Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
Mirroring Sun Tzu’s wisdom, “To know your enemy, you must become your enemy,” today’s cybersecurity landscape demands that security teams see their IT infrastructure through attackers’ eyes. This proactive approach is vital, notably considering the Data Breach Investigations Report (DBIR) finding that 65% of data breaches stem from external sources.
Adopting an attacker mindset enables security teams to identify and address attack vectors early and continuously manage their attack surfaces. This strategy entails asking questions like, “What assets can threat actors see and use as entry points?” and “How can compromising these assets impact other assets?”
WhoisXML API has recently created two scripts to provide IP Netblocks Database users with a fast and easy way to retrieve the netblocks data of any IP address. The first script allows developers to create a binary tree database and save it as a pickle file, while the second script enables them to search the binary tree for a specific IP address.
Secure shell (ssh) is the typical tool for getting secure command-line access to Linux (and other Unix flavor) systems. Notably, most Linux-based servers are administered remotely via ssh access. Hence the security of the ssh service is of paramount importance, especially since it is often a very attractive part of the attack surface of an organization.
The present blog provides a discussion on setting up efficient firewall rules for the ssh service, and extending the whitelist easily with the help of WhoisXML API's IP Netblocks API. The method also works for other services using inbound tcp connections. We discuss a typical iptables firewall on a Linux system. Basic expertise in Linux tools and firewalls is assumed. The recipe works as it is, or with minor modifications also on other systems.
It is normal for large enterprises, especially multinational corporations (MNCs), to maintain an IP netblock or several IP ranges for their website hosting requirements. This approach allows them to quickly set up sites as the need arises. There might be problems, though, when a company relies on a single service provider. Any operational disruption on the provider’s part means a halt to its business as well.
This post tackles the challenges that relying on a single web host brings and how access to an IP Netblocks WHOIS database may help alleviate them. In case you are not fully familiar with the notion of netblocks, check this post for an introduction to the subject.
Hackers are known to hijack IP addresses for use in various illegal activities. They could thus use your IP address in a malicious campaign, but that doesn’t mean you’re guilty. And so, your infosec team needs to gather enough evidence to counter accusations of foul play against you. You may also need to help the authorities by looking into who is behind a threat.
The first step in that direction is answering the question: What is my IP range? Solutions like IP Netblocks API or IP Netblocks WHOIS Database could be of help. That’s not where the buck stops, though, you’ll need to use a host of IP and domain intelligence tools next. For this reason, we created this guide for you.
Indicators of compromise (IoCs) are anomalous network or computer artifacts such as malware signatures, file hashes, or domains that point to a possible breach. This data is aggregated from multiple external threat feeds and log files from internal applications and systems. The analysis of IoCs is part and parcel of an infosec professional’s daily workload. After all, an organization’s security hinges on its ability to detect and act on IoCs that could lead to full-blown cyber attacks timely.
Every day, analysts encounter IoCs of varying severity, as reported by their organization’s security orchestration, automation, and response (SOAR) and security information and event management (SIEM) solutions. The problem with such alerts is that some may be associated with old IoCs that are no longer active or are now being used for legitimate purposes.
That explains the need for constant IoC management. By monitoring IoCs in context, security analysts can find out which ones warrant their attention most as the volume of alerts can easily overwhelm an understaffed security team. But was does “context” mean here? And which sources of data can support in providing it?
It is pretty standard for cybercriminals to spend time exploring a network for weaknesses they can exploit. That’s why cybersecurity experts must continuously monitor their systems and logs for any signs of future attacks. They can do so with various IP and domain intelligence tools, notably using IP Netblocks API as a first step.
How exactly? In this post, we provide a demonstration of how organizations can better ensure their infrastructure’s security and possibly even prevent breaches.
The Internet is a very dangerous place. A server with a public IP address could become the subject of an attack virtually at any time of its operation. Indeed, any service that is vulnerable to any extent is likely to be exploited at some point if left this way; no server operator can deny playing this cat-and-mouse game with hackers.
Not all hackers meet the stereotypes attributed to them, though. One does not have to be an ingenious IT specialist with very tricky ideas to try and exploit servers. Picking an exploit kit written by someone else, and letting it run on arbitrary IP addresses is essentially free, and it will surely harvest something: sooner or later it will run into a content management system on a website whose owner failed to apply some important security update, or web-based database management console left open to the public. All these could result in an administrator’s access to the server, which may lead to dramatic consequences for the owner.
It is always instructive, for instance, to frequently take a good look at the access log of your web servers. Let us conduct a bit of an investigation to illustrate what is typically going on.
We recently announced that our IP netblocks services underwent data enrichment. Users of our database and API should be delighted to know that our ratio of IP netblocks from Latin America and the Caribbean with some meaningful contact information increased from 0% to 61%. Most of the entries previously showed redacted results, but that is no longer the case. We have substantially improved the ratio of IP netblocks with said information for other regions as well.
In light of this welcome development, we wrote this article for users looking for LACNIC netblock data for different purposes. The post includes some background on LACNIC and shows how to search for available IP blocks and effectively assess those they come into contact with by using our IP Netblocks WHOIS Database and IP Netblocks API.
Looking Up AFRINIC IP Addresses and Ownership Information with IP Netblocks WHOIS Database
Searching IP address data to find more clues for cybercrime investigations has become common practice. And for those
who are dealing with cybercriminal suspects from Africa, getting real-time and comprehensive
IP address ownership information is possible with an IP Neblocks WHOIS Database that contains information on AFRINIC IP addresses.
With these insights, users will be able, for example, to investigate the so-called “Nigerian scams,” which the region
has become notorious for. You may be wondering what these scams are, so let us tell you all about them and how our
IP Netblocks services can help.
How to Look Up an ARIN IP Address with IP Netblocks WHOIS Database
Why does it matter who’s behind an IP address? Knowing the identity of IP addresses’ owners, whether they are
individuals or organizations, helps users determine if they can be trusted or are potential scammers out to
carry fraud.
However, that information is not always readily available, and nor is it publicly accessible due to a variety of
reasons. So, how can users obtain such data? One resource that may help is an IP Netblocks WHOIS Database. In a
nutshell, it lets users know what IP netblock or range an IP address belongs to and who owns it.
This post discusses how users can find an American Registry for Internet Numbers (ARIN) IP address by using
an IP netblock database. But first, let’s find out what ARIN is.
How to Find an IP Block Owner with IP Netblocks WHOIS Database
An IP netblock can be a critical piece of information for the companies that engage in online
activities. Whether it’s for competitor research or to prevent IP address hijacking, IP netblock
data allows technology professionals to deduce who owns a group of IP addresses to pursue their
objectives and take relevant action from there.
That said, the ability to quickly derive this information could sometimes spell the difference
between success and a missed opportunity, or mitigating or not a cybersecurity threat before it can
affect one’s systems and networks.
In this post, we’ll discuss how general users and tech-savvy cybersecurity professionals can obtain
IP block data by using a variety of online technologies such as IP Netblocks WHOIS Database and
others.
IP and WHOIS Database: How to Find APNIC Block Owners
In the 1980s, detectives, investigators, and regular people who wanted to solve a mystery would need
to sit in a car for hours, wear a disguise, and follow their subjects everywhere, be it on foot or
by car.
The nature of crimes, however, has changed today. Most of them no longer happen physically; they’re
committed in the virtual realm. And so, they call for new methods of investigation where legwork (in
the physical sense, that is) is no longer required. Tracing the identity of a cybercriminal, for
instance, now requires the right information and sources like an IP WHOIS database.
In this post, we delve into the methods and tools that can help users find the owner of an Asia
Pacific Network Information Centre (APNIC) IP block in particular.
How to Conduct a RIPE NCC IP Lookup with an IP Netblocks WHOIS Database
Both the burgeoning use of the Internet and the growing incidence of cybercrime call for insightful
information on IP addresses that may be involved in malicious activities. As part of its mandate to
maintain Web integrity, the Internet Assigned Numbers Authority (IANA) coordinates the global
assignment of IP addresses and Autonomous System Numbers (ASNs).
IANA specifically works with the regional Internet registry (RIR) Réseaux IP Européens Network
Coordination Centre (RIPE NCC) to maintain a database of IP addresses for Europe, West Asia, and the
former Soviet Union. And so, anyone who wishes to find more information about an IP address from
this region must do a RIPE NCC IP lookup.
How to Find a Netblock Owner with an IP Netblocks WHOIS Database
IP netblocks can be considered a neighborhood to which consecutive IP addresses belong. As in the
real world, there are good and bad neighborhoods. Fortunately, sophisticated threat intelligence
tools enable security engineers to distinguish one from the other.
Traditionally, users can check computers communicating over a network by using a simple ping command
to find unresponsive or misbehaving nodes. A ping test sends packets to a server and reveals if the
same number of packets were returned, as well as how long it took the destination to issue a
response.
Ping tests may be sufficient for network discovery, especially in private networks. However, other
tasks may require critical IP intelligence data, such as a WHOIS IP block, for threat hunting and
marketing applications. An IP Netblocks WHOIS Database can provide complete ownership histories of
IP ranges that can help users determine if these were involved in previous attacks.
From IANA to Using IP Netblocks WHOIS Database for IP Range Lookups
More and more professionals rely on IP intelligence sources such as IP Netblocks WHOIS Database to
learn more about IP addresses and their ranges (consecutively numbered sets of IP addresses). Many,
however, do not have a full understanding of how IP netblocks and addresses are broken down in the
first place and why this information can be useful.
Essentially, IP addresses are numbers from 0 to 536,870,911. Their distribution amongst users is done
by Classless Inter-Domain Routing (CIDR). The idea is that the whole interval is split into parts
assigned to different bodies responsible for them. These bodies will then split their IP address
intervals into smaller ones and delegate their administration to other bodies or end-users. So
finally the smallest intervals will have actual owners, or, vice versa, owners will have one or more
intervals.
These points are further tackled in this blog post, starting with a short primer
about the relevance of the Internet Assigned Numbers Authority (IANA) in the IP address allocation
process just mentioned.
Now, You Can Get More Information from Our Updated IP Netblocks WHOIS Database
More comprehensive IP intelligence means more value to our clients. That’s why we are proud to
announce an important update on our IP Netblocks WHOIS Database, which now has significantly higher
proportions of non-empty or non-redacted fields across IP netblocks.
Empty and redacted fields can create significant challenges for IP netblocks users. Cybersecurity
professionals, for example, may not be able to check if certain IP addresses in a given netblock
belong to the same registrant or someone else. When investigating an attack involving several
individuals, it may also be harder, for example, to pinpoint if several compromised addresses are
all from one IP netblock and are, therefore, linked.
Marketing professionals, on the other hand, could make the mistake of bundling an IP address with the
wrong netblock that’s assigned to a different organization than the one of interest. Other
professionals researching specific companies that share a netblock may have a hard time identifying
the addresses that actually belong to them. Incomplete data might lead to faulty assumptions and
thus results.
In short, we know how vital IP intelligence information is to organizations and how the lack of it
can spell trouble for different types of professionals.
With higher proportions of non-empty or non-redacted fields across RIRs, IP
netblocks users can now get more actionable information from their queries. With that in mind, let
us elaborate on what has changed exactly and the corresponding benefits.
IP WHOIS lookups vs. an IP Netblocks WHOIS database
In many of the aforementioned applications, it is equally important to find out
who an actual IP address is assigned to and which part of the network it belongs to. Technically, it
necessary and sufficient for a device to have an IP address to be able to communicate on the
network. As it is sufficient, there are nodes which are not assigned a domain name. However, in
every communication it is necessary for the IP address to be able to be tracked back at least. This
makes IP WHOIS data useful in many of the aforementioned applications, and indeed essential for IT
security. In a typical server log, for instance, we have IP addresses whose ownership can be
identified via its IP WHOIS record obtainable by the WHOIS protocol...
Who owns the Internet? IP Netblocks WHOIS Data will tell you
The virtual world of the Internet can be linked to physical entities such as
organizations or individuals via only a few techniques. One of the possibilities is to start from
the IP address: the unique number associated with each machine connected to the Internet. As such an
address is technically essential for any networked machine to operate and each Internet
communication to take place, it is a very efficient and viable approach revealing the ownership of
the infrastructure and the hierarchy behind its definition...
