Blog & How To Guides | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.

Learn More
×
Contact Us

WhoisXML API Blog

follow us in feedly
All posts Product launches and updates Partnerships Domain activity highlights CyberSec Navigator For developers Product blogs

Download WhoisXML API daily data ASAP part 2: An application with trending English words in .com

In the first part of this blog, we demonstrated how to download data from WhoisXML API's daily data feeds right after their publication by using the recently introduced RSS feed as the activator of download. In particular, we showed how to download the list of domains newly registered in the .com top-level domain (TLD). 

Now, to make the task a bit more interesting we demonstrate the use of our domain list with a showcase application: we calculate the list of the most frequent English words in the domain names on that day. This can be interesting in various applications. Domainers, for instance, can get information on the newest trends in domain registrations. Journalists and researchers can get a clue on a topic gaining popularity, etc.

Continue reading

Download WhoisXML API daily data ASAP part 1: RSS-activated download

This technical blog aims to demonstrate how to download data from WhoisXML API's daily data feeds right after their publication. Obtaining lists of newly registered domains and their WHOIS data can be critical in many applications. (We will showcase such an application in the second part of this blog.) Recently an RSS feed has been introduced for the service that informs about data publication immediately, which makes this easy. As a demonstration, we shall go through a particular task: download the list of domains newly registered in the .com top-level domain (TLD). 

We will use a Linux system and its understanding requires intermediate programming and command-line skills. We will use BASH but it is also easy to modify for zsh, which is the default on Mac OS X. We assume Python, with pip and virtualenv.  

Continue reading
IP Address Research: 5 Ways to Do It Explained

IP Address Research: 5 Ways to Do It Explained

Personalization is the way to go when it comes to targeted marketing and advertising. Customers, existing and potential alike, want to feel that the brands they support care about their needs and try to predict what they might want. That’s what makes IP address research critical for digital marketers and advertisers. 

But they aren’t the only ones who can benefit from IP geolocation data, cybersecurity pros, fraud protection agents, and market researchers do, too. Every computer or mobile device, after all, has a designated IP address that helps today’s companies and individuals pinpoint where their strongest markets are, identify where threats likely come from, detect potentially fraudulent transactions, and predict consumption patterns and trends.

Continue reading
Blockchain Domains: What Are They? How Do They Work?

Blockchain Domains: What Are They? How Do They Work?

If you’ve heard the news about the Disaster Girl meme going for $500,000 as a nonfungible token (NFT), then you know that the blockchain is becoming increasingly more common in people’s lives. The technology is felt in finance, music, and insurance, among many other sectors. 

Blockchain applications also go beyond cryptocurrency and NFTs, and are now starting to penetrate the domain name industry in the form of blockchain domains. This post explores some of the details about blockchain domains, including what they are, how they differ from regular domains, and what they can do.

Continue reading
What SIEM Data Sources Should You Integrate into Your Platform?

What SIEM Data Sources Should You Integrate into Your Platform?

In a perfect world, there would not be any need to mull over what data sources to integrate into an organization’s security information and event management (SIEM) solution. All kinds of data that can be used and abused by threat actors should be added. After all, attacks can hide behind seemingly innocuous logs.

But in reality, each data source comes at an additional cost since most SIEM solution providers typically charge per gigabyte. Thus, organizations have to strike a balance between budget constraints and security. However, one should not necessarily suffer for the sake of the other. But that requires careful strategizing in terms of what data sources to integrate into SIEM solutions.

This post takes a deep dive into SIEM data sources to help organizations understand the following:

  • What SIEM data sources are
  • Factors to consider when choosing SIEM data sources to feed to solutions
  • Potential data sources to integrate into SIEM solutions
Continue reading

Typosquatting Feed data for a DNS firewall

There is a tremendous number of domain names registered daily which resemble legitimate domains of brands or organizations, or whose names imply being related to a known service or product. Domains suggesting to be a “support” or “account-verification” or “support page” are also common for containing such strings. Initially, many of these are parked and some become used in malicious activities such as being sold at an inflated price to the legitimate owner, being used as botnet Command & Control servers, or in phishing campaigns to host fake pages to have the victim's sensitive data typed in and sent to the miscreants. 

Continue reading
Subdomain Finder Tools and Data Sources: Top 4 Cybersecurity Applications

Subdomain Finder Tools and Data Sources: Top 4 Cybersecurity Applications

Subdomains are useful as they help domain owners organize their websites. They identify specific pages on a company’s site, guiding customers and internal and external users to where they will find the information they need or product they wish to buy.

But while using subdomains indeed has advantages, it has disadvantages as well. Cybercriminals can use them for malicious campaigns that rely on subdomain takeovers, among other cyberattacks. Threat actors can also create subdomains and hide them under what seems to be totally legitimate domains to evade detection.

Subdomain-related threats are addressable, at least to some extent, with the help of a subdomain finder that enumerates the subdomains of a particular domain. This post explains how to go about it.

Continue reading

How to attribute blacklisted IPs to RIRs with IP WHOIS data

Analyzing IP addresses is a strategic battlefield in the fight against cybercrime. For instance, there are a number of blacklists and blocklists available, collected with various methodologies and updated dynamically to assist the implementation of IP-based threat risk mitigation measures. Such blacklists are also interesting from a research point of view as they facilitate the study of trends, structure, and dynamics of malicious IPs. 

Given a suspicious IP address or netblock, the ownership information is also of paramount importance as it contributes significantly to the knowledge of the infrastructure of potential opponents. This information can be obtained from direct WHOIS lookups. However, WHOIS services normally pose limitations on the amount and frequency of available queries. Alternatively, one can use WhoisXML APIs services. These range from a simple web form for IP WHOIS lookup through a RESTFul API through the possibility to download a comprehensive IPv4 Netblocks WHOIS database along with incremental updates. These facilitate IP WHOIS database queries, highly customized ones without limitations, and also enabling to search in historic data. 

In what follows we use an IP WHOIS database set up in MySQL to analyze an actual blocklist of IPs. Our focus is on studying the share of those networks which are administered by APNIC in the blacklist, in comparison to the other RIRs, and to gain an understanding of certain behaviors. 

Continue reading
follow us in feedly
Try our WhoisXML API for free
Get started