WHOIS History Update: Get the Full Historical View of a Company's WHOIS records

Today we're excited to announce several improvements in our WHOIS historical records that take our data to the next level, so you can analyze any domain name ownership information more efficiently.

Research tools offering scanning services, such as Shodan and Censys, are well-known and clearly documented. However, other mass scanners may not be as easy to identify in your firewall and IDS logs. Using SecurityTrails’ new reverse DNS lookup API endpoint, you can research the size and scope of unknown scanners.

The most readily available information when investigating a host is the reverse DNS record (PTR record) associated to its IP address. The value of PTR records is best illustrated in a recent case of ongoing RDP (remote desktop protocol) scans from 139.162.77.6. This example IP address currently has over 700 reports logged on AbuseIPDB.com. Performing a reverse DNS lookup for this IP address yields the hostname “scan-30.security.ipip.net”

dig -x 139.162.77.6 +short
scan-30.security.ipip.net

Simply visiting the third-level domain, security.ipip.net, in a web browser reveals the following notice in Chinese and English: