Top Whois, DNS, IP and threat intelligence data provider. We provide APIs, databases, and tools.
When you need to detect and block threats so they can’t enter and affect your network, IP and domain intelligence solutions can provide exhaustive lists of IP addresses and domain names that may serve as attack vectors. When used correctly, said solutions can expose insightful details about attackers and their infrastructures and help counter threats such as:
In short, IP and domain intelligence tools provide in-depth information about an individual or a company.
IP intelligence products can give you the following details about an IP address and its range:
Domain intelligence offerings, meanwhile, often provide the following info about domain names:
There are various IP and domain intelligence tools that cybersecurity specialists can use to gather and analyze data, which include:
Now that you know how vital IP and domain intelligence can be for cybersecurity investigations, the next logical step is to discern which among existing providers can give you the best IP and WHOIS databases, tools, and resources.
The success of a cybersecurity investigation relies heavily on the reliability, relevance, and completeness of the tools and data feeds that you use. Here are some of the key players in the IP and domain intelligence industry these days:
WhoisXML API (disclaimer: this is our brand)
WhoisXML API is a provider of numerous IP and domain intelligence tools. It has been crawling the Web for relevant data for more than 10 years now and so has amassed information from or on:
WhoisXML API’s WHOIS API, Reverse WHOIS API, WHOIS Search, Reverse WHOIS Search, WHOIS History API, and WHOIS History Search, all supported by the exhaustive WHOIS Database Download, are all flexible and easy-to-use tools for cyber investigations. Brand Monitor and Brand Alert API, in addition, allow identifying all potential instances of cybersquatting of your and other companies’ online properties by returning lists of misspelled domain names.
All of the data these tools provide users a consistent format, allowing for easy comparisons and analyses. Some of the said products are also available with our a command-line tool bestwhois.
Overall, WhoisXML API’s domain intelligence tools let you enrich threat intelligence to come up with accurate forensic analyses, block known fraudulent domains, conduct thorough background checks on domains of interest and their owners, monitor your virtual assets for infringement and other forms of abuse, and more.
The company’s IP offerings, meanwhile, which include IP Geolocation API, IP Geolocation Lookup, Reverse IP/DNS API, and IP Netblocks API, all obtain data from its comprehensive IP Netblocks WHOIS Database and IP Geolocation Data Feed. You can use all of these to protect your organization against DoS and DDoS attacks, identify IP addresses or IP ranges that may be related to attacks, enhance your DRM systems and solutions, and more.
All domain and IP intelligence APIs are suitable for integration into programmed solutions as they provide data via convenient RESTful API calls. In parallel, our IP and WHOIS databases are parsed and available in various formats (i.e., CSV and JSON) to enable clients to build their own specialized big databases, facilitating extensive specialized queries.
The company also offers customizable domain intelligence suites that include the Domain Research Suite, the Enterprise API Packages, the Enterprise Data Feed Packages, and the Enterprise Tool Packages.
Threat Intelligence Platform
Threat Intelligence Platform is a powerful tool that scrutinizes domains and IP addresses for potential ties to malicious activities and threat actors as well as vulnerabilities and misconfigurations that can undermine an organization’s security. It runs the following checks on a domain or an IP address:
The company’s IP geolocation database contains IP addresses from both the IPv4 and IPv6 spaces. You can choose to display query results in three formats—plain text, JSON, or JSONP. Geo.ipify.org’s database boasts of a 99.5% coverage of all IP addresses in use today and is well-parsed and well-structured to provide consistent results that make for easy comparisons. It contains more than 15 million IP blocks, mostly in the U.S., the U.K., France, Germany, and Canada.
Geo.ipfy.org’s tools are handy if you’re looking for an individual or organization’s email address or domain with only an IP address on hand.
Domains Index is a WHOIS service provider that supplies bulk datasets. It has information on more than 280 million domains that come in customizable sets. You can get country-specific domain databases, depending on your business needs. You can also choose to only download databases for specific gTLDs. These offerings can let those with limited requirements save on costs.
Neustar has two IP intelligence offerings—IP Geopoint and IP Reputation.
IP Geopoint provides industry-leading IP geolocation, ownership, and connection data that helps you manage customers to ensure compliance with content delivery and government regulations, identify fraudulent transactions, and streamline the customer journey. IP Reputation, meanwhile, helps you assess the trustworthiness of IP addresses and identify human versus nonhuman (i.e., bot or server) traffic to prevent malicious online activity.
The tools are interesting in that they have a load balancing feature and provide real-time geolocation information. Neustar’s offerings also come in both free and paid versions that you can use to identify possible fraudulent activities.
NCC Group’s Domain Intelligence can help infosec investigators monitor domain name registrations that have close similarities to their own, including subtle misspellings. It provides detailed daily reports of all the domains tracked, including its owner, contact details, and organization. If a third party registered the domain, the user would receive an alert so he can take the necessary action. The company also offers Domain Threat Assessment services that provide detailed views of potentially malicious domains and any associated activity.
Our scanning revealed that massive IP address and domain intelligence databases and tools are available through different providers. As with all products and services, however, your choice all boils down to which offering can give you excellent value for your money according to your needs.
WhoisXML API has various packages that you can choose from backed by a solid industry track record and exhaustive databases as well as have easy-to-use lookup interfaces and reliable customer service.