WHOIS
whois
The resources of a WHOIS record for a given domain. This can include domain names, IP address blocks, autonomous system information, and/or contact and registration information for a domain.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Autonomous System | autonomous_system | Autonomous System | The autonomous system information associated with a domain. | ||
| Registered At | created_time | Timestamp | When the domain was registered or WHOIS entry was created. | ||
| DNSSEC Status | dnssec_status | String | The normalized value of dnssec_status_id. | ||
| DNSSEC Status ID | dnssec_status_id | Integer |
Describes the normalized status of DNS Security Extensions (DNSSEC) for a domain.
|
||
| Domain | domain | String | The name of the domain. | ||
| Domain Contacts | domain_contacts | Domain Contact |
An array of Domain Contact objects.
|
||
| Registrar Abuse Email Address | email_addr | Email Address | The email address for the registrar's abuse contact | ||
| Last Updated At | last_seen_time | Timestamp | When the WHOIS record was last updated or seen at. | ||
| Name Servers | name_servers | String | A collection of name servers related to a domain registration or other record. | ||
| Registrar Abuse Phone Number | phone_number | String | The phone number for the registrar's abuse contact | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Domain Registrar | registrar | String | The domain registrar. | ||
| Domain Status | status | String |
The status of a domain and its ability to be transferred, e.g., clientTransferProhibited.
|
||
| Subdomains | subdomains | String | An array of subdomain strings. Can be used to collect several subdomains such as those from Domain Generation Algorithms (DGAs). | ||
| Subnet Block | subnet | Subnet | The IP address block (CIDR) associated with a domain. | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Referenced By
Context
JSON
{
"caption": "WHOIS",
"description": "The resources of a WHOIS record for a given domain. This can include domain names, IP address blocks, autonomous system information, and/or contact and registration information for a domain.",
"extends": "object",
"name": "whois",
"attributes": {
"autonomous_system": {
"description": "The autonomous system information associated with a domain.",
"requirement": "optional",
"caption": "Autonomous System",
"type": "autonomous_system"
},
"domain_contacts": {
"requirement": "recommended",
"caption": "Domain Contacts",
"description": "An array of <code>Domain Contact</code> objects.",
"is_array": true,
"type": "domain_contact"
},
"created_time": {
"caption": "Registered At",
"description": "When the domain was registered or WHOIS entry was created.",
"requirement": "recommended",
"type": "timestamp_t"
},
"dnssec_status_id": {
"requirement": "recommended",
"caption": "DNSSEC Status ID",
"description": "Describes the normalized status of DNS Security Extensions (DNSSEC) for a domain.",
"enum": {
"0": {
"caption": "Unknown",
"description": "The disposition is unknown."
},
"1": {
"caption": "Signed",
"description": "The related domain enables the signing of DNS records using DNSSEC."
},
"2": {
"caption": "Unsigned",
"description": "The related domain does not enable the signing of DNS records using DNSSEC."
},
"99": {
"caption": "Other",
"description": "The DNSSEC status is not mapped. See the <code>dnssec_status</code> attribute, which contains a data source specific value."
}
},
"sibling": "dnssec_status",
"type": "integer_t"
},
"dnssec_status": {
"requirement": "optional",
"caption": "DNSSEC Status",
"description": "The normalized value of dnssec_status_id.",
"type": "string_t"
},
"domain": {
"requirement": "recommended",
"caption": "Domain",
"description": "The name of the domain.",
"type": "string_t"
},
"email_addr": {
"caption": "Registrar Abuse Email Address",
"description": "The email address for the registrar's abuse contact",
"requirement": "optional",
"type": "email_t"
},
"last_seen_time": {
"caption": "Last Updated At",
"requirement": "recommended",
"description": "When the WHOIS record was last updated or seen at.",
"type": "timestamp_t"
},
"name_servers": {
"requirement": "recommended",
"caption": "Name Servers",
"description": "A collection of name servers related to a domain registration or other record.",
"is_array": true,
"type": "string_t"
},
"phone_number": {
"caption": "Registrar Abuse Phone Number",
"description": "The phone number for the registrar's abuse contact",
"requirement": "optional",
"type": "string_t"
},
"registrar": {
"requirement": "recommended",
"caption": "Domain Registrar",
"description": "The domain registrar.",
"type": "string_t"
},
"status": {
"caption": "Domain Status",
"description": "The status of a domain and its ability to be transferred, e.g., <code>clientTransferProhibited</code>.",
"requirement": "recommended",
"type": "string_t"
},
"subdomains": {
"requirement": "optional",
"caption": "Subdomains",
"description": "An array of subdomain strings. Can be used to collect several subdomains such as those from Domain Generation Algorithms (DGAs).",
"is_array": true,
"type": "string_t"
},
"subnet": {
"caption": "Subnet Block",
"description": "The IP address block (CIDR) associated with a domain.",
"requirement": "optional",
"type": "subnet_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
}
}