Home / Industry

WHOIS Database Download Services in Theory and Practice

Let's start this post on WHOIS database download services with a story.

Company X plans to launch a third-party risk assessment solution that would help enterprises assess their cyber risk exposure. In a nutshell, Company X's product would continuously monitor third-party vendors for cyber risks, thereby allowing enterprises to react to and mitigate external threats promptly. Early detection could lead to successful prevention, and prevention is always better than cure.

Company X has a vision, but it soon faced several hurdles. To provide high-quality risk monitoring, Company X needs comprehensive and accurate WHOIS data, among others. But how can it obtain the necessary information when there are just too many data sources, not to mention different data formats it needs to parse? And that is just the tip of the iceberg. Before Company X can get its hands on these data sources, it needs to go through long bureaucratic processes to seal agreements with registrars and Internet service providers (ISPs).

Is there a way for Company X to save on human resource hours and costs by obtaining exhaustive WHOIS data that is already well-parsed and ready to use? Thankfully, there is. In fact, one of the best ways available is through a WHOIS database download service. Let's take a closer look.

What Is a WHOIS Database?

A WHOIS database is a repository of information on registered domain names. Here's how it works. Whenever a new domain is registered, its owner provides his/her contact information, which is held in a record, along with registration dates. Registrars associated with the Internet Corporation for Assigned Names and Numbers (ICANN), in turn, make sure that these records contain accurate information and are well-maintained.

WHOIS databases are usually built by third-party providers and may differ depending on the number of domain records they contain, frequency of updates, and more.

How Can I Access WHOIS Database Information?

Several websites allow users to query WHOIS databases to search for domains they are interested in. Some providers also offer application programming interfaces (APIs) with access to WHOIS databases that companies can utilize to integrate domain ownership data into their current processes or enrich their existing tools.

It's also possible to use a WHOIS database download service to see the entire WHOIS database. A script or web-based app can have limitations if you need direct access to WHOIS data, primarily if they depend on individual lookups. A WHOIS database download allows saving the dataset locally and lets users filter details as fast as their computers can handle.

On top of that, users with special requirements, such as those in law enforcement, for example, can get access to thousands of registered domains simultaneously via bulk capabilities offered by some third-party providers.

Some Practical Applications of WHOIS Databases

Cybersecurity

Professionals in cybersecurity are besieged continuously by numerous cyber threats related to domain name abuse, such as phishing, impersonation, and more. Using WHOIS data, such as contact details or registration dates of suspicious domains, can help professionals confirm their hypotheses and blow the cover of bad actors.

A WHOIS database can greatly enrich cybersecurity products, such as the third-party risk assessment solution that Company X in our example plans to develop. To illustrate, let's consider an insurance company looking to employ a third-party lead generation vendor, HomeTown Quotes, whose domain is htqleads[.]com. But before finalizing the agreement, the insurance company decides to run the vendor through Company X's vendor risk assessment product.

Since Company X uses WHOIS Database Download, which contains IP addresses and hostnames, it finds out that htqleads[.]com has the details shown in the screenshot below. (Screenshot taken from WhoisXML API's sample WHOIS Database Download)

  • Registrar: Fabulous[.]com
  • Contact email address: htqleads[.]com@privacy[.]co[.]com
  • WHOIS server: whois[.]fabulous[.]com
  • Nameservers: NS1[.]FABULOUS[.]COM and NS2[.]FABULOUS[.]COM
  • IP address: 104[.]171[.]23[.]69
  • Registration date: 31 December 2014
  • Registrant organization: Savvy Investments, LLC
  • Registrant address: Wyoming, U.S.

Like other third-party risk assessment solutions, Company X's product runs data against other databases, including those that contain blacklisted and abusive IP addresses. As a result, the product warned the insurance company that htqleads[.]com could carry a certain level of cyber risk because its IP address 104[.]171[.]23[.]69 was reported three times on AbuseIPDB. On VirusTotal, two antivirus and malware detection engines tagged the IP address as malicious.

Upon seeing the possible risk that the lead generation vendor poses, the insurance company decides to hold off the agreement and investigate. They found that another lead generation vendor bears the same name but uses a different domain — hometownquotes[.]com. Furthermore, the website appears to be very similar to htqleads[.]com. To better illustrate, we used a screenshot lookup tool, which returned these images:

The insurance company then runs the other domain name on Company X's product, and this time, no risks were detected.

Htqlead [.]com and hometownquotes[.]com may both be legitimate companies competing against each other. Still, the similarities in name and website appearance could indicate that one of them is an imitation. These differences could help the insurance company make the decision:

Risk assessment: Company X's vendor monitoring product warned the insurance provider against htqlead[.]com as it is associated with a malicious IP address. While this doesn't necessarily mean that the domain is malicious, it means that it is sharing an IP address with a malicious domain, and could still pose cyber risks.

Use of a toll-free number: Although not a full indication of legitimacy, it makes more business sense for a lead generation company to use a toll-free number as that expands its reach. As such, hometownquotes[.]com seems a safer and more professional bet.

With the help of the WHOIS database fed into Company X's vendor risk assessment product, the insurance company was saved from possible risk exposure. Even better, Company X can continuously monitor any vendor that the insurance company decides to work with.

Economics

Specialists with access to structured and well-parsed WHOIS data can get numerous insights for their research. For instance, they can analyze the number of new domains registered in a country during a specific period and measure entrepreneurship activity in that region. Experts could also see trends in a particular industry that could help them better understand the economy and assist them in coming up with strategies.

In the sample WHOIS database we downloaded, for instance, 24.51% of domains contain the text string "bank" either in the actual domain name or in the top-level domain (TLD).

Such a trend could mean that banks are going digital and have started to register domain names as the first step. As such, stakeholders in the banking industry could better prepare for the effects of digitalization. For example, auditing firms would need to revise their policies to include new processes brought on by online banking.

On the other hand, the trend could also imply that threat actors are capitalizing on legitimate-looking domain names, and the banking industry is often one of their main targets. With this knowledge, banks can better understand how to beef up their cybersecurity posture by including domain and IP intelligence monitoring in their strategies.

Marketing

By monitoring the WHOIS data of their competitors or other companies in the market, online businesses can assess their competitive landscape or identify opportunities they can benefit from. For instance, marketers can examine new domain name registrations and recognize trends in their area.

If you filter the registrant state of the domains in the sample WHOIS database to California, for instance, you'll see 61 domain names. Of these, about two-thirds are indicative of small businesses, such as healthyfoodelements[.]com and breaairductcleaningpro[.]com.

On a larger scale, this could help business-to-business (B2B) enterprises create a more targeted marketing approach. The WHOIS database also contains the postal address, email address, and phone number of small businesses. They could also narrow down the list to specific industries or cities.


The hypothetical Company X in our story could better serve and protect its clients by obtaining domain intelligence from a WHOIS database download. Third-party vendor risk assessment could be made a lot more effective, as illustrated by our sample insurance company case. Other cybersecurity solutions could benefit from such a database in the same way, especially in saving on human resource hours and costs required when collecting, processing, and parsing WHOIS data from various sources.

Aside from cybersecurity, a WHOIS database download service can also help economic experts and marketers spot business trends, allowing them to create more informed and relevant reports and strategies.

Indeed, taking advantage of a WHOIS database download service can enhance various business activities and enable companies to achieve their goals faster. And as technology continues to evolve, we can definitely expect more use cases to emerge.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byIPv4.Global

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API

Brand Protection

Sponsored byAppdetex