WhoisXML API Blog

Get reverse NS (aka passive DNS) records for a list of IPs in Python

Passive DNS introduced by Florian Weimer in 2005 is now a central resource in IP security investigations, security of the operation of the domain name system (DNS), and many more. A Passive DNS database contains observed events whenever an IP resolves to a domain name in a DNS communication. Hence, it is a database independent from the current state as well as the physical infrastructure of the DNS itself. In addition, it contains time information: the date and time when such a resolution was first and last observed; this cannot be found out from the DNS. 

One of the easiest ways to obtain such data is by using WhoisXML API's services. In the present blog, we focus on the reverse lookup: using an IPv4 address we want to reveal the domain names that these IPs belonged to on certain dates. 

What Is a Disposable Email Address? Here’s Everything You Need to Know About It

Privacy has become a top concern in the digital age, and online users often look for ways to keep their identity protected. One example of such privacy-related initiative is the use of disposable email addresses. This post takes a close look at this type of email address and discusses the following points:

• What is a disposable email address?
• Is using a disposable email address illegal?
• What are the types of disposable email addresses?
• What are they used for?
• What risks do disposable email addresses pose?
• How can disposable email addresses be detected?

Verify the abuse email address of a domain in Python

In what follows, we’ll develop a small Python program based on WhoisXML API's email verification package, python-email-verifier that returns the valid and working abuse e-mail of an Internet domain if it exists. 

Download WhoisXML API daily data ASAP part 2: An application with trending English words in .com

In the first part of this blog, we demonstrated how to download data from WhoisXML API's daily data feeds right after their publication by using the recently introduced RSS feed as the activator of download. In particular, we showed how to download the list of domains newly registered in the .com top-level domain (TLD). 

Now, to make the task a bit more interesting we demonstrate the use of our domain list with a showcase application: we calculate the list of the most frequent English words in the domain names on that day. This can be interesting in various applications. Domainers, for instance, can get information on the newest trends in domain registrations. Journalists and researchers can get a clue on a topic gaining popularity, etc.

Download WhoisXML API daily data ASAP part 1: RSS-activated download

This technical blog aims to demonstrate how to download data from WhoisXML API's daily data feeds right after their publication. Obtaining lists of newly registered domains and their WHOIS data can be critical in many applications. (We will showcase such an application in the second part of this blog.) Recently an RSS feed has been introduced for the service that informs about data publication immediately, which makes this easy. As a demonstration, we shall go through a particular task: download the list of domains newly registered in the .com top-level domain (TLD). 

We will use a Linux system and its understanding requires intermediate programming and command-line skills. We will use BASH but it is also easy to modify for zsh, which is the default on Mac OS X. We assume Python, with pip and virtualenv.  

IP Address Research: 5 Ways to Do It Explained

Personalization is the way to go when it comes to targeted marketing and advertising. Customers, existing and potential alike, want to feel that the brands they support care about their needs and try to predict what they might want. That’s what makes IP address research critical for digital marketers and advertisers. 

But they aren’t the only ones who can benefit from IP geolocation data, cybersecurity pros, fraud protection agents, and market researchers do, too. Every computer or mobile device, after all, has a designated IP address that helps today’s companies and individuals pinpoint where their strongest markets are, identify where threats likely come from, detect potentially fraudulent transactions, and predict consumption patterns and trends.

Blockchain Domains: What Are They? How Do They Work?

If you’ve heard the news about the Disaster Girl meme going for $500,000 as a nonfungible token (NFT), then you know that the blockchain is becoming increasingly more common in people’s lives. The technology is felt in finance, music, and insurance, among many other sectors. 

Blockchain applications also go beyond cryptocurrency and NFTs, and are now starting to penetrate the domain name industry in the form of blockchain domains. This post explores some of the details about blockchain domains, including what they are, how they differ from regular domains, and what they can do.

What SIEM Data Sources Should You Integrate into Your Platform?

In a perfect world, there would not be any need to mull over what data sources to integrate into an organization’s security information and event management (SIEM) solution. All kinds of data that can be used and abused by threat actors should be added. After all, attacks can hide behind seemingly innocuous logs.

But in reality, each data source comes at an additional cost since most SIEM solution providers typically charge per gigabyte. Thus, organizations have to strike a balance between budget constraints and security. However, one should not necessarily suffer for the sake of the other. But that requires careful strategizing in terms of what data sources to integrate into SIEM solutions.

This post takes a deep dive into SIEM data sources to help organizations understand the following:

• What SIEM data sources are
• Factors to consider when choosing SIEM data sources to feed to solutions
• Potential data sources to integrate into SIEM solutions