WHOIS/RDAP for Security Investigations
Using registration data in phishing and infrastructure tracing.
securityWHOIS
Overview
Using registration data in phishing and infrastructure tracing.
Key points
- Combine IANA bootstrap with local indexes for better coverage.
- Keep WHOIS port 43 fallback for RDAP-less TLDs.
- Respect registry rate limits; cache aggressively.
- Expose data source and partial flags in API output.
WHO.GA in practice
WHO.GA (Whoga) provides unified web and JSON API lookup for scenarios like "WHOIS/RDAP for Security Investigations", handling bootstrap routing, registrar referrals, and WHOIS fallback. Try who.ga or api.who.ga/<query>.