Not all WHOIS databases are created equal. When searching for the best product that can satisfy your organization’s security needs, make sure it meets the following criteria:
- The bigger the number of domains in the database, the better. To date, the magic number should be more than 6 billion WHOIS records, which corresponds to how big the Internet has grown.
- A recent report revealed a total of 351.8 million domain names across all TLDs as of the first quarter of 2019. The closer to the total number of TLDs (1,528) is in a product, the better. A regularly updated database should also be an indicator that the provider is keeping pace with the Internet’s growth.
- Comparisons are easier to do when the information one works on is consistently formatted. As such, the better-parsed and better-structured the data in the database, the less time an analyst spends on filtering and cleanup before diving into actual analysis.
- Just as one checks out product reviews before buying anything, see what existing customers have to say about the tool you’re considering. Companies that have been in the business for a long while typically provide good products and services, especially if they have big brand names vetting for them.
- Companies use a wide variety of programs to keep their networks secure. A good product should thus offer downloads in easy-to-configure formats that work with already-existing processes, applications, and systems.
Eyeing the Market
Let’s see what the market has to offer to organizations who want to beef up their cybersecurity posture with insightful threat intelligence.
PROVIDER 1: WhoisXML API
WhoisXML API touts a unified and consistent database that contains billions of historic WHOIS records, domains, and subdomains across thousands of TLDs (both gTLDs and ccTLDs). It also has records of more than 8.9 million IP netblocks, translating to a 99.5% coverage of all the IP addresses in use today worldwide with 6+ billion WHOIS records, 300+ million active domains, and 2,684+ TLDs. It has been in the business for more than a decade and has a 52,000-strong list of satisfied customers. Its product is backed by a well-parsed and well-structured database that can be downloaded in three formats—MySQL, MySQL dump, and CSV. They are also the only provider to offer enterprise data feed packages.
PROVIDER 2: Domains Index
Domains Index specializes in providing subsets of WHOIS information that’s broken by region, country, gTLD, or even registration status (historically expired, deleted or dropped, etc.). As such, it gives subscribers access to domain data for specific purposes though records are also available for purchase in bulk—with close to 280 million gTLD and ccTLD domains in total.
PROVIDER 3: IQWhois
IQWhois is a reverse WHOIS domain name ownership database provider. Its database contains billions of regularly updated WHOIS records. It also has a constantly growing data archive on several domain names. All the information in its database amounts to 5 billion WHOIS records, 300 million active domains, and 2,864+ TLDs.
PROVIDER 4: JsonWHOIS
JsonWHOIS is a domain application programming interface (API) services provider that, unlike others in the field, provides social media statistics along with WHOIS data. Its database has 5.2+ billion WHOIS records, 300+ million active domains, and 2,864+ TLDs. Its product also allows users to take screenshots of the historical states of company websites, giving them additional insights.
PROVIDER 5: Domain Name Stat
Domain Name Stat offers a comprehensive set of properly parsed information on all the domains registered via its product which touts 5+ billion WHOIS records, 300+ million active domains, and 2,864+ TLDs. It has been in the business since 2008. Its database is downloadable in the MySQL, MySQL dump, and CSV file formats as well.
PROVIDER 6: Whoisology
Whoisology is a domain name ownership archive provider with 5+ billion searchable and cross-referenced WHOIS records, 317+ million active domains, and 2,850+ TLDs. It provides information in the usual three formats—MySQL, MySQL dump, and CSV.
PROVIDER 7: The Domain Research Corporation
The Domain Research Corporation’s DomainIndex.com contains WHOIS records that are not older than 4 months, most of which are up to date at the time of download. Its data comes in both parsed and raw forms and includes 135+ million gTLD WHOIS records. The database can be downloaded as a MySQL dump file.
Security teams that work to protect their respective organizations from all kinds of threats are not the only ones who stand to gain from additional sources of intelligence. Security outsourcers such as managed detection and response (MDR) and other managed security service providers can also rely on WHOIS data to vet initial findings and make connections about potential threat sources.
Anyone out to safeguard against the ever-evolving threats need all the information they can get their hands on.