Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.
Set up and manage public WHOIS servers for your business. Our WHOIS parsing system is a utility that collects extensive information about any given domain by sending series of DNS and WHOIS queries. The report is generated in raw as well as in parsed format.
Regardless of whether you are a startup, a small business or a global one, our team is always ready to help you. Enterprises operating on a scale can also choose special premium support management with high priority 24/7 email and telephone responses and other professional services.
The Domain Research Suite (DRS) Guide for Journalistic and Media Research
As an aggregator of WHOIS, DNS, and IP data, WhoisXML API can help back up journalistic investigations with verifiable online facts about domains and websites. Researchers and media professionals can use our 9-in-1 hosted Domain Research Suite (DRS) platform to investigate suspicious domains, detect domain registration trends, keep track of the government’s or private sector’s actions towards errant websites, and more.
13 Ways to Increase Brand Reputation and Protect It
When talking about brand reputation, one of the first things that come to mind is reviews. What are customers saying about your product or service? While that is true, there is more to a brand’s reputation than racking up positive reviews. We delved deeper into brand reputation in this post and provided some actionable tips and valuable tools to manage it effectively.
If you run a business, there's never been a better time to stand out from the crowd. Still, to make sure you're at the forefront of your industry, you'll need to learn how to take a brand from concept through to execution. This guide provides the latest information you need to get your company noticed and create an identity that lasts.
Domains & Subdomains Discovery Lookup allows you to identify all domains and subdomains that contain all the Include terms and none of the Exclude terms. You can discover domains only, subdomains only, or both. Also, you can specify where the search term should be placed in the domain name: start with, end with, contains, contains the word, to narrow down the results according to your needs.
This tool allows you to track any keywords associated with your brand, trademark, or product. It tracks newly registered/modified and also recently expired domains containing all the Include terms and none of the Exclude terms in their domain name.
How to Find Out Who Owns a Domain Name with Reverse WHOIS Search and WHOIS Database Download
In the past, there was no way for users to find out what other domains, if any, a particular registrant owns without first translating a domain name into an IP address. But with the shortage of available IPv4 addresses, which resulted in the assignment of shared IP addresses to unrelated individuals or even companies, that approach has become riddled with difficulties.
Even if you can pinpoint the owner of an IP address, a shared one would provide users with a list of domains that may take a lot of time to sift through. If that IP address turns up as an indicator of compromise (IoC) in a publicly accessible report, affected users would have to go through each related domain’s WHOIS records to get to the bottom of the issue. Imagine how long that would take if you had 30 domains or more to scrutinize.
How to Trace a Privately Registered Domain’s Owner By Using a WHOIS History Lookup Tool
With a myriad of free readily tools available online, it’s not so difficult to find out if someone
else already owns a domain you’re eyeing or if that domain is available for purchase or
registration. But that’s where most tools stop. Sometimes, more details such as a domain’s ownership
history, including current and past registrants’ names and contact details, are hidden since most
domain owners opt for privacy protection.
There are instances, though, when it’s critical to obtain registrant information. For one, website
owners who are interested in buying new domains need to know who to contact if someone already owns
the domain they want to purchase. Another reason is when a domain of interest was used (typically
misused or abused by cybercriminals) in attacks. In such cases, the domain’s owner needs to be
alerted to the situation for remediation. Finally, investigations launched by law enforcers or
cybersecurity specialists may require more information on the domain registrant’s identity.
These specific cases may require digging into a domain’s WHOIS records. Problems arise, however, when
pertinent details are not shown. For law enforcers who can subpoena for missing data, that may not
be a problem. But for those who were victimized by attacks or turned into unwitting accomplices,
that option might not be available. Specialized tools that obtain historical domain data might help
This post details how tools such as WHOIS History Search can help users uncover otherwise hidden
registrant details without going through a potentially long and arduous legal channel.
How to Retrieve Domain WHOIS History Data After Redaction
WHOIS information is indispensable for any cybersecurity researcher. It is an essential resource for
tracking down registration owners for a variety of reasons that range from settling trademark and
cybersquatting disputes to configuring websites. With WHOIS records, a security analyst or website
administrator can quickly get in touch with a registrant owner to resolve or file a dispute,
transfer a domain with ease, or set up a valid Secure Sockets Layer (SSL) certificate.
With the General Data Protection Regulation (GDPR) implementation, however, the Internet Corporation
for Assigned Names and Numbers (ICANN) was compelled to modify its policies for WHOIS data
availability. ICANN’s implementation of the Temporary Specification for Generic Top-Level Domain
(gTLD) Registration Data in 2018 resulted in the redaction of millions of WHOIS records from the
Under the new rule, both registrars and registries must explicitly state that a domain’s ownership
details have been “Redacted for Privacy,” unless, of course, the domain owner consents to share his
or her registrant information publicly. This policy applies to all data accessible via WHOIS or
Registration Data Access Protocol (RDAP) protocols.
WHOIS lookups have become more complicated ever since. What was once an activity that took a couple
of minutes now involves hours of Internet research and hopping from one application or database to
another. Fortunately, there are other ways through which analysts can obtain this critical domain
data, such as a WHOIS history search tool.
How to Build Attacker Profiles By Using Domain Registration History Records
Consider this scenario: You just got wind that a prolific cybercriminal has recently been spotted.
You want to avoid joining his/her list of victims, of course. The question is how you go about it.
Building attacker profiles, notably with WHOIS, might help.
Of course, that has become harder now that much stricter privacy protection laws like the General
Data Protection Regulation (GDPR) are in effect. Typical WHOIS searches for a list of sites to avoid
may no longer work since many domain owners, especially in the European Union (EU), can opt to
redact their personal information from registration records.
However, using historic WHOIS searches with tools like WHOIS History Search might still be relevant.
At least, you can take action against potentially harmful domains registered before WHOIS record
redaction became a thing.
In this post, we demonstrate how to build attacker profiles so companies can beef
up their existing blocklists.
Knowing a Domain’s Ownership History Can Help You Avoid Getting a Blacklisted Domain
When starting an online business or marketing campaign to reach out to more people, one of the most
critical tasks is deciding on what domain name to use. You can’t just choose one on a whim — you
need to put a lot of thought and research into it as your domain will carry your brand. Your
research needs to include the domain name’s ownership history, among other things.
In short, a domain name can make or break an organization. Experts have pointed out the main
characteristics of a good domain name, which include...
How Organizations Can Prevent Site Blacklisting with WHOIS History Search and WHOIS History API
Maintaining the overall health of your site is no mean feat. Attacks could occur any time, regardless
of a company’s size. Cyberattackers can hack into your network and compromise your site for use in
their nefarious activities without your knowledge. Sometimes, you’ll only know what happened when
search engines like Google put your site on a blacklist. And that can be detrimental to any
business. Blacklisted sites may lose around 95% of their usual amount of organic traffic, which can
negatively affect their sales. Apart from that, first-time visitors or potential customers can get
discouraged if they learn that your site is considered malicious.
Brand Monitoring: Defending Your Company Against Cybersquatting
Cybersquatting made headlines in recent weeks when Facebook filed a lawsuit against domain registrar
OnlineNIC Inc. and its proxy service IDShield for cybersquatting and copyright infringement. The
lawsuit concerned domain names that use the word “Facebook,” “Instagram,” or variations of
Facebook’s brands with the intent to trick users into thinking that they are legitimate sites of the
The domain names in question include www-facebook-login[.]com, facebook-mails[.]com,
login-intstargram[.]com, and hackingfacebook[.]net. When we ran hackingfacebook[.]net on WHOIS API,
the report stated that the registrar was indeed OnlineNIC Inc., which registered the domain in
February 2010. However, the details of Domain ID Shield Service were the ones used as registrant
Domain ID Shield is a product of OnlineNIC Inc. that essentially replaces the registrant, as well as
technical, and administrative details of the client with its own. So instead of taking legal action
on individual registrants, which is difficult in this case, Facebook lashed out at OnlineNIC Inc. as
it’s connected to complaints of domain abuse and for seemingly tolerating cybersquatting.
Facebook’s case is just one of the thousands of cybersquatting incidents that plague the Internet.
And in this post, we explored what cybersquatting is, and how to detect it using tools such as
Brand Monitor. We also examined some real-life cases of domain name fraud.
The Treepex Case: Learning More About Fake News Proliferators By Using Domain Search Lookups
Back in 2017, a startup presented a revolutionary product to the world, one that would allegedly
change the way people breathe. Treepex, a portable device that cleans the air as you breathe sparked
many conversations, causing it to become viral. Thousands of people viewed the product video. And
the startup founders, Bacho Khachidze and Lasha Kvantaliani, even appeared in interviews from big
news sites, including the Associated Press (AP) and The Huffington Post.
The irony is that Treepex never existed, at least not as a physical device. In an interview with Inc.,
Khachidze and Kvantaliani admitted that their goal was to prevent products like Treepex from
needing to exist. The Georgian duo shared that their business has to do with planting trees instead.
And they exerted effort to make Treepex go viral only to raise awareness about the growing issue of
They did that. They tricked people and even reputable news sites into thinking that their offer was
real. (Note: Both AP and The Huffington Post subsequently removed the interviews from their
Google and Facebook Scams: Preventing Employees from Falling for Invoice Fraud with Domain Intelligence Tools
Business email compromise (BEC), also known as CEO fraud, whaling, email account compromise (EAC), or
invoice fraud, is a tried-and-tested attack method. Since 2013, BEC scams have been responsible for
close to $12 billion in company losses. And this figure continues to rise, as, in 2018 alone, the
said scams cost victims $1.3 billion.
Avoid Ties to Malicious Activity by Knowing the History of a Domain’s Ownership
While search engine optimization (SEO) experts often advise first-time site owners to use an old
domain to gain instant authority on the Web, security professionals would caution that the practice
can be risky.
That said, we do think there’s a way for site owners to enjoy the benefits of using old domains with
as few risks as possible. In this post, we’ll tell you how knowing the history of a domain’s
ownership by using tools like WHOIS History Search can help. But first, let’s take a look at why
cybersecurity specialists may have reservations about using old or expired domains.
The Equifax Settlement Case: Shielding Financial Service Customers from Phishing with Domain Research Monitoring
Data breaches continue to plague organizations today. In the first six months of 2019 alone,
3,813 data breaches were recorded, exposing more than 4.1 billion records. This figure translates to more
than a 50% increase in victim volume over the past four years. Worse still, three of these recently
recorded data breaches made it to the all-time list of top incidents.
Of all these unfortunate events, we decided to take a closer at Equifax’s case. First, because it has
been the financial sector’s biggest breach victim to date. Second, because it shows how
cybercriminals insist on exploiting every vulnerability there is. It’s indeed possible that
malicious entities are now trying to trick victims into disclosing more personally identifiable
information (PII) on fake Equifax settlement websites.
We then used the Domain Research Suite (DRS) to show how potential targets can avoid falling prey to
instances of phishing and cybersquatting attacks.
Avoiding Adverse Effects on SEO through Domain Name Ownership History Checks
When building their online presence, entrepreneurs and website owners are bombarded with tips and
advice on search engine optimization (SEO) ranking. Among them are the publishing of high-quality
and relevant content regularly, using metatags and alt tags, and using long-tail keywords.
All these are valid and effective, but your SEO ranking strategy should begin at
the very first stage of website creation—choosing a domain name. In this post, we explored the effects of
domain name ownership history on an organization's SEO ranking, and how a simple check using
WHOIS History Search can help users avoid related challenges.
Using Domain Ownership History to Secure Next-Gen Firewall Estates
Firewalls are an essential pillar of any enterprise network security strategy. They sift traffic
coming in and going out of corporate networks, offering round-the-clock perimeter protection.
Even better are today’s next-generation firewalls (NGFWs), which bring interoperability and
contextualization into the mix. These hybrid firewalls provide a more effective layer of protection
as they combine both traditional firewalls with newer types.
Unfortunately, NGFWs and older versions for that matter are not the “be-all and end-all” of
enterprise network security. They serve as a good starting point, but they also need to be
appropriately configured to work — along with the right data feeds, which can include
WHOIS history data, as this post will suggest.
That is why experts recommend taking a phased approach to high-end firewall deployment. Otherwise,
compatibility issues may arise, which could expose the network to computer viruses, or worse still,
advanced persistent threats (APTs).
E-Commerce and Online Brands: How to Avoid and Tackle Trademark Infringement Issues with Brand Monitor
With all of the business growth opportunities that the Web provides for e-commerce sites and brands
operating online in general, also come responsibilities and risks.
Customer privacy and data, for one thing, must be safeguarded against cyber attacks — notably
phishing and spam campaigns that could lead to fraud and information and identity theft. Indeed,
personally identifiable information (PII) such as Social Security and driver’s license numbers,
health records, and payment card information, among others, are often stolen and sold in underground
markets or used in attacks. A quick black market survey, for instance, revealed that health records
and passport information are sold for as much as $1,000 per set in cybercriminal one-stop shops.
But apart from securing the overall health of their sites against vulnerabilities and exploits,
e-commerce site owners and brands also face the daunting task of protecting their image and
reputation against trademark, copyright, and other forms of intellectual property infringement.
We have seen cybercriminals time and again ride on their popularity for fraud. Banking on their
customers’ loyalty and trust, unsuspecting users are convinced to divulge their personal details to
attackers. Unfortunately, threat actors are not the only ones companies should be wary of. It is
also common for competitors to mimic domain and brand names in hope of getting more customers
In light of these instances of brand abuse, this post shows how domain name infringement can affect
companies of all sizes. It also shows how applications like Brand Monitor and Domain Research Suite
can help website owners protect their reputation.
Yahoo! Data Breach Settlement: A Deep Dive into Fake Websites through Domain Name Monitoring
The massive Yahoo! data breach that lasted from 2012 to 2016 is one of the most notable data breaches
to date, with 3 billion accounts compromised. Users’ names, birthdays, email addresses, phone
numbers, and even encrypted and unencrypted security questions and answers were just some of the
information stolen and potentially peddled in underground markets.
The good news is that those who have been affected can now claim benefits for the damages and losses
they incurred. They can get two years of free credit monitoring or US$100–25,000 in cash as
settlement for theft and potential fraud. Those interested can check if they are eligible for
settlement payment by contacting the administrator of the official data breach settlement site,
It seems those who suffered from the Yahoo! compromise could rest easy, right? Probably not as new
threats arose shortly after the breach settlement announcement. Much like the case when Equifax
announced its breach settlement details and informed victims where they could file claims, several
fake websites mimicking Yahoo!’s settlement website surfaced. Those who are not careful could end up
exposing even more personally identifiable information (PII) instead of obtaining remuneration from
what they already lost.
To better illustrate this point, we have used various of our domain intelligence tools to study what
the emerging threat environment around Yahoo! settlement site looks like and present recommendations
on how to mitigate the resulting risks.
Criminal Profiling and Evidence Gathering with Website and Domain Name Monitoring Tools
Cybercrime is a major threat to all sectors of the community, including government institutions,
businesses, and non-profit organizations. It continuously hurts the global economy by sucking up
billions of dollars each year, prompting the head of the U.K.’s Government Communications
Headquarters (GCHQ) to declare that fighting cybercrime should be accorded the same priority as
But is it really possible to “fight” cybercrime? Some security experts have long ceded and started
focusing on cyber-resilience (the ability to bounce back after a cyber attack) instead of
cybersecurity (the prevention of a cyber attack). Aside from business continuity, part of
cyber-resiliency should be the legal ramifications that the victim must set in motion against the
attacker. Herein lies a big challenge — discovering who the cybercriminals are.
The fact that investigators find it challenging to unmask the people behind a cybercrime has given
attackers more confidence. As more and more cybersecurity solutions are developed to counter them,
cybercriminals always seem to be finding new methods to get around the said solutions because they
believe they can’t be caught.
In this article, let’s examine the profile of cybercriminals and their targets, as well as briefly
illustrate how domain research and threat intelligence tools such as Website Screenshot API and
Reverse WHOIS Search can help investigators identify attackers.
Avoid Website Blacklisting with Whois History Search, Domain Research Suite, and Other Tools
Unfortunately, most website owners only discover they are on a blacklist if customers report seeing
warnings. More often, they may not even be alerted at all, as some blacklisted sites are no longer
included in search results. Search engines automatically remove them from their indexes.
If you’ve been losing traffic and suspect that your website is on a blacklist, you
can take immediate steps. This post also discusses best practices to prevent your website from
ending up on a blacklist in the first place.
Domain Research Suite Keeps Track of Nefarious Activities Around Your Domains
Domain infringement has become a real concern for businesses operating online. While new web
technologies made it easy for brands to engage with customers, progress has also opened the door to
a variety of cyber risks and attacks known as domain threats.
Are You Keeping An Eye On Your & Your Adversary’s Domain Activity? – Part 2
In the last blog, we discussed the various
features of all the Online Monitoring & Search tools that you can avail with our Domain Research Suite. The next question is
naturally, how professionals from different industries can take advantage of these power tools to
enhance their domain research? So, today we will be covering several use-cases of DRS to help make
you understand its importance in today’s day & age.
Are You Keeping An Eye On Your & Your Adversary’s Domain Activity? – Part 1
If the answer to the above question is “no”, “looking forward to, but don’t know how”, or god forbid,
“why would I want to do that?”, then you are just in the right place! Businesses always need to
protect their brand from bad actors who can spoil their reputation, while at the same time, also try
& stay a step ahead of their competition. And why only businesses, security teams also need to
constantly keep a track of threats in order to pre-empt & proactively curb online attacks. The
internet has made a lot of information easily accessible, but getting relevant, timely & proactive
Intel is the key for staying a step ahead whether it is to protect your brand or to prevent a hacker
from committing an online crime. Reactive in today’s day & age is longer a solution for success.
4 Roles of Domain Name Monitoring in Making Cybersecurity Decisions
You might be surprised to find out, but there’s a lot you can tell about a domain name or a group of
them from the cybersecurity standpoint. You may attempt to understand what the intentions of a
registrant are, check for the consistency of data provided across touchpoints, get some insights
into the scale of online operations, and more.
Overall, gathering and applying domain intelligence allows cybersecurity specialists to decide
whether it’s in the company’s best interests to let information flow with unknown external agents.
Or if, on the contrary, the risks outweigh the benefits so much that interactions should be at least
heavily scrutinized or blocked altogether.
This post explores a variety of more specific situations where domain intelligence can help in making
the right cybersecurity call at different levels of the organization and beyond it.
The Role of Domain Search and Monitoring in Enabling MDR and MSSP Teams
Based on findings by ESG, more than 80% of cybersecurity professionals today agree that their
organizations are seeking to enhance their threat detection and response capabilities. In fact, 77%
said their business managers are constantly pressuring them to do so.
The problem, however, is that enhancing threat detection and response is no mean feat. In fact, 76%
of those surveyed mentioned that this has become more challenging compared to a couple of years
back. Cybersecurity professionals are pointing to concerns such as the surge in the sophistication
and volume of threats, a growing attack surface, and increasing workload. Additionally, many firms
lack the right skills and staff to make significant changes in this area.
So rather than deploy new tools that they are not even sure to work, many CISOs are now turning their
attention toward asking third-party service providers for help. This is where managed detection and
response (MDR) and managed security service providers (MSSPs) come in.
But despite their growing demand and popularity, these services face some major challenges that can
hinder many providers and have already done so.
In this post, we’ll take a look at the hurdles these two are contending with right
now and how domain search and monitoring tools can enhance their overall effectiveness.
How Brand and Domain Name Monitoring Can Counteract Cybersquatting
The Web is a huge and unregulated space made up of countless online content locations. There are more
than 300 million active websites today with an additional 25 million registered each year. It’s only
inevitable then that there will be intense competition between registrants and, therefore, demand
for domain names, especially for those that use the most recognizable words and identifiers.
In fact, conflicts between trademark holders and domain registrants looking to own the rights to
specific domains are common. Numerous disputed domains nowadays are registered either by accident or
with the intent to gain money from those who are interested in them. This tactic is known as
“cybersquatting,” which can have severe consequences for your brand if you don’t pay attention to
In this article, we’ll discuss cybersquatting and how domain name monitoring can protect your
business from it.
Brand Monitor and Brand Alert API: How to Combat Brand Misrepresentation in the Retail Fashion Industry
Misrepresentations together with negative brand equity are probably the biggest nightmares of today’s
most prominent companies — and more often than not, that’s connected to cybersecurity and data
For example, the latest stats show that one
in every 99 emails you get each day has ties to a phishing attack, the majority of which
come laced with malware specially crafted to harvest victims’ financial credentials or use popular
brands as social engineering bait.
A great example would be an email offering a considerable discount that the victim may find very hard
to resist. So she clicks the link to a site where she’s asked to fill in her personal data,
including the credit card, for instance, that she plans to use to purchase goods. She doesn’t get
the items she supposedly bought and so complained to the store via all possible means — email,
phone, and social media.
What’s worse, others who fall for the same ruse join the frenzy, dragging the brand’s name through
the muck. What can the victimized company do? Could it have prevented the phishing attack? These are
just some of the things this article answers by analyzing Zara’s real-life case study.
Research Any Domain’s History with WHOIS History API!
With thousands of new domain names registered every day, billions and billions have been registered
over the years. And these have undergone multiple ownerships or even registration changes over time.
These could be modifications to the domain’s registrar or associated name servers or even changes in
contact details, to name just a few.
Aging domains have a history and we at WhoisXML API can help you delve deeper to understand a given
domain’s past with WHOIS
History API. Professionals conducting research for cybersecurity or investment purposes can
hugely benefit from uncovering a domain’s lifecycle to find out if it has ever had a checkered past
or draw connections that may not be easy to see at the surface level.
Expand your monitoring field by adding automatically generated typos to all
possibly misspelled domain names. Prevent abuse of your brand by identifying typosquatting and
blocking IDN homograph attacks. Learn more about our new feature: automatic typos generation.
The ease & gigantic potential that the Internet provides to businesses to expand their reach amongst
their customers and tap markets that traditionally would have required way too much effort &
resources is definitely remarkable. Being present on the Web via their websites has become a
cornerstone for businesses to create brand awareness, showcase their products & service and also for
selling their offerings directly online. And with each passing day, people are beginning to rely
more and more on this virtual presence of brands and are increasingly interacting with them.
Domain names to that effect have become a very critical component for expanding
and building a brand identity online. And just like any valuable asset in plain sight, there are a
lot of bad guys who either want to cause harm or exploit your brand’s potential for their own
benefit. Which is of course not a great news for you!
Uncover Domain Spoofing Using AI Driven Predictive Monitors
Spoofing is a situation in which an entity (person or software program)
successfully impersonates and masquerades as another successful one, with the purpose of gaining an
advantage with regards to personal or business information or brand goodwill. Domain spoofing occurs
when an attacker appears to use a company’s domain to impersonate and masquerade a company and or
its products or brands. The domain spoofer may later use the deceived domain name to induce
fraudulent practice like phishing i.e. sending deceptive emails pretending to be from a reputed
company in order to induce individuals to reveal passwords, credit card numbers or download
Reverse WHOIS in action: find all domains or websites of a company, and more
See Reverse WHOIS service in action by
searching for all Internet domains a company owns or is related
to. We shall use the web-based reverse WHOIS service. An
alternative would be to use the
reverse WHOIS API, a
RESTful solution which is also available with the same capabilities. We shall pick a
popular brand, the Eastman Kodak Company, as an example for our investigation, although it works for
any other one you might be
interested in. If you are a domainer, a marketer, a legal investigator, an IT security expert, or
anyone interested in or working with Internet domains, you are in the right place. We present the
Swiss Army knife designed to fit in your very pocket.
We are here to listen. For a quick response, please select your request type or check our Contact us page for more