Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.
We are thrilled to announce that WHOIS History API has been upgraded to include a feature called “skipLiveWhois,” an optional parameter that enables users to skip WHOIS API requests when the latest indexed record is not fresh (i.e., there is no current WHOIS record from the past 24 hours).
This enhancement is designed to improve the speed of historical WHOIS lookup requests by close to 90%—from 3.5 seconds to an average of 370 milliseconds.
We are excited to announce that Snowflake users can now request access to WHOIS Database Download’s quarterly gTLD and ccTLD files on the platform, available in three formats:
Simple: The simple CSV file contains the domain name, registrar name and email address, WHOIS and name servers, creation and expiration dates, and registrant and administrative contact details.
Regular: The regular CSV file contains all the fields in the Simple file, along with information about the billing, technical, and zone contacts.
Full: This file format contains all fields in the Simple file, in addition to the raw text from the WHOIS registry and registrar.
We are thrilled to announce that our historical WHOIS database now contains more than 20 billion WHOIS records. This continuous repository expansion plays an important role in strengthening and deepening cybersecurity investigations, digital risk protection, and attacker footprinting, among other use cases.
WhoisXML API has been actively upgrading its WHOIS history product coverage for more than 14 years now of WHOIS data collection, aggregation, and processing. In recent years, we have had several notable repository expansions. From 13.7+ historical WHOIS records in Q1 2022, our coverage rose to 15.6 billion in Q1 2023. This year, we saw an estimated 28% increase, with our historical WHOIS data now spanning more than 20 billion records.
A domain name is one of the greatest business assets you can own. If the one you have in mind has recently become available, it may be the right time to buy it. Or is it? You may want to do an expired domain check first to be safe.
This post tackles the pros and cons of buying expired domains and provides recommendations on how to do your due diligence. It talks about WHOIS history, which can help organizations avoid the unwanted consequences of ending up with domains that have a checkered past.
Expanding one’s business online footprint with the right domain names should not just be left to business decision-makers, but also involve cybersecurity experts. Though old domains can bring benefits to the table, no enterprise wants to end up with those having a sinister past. WHOIS history queries via solutions such as WHOIS History Lookup, Search (from the Domain Research Suite), or API can help avoid that.
How so? Digging into a domain’s WHOIS history allows you to gather more context about its past ownership, including whether it may have belonged to threat actors at some point and should therefore require greater scrutiny.
We compiled a list of domain history no-nos that can put a strain on your ventures’ success (possibly landing your website on blacklists) or even cause harm to whoever might get into contact with them.
Data breaches could cost organizations an average of $3.92 million per incident. The average ransomware payout, on the other hand, stands at $41,198 per occurrence, with the largest payout recorded to date amounting to $1.14 million. It’s essential to be meticulous when it comes to cybersecurity as a seemingly inconsequential hole in an organization’s network could result in millions of dollars’ worth in damages.
Covering every possible attack vector is, therefore, a must for cybersecurity teams, and one attack vector that cybercriminals often use is a domain name. Ransomware, for instance, usually gets injected into a victim’s system through a phishing email that contains a link to a malicious domain. The threat could also unknowingly get dropped onto a victim’s computer when he/she visits an infected website.
Therefore, every aspect of a domain should be inspected, including its WHOIS history records. That way, no stones are left unturned, and one cybersecurity product that could prove useful in this regard is WHOIS History Lookup. This tool allows users to look into the ownership history of a given domain, even before a possible redaction of WHOIS records.
How MSSPs Can Enhance Network Resilience with the Help of Domain Name History Records
Threat management has grown increasingly complex for most organizations — with more endpoints to
secure, new compliance pressures to face, and advanced persistent threats (APTs) to monitor. As a
result, several organizations have opted to modify their approach to network security by enlisting
the help of managed security service providers (MSSPs).
MSSPs combine different approaches to enhance network reliability, ranging from unified threat
management (UTM) to threat intelligence analysis. The majority also implement business continuity
(BC) solutions, which are especially crucial in the wake of recent global cyberattacks. To
facilitate their programs, they incorporate various tools into their security systems, including
traditional firewalls, traffic logs, cyber forensic solutions, and threat data feeds.
The tools that MSSPs use to improve clients’ security posture, however, won’t work without reliable
sources of threat intelligence. And that’s where domain information comes in. MSSPs can obtain more
insights and data to correlate with internal logs from solutions such as WHOIS History API.
Threat Prediction Based on Domain Registration History
There is a tendency to look at the past to anticipate what the future may hold. The historical
performance of financial investment products, for example, is always showcased, although with a
disclaimer that they don't guarantee any future results. Athletes watch past performance of their
would-be opponents, so they know what strategies to formulate for the future encounters.
This train of thought is also applicable, at least to some extent, to the field of cybersecurity.
Knowing more about past attacks can help security teams strategize and improve their current and
future cybersecurity posture.
To illustrate this point, let’s take a look at how investigating domain registration history through
the use of WHOIS History API can help managed detection and response (MDR) teams to anticipate
further threats.
We are really excited to announce that we are now offering our hallmark Whois via a command-line
utility, “bestwhois”. This tool can be a great alternative to the standard “whois” command
for domain and IP WHOIS queries, as there are no search restrictions and the queries are made
through the API service provided by WhoisXML API.
Most suitable for UNIX power users and other command-line enthusiasts, bestwhois, is a
cross-platform utility that works on Microsoft, Linux, Unix, Mac OS X or any other platform with
Python. It is command-line front-end to WhoisXML API; WHOIS
API and WHOIS History API. All the
queries initiated from your end are processed through these APIs, and the output is similar to that
of the original “whois” command.
The data which were available for developers via the APIs are now readily at the
hands of system administrators, threat investigators, analysts, marketing experts, and all other
power users who potentially prefer using command-line tools or are used to the original “whois”
command. They can now uncover domain profile data worldwide for over 5 billion historic Whois
records, 300 million domain names and over 2850 gTLDs (including .com, .org, .net, .biz and more)
and ccTLDs (including .uk, .us, .ru and more). Access key data points for domains including
who registered it along with their contact information, the registrar, expiry dates, last update
date, who to contact about the domain name & much more.
Enriching Domain Protection Through Historic and Reverse WHOIS Data Monitoring
The foundation of a domain’s existence on the Web is its credibility. It must be secured at all costs because
it’s constantly under threat from malicious elements that are out there staging. As such, domain protection is
an indispensable component of overall cybersecurity efforts because not just business viability but a domain’s
very own survival is at stake.
A company can protect its domain in different ways. For one, it can initiate its own in-house solution which
would require substantial expertise and investment to put in place. Another option is to delegate the
responsibility to experienced specialists dedicated to providing brand and digital protection services.
As part of their services, such companies track and analyze potentially dangerous domains that use the keywords
associated with their clients’ organizations or brands. However, such a monitoring function requires unimpeded
access to the available data on both recent and historic domain registrations. It may sound easy for some, but
not all companies providing domain protection services have that capability. Let’s take a closer look.
Research Any Domain’s History with WHOIS History API!
With thousands of new domain names registered every day, billions and billions have been registered
over the years. And these have undergone multiple ownerships or even registration changes over time.
These could be modifications to the domain’s registrar or associated name servers or even changes in
contact details, to name just a few.
Aging domains have a history and we at WhoisXML API can help you delve deeper to understand a given
domain’s past with WHOIS
History API. Professionals conducting research for cybersecurity or investment purposes can
hugely benefit from uncovering a domain’s lifecycle to find out if it has ever had a checkered past
or draw connections that may not be easy to see at the surface level.
