WHOIS

whois

The resources of a WHOIS record for a given domain. This can include domain names, IP address blocks, autonomous system information, and/or contact and registration information for a domain.

Attributes

Caption	Name	Type	Description
Autonomous System	`autonomous_system`	Autonomous System[]	The autonomous system information associated with a domain.
Registered At	`created_time`	Timestamp	When the domain was registered or WHOIS entry was created.
DNSSEC Status	`dnssec_status`	String	The normalized value of dnssec_status_id.
DNSSEC Status ID	`dnssec_status_id`	Integer	Describes the normalized status of DNS Security Extensions (DNSSEC) for a domain. `0`: Unknown (`UNKNOWN`) `1`: Signed (`SIGNED`) `2`: Unsigned (`UNSIGNED`) `99`: Other (`OTHER`)
Domain	`domain`	String	The domain name corresponding to the WHOIS record.
Domain Contacts	`domain_contacts`	Domain Contact[]	An array of Domain Contact objects.
Registrar Abuse Email Address	`email_addr`	Email Address	Entity:`EMAIL_ADDRESS` The email address for the registrar's abuse contact
ISP Name	`isp`	String	The name of the Internet Service Provider (ISP).
ISP Org	`isp_org`	String	The organization name of the Internet Service Provider (ISP). This represents the parent organization or company that owns/operates the ISP. For example, Comcast Corporation would be the ISP org for Xfinity internet service. This attribute helps identify the ultimate provider when ISPs operate under different brand names.
Last Updated At	`last_seen_time`	Timestamp	When the WHOIS record was last updated or seen at.
Name Servers	`name_servers`	String[]	A collection of name servers related to a domain registration or other record.
Registrar Abuse Phone Number	`phone_number`	String	The phone number for the registrar's abuse contact
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Domain Registrar	`registrar`	String	The domain registrar.
Domain Status	`status`	String	The status of a domain and its ability to be transferred, e.g., clientTransferProhibited.
Subdomains	`subdomains`	String[]	An array of subdomain strings. Can be used to collect several subdomains such as those from Domain Generation Algorithms (DGAs).
Subnet Block	`subnet`	Subnet	Entity:`SUBNET` The IP address block (CIDR) associated with a domain.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference WHOIS in their attributes:

OSINT

Outbound Relationships

WHOIS references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0

Updated 4 days ago