server for the domain name.
  • Text (TXT) records: This type of DNS record was initially allotted for human-readable information about a domain that serves as notes for administrators. Its use has, however, evolved to include serial numbers, codes, and server names.
  • Canonical name (CNAME) records: A CNAME allows website administrators to provide aliases to domain names by pointing them to another domain. The domain blog[.]example[.]com, for example, can be given the alias or CNAME example[.]com.
  • Start of Authority (SOA) records: SOA records contain administrative details about a particular domain’s zone. This record helps manage zone transfers and contains the primary nameserver, serial numbers, and timestamps.

This tutorial looks into the six types of DNS databases now available for download.

Get reverse NS (aka passive DNS) records for a list of IPs in Python

Passive DNS introduced by Florian Weimer in 2005 is now a central resource in IP security investigations, security of the operation of the domain name system (DNS), and many more. A Passive DNS database contains observed events whenever an IP resolves to a domain name in a DNS communication. Hence, it is a database independent from the current state as well as the physical infrastructure of the DNS itself. In addition, it contains time information: the date and time when such a resolution was first and last observed; this cannot be found out from the DNS. 

One of the easiest ways to obtain such data is by using WhoisXML API's services. In the present blog, we focus on the reverse lookup: using an IPv4 address we want to reveal the domain names that these IPs belonged to on certain dates. 

DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

Earlier this year, we saw several cyberattacks target European and Middle Eastern governments and other organizations. Their modus operandi? DNS hijacking. The attackers intercepted Internet traffic going to the victimized websites, likely enabling them to obtain unauthorized access to the intended targets’ networks.

That’s just one of the many occasions when organizations fell prey to DNS hijacking attacks. More can succumb to the threat if we’re to consider that 34% more companies in 2019 alone suffered from a DNS attack (not limited to DNS hijacking) compared to 2018, costing each victim an average of almost $1.1 million.

DNS hijacking notably occurs when hackers tamper with the Domain Name System (DNS) to redirect a target website’s visitors to fake login pages designed to capture their passwords and other information they may unknowingly fill in.

But to what extent can DNS hijacking affect organizations with a widespread online presence?

This post aims to answer this question by looking into eBay’s potential domain attack surface and the numerous subdomains that contain its brand aided by passive DNS and publicly accessible data.

Web Hosting Infrastructure and SEO: 3 Factors That Reverse IP Lookup Can Help Improve

Web Hosting Infrastructure and SEO: 3 Factors That Reverse IP Lookup Can Help Improve

Landing on the first page of search engine results is critical for any company operating online, especially given that 75% of Internet users don’t bother to check succeeding pages when querying information. This calls for great SEO, but SEO processes can be tricky as there are multiple parameters to consider. One of these parameters is your web hosting infrastructure, which can become more transparent with a tool such as Reverse IP Lookup.

In particular, Reverse IP Lookup helps users avoid using oversubscribed IP addresses. Oversubscription could affect a website’s standing, speed, and accessibility, three factors that can make or break SEO efforts.

3 Steps in Using Reverse IP/DNS Checks to Create an Attack Profile

3 Steps in Using Reverse IP/DNS Checks to Create an Attack Profile

Knowing the enemy, as they say, is winning half the battle. But in the world of cybersecurity, identifying the enemy can be very difficult sometimes. That said, creating an attack profile to know what type of enemy you could be up against is a good starting point. For all you know, a cyber attacker could be halfway around the world or right next door.

For that reason, organizations should enlist all possible resources to help them create an attack profile. Reverse IP/DNS API, which performs reverse IP/DNS checks, is one resource worth looking into. In a nutshell, the program allows cybersecurity experts to get a list of all domains that share the same IP address. As such, it could help unmask connections between indicators of compromise (IoCs), specifically, IP addresses and domain names.

Make the Most Out of SEO with a Reverse IP Search Tool

Make the Most Out of SEO with a Reverse IP Search Tool

Today, it is no longer enough for organizations to advertise their products and services online. Markets are pretty saturated, and so companies need to put extra effort into making sure they come out on top. In particular, businesses need to drive traffic to their websites, much like brick-and-mortar shop owners convince would-be customers to come through their doors.

One of the most effective ways to do that is by making your company’s domain rank with the help of innovative search engine optimization (SEO) strategies. Apart from just stuffing content with the right keywords for search engines to track, SEO has a technical aspect to it as well, and a reverse IP search tool like Reverse IP/DNS Lookup can help enhance it.

We’ll delve into the more technical aspect of SEO in this post, but first, let’s discuss why SEO is vital for any organization that does business online.

Posted on April 3, 2020

How to Preserve Your Brand Value by Checking the DNS History of Your Domains

Brand trust is the hard currency of any business. In fact, customers cite brand trust as the top reason why they would buy from a retailer, according to a 2018 consumer insights survey. Employees are also most productive when they work for a brand they trust. What’s more, in a climate of trust, companies can forge new partnerships and achieve milestones.

Unfortunately, most organizations overlook a critical element when building trust — brand protection. Despite the heavy emphasis on marketing strategies, it appears that most companies remain unprepared for attacks on their brand. Intellectual property violations and fraud, for instance, can gravely hurt a company’s brand image, reputation, and value. One tool that can help in this area is a DNS database.

Continue reading
Posted on March 18, 2020

How to Use a DNS Archive to Improve Website Traffic, Reputation, and Performance

Infosec professionals are invariably responsible for guaranteeing that their organizations’ websites remain accessible at all times. And so, they should be aware of the consequences of a single website outage. Network downtimes can cost most enterprises between $101,000 and $5,000,000 an hour.

The problem with outages, however, is that they mostly go undetected before they inflict noticeable damage. Customers don’t usually report website issues such as page time-outs unless a purchase was involved. As such, the discovery of these glitches often comes too late since your search engine rankings or conversion rates have already dropped significantly. Worse still, malicious actors may have even taken over your site infrastructure.

So what can be done? Fortunately, these issues are preventable by ensuring that a website’s Domain Name System (DNS) record values are correct with the aid of a DNS archive like Domain Database Download. For that reason, this article lists some possible ways of how a DNS Database can help with following your website maintenance best practices.

Continue reading
Posted on March 4, 2020

DNS Attacks on the Rise: How to Defend Networks with a DNS Record History Resource

As attacks targeting the Domain Name System (DNS) continue to gain traction, they put forth the critical need for DNS security. Traditional solutions are not always adequate to mitigate the risks that DNS threats pose and typically do not guarantee DNS availability and integrity.

A reactive approach to the said threats, which include distributed denial-of-service (DDoS) attacks, can negatively impact organizations. Application downtime and business shutdowns as countermeasures reduce sales and revenue. Efforts to fix DNS security issues take up time and resources, too, which could also lead to even greater financial losses.

In light of these aspects, this post delves into the latest trends in the DNS threat landscape and what they mean to organizations. It also explains why the DNS is a lucrative attack target. But most importantly, it shows why resources like DNS Database Download are important for every company that does business online.

Continue reading
Posted on February 7, 2020

Understanding and Securing Your DNS Records with a DNS History Lookup Resource

The Domain Name System (DNS) is commonly abused because successfully attacking it reaps great rewards for threat actors and cybercriminals. Domain hijacking, for instance, can allow attackers to siphon off personally identifiable information (PII) and confidential corporate data from compromised domains. And since not all security solutions and technologies monitor DNS packets, threat actors can exploit this to infiltrate target networks.

Not all is lost, however, as regularly checking your DNS records for anomalies is an excellent proactive security measure. A DNS history lookup resource such as DNS Database Download can provide you with actionable threat intelligence.

But before we dive in and establish how to go about DNS record protection, let us first discuss the various types of DNS records that need protecting.

Continue reading
Posted on January 30, 2020

How a Reverse IP & Domain Lookup Can Save Organizations from Stale DNS Records

Every website that can be accessed on the Internet comes with an IP address that points to a specific domain name. Each domain-to-IP address mapping is recorded in the Domain Name System (DNS), which makes it possible for users to not have to remember numeric addresses to reach a particular website while still letting DNS resolvers do their matchmaking work. And for this to happen, a DNS record contains many crucial details about a website accessible via the World Wide Web.

Unfortunately, when a website ceases to exist, its owner may forget about its DNS records. These records are what is known as “dangling” or “stale” records, which attackers often abuse as part of their nefarious schemes.

Continue reading
Posted on January 13, 2020

DNS Records and Their History Matter: Beefing Up Your Cybersecurity Posture Using DNS Tools

The global cybersecurity landscape is becoming crowded both with threat actors and security solutions. When it comes to security threats specifically, attacks are becoming more and more sophisticated, and the amount of damage they cause is also increasing. In 2018, hackers stole almost half a billion personal records.

These security breaches were accomplished by using different tactics such as phishing, denial-of-service (DoS), and ransomware attacks, to name a few. And the threat actors successfully carried out these attacks, not because victims don’t use cybersecurity solutions, but because not all systems monitor every type of vulnerabilities — including the ones that have to do with DNS misconfigurations.

The key is for companies to decide which cybersecurity solutions best fit their business model strategically. For organizations that rely mainly on websites and email communications, including Domain Name System (DNS) record checks aided by a DNS database or DNS lookup tool may be their best bet.

Continue reading
Posted on January 9, 2020

Enhancing Packet Filtering via a Reverse IP/Domain Check

Spoofing is a cyber attack method where the adversary impersonates a legitimate user to gain access to a network or device. Once inside the target network, the attacker can then perform large-scale attacks, steal sensitive information, and inject systems connected to the network with malware.

Although there are several types of spoofing, the most common being IP spoofing. This method allows attackers to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks, two of today’s most prevalent cyber attack types. At present, we see 30,000 DoS attacks per day, whereas MitM attacks account for 35% of exploitations that target inadvertent system or software weaknesses.

The statistics may seem overwhelming, but there are strategic processes such as packet filtering that can help organizations avoid these attacks. This post features a reverse IP domain check tool — Reverse IP/DNS API — which makes packet filtering effective across the various implementation systems or technologies an organization uses. But first, let us examine how IP spoofing is used to launch DoS and MitM attacks to understand why it is crucial to detect IP spoofing.

Continue reading
Posted on November 29, 2019

How to Improve Multifactor Authentication with Reverse IP Address Lookup

Nowadays, cybersecurity is becoming increasingly important for both online users and website owners. Cybercrime has extended an arm that reaches almost everyone who accesses the Internet, and people need to adopt full security measures in place to mitigate threats.

While threat identification is essential, prevention has its own perks, and one effective way to prevent threats from entering a network and keeping users safe is by improving multifactor authentication (MFA), notably with Reverse IP API.

Continue reading
Posted on October 11, 2019

Why Tracking Your DNS History Is Important

If you have ever published a blog post and then got so much flack for it you ended up taking it down – and you still think this would make the problem go away, think again. If your readers have your blog on their RSS feed and click on its link, they’ll still be very likely to be able to read a cached version of it.

The same is unfortunately true for domains. Every change a domain goes through is recorded on its historical WHOIS record, made possible by the introduction of passive Domain Name System (DNS) — a means to find out any modification made at some point in time to a specific domain.

As such, any bit of information related to a domain can still be seen via a passive DNS search. And this is the reason why making sure your domain has had no ties to any malicious activity throughout its entire life cycle is important.

Continue reading
Posted on May 17, 2019

5 Ways to Use Reverse IP Lookup Tools to Generate New Clients

There are more than three billion people around the world accessing the internet each day. Many of these internet users are looking for specific products and services. And within this growing pool of internet shoppers are potential customers looking for what you are specifically offering.

How do you tap into this great pool of prospective clients? The trick is in devising ways to market your products and services to the people who are most likely to want or need them. Smart online businesses use server-based web analytics tools that allow them to examine their traffic and identify the buying trends and patterns of their customers. One of the increasingly popular analytics tools is the reverse DNS system.

Continue reading
Posted on April 15, 2019

Using Reverse IP Lookup Tools for B2B Prospecting

In B2B Prospecting, we are always on the lookout for new ways to get more clients. One answer is to use an application to look into your site guest's IP data. Your web site server already has tools that can give you the IP address of any visitor, but be that as it may, for the most part they won't give you much else. Reverse IP API will offer you so much more useful information.

Continue reading
Posted on March 15, 2019

The Most Common Reasons Why a Reverse DNS Lookup is Utilized

Domain network servers direct web traffic to the proper location. When servers are flooded with requests, consumers may be unable to access websites, and if they are, the process is slow. Site slow-downs are particularly problematic for small e-commerce businesses, and here’s when reverse DNS lookup comes in handy. Reverse lookup is one way to mitigate potential server problems. Listed below are a few other ways for small businesses to use reverse DNS lookup.

Continue reading
Posted on January 18, 2019

Different Ways to Turn Your Website Visitors into Known Customers

Building trust with customers is a very important aspect for anyone’s business both now and in the future. By looking at how most of the e-commerce platforms have performed, one has to admit that there is a growing demand for goods online. All of this is mainly due to the current technological advancements that have facilitated the growth rate of online-based businesses. As a result, understanding website visitors is crucial to the success of any organization.

Continue reading
Posted on December 24, 2018

How Reverse DNS Lookup can Help with Reducing Spam

To most, the term "reverse DNS lookup" will probably be unfamiliar. Yet it's a term you'll want to know, particularly if aim to reduce the amount of spam you receive.

Continue reading
Posted on December 2, 2018

Key Differences Between Forward and Reverse DNS Lookup

Forward and reverse DNS are connected, but there are a few key differences that set them apart. While both use DNS servers, forward DNS is used every time you access an email or webpage, while reverse DNS lookup has a more specific purpose and uses.

Continue reading
Posted on November 1, 2018

Why Is Reverse DNS Lookup Useful?

If you work on the web, you may be familiar with Domain Name System lookups. The standard "forward" lookup uses an internet domain name to acquire an Internet Protocol address. Conversely, a reverse DNS lookup uses an IP address to obtain a hostname. Websites and applications may benefit from access to a reverse DNS lookup API which can make it easier to detect whether a site is hosted on the same server as suspicious or dangerous domains.

Continue reading
Posted on October 11, 2018

The Secret World of Reverse IP Lookup Solutions

Cyber-crimes have become a significant threat to modern businesses and individuals. This isn't surprising, considering the increased dependency on technology that societies are experiencing and, realistically, embracing. Money, information, contracts, and sensitive details of personal lives are kept in a virtual storage online. Passwords, banking records, Social Security numbers, and other identifying factors are entered on websites every day. With so much at stake, it's clear that tight cyber-security is essential. As hackers double their efforts to gain access to key information, business owners and individuals must in response pull up their socks to protect that information. The reverse IP lookup is one tool used to detect suspicious sites.

Continue reading
Posted on August 31, 2018

3 Uses of Reverse DNS Lookup

Reverse DNS lookup can be used for several purposes. On an individual level, it can be used to track website activity. Businesses can also use it to track activity and geographical demographics for researching purposes. But before diving in to exactly what can be done with reverse DNS lookup, it is essential to have a full understanding of what it actually means.

Continue reading
Posted on August 14, 2018

The Step-by-Step Process of Reverse DNS Lookup

Understanding reverse DNS lookup is crucial for learning how the internet retrieves domain names from IP addresses and how emails become approved. To understand this process, the first step is to find out how forward DNS works.

Continue reading
Posted on July 30, 2018

Reverse IP Tracking Is Made for B2B Marketing

A business-to-business company needs to market itself like any other business. Using a basic service of mass advertising, it can be difficult for ads to reach the right audience. As technology advances, customer targeting becomes easier. Reverse IP tracking is a technology that offers an easy way for your B2B to identify or target potential leads. By understanding the uses of reverse IP lookup, you can guide your business towards other businesses that may consider using your services.

Continue reading
Posted on June 14, 2018

7 Ways Reverse DNS Lookup Can Improve Your Marketing Campaign

Whether you use social media or email campaigns, effective digital marketing is more than just distributing content. Reverse DNS lookup is one tool which allows you to match any IP address that accesses your content with a domain name system. This provides crucial data about your marketing targets so that you can optimize your campaign.

Continue reading
Posted on May 13, 2018

Malicious Websites Who Share Your IP Address Could be Destroying Your Reputation

Your website could be in danger and your good name might be in jeopardy.


More than likely, your website shares an IP address with dozens, hundreds, and possibly thousands of other websites. Any one of those websites could be operating in a negative fashion that harms your website's integrity because search engines have difficulty distinguishing between the multitudes of websites that share the same IP Address. Therefore, when search engines mark a website as malicious, every other website that shares its IP address suffers as well, leading to devastating consequences.

Continue reading
Try our WhoisXML API for free
Get started