Product Blog

Posted on May 26, 2023

Access Our Premium DNS Database with the Largest, Most Unique DNS Coverage in the Market

WhoisXML API recently launched Premium DNS Database, a passive DNS database download variant with expanded coverage that is now expected to be the largest on the market with the highest number of unique fully qualified domain names (FQDNs).

This significant improvement is part of our ongoing efforts to help make the Internet safer and more transparent. With our Premium DNS Database, enterprises can gain an even more comprehensive view of the DNS, where ongoing Internet activities are recorded as they occur at a massive scale.

Posted on August 25, 2021

Demonstrating bulk reverse passive DNS lookup with PowerShell for IT security investigations: the case of the Phorphiex botnet

IP addresses are straightforward input data for IT security investigations: they are technically necessary for nodes of the Internet to communicate. Hence, if they are not deleted in some tricky way after cybercrime has been committed, or they are to be found in any of the logs before the commitment, they help a lot to unfold what has actually happened.

IBM Xforce exchange is a forum reporting many security incidents that are relevant for those who are in charge of maintaining IT security. In the present blog we shall pick one of their reports and check how we can extend the given information with WhoisXML APIs using PowerShell which comes installed on Windows and can be used on Linux and Mac OS X, too. We assume lower intermediate skills of PowerShell programming to follow the description below.

Posted on July 2, 2021

WhoisXML API Now Offers 6 Files for its DNS Database Download Service

WhoisXML API made its DNS database download available in six different files, each for different DNS record types. Doing so makes the DNS database files easier to integrate and analyze and enables particular use cases.

The resource records you can download as database files are:

A records: An A record directs a domain or subdomain to an IP address. It is possibly the most basic type of DNS record, as all domains should resolve to an IP address to become accessible.

Mail exchanger (MX) records: This type of record specifies the mail server where email messages meant for a specific domain are accepted.

Nameserver (NS) records: The NS record determines the authoritative DNS server for the domain name.

Text (TXT) records: This type of DNS record was initially allotted for human-readable information about a domain that serves as notes for administrators. Its use has, however, evolved to include serial numbers, codes, and server names.

Canonical name (CNAME) records: A CNAME allows website administrators to provide aliases to domain names by pointing them to another domain. The domain blog[.]example[.]com, for example, can be given the alias or CNAME example[.]com.

Start of Authority (SOA) records: SOA records contain administrative details about a particular domain’s zone. This record helps manage zone transfers and contains the primary nameserver, serial numbers, and timestamps.

This tutorial looks into the six types of DNS databases now available for download.

Posted on June 30, 2021

Get reverse NS (aka passive DNS) records for a list of IPs in Python

Passive DNS introduced by Florian Weimer in 2005 is now a central resource in IP security investigations, security of the operation of the domain name system (DNS), and many more. A Passive DNS database contains observed events whenever an IP resolves to a domain name in a DNS communication. Hence, it is a database independent from the current state as well as the physical infrastructure of the DNS itself. In addition, it contains time information: the date and time when such a resolution was first and last observed; this cannot be found out from the DNS.

One of the easiest ways to obtain such data is by using WhoisXML API’s services. In the present blog, we focus on the reverse lookup: using an IPv4 address we want to reveal the domain names that these IPs belonged to on certain dates.

Posted on December 2, 2020

DNS Hijacking Prevention: How to Detect Suspicious Subdomains with Passive DNS

Earlier this year, we saw several cyberattacks target European and Middle Eastern governments and other organizations. Their modus operandi? DNS hijacking. The attackers intercepted Internet traffic going to the victimized websites, likely enabling them to obtain unauthorized access to the intended targets’ networks.

That’s just one of the many occasions when organizations fell prey to DNS hijacking attacks. More can succumb to the threat if we’re to consider that 34% more companies in 2019 alone suffered from a DNS attack (not limited to DNS hijacking) compared to 2018, costing each victim an average of almost $1.1 million.

DNS hijacking notably occurs when hackers tamper with the Domain Name System (DNS) to redirect a target website’s visitors to fake login pages designed to capture their passwords and other information they may unknowingly fill in.

But to what extent can DNS hijacking affect organizations with a widespread online presence?

This post aims to answer this question by looking into eBay’s potential domain attack surface and the numerous subdomains that contain its brand aided by passive DNS and publicly accessible data.

Posted on June 9, 2020

Web Hosting Infrastructure and SEO: 3 Factors That Reverse IP Lookup Can Help Improve

Landing on the first page of search engine results is critical for any company operating online, especially given that 75% of Internet users don’t bother to check succeeding pages when querying information. This calls for great SEO, but SEO processes can be tricky as there are multiple parameters to consider. One of these parameters is your web hosting infrastructure, which can become more transparent with a tool such as Reverse IP Lookup.

In particular, Reverse IP Lookup helps users avoid using oversubscribed IP addresses. Oversubscription could affect a website’s standing, speed, and accessibility, three factors that can make or break SEO efforts.

Posted on May 22, 2020

3 Steps in Using Reverse IP/DNS Checks to Create an Attack Profile

Knowing the enemy, as they say, is winning half the battle. But in the world of cybersecurity, identifying the enemy can be very difficult sometimes. That said, creating an attack profile to know what type of enemy you could be up against is a good starting point. For all you know, a cyber attacker could be halfway around the world or right next door.

For that reason, organizations should enlist all possible resources to help them create an attack profile. Reverse IP/DNS API, which performs reverse IP/DNS checks, is one resource worth looking into. In a nutshell, the program allows cybersecurity experts to get a list of all domains that share the same IP address. As such, it could help unmask connections between indicators of compromise (IoCs), specifically, IP addresses and domain names.

Posted on May 8, 2020

Make the Most Out of SEO with a Reverse IP Search Tool

Today, it is no longer enough for organizations to advertise their products and services online. Markets are pretty saturated, and so companies need to put extra effort into making sure they come out on top. In particular, businesses need to drive traffic to their websites, much like brick-and-mortar shop owners convince would-be customers to come through their doors.

One of the most effective ways to do that is by making your company’s domain rank with the help of innovative search engine optimization (SEO) strategies. Apart from just stuffing content with the right keywords for search engines to track, SEO has a technical aspect to it as well, and a reverse IP search tool like Reverse IP/DNS Lookup can help enhance it.

We’ll delve into the more technical aspect of SEO in this post, but first, let’s discuss why SEO is vital for any organization that does business online.

Try our WhoisXML API for free

Have questions?