Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages AI Deep Research
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

MCP Server
MCP Server

Talk to our APIs using LLMs. Connect your preferred LLM to WhoisXML API and simply chat about WHOIS, DNS, threat intelligence, and more.

Jake AI
Jake AI

I’m your Domain Intelligence Assistant. I make it easy to explore WHOIS, DNS, and threat data from WhoisXML API — I’m cloud-based, fast, and always ready to help.

Discover what you really pay for when buying commercial Internet intelligence data.

Download now
×
Contact Us
API Lookup Database Blog

IP history lookup is an important query type for in-depth DNS cybersecurity research

WhoisXML API’s DNS history products allow you to map historical IP-to-domain or domain-to-IP connections. Track changes and use historical hosting data for fraud detection, threat actor monitoring, and incident analysis.

Start DNS Chronicle API Trial Contact Sales
50 Billion+Domains and subdomains
116 Billion+DNS records
60%+Cyber 150 in key categories trust us
52,000+Satisfied customers

How historical IP data lookups work

Enter a domain name to to look up associated historical A and AAAA records and uncover a domain’s hosting history. Or enter an IPv4 or IPv6 address to run a reverse IP history lookup and find out which domains have been hosted on a certain IP address over time. Try it now.

WhoisXML API products featuring IP history data

  • DNS Database Download

    DNS Database Download

    Obtain direct access to passive DNS A, AAAA, MX, NS, TXT, CNAME, SOA, and PTR record files from our market-leading database of historical DNS records.

    Explore Database Download
  • DNS Chronicle API

    DNS Chronicle API

    DNS Chronicle API can easily be integrated into existing security platforms, workflows, and other tools requiring passive DNS intelligence.

    Explore API
  • DNS Chronicle Lookup

    DNS Chronicle Lookup

    Easily retrieve the historical DNS A and AAAA records of any domain by typing it into our GUI.

    Explore Lookup

Practical usage

  • Trace domain transfers

    See when domains have changed hosts and trace their historical activity.

  • Investigate suspicious domains

    Find out the IP addresses historically associated with a domain to analyze them for previous suspicious activity.

  • Uncover threat actor infrastructure

    Identify IP addresses historically linked to a known malicious domain or additional domain names that have at some point been hosted on a given IP address.

  • Monitor threat actors

    Stay alerted to DNS resolutions associated with known threat actors, and uncover patterns or anomalies that could indicate malicious activity.

DNS Database | WhoisXML API

Ready to start using historical IP address data?

Contact Us

Frequently Asked Questions

What is an IP history lookup?

A historical IP lookup is a process that allows you to see the hosting history of a domain — the list of IP addresses it has been associated with over time. An IP history lookup shows you how a domain migrated between hosts and gives you more context about its historical associations.

It is similar to a real-time DNS lookup, but it relies on historical DNS data instead, offering multiple historical records with different timestamps.

What is a reverse IP history lookup?

A reverse IP history lookup is a process that allows you to see the historical domain names that have been associated with a specific IP address over time. This means you can track which websites were previously hosted on a given web server, even if they have since moved to a different IP.

Performing a reverse IP history lookup can uncover patterns that may indicate suspicious activity, domain migrations, or shared hosting environments. A reverse IP history lookup is similar to a real-time reverse IP lookup, but it relies on historical DNS data instead. This means it provides multiple records instead of just one current record.

How is IP history collected?

IP history is part of DNS history that is collected using passive DNS sensors. The DNS system has no memory, so it only keeps the current domain to IP associations. The sensors collect this data over a long period of time, tracking changes and adding timestamps to them. We use our own passive DNS sensors and work together with DNS data aggregation partners to keep track of these changes. For more information on how passive DNS works, check out our Passive DNS Primer.

How to lookup connected domains with IP history?

To uncover domains connected to a given domain, you can run an IP history lookup, finding IP addresses associated with this domain over time. Then, run a reverse historic IP lookup for each of these IP addresses, uncovering other domains that have been hosted on these IP addresses. These domains are likely to be connected to the given domain.

Note that being hosted on the same IP doesn’t guarantee that domains are indeed associated, as they might be using shared hosting.

How far into the past does IP history go?

WhoisXML API provides years of historical IP-to-domain records thanks to a vast database of historical DNS data. For domains that are only a few years old, you’ll likely see their entire IP history.

Why do IP history records show me multiple IP addresses associated with one domain at the same time?

A domain can have multiple associated IP addresses for load balancing, geographical distribution, or failover. If it uses a content delivery network (CDN) like Cloudflare or employs other load balancing techniques, the historical IP records will show multiple IP addresses associated with the domain at the same time. These correspond to the different servers delivering the content for the website.

For example, below you can see the result of a historical IP lookup for example.com. The records for October 4, 2019, show many different IP addresses associated with it.

Can I see other historical records other than A and AAAA?

Yes, you can. IP history is a feature of our DNS history products, which also provide historical MX, NS, TXT, CNAME, SOA, and PTR records. However, to see these, you’ll need to use the DNS Database Download. The lookup tool and the DNS Chronicle API currently only provide historical IP-to-domain and domain-to-IP data.

Trusted by
the smartest
companies

You may be interested

Reverse DNS
Reverse DNS

Give the list of domain names tied to the specified DNS records via API calls with outputs in JSON and XML.

Learn more
MAC Address Vendor Database
MAC Address Vendor Database

Get the most comprehensive database of registered MAC address blocks, also referred to as OUIs (Organizationally Unique Identifiers).

Learn more
Real-time SSL Certificates Streaming
Real-time SSL Certificates Streaming

Get data feeds of SSL certificates along with their well parsed fields in real time. Accurate. Up-to-date.

Learn more
Reverse WHOIS
Reverse WHOIS

Find connections between various domains, individuals and organizations.

Learn more
Threat Intelligence API
Threat Intelligence API

Easily identify malicious resources and retrieve their threat information.

Learn more
Domain Availability
Domain Availability

The most accurate domain availability checker offered on the market.

Learn more
Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Get the most relevant data to be ahead of emerging security threats.

Learn more
SSL Certificates Database
SSL Certificates Database

Get the most comprehensive database of SSL (Secure Sockets Layer) Certificates.

Learn more
WHOIS Database Download
WHOIS Database Download

We provide complete and relevant domain WHOIS data which can be customized and easily integrated as per your business needs.

Learn more
Reverse IP
Reverse IP

Find relations like ownership between hostnames and IPs.

Learn more
Newly Registered Domains
Newly Registered Domains

Keep track of the best business opportunities online.

Learn more
Typosquatting Data Feed
Typosquatting Data Feed

Easily detect all typosquatting domain names as soon as they are registered each day.

Learn more
IP Geolocation
IP Geolocation

Find out the exact physical location of any IP address, email or domain name.

Learn more
Website Categorization
Website Categorization

Define website category of the given domain.

Learn more
Reverse MX
Reverse MX

Reveal all the domains that use the same mail server.

Learn more
Domain Reputation API
Domain Reputation API

Assess the domain's or IP addresses reputation and risk profile with a simple score based on a comprehensive...

Learn more
WHOIS Search
WHOIS Search

Get well-parsed and normalized WHOIS information for any domain name, IP address or email.

Learn more
Brand Alert
Brand Alert

Monitor exact matches, variations and common misspellings of your brand name & trademarks.

Learn more
Domain Registration Streaming
Domain Registration Streaming

Get data feeds of new registered domains along with their WHOIS data generated in real time.

Learn more
Newly Created Websites Data Feed
Newly Created Websites Data Feed

Get insights for the new business registered on the web.

Learn more
Domain Research Suite
Domain Research Suite

Enhance your domain research toolkit by our enterprise-grade web-based solution that helps you in searching...

Learn more
IP Netblocks
IP Netblocks

Find out which IP range the particular IP belongs to.

Learn more
Email Verification
Email Verification

Ensure the validity and quality of any email address.

Learn more
Subdomains Lookup
Subdomains Lookup

Discover subdomains related to the target domain name.

Learn more
Registrant Alert
Registrant Alert

Find out which domains were added or dropped by registrants, with given search criteria.

Learn more
SSL Certificates API
SSL Certificates API

Check a domain’s SSL certificate chain via API calls.

Learn more
DNS Lookup Services
DNS Lookup Services

Identify who is hosting a particular domain name or website.

Learn more
Domains & Subdomains Discovery API
Domains & Subdomains Discovery API

Find domains and subdomains related by specific terms in their hostnames.

Learn more
MAC Address API
MAC Address API

Get vendor information, detect virtual machines, manufacturer, location, read the information encoded in the MAC address.

Learn more
Reverse NS
Reverse NS

Find all domains that use the same name server.

Learn more
Screenshot Service
Screenshot Service

Instantly get a screenshot of any web page.

Learn more