Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
We are thrilled to announce that several of our APIs have been upgraded to include new data points, namely, wildcard and active. In particular, both fields are now optional output parameters for Reverse IP API, Reverse DNS API, Reverse MX API, and Reverse NS API. Our newly launched DNS Chronicle API, meanwhile, has a wildcard field as part of its default output format.
With the new wildcard field, WhoisXML API users can now:
This document outlines the setup of a PostgreSQL database on Ubuntu Linux to efficiently manage and query WHOISXMLAPI’s Premium DNS database. Designed to store and analyze billions of DNS records, this database will handle large-scale data ingestion, facilitate rapid data retrieval, and support extensive analytical operations. PostgreSQL's robust performance, scalability, and support for advanced indexing make it ideal for managing DNS data, while its compatibility with open-source tools provides a flexible environment for future scaling and data processing.
Apache Cassandra is a highly scalable, distributed NoSQL database designed for handling massive volumes of data across many commodity servers without a single point of failure. Its decentralized nature and robust architecture make it particularly well-suited for applications that require high availability, fault tolerance, and horizontal scalability. Cassandra is engineered to handle very large datasets, supporting billions of records with ease, making it an ideal choice for organizations dealing with large-scale, real-time applications such as time-series data, IoT data, and customer logs. Through its use of a partitioned architecture and the ability to add nodes seamlessly as data grows, Cassandra offers an efficient means of managing big data with low latency and high throughput.
We are excited to announce that the Standard and Premium DNS Database files from DNS Database Download are now enriched with two new columns, namely, wildcard and active. These additions allow you to determine if a DNS record is part of a wildcard entry and check if a domain name or subdomain is active based on its most recent resolution status.
We are excited to introduce DNS Chronicle API, the latest addition to our passive DNS offerings. This API release enables use cases such as proactive threat detection and attack surface discovery by providing visibility into the complete DNS history of a domain or an IP address.
With DNS Chronicle API, users can perform two types of passive DNS queries, namely:
Forward search: Using any FQDN as a search string, users can retrieve its historical A and AAAA records.
Reverse search: Users can obtain a list of all the FQDNs associated with a given IP address.
Name servers (NSs) play a crucial role in how the Internet works, directing traffic to the correct destinations. Specifically, NS records tell recursive resolver servers which authoritative NS is responsible for a specific domain name. The resolver would then contact the authoritative NS to obtain the domain's corresponding IP address.
While having a small number of entities control a large portion of the DNS can increase efficiency, it could also result in choke points, where a single disruption could significantly impact a large portion of Internet traffic.
No matter how stealthy attackers try to be, they almost always leave a trail behind—digital breadcrumbs known as “indicators of compromise (IoCs)” after a cyber attack or an attempted intrusion.
Let's take the Black Basta ransomware attacks as an example. Cybersecurity authorities like the Cybersecurity and Infrastructure Security Agency (CISA) identified hundreds of IoCs associated with this ransomware-as-a-service (RaaS) variant. These IoCs include cyber resources like file hashes, domain names, and IP addresses, and serve as digital footprints pertaining to the attackers’ activities. They provide invaluable clues for cybersecurity professionals, helping them understand what happened and prevent similar attacks in the future.
Email remains a vital part of modern communication, with 347.3 billion emails sent and received daily worldwide in 2023. For each email to reach its intended recipient, mail exchange (MX) records direct it to the correct mail server.
While individual email users can create their own mail servers, most people use email services from established email service providers (ESPs) to avoid the complexity of running their own servers. These services typically provide storage, security features, and user-friendly interfaces, all without burdening users with maintenance.
This project aimed to upload data from DNS_Premium_365 dataset to a local ClickHouse database for efficient, optimized and rapid querying capabilities.
We’re thrilled to announce a significant upgrade to one of our market-leading services, Premium DNS Database Download. We’re expanding the coverage of our full database files from 90 to 365 days, giving users access to as many as 116 billion historical DNS records as of Q2 2024.
We are thrilled to announce that the coverage of our premium DNS Database Download significantly improved over the past few months. The most recent measurement in 2024 showed that the database’s total number of DNS records increased by 578% compared to May 2023.
The Domain Name System (DNS) is essential for the operation of the Internet. It enables the assignment of hostnames to IP addresses: the numerical identifiers of network nodes (computers, cell phones, IoT devices, etc.). As for the detailed description of the Domain Name System we refer to our Domain Name System primer white paper.
WhoisXML API recently launched Premium DNS Database, a passive DNS database download variant with expanded coverage that is now expected to be the largest on the market with the highest number of unique fully qualified domain names (FQDNs).
This significant improvement is part of our ongoing efforts to help make the Internet safer and more transparent. With our Premium DNS Database, enterprises can gain an even more comprehensive view of the DNS, where ongoing Internet activities are recorded as they occur at a massive scale.
IP addresses are straightforward input data for IT security investigations: they are technically necessary for nodes of the Internet to communicate. Hence, if they are not deleted in some tricky way after cybercrime has been committed, or they are to be found in any of the logs before the commitment, they help a lot to unfold what has actually happened.
IBM Xforce exchange is a forum reporting many security incidents that are relevant for those who are in charge of maintaining IT security. In the present blog we shall pick one of their reports and check how we can extend the given information with WhoisXML APIs using PowerShell which comes installed on Windows and can be used on Linux and Mac OS X, too. We assume lower intermediate skills of PowerShell programming to follow the description below.
WhoisXML API made its DNS database download available in six different files, each for different DNS record types. Doing so makes the DNS database files easier to integrate and analyze and enables particular use cases.
The resource records you can download as database files are:
A records: An A record directs a domain or subdomain to an IP address. It is possibly the most basic type of DNS record, as all domains should resolve to an IP address to become accessible.
Mail exchanger (MX) records: This type of record specifies the mail server where email messages meant for a specific domain are accepted.
Nameserver (NS) records: The NS record determines the authoritative DNS server for the domain name.
Text (TXT) records: This type of DNS record was initially allotted for human-readable information about a domain that serves as notes for administrators. Its use has, however, evolved to include serial numbers, codes, and server names.
Canonical name (CNAME) records: A CNAME allows website administrators to provide aliases to domain names by pointing them to another domain. The domain blog[.]example[.]com, for example, can be given the alias or CNAME example[.]com.
Start of Authority (SOA) records: SOA records contain administrative details about a particular domain’s zone. This record helps manage zone transfers and contains the primary nameserver, serial numbers, and timestamps.
This tutorial looks into the six types of DNS databases now available for download.
Passive DNS introduced by Florian Weimer in 2005 is now a central resource in IP security investigations, security of the operation of the domain name system (DNS), and many more. A Passive DNS database contains observed events whenever an IP resolves to a domain name in a DNS communication. Hence, it is a database independent from the current state as well as the physical infrastructure of the DNS itself. In addition, it contains time information: the date and time when such a resolution was first and last observed; this cannot be found out from the DNS.
One of the easiest ways to obtain such data is by using WhoisXML API's services. In the present blog, we focus on the reverse lookup: using an IPv4 address we want to reveal the domain names that these IPs belonged to on certain dates.
Earlier this year, we saw several cyberattacks target European and Middle Eastern governments and other organizations. Their modus operandi? DNS hijacking. The attackers intercepted Internet traffic going to the victimized websites, likely enabling them to obtain unauthorized access to the intended targets’ networks.
That’s just one of the many occasions when organizations fell prey to DNS hijacking attacks. More can succumb to the threat if we’re to consider that 34% more companies in 2019 alone suffered from a DNS attack (not limited to DNS hijacking) compared to 2018, costing each victim an average of almost $1.1 million.
DNS hijacking notably occurs when hackers tamper with the Domain Name System (DNS) to redirect a target website’s visitors to fake login pages designed to capture their passwords and other information they may unknowingly fill in.
But to what extent can DNS hijacking affect organizations with a widespread online presence?
This post aims to answer this question by looking into eBay’s potential domain attack surface and the numerous subdomains that contain its brand aided by passive DNS and publicly accessible data.
Landing on the first page of search engine results is critical for any company operating online, especially given that 75% of Internet users don’t bother to check succeeding pages when querying information. This calls for great SEO, but SEO processes can be tricky as there are multiple parameters to consider. One of these parameters is your web hosting infrastructure, which can become more transparent with a tool such as Reverse IP Lookup.
In particular, Reverse IP Lookup helps users avoid using oversubscribed IP addresses. Oversubscription could affect a website’s standing, speed, and accessibility, three factors that can make or break SEO efforts.
Knowing the enemy, as they say, is winning half the battle. But in the world of cybersecurity, identifying the enemy can be very difficult sometimes. That said, creating an attack profile to know what type of enemy you could be up against is a good starting point. For all you know, a cyber attacker could be halfway around the world or right next door.
For that reason, organizations should enlist all possible resources to help them create an attack profile. Reverse IP/DNS API, which performs reverse IP/DNS checks, is one resource worth looking into. In a nutshell, the program allows cybersecurity experts to get a list of all domains that share the same IP address. As such, it could help unmask connections between indicators of compromise (IoCs), specifically, IP addresses and domain names.
Today, it is no longer enough for organizations to advertise their products and services online. Markets are pretty saturated, and so companies need to put extra effort into making sure they come out on top. In particular, businesses need to drive traffic to their websites, much like brick-and-mortar shop owners convince would-be customers to come through their doors.
One of the most effective ways to do that is by making your company’s domain rank with the help of innovative search engine optimization (SEO) strategies. Apart from just stuffing content with the right keywords for search engines to track, SEO has a technical aspect to it as well, and a reverse IP search tool like Reverse IP/DNS Lookup can help enhance it.
We’ll delve into the more technical aspect of SEO in this post, but first, let’s discuss why SEO is vital for any organization that does business online.
How to Preserve Your Brand Value by Checking the DNS History of Your Domains
Brand trust is the hard currency of any business. In fact, customers cite brand trust as the top reason why they
would buy from a retailer, according to a 2018 consumer insights survey. Employees are also most productive when
they work for a brand they trust. What’s more, in a climate of trust, companies can forge new partnerships and
achieve milestones.
Unfortunately, most organizations overlook a critical element when building trust — brand protection. Despite the
heavy emphasis on marketing strategies, it appears that most companies remain unprepared for attacks on their
brand. Intellectual property violations and fraud, for instance, can gravely hurt a company’s brand image,
reputation, and value. One tool that can help in this area is a DNS database.
How to Use a DNS Archive to Improve Website Traffic, Reputation, and Performance
Infosec professionals are invariably responsible for guaranteeing that their organizations’ websites remain
accessible at all times. And so, they should be aware of the consequences of a single website outage. Network
downtimes can cost most enterprises between $101,000 and $5,000,000 an hour.
The problem with outages, however, is that they mostly go undetected before they inflict noticeable damage. Customers
don’t usually report website issues such as page time-outs unless a purchase was involved. As such, the discovery of
these glitches often comes too late since your search engine rankings or conversion rates have already dropped
significantly. Worse still, malicious actors may have even taken over your site infrastructure.
So what can be done? Fortunately, these issues are preventable by ensuring that a website’s Domain Name System (DNS)
record values are correct with the aid of a DNS archive like Domain Database Download. For that reason, this article
lists some possible ways of how a DNS Database can help with following your website maintenance best practices.
DNS Attacks on the Rise: How to Defend Networks with a DNS Record History Resource
As attacks targeting the Domain Name System (DNS) continue to gain traction, they put forth the critical need for
DNS security. Traditional solutions are not always adequate to mitigate the risks that DNS threats pose and
typically do not guarantee DNS availability and integrity.
A reactive approach to the said threats, which include distributed denial-of-service (DDoS) attacks, can
negatively impact organizations. Application downtime and business shutdowns as countermeasures reduce sales and
revenue. Efforts to fix DNS security issues take up time and resources, too, which could also lead to even
greater financial losses.
In light of these aspects, this post delves into the latest trends in the DNS threat landscape and what they mean
to organizations. It also explains why the DNS is a lucrative attack target. But most importantly, it shows why
resources like DNS Database Download are important for every company that does business online.
Understanding and Securing Your DNS Records with a DNS History Lookup Resource
The Domain Name System (DNS) is commonly abused because successfully attacking it reaps great rewards for threat
actors and cybercriminals. Domain hijacking, for instance, can allow attackers to siphon off personally
identifiable information (PII) and confidential corporate data from compromised domains. And since not all
security solutions and technologies monitor DNS packets, threat actors can exploit this to infiltrate target
networks.
Not all is lost, however, as regularly checking your DNS records for anomalies is an excellent proactive security
measure. A DNS history lookup resource such as DNS Database Download can provide you with actionable threat
intelligence.
But before we dive in and establish how to go about DNS record protection, let us first discuss the various types
of DNS records that need protecting.
How a Reverse IP & Domain Lookup Can Save Organizations from Stale DNS Records
Every website that can be accessed on the Internet comes with an IP address that points to a specific domain
name. Each domain-to-IP address mapping is recorded in the Domain Name System (DNS), which makes it possible for
users to not have to remember numeric addresses to reach a particular website while still letting DNS resolvers
do their matchmaking work. And for this to happen, a DNS record contains many crucial details about a website
accessible via the World Wide Web.
Unfortunately, when a website ceases to exist, its owner may forget about its DNS records. These records are what
is known as “dangling” or “stale” records, which attackers often abuse as part of their nefarious schemes.
DNS Records and Their History Matter: Beefing Up Your Cybersecurity Posture Using DNS Tools
The global cybersecurity landscape is becoming crowded both with threat actors and security
solutions. When it comes to security threats specifically, attacks are becoming more and more
sophisticated, and the amount of damage they cause is also increasing. In 2018, hackers stole almost
half a billion personal records.
These security breaches were accomplished by using different tactics such as phishing,
denial-of-service (DoS), and ransomware attacks, to name a few. And the threat actors successfully
carried out these attacks, not because victims don’t use cybersecurity solutions, but because not
all systems monitor every type of vulnerabilities — including the ones that have to do with DNS
misconfigurations.
The key is for companies to decide which cybersecurity solutions best fit their business model
strategically. For organizations that rely mainly on websites and email communications, including
Domain Name System (DNS) record checks aided by a DNS database or DNS lookup tool may be their best
bet.
Enhancing Packet Filtering via a Reverse IP/Domain Check
Spoofing is a cyber attack method where the adversary impersonates a legitimate user to gain access
to a network or device. Once inside the target network, the attacker can then perform large-scale
attacks, steal sensitive information, and inject systems connected to the network with malware.
Although there are several types of spoofing, the most common being IP spoofing. This method allows
attackers to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks, two of today’s
most prevalent cyber attack types. At present, we see 30,000 DoS attacks per day, whereas MitM
attacks account for 35% of exploitations that target inadvertent system or software weaknesses.
The statistics may seem overwhelming, but there are strategic processes such as packet filtering that
can help organizations avoid these attacks. This post features a reverse IP domain check tool —
Reverse IP API — which makes packet filtering effective across the various implementation
systems or technologies an organization uses. But first, let us examine how IP spoofing is used to
launch DoS and MitM attacks to understand why it is crucial to detect IP spoofing.
How to Improve Multifactor Authentication with Reverse IP Address Lookup
Nowadays, cybersecurity is becoming increasingly important for both online users and website owners.
Cybercrime has extended an arm that reaches almost everyone who accesses the Internet, and people
need to adopt full security measures in place to mitigate threats.
While threat identification is essential, prevention has its own perks, and one effective way to
prevent threats from entering a network and keeping users safe is by improving multifactor
authentication (MFA), notably with Reverse IP API.
If you have ever published a blog post and then got so much flack for it you ended up taking it down
– and you still think this would make the problem go away, think again. If your readers have your
blog on their RSS feed and click on its link, they’ll still be very likely to be able to read a
cached version of it.
The same is unfortunately true for domains. Every change a domain goes through is recorded on its
historical WHOIS record, made possible by the introduction of passive Domain Name System (DNS) — a
means to find out any modification made at some point in time to a specific domain.
As such, any bit of information related to a domain can still be seen via a passive DNS search. And
this is the reason why making sure your domain has had no ties to any malicious activity throughout
its entire life cycle is important.
5 Ways to Use Reverse IP Lookup Tools to Generate New Clients
There are more than three billion people around the world accessing the internet each day. Many of
these internet users are looking for specific products and services. And within this growing pool of
internet shoppers are potential customers looking for what you are specifically offering.
How do you tap into this great pool of prospective clients? The trick is in devising ways to market
your products and services to the people who are most likely to want or need them. Smart online
businesses use server-based web analytics tools that allow them to examine their traffic and
identify the buying trends and patterns of their customers. One of the increasingly popular
analytics tools is the reverse DNS system.
In B2B Prospecting, we are always on the lookout for new ways to get more clients. One answer is to
use an application to look into your site guest's IP data. Your web site server already has tools
that can give you the IP address of any visitor, but be that as it may, for the most part they won't
give you much else. Reverse IP API will offer you so much more useful information.
The Most Common Reasons Why a Reverse DNS Lookup is Utilized
Domain network servers direct web traffic to the proper location. When servers are flooded with
requests, consumers may be unable to access websites, and if they are, the process is slow. Site
slow-downs are particularly problematic for small e-commerce businesses, and here’s when reverse DNS
lookup comes in handy. Reverse lookup is one way to mitigate potential server problems. Listed below
are a few other ways for small businesses to use reverse DNS lookup.
Different Ways to Turn Your Website Visitors into Known Customers
Building trust with customers is a very important aspect for anyone’s business
both now and in the future. By looking at how most of the e-commerce platforms have performed, one
has to admit that there is a growing demand for goods online. All of this is mainly due to the
current technological advancements that have facilitated the growth rate of online-based businesses.
As a result, understanding website visitors is crucial to the success of any organization.
How Reverse DNS Lookup can Help with Reducing Spam
To most, the term "reverse DNS lookup" will probably be unfamiliar. Yet it's a
term you'll want to know, particularly if aim to reduce the amount of spam you receive.
Key Differences Between Forward and Reverse DNS Lookup
Forward and reverse DNS are connected, but there are a few key differences that set them apart. While
both use DNS servers, forward DNS is used every time you access an email or webpage, while reverse
DNS lookup has a more specific purpose and uses.
If you work on the web, you may be familiar with Domain Name System lookups. The standard "forward"
lookup uses an internet domain name to acquire an Internet Protocol address. Conversely, a reverse
DNS lookup uses an IP address to obtain a hostname. Websites and applications may benefit from
access to a reverse DNS lookup API which can make it easier to detect whether a site is hosted on
the same server as suspicious or dangerous domains.
Cyber-crimes have become a significant threat to modern businesses and
individuals. This isn't surprising, considering the increased dependency on technology that
societies are experiencing and, realistically, embracing. Money, information, contracts, and
sensitive details of personal lives are kept in a virtual storage online. Passwords, banking
records, Social Security numbers, and other identifying factors are entered on websites every day.
With so much at stake, it's clear that tight cyber-security is essential. As hackers double their
efforts to gain access to key information, business owners and individuals must in response pull up
their socks to protect that information. The reverse IP lookup is one tool used to detect suspicious sites.
Reverse DNS lookup can be used for several purposes. On an individual level, it
can be used to track website activity. Businesses can also use it to track activity and geographical
demographics for researching purposes. But before diving in to exactly what can be done with reverse
DNS lookup, it is essential to have a full understanding of what it actually means.
Understanding reverse DNS lookup is
crucial for learning how the internet retrieves domain names from IP addresses and how emails become
approved. To understand this process, the first step is to find out how forward DNS works.
A business-to-business company needs to market itself like any other business.
Using a basic service of mass advertising, it can be difficult for ads to reach the right audience.
As technology advances, customer targeting becomes easier. Reverse IP tracking is a technology that
offers an easy way for your B2B to identify or target potential leads. By understanding the uses of
reverse IP lookup, you can guide your business
towards other businesses that may consider using your
services.
7 Ways Reverse DNS Lookup Can Improve Your Marketing Campaign
Whether you use social media or email campaigns, effective digital marketing is
more than just
distributing content. Reverse DNS lookup is one tool which allows you to match any IP address that
accesses your content with a domain name system. This provides crucial data about your marketing
targets so that you can optimize your campaign.
Malicious Websites Who Share Your IP Address Could be Destroying Your Reputation
Your website could be in danger and your good name might be in jeopardy.
How?
More than likely, your website shares an IP address with dozens, hundreds, and
possibly thousands of other websites. Any one of those websites could be operating in a negative
fashion that harms your website's integrity because search engines have difficulty distinguishing between
the multitudes of websites that share the same IP Address. Therefore, when search engines mark a website
as malicious, every other website that shares its IP address suffers as well, leading to devastating
consequences.
