Blog & How To Guides | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages Cyber Threat Intelligence Services
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

Custom development

We offer comprehensive services for the integration of our data – from consultations to the precise definition of the basic needs of the business to increase the work efficiency.

Registrar WHOIS Services

Set up and manage public WHOIS servers for your business. Our WHOIS parsing system is a utility that collects extensive information about any given domain by sending series of DNS and WHOIS queries. The report is generated in raw as well as in parsed format.

Support services

Regardless of whether you are a startup, a small business or a global one, our team is always ready to help you. Enterprises operating on a scale can also choose special premium support management with high priority 24/7 email and telephone responses and other professional services.

Internet Statistics Reports

Get customized reports on TLDs covering datasets falling under domain name, WHOIS and DNS category.

×
Contact Us

WhoisXML API Blog

follow us in feedly
All posts Product launches and updates Partnerships Domain activity highlights For developers Product blogs
What SIEM Data Sources Should You Integrate into Your Platform?

What SIEM Data Sources Should You Integrate into Your Platform?

In a perfect world, there would not be any need to mull over what data sources to integrate into an organization’s security information and event management (SIEM) solution. All kinds of data that can be used and abused by threat actors should be added. After all, attacks can hide behind seemingly innocuous logs.

But in reality, each data source comes at an additional cost since most SIEM solution providers typically charge per gigabyte. Thus, organizations have to strike a balance between budget constraints and security. However, one should not necessarily suffer for the sake of the other. But that requires careful strategizing in terms of what data sources to integrate into SIEM solutions.

This post takes a deep dive into SIEM data sources to help organizations understand the following:

  • What SIEM data sources are
  • Factors to consider when choosing SIEM data sources to feed to solutions
  • Potential data sources to integrate into SIEM solutions
Continue reading

Typosquatting Feed data for a DNS firewall

There is a tremendous number of domain names registered daily which resemble legitimate domains of brands or organizations, or whose names imply being related to a known service or product. Domains suggesting to be a “support” or “account-verification” or “support page” are also common for containing such strings. Initially, many of these are parked and some become used in malicious activities such as being sold at an inflated price to the legitimate owner, being used as botnet Command & Control servers, or in phishing campaigns to host fake pages to have the victim's sensitive data typed in and sent to the miscreants. 

Continue reading
Subdomain Finder Tools and Data Sources: Top 4 Cybersecurity Applications

Subdomain Finder Tools and Data Sources: Top 4 Cybersecurity Applications

Subdomains are useful as they help domain owners organize their websites. They identify specific pages on a company’s site, guiding customers and internal and external users to where they will find the information they need or product they wish to buy.

But while using subdomains indeed has advantages, it has disadvantages as well. Cybercriminals can use them for malicious campaigns that rely on subdomain takeovers, among other cyberattacks. Threat actors can also create subdomains and hide them under what seems to be totally legitimate domains to evade detection.

Subdomain-related threats are addressable, at least to some extent, with the help of a subdomain finder that enumerates the subdomains of a particular domain. This post explains how to go about it.

Continue reading

How to attribute blacklisted IPs to RIRs with IP WHOIS data

Analyzing IP addresses is a strategic battlefield in the fight against cybercrime. For instance, there are a number of blacklists and blocklists available, collected with various methodologies and updated dynamically to assist the implementation of IP-based threat risk mitigation measures. Such blacklists are also interesting from a research point of view as they facilitate the study of trends, structure, and dynamics of malicious IPs. 

Given a suspicious IP address or netblock, the ownership information is also of paramount importance as it contributes significantly to the knowledge of the infrastructure of potential opponents. This information can be obtained from direct WHOIS lookups. However, WHOIS services normally pose limitations on the amount and frequency of available queries. Alternatively, one can use WhoisXML APIs services. These range from a simple web form for IP WHOIS lookup through a RESTFul API through the possibility to download a comprehensive IPv4 Netblocks WHOIS database along with incremental updates. These facilitate IP WHOIS database queries, highly customized ones without limitations, and also enabling to search in historic data. 

In what follows we use an IP WHOIS database set up in MySQL to analyze an actual blocklist of IPs. Our focus is on studying the share of those networks which are administered by APNIC in the blacklist, in comparison to the other RIRs, and to gain an understanding of certain behaviors. 

Continue reading

The Ultimate Guide to Branding in 2021

If you run a business, there's never been a better time to stand out from the crowd. Still, to make sure you're at the forefront of your industry, you'll need to learn how to take a brand from concept through to execution. This guide provides the latest information you need to get your company noticed and create an identity that lasts.

Continue reading
A Cyber Threat Intelligence Recap for COVID-19 in 2020

A Cyber Threat Intelligence Recap for COVID-19 in 2020

Much has been said about the COVID-19 pandemic. In many ways, it has changed the way we live, work, or simply interact with our relatives and friends. From the standpoint of cybersecurity, the pandemic also had a strong influence on how threat actors and cybercriminals created and executed all types of cyberattacks and phishing campaigns.

To illustrate, this post features a timeline of COVID-19-related cyber threats and some cyber threat intelligence found for each month of 2020.

Continue reading

Social Media Phishing: Expanding the List of IoCs for Recent Facebook Page Impersonation Attacks

A few months back, security researchers noticed a spike in the volume of social media phishing attacks. Cybercriminals had been impersonating the Facebook pages of various influential personalities proactively in hopes of luring their followers into parting with their account credentials. The social media campaign focused on the Facebook pages of influencers with tons of followers.

A researcher from security firm Trend Micro believed an average of three pages were being spoofed per day. The personalities targeted were from Taiwan, India, Australia, Canada, and the Philippines.

The attackers began by stealing the target pages’ administrative account credentials. Once done, they sent a malicious link to all of the page’s followers for the potential victims to give out their own account credentials. As a common practice among phishers, the cybercriminals mimicked the pages down to their profile photos. As of August last year, 120–180 fake Facebook pages believed to be part of the campaign were seen.

Continue reading

Website Categorization Explained - Complete Guide For Your Business

Great attention has been directed lately towards website categorization; a cybersecurity practice which has been around for a while, but it wasn’t until recent times that it started to be increasingly used in marketing and business.

Website categorization is, in essence, the act of putting websites related by their content and function into similar categories. With that in mind, sites like Amazon and Ebay are grouped as Ecommerce sites; CNN, BBC and the likes are classified as news sites; Twitter and Facebook are tagged as social media sites, while Reddit and Quora are Forums (Message Boards) and so on.

However, what some people might not realize is that website categorization is a totally different ball game from Search Engine Optimization and Alexa rankings. Each is different and should be approached in that light - and not be confused.

Continue reading
follow us in feedly
Try our WhoisXML API for free
Get started