Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
We are excited to announce that Snowflake users can now request access to WHOIS Database Download’s quarterly gTLD and ccTLD files on the platform, available in three formats:
Simple: The simple CSV file contains the domain name, registrar name and email address, WHOIS and name servers, creation and expiration dates, and registrant and administrative contact details.
Regular: The regular CSV file contains all the fields in the Simple file, along with information about the billing, technical, and zone contacts.
Full: This file format contains all fields in the Simple file, in addition to the raw text from the WHOIS registry and registrar.
We're thrilled to announce that WHOIS queries can now be processed through POST requests in addition to the current HTTP GET request method. This new capability offers a more secure way to access domain registration information.
Using POST requests significantly reduces the risk of unauthorized access to API keys, as they encrypt the HTTP message body, including the API key. To illustrate, here is an example of a POST request.
We're proud to share that for over a decade, our commitment to maintaining and enhancing the WHOIS API has been unwavering. Continual improvement is at the core of our service philosophy, and we make regular updates to ensure our APIs meet the highest standards of performance, accuracy, and security.
In just the last year, we've implemented several enhancements, including:
Aside from the most obvious and common WHOIS data use case—determining “who is” behind a domain—each WHOIS record can help reveal more details about a domain.
PowerShell is a powerful cross-platform interpreter for scripting that can be used for automating the tasks. On Windows systems in particular, it is the primary and native tool for system administration, data processing, and many more activities. The possibilities range from simple scripts to implement command-line solutions to large, object-oriented tasks.
This blog is an invitation to use WhoisAPI's services in PowerShell. This consists of using RESTful APIs, illustrating the power of the actual services, especially in security and domainer applications. The presentation is aimed at beginners with a very basic background in programming, and no background in PowerShell is assumed. However, experts of PowerShell who have not used RESTful APIs yet, and experts with a UNIX background making their first steps with PowerShell may also find it useful.
These days, it’s unwise to assume that all websites are safe to access. For this reason, security teams typically advise employees against clicking on any links embedded in an email, especially from an unknown sender. This recommendation may even extend to suspicious search results that appear in search engines.
IP addresses are unique identifiers for devices hooked to the Internet, helpfully routing users to the correct hosts or websites. However, because of inherent DNS design flaws, attackers can spoof IP addresses. In fact, they may do so to misdirect users to dangerous sites. Therefore, it is critical to routinely scan the IP addresses passing through your network filters to ensure their integrity and identify if any has potential links to malicious campaigns or networks.
Part of this process is retrieving the WHOIS records of an IP address, which is doable via WHOIS Lookup or WHOIS API to extract their ownership details for further inspection. Both products provide additional valuable details, including the domains hosted on an IP address and which regional Internet registry (RIR) manages the resource.
WHOIS lookups are a viable way for cybersecurity professionals to analyze domains’ integrity. Though they may seem less exciting than, say, deploying some nifty pen-testing tools, WHOIS lookups remain useful as a first step in catching threat actors.
In fact, identifiers in WHOIS records can clue investigators in on a domain’s past usage and allow them to pinpoint indicators of compromise (IoCs) residing within their networks. With WHOIS data, they can also identify domain associations and effectively map attacks that happened or could happen on their infrastructure. Read on to learn more about why conducting website domain searches is critical to your digital operations, and how WHOIS API and WHOIS Lookup can facilitate it.
Did you know that an IP address can be a good starting point for a cybercrime investigation or even just a routine check of suspicious activities? For instance, when you go to malware data feeds, or any threat intelligence site, one of the usual indicators of compromise (IoCs) you’ll see are known malicious IP addresses.
However, like any threat data, an IP address becomes utterly useless when it doesn’t provide any meaningful details. What then? Tools such as WHOIS Lookup might help to dig deeper.
So, what exactly is WHOIS Lookup, and what information can it provide about an IP address?
Nominet’s takedown of 28,937 malicious sites is a small triumph for law enforcement and other internet stakeholders. With help from authorities, the domain registry has been on a quest to purge the .uk namespace of rogue domains since 2009. Now, for the first time in five years, the total number of suspended domains has finally reflected a decline. The figure may not seem like a lot, considering that it only accounts for 0.22% of the 13 million domains registered in the U.K. Still, it was a milestone for an industry fraught with prolific bad actors. In the U.K. alone, an average of 800 cyber attacks per hour hit councils. This number translates into around 263 million in just half a year.
Curbing cybercrime is an essential undertaking for internet authorities, in light of new digital technologies, and the Internet’s evolving business model. Unfortunately, lack of resources at both the domain level and cybersecurity know-how, as well as legal barriers, slow down authorities in their efforts to hunt down perpetrators. This can be made easier, though, with a bulk domain lookup solution.
Bulk WHOIS API is a good example of a research tool that cyber investigators, electronic crime units, and regulatory agencies can rely on to faster inspect a significant volume of domains. With an IP address, email address, or domain name, users can obtain pertinent registrant information for a group of web addresses. Let’s take a closer look at how users can get more out of the solution.
Digital forensics and incident response (DFIR) experts have a unique yet essential role in maintaining the overall cybersecurity of any organization. They are responsible for gathering data about ongoing attacks or attempts, mitigating their possible effects, and implementing post-attack actions. That includes digging deeper to obtain evidence to enhance their cyber defense as well as aiding in law enforcement efforts.
The fact that attacks are getting stealthier and more sophisticated, though, in terms of tools, tactics, and procedures (TTPs) make DFIR experts’ jobs ever more difficult. They must not only resolve issues in as little time as possible but also be there to prevent successful attacks from causing irreparable damage to systems or their companies’ reputations.
Timely detection is, therefore, the answer. Then again, DFIR experts get bombarded by numerous notifications from security tools every day and thus can get easily overwhelmed by false positives. So they need solutions that can help them quickly verify the validity and quality of domains, IP addresses, and email addresses that their users come in contact with. Domain search solutions such as WHOIS Lookup and its API version WHOIS API may just be what they are looking for. Let’s discuss the reasons why.
About 90% of the time people spend on their mobile devices is app use. And with almost half of the world’s 7.7 billion population using their phones and tablets every day, the app development market is indeed a financially rewarding sector. In fact, experts predict the overall market’s revenue to reach $407 billion by 2026.
But like any other booming market, the app development sector has several hurdles to overcome. What immediately comes to mind is the challenge of creating an app with minimal bugs and glitches. Then, there is also the issue of marketability. How do you make sure it gets downloaded and used by the people you created them for?
A WHOIS data lookup API may be able to help. We specifically explored four app development challenges where WHOIS API can make a difference.
7 Ways Domainers Can Benefit from Bulk Domain Checking
The Internet real estate market is growing at an unprecedented rate and so is the demand for premium domains. That’s
a good thing for domainers though, which also means there is a need to be creative and efficient in securing the
most sought after domains to invest in. There are different tools that can help with this purpose, but a
Bulk WHOIS API,
in particular, can turn out invaluable to streamline domain bulk searches.
How to Search for a Domain Name: 6 Domain Purchasing Best Practices
Not everyone is truly aware of the ramifications of buying a domain. There are many factors to consider in order to
make a good purchase and later avoid undesirable connections to, say, malicious individuals and their networks. So,
how could a domain name be dangerous, after all? Those in the cybersecurity industry know that cyber attackers can
weaponize a domain name for use against organizations and networks.
This article aims to shed light on why domain buyers, such as those without cybersecurity or marketing know-how,
should conduct some research on domains of interest with the help of tools such as WHOIS Lookup,
Domain Availability API or Domain Research Suite.
How to Maintain Your Domain’s Integrity for Better Cybersecurity with a Domain Name API
In a technologically-forward world we live in today, cybercriminals are employing more sophisticated attacks to
compromise domains. In the latest report by the Federal Bureau of Investigation (FBI), email frauds such as business
email compromise (BEC) scams via spoofed domains have caused users $26 billion in losses.
For this reason, domain name security is now more important than ever. You can never be sure who is getting to you
except when you take the time to get to know them. And that is possible with the use of domain name tools like
WHOIS API.
Uncovering Criminal Bulk Registration Activities with Bulk Domain Name Checkers
To propagate cyberattacks, threat actors use domain generating algorithm (DGA) as an evasion tactic. This algorithm,
executed through various subroutines, involves switching or dropping thousands of domains in seconds.
The relative ease with which cybercriminals can purchase domains in bulk makes it possible for them to accomplish
DGA-enabled attacks. Dirt-cheap prices and lack of identity verification enable hackers to own domains while also
staying anonymous.
In fact, registrars typically offer privacy protection services at a small cost or for free, which nefarious actors
may take advantage of to conceal their location and details. Additionally, the introduction of the
Temporary Specification for Generic Top-Level Domain (gTLD) data has led to masking or redacting WHOIS data, which, of course,
benefits not just those who wish to protect their privacy, but also those with malicious intent.
It can be said without a doubt that businesses of the 21st century are all geared towards the internet. With
rapid advancements in digital technology and the exponential growth of the online ecosystem, it hardly comes as
a surprise that businesses have to maintain a considerable presence on the web in order to cater to the needs of
the online population. Apart from this, the rapid proliferation of the internet into even the most remote
corners of the world has opened up new business avenues and markets that were previously difficult to access, or
even altogether unavailable for business. This has naturally incentivized businesses to move online.
However, as with everything, there is a flipside to this as well. According to the latest statistics there are
currently well over 1 billion websites on the internet, and this number is growing every second. This creates an
environment where much of the business interactions are carried out on digital platforms. As a result, the
requirement for trust establishment becomes a vital factor in the scheme of things. When you are dealing with an
online entity it helps to know the person behind the (web) page.
Bulk Whois API is our latest endeavour to help you do exactly that, and more.
Threat hunting involves proactively looking for signs of attack within your network, by means of a set of
indicators of compromise (IoCs). These IoCs are compared with network access logs to pinpoint if any of the
users are unauthorized. More specifically, threat hunters can use Domain Name System (DNS) and firewall logs to
list all IP addresses and domains connected or trying to gain access to the network.
This is relevant because many attackers typically hide malicious traffic within legitimate traffic to
successfully infiltrate a target network. Once that is done, they can easily carry out the rest of the steps in
their carefully orchestrated attack. Attackers will generally wish to gain command and control (C&C) of a system
to gain entry into connected systems and devices. When that’s done, they can move laterally throughout the
network and exfiltrate data to their own remote servers. Since they are using compromised systems, the C&C
traffic typically goes undetected.
However, anomalies such as when a system that is not designed to upload data to servers but does so anyway can be
indicative of an ongoing attack that threat hunters should look into.
Email Verification: spam stories, part 2 or phishermen on board
In this series of blogs, we investigate the background of individual spam mail cases. By using tools provided by
WhoisXML API: the domain reputation, WHOIS, and e-mail verification APIs, we unfold the background of these
messages. This approach also reveals interesting details about the behavior and habits of spammers and
cybercriminals using e-mail, typically for phishing.
In spite of all the effort e-mail providers put in worldwide, every user receives a tremendous amount of unwanted
and malicious mail to any e-mail account. It is indeed annoying, but let's look on the bright side: we can use
these examples to demonstrate how useful the APIs by WhoisXML API can be in the battle against unwanted spam
e-mails. In today's example we'll be using the e-mail verification API, the domain reputation API and the WHOIS
API to analyze a spam email message which was not caught by a well-configured open-source spam filtering
system.
