IP History Lookup for Cybersecurity | WhoisXML API

IP 历史记录查询是深入进行 DNS 网络安全研究的重要查询类型

WhoisXML API 的 DNS 历史记录产品可映射历史 IP 到域名或域名到 IP 的关联性。追踪更改并使用历史托管数据进行欺诈监测、威胁行为者监控和事件分析。

500 亿+域名和子域名
1160 亿+DNS记录
60%+网络安全150中关键类别客户信任我们
52,000+满意客户

历史 IP 数据查询的工作原理

Enter a domain name to to look up associated historical A and AAAA records and uncover a domain’s hosting history. Or enter an IPv4 or IPv6 address to run a reverse IP history lookup and find out which domains have been hosted on a certain IP address over time. Try it now.

具有 IP 历史数据的 WhoisXML API 产品

  • DNS数据库下载

    DNS数据库下载

    从我们市场领先的历史 DNS 记录数据库直接访问被动 DNS A、AAAA、MX、NS、TXT、CNAME、SOA 和 PTR 记录文件。

    探索数据库下载
  • DNS 大事记 API

    DNS 大事记 API

    DNS 大事记 API 可轻松集成到现有的安全平台、工作流程和其他需要使用被动 DNS 情报的工具中。

    探索 API
  • DNS 大事记查询

    DNS 大事记查询

    通过在我们的 GUI 中输入任意域名的历史 DNS A 和 AAAA 记录,即可轻松检索该记录。

    探索查询

实际应用

  • 追踪域名转移

    查看域名更改主机并追踪其历史活动的时间范围。

  • 调查可疑域名

    Find out the IP addresses historically associated with a domain to analyze them for previous suspicious activity.

  • Uncover threat actor infrastructure

    Identify IP addresses historically linked to a known malicious domain or additional domain names that have at some point been hosted on a given IP address.

  • Monitor threat actors

    Stay alerted to DNS resolutions associated with known threat actors, and uncover patterns or anomalies that could indicate malicious activity.

DNS 数据库 | WhoisXML API

Ready to start using historical IP address data?

联系我们

常见问题

What is an IP history lookup?

A historical IP lookup is a process that allows you to see the hosting history of a domain — the list of IP addresses it has been associated with over time. An IP history lookup shows you how a domain migrated between hosts and gives you more context about its historical associations.

It is similar to a real-time DNS lookup, but it relies on historical DNS data instead, offering multiple historical records with different timestamps.

What is a reverse IP history lookup?

A reverse IP history lookup is a process that allows you to see the historical domain names that have been associated with a specific IP address over time. This means you can track which websites were previously hosted on a given web server, even if they have since moved to a different IP.

Performing a reverse IP history lookup can uncover patterns that may indicate suspicious activity, domain migrations, or shared hosting environments. A reverse IP history lookup is similar to a real-time reverse IP lookup, but it relies on historical DNS data instead. This means it provides multiple records instead of just one current record.

How is IP history collected?

IP history is part of DNS history that is collected using passive DNS sensors. The DNS system has no memory, so it only keeps the current domain to IP associations. The sensors collect this data over a long period of time, tracking changes and adding timestamps to them. We use our own passive DNS sensors and work together with DNS data aggregation partners to keep track of these changes. For more information on how passive DNS works, check out our Passive DNS Primer.

How to lookup connected domains with IP history?

To uncover domains connected to a given domain, you can run an IP history lookup, finding IP addresses associated with this domain over time. Then, run a reverse historic IP lookup for each of these IP addresses, uncovering other domains that have been hosted on these IP addresses. These domains are likely to be connected to the given domain.

Note that being hosted on the same IP doesn’t guarantee that domains are indeed associated, as they might be using shared hosting.

How far into the past does IP history go?

WhoisXML API provides years of historical IP-to-domain records thanks to a vast database of historical DNS data. For domains that are only a few years old, you’ll likely see their entire IP history.

Why do IP history records show me multiple IP addresses associated with one domain at the same time?

A domain can have multiple associated IP addresses for load balancing, geographical distribution, or failover. If it uses a content delivery network (CDN) like Cloudflare or employs other load balancing techniques, the historical IP records will show multiple IP addresses associated with the domain at the same time. These correspond to the different servers delivering the content for the website.

For example, below you can see the result of a historical IP lookup for example.com. The records for October 4, 2019, show many different IP addresses associated with it.

Can I see other historical records other than A and AAAA?

Yes, you can. IP history is a feature of our DNS history products, which also provide historical MX, NS, TXT, CNAME, SOA, and PTR records. However, to see these, you’ll need to use the DNS Database Download. The lookup tool and the DNS Chronicle API currently only provide historical IP-to-domain and domain-to-IP data.