Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Access our web-based solution to dig into and monitor all domain events of interest.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.
Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.
Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.
Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.
Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.
Learn MoreExplore DNS record history to identify domain changes, infrastructure evolution, and potential threats with our consumption models—Lookup, API, and Database Download.
Contact Sales500 free API requests. No credit card required.
Obtain direct access to passive DNS A, AAAA, MX, NS, TXT, CNAME, SOA, and PTR record files from our market-leading database of historical DNS records.
Explore Database DownloadDNS Chronicle API can easily be integrated into existing security platforms, workflows, and other tools requiring passive DNS intelligence.
Explore APIEasily retrieve the historical DNS A and AAAA records of any domain by typing it into our GUI.
Explore LookupOur historical DNS record database is one of the largest of its kind, with billions of recorded events, allowing you to dive deep into web properties’ DNS history and connections.
Our DNS Database Download is available via CSV files. Our DNS Chronicle API is also designed for easy integration and supports popular programming languages and platforms.
Choose the best consumption model for you—lookup, API, or database download—to fit your unique requirements.
Keep asset inventory current by uncovering connected or hidden domains and subdomains used for specific web applications and services.
Identify unusual DNS resolution patterns that may indicate botnet activity or compromised infrastructures used to host or distribute malware.
Stay alerted to DNS resolutions associated with known threat actors, and uncover patterns or anomalies that could indicate malicious activity.
Monitor DNS record changes to detect domain hijacking attempts and assess how associated domains could affect brand reputation.
Use DNS data to trace domain configuration changes, identify connected infrastructure, and detect suspicious activities linked to vendors and other third parties.
Spot fraudulent behaviors by analyzing DNS patterns, domain ownership changes, and previous associations with malicious servers.
“After thorough testing, we were thrilled to find that Premium DNS 365 consistently identified 10 times more 'active' subdomains compared to other options in the market.”
“We want to provide all Cyberscape users the ability to integrate relevant data for their cyber threat investigations. WhoisXML API provides unique data that will be helpful to the cyber threat investigation community, allowing analysts to shorten the cycle of understanding and mitigating threats.”
“WhoisXML API’s passive DNS database, even the lite version for academic purposes, has much better subdomain data coverage compared with other commercial and free databases.”
“WhoisXML was the game changer for us. It has revolutionized our ability to disrupt cybercrime in process and at scale by quickly identifying all of the vendors providing material support for scammers using sophisticated website templates that look legitimate. By quickly identifying the vendors unknowingly supporting the criminals, we can provide them with public interest justification to burn down the criminal infrastructure.”
“After thorough testing, we were thrilled to find that Premium DNS 365 consistently identified 10 times more 'active' subdomains compared to other options in the market.”
“We want to provide all Cyberscape users the ability to integrate relevant data for their cyber threat investigations. WhoisXML API provides unique data that will be helpful to the cyber threat investigation community, allowing analysts to shorten the cycle of understanding and mitigating threats.”
“WhoisXML API’s passive DNS database, even the lite version for academic purposes, has much better subdomain data coverage compared with other commercial and free databases.”
“WhoisXML was the game changer for us. It has revolutionized our ability to disrupt cybercrime in process and at scale by quickly identifying all of the vendors providing material support for scammers using sophisticated website templates that look legitimate. By quickly identifying the vendors unknowingly supporting the criminals, we can provide them with public interest justification to burn down the criminal infrastructure.”
“After thorough testing, we were thrilled to find that Premium DNS 365 consistently identified 10 times more 'active' subdomains compared to other options in the market.”
A DNS record is a data record stored in the Domain Name System (DNS) that maps domain names to specific resources, such as IP addresses, mail servers, or other services. A DNS server resolves those records to direct internet traffic and manage domain-related services. Common DNS record types include:
To get information about a domain’s current DNS records, you can use our DNS lookup tool or DNS lookup API.
The DNS history of a domain name is a list of past DNS configurations, including changes to IP addresses, name servers, mail servers, and other DNS records over time. It provides insight into how a domain's infrastructure has evolved and can reveal ownership changes, migrations, or potential misuse.
Unlike a sizable portion of WHOIS data, DNS data is not redacted for privacy, so historical DNS records can be quite useful for cybersecurity purposes.
The Domain Name System was not engineered to keep track of historical records, but with them holding a lot of value, it’s natural that independent vendors have begun creating and maintaining DNS history databases.
Domain’s DNS history typically includes details such as:
This information provides a detailed timeline of a domain's DNS activity and helps uncover patterns, infrastructure changes, potential links to malicious actors, and more.
Here’s an example of using our historical DNS lookup tool for example.com that pulls historical IP to domain or domain to IP information:
Historical DNS data has a wide range of practical applications across cybersecurity, threat intelligence, and asset management. You can use it to:
These capabilities make historical DNS data a very useful resource for improving security posture and gaining deeper insights into domain activity and associated risks.
To check DNS history:
Alternatively, you can refer to the WhoisXMLAPI's DNS Database Download service or use the DNS Chronicle API. These data delivery models provide detailed, time-stamped DNS records and could come in handy when you need to automate requests for historical DNS records.
DNS history can help identify suspicious activity or patterns, such as:
By analyzing DNS history, security teams can detect and respond to potential threats proactively.
DNS history can reveal connections between domains and threat actors by:
This helps cybersecurity providers keep tabs on threat actors' evolving tactics and infrastructure.
DNS history aids fraud detection by uncovering:
These insights help investigators trace and mitigate fraudulent schemes.
DNS history provides a comprehensive view of domain activity, which can:
By leveraging DNS history, organizations can improve visibility and security of their digital assets.
DNS history supports brand protection by allowing you to detect:
We recommend using DNS history together with predictive threat intelligence feeds for better results and correlation when it comes to brand protection efforts. Read our blog post to learn more about using DNS history for brand attack prevention.
We are here to listen. For a quick response, please select your request type. By submitting a request, you agree to our Terms of Service and Privacy Policy.