WHOIS Parse

swimlane parse whois connector the whois parse connector enables users to query whois databases directly from swimlane turbine, extracting valuable domain registration data for cybersecurity analysis whois parse connector taps into the comprehensive whois database to provide detailed domain registration and availability information it enables users to perform whois lookups for domains and ip addresses directly within the swimlane turbine platform, extracting valuable data without the need for manual queries this integration streamlines the process of gathering domain ownership and registration details, enhancing cyber investigations and enriching security incident data by automating whois data retrieval, security teams can rapidly assess domain legitimacy and track potential cyber threats with greater efficiency prerequisites the whois connector does not require an asset capabilities the swimlane parse whois bundle has the following capabilities parse whois text whois lookup whois lookup by ip actions parse whois text extracts detailed registration data from provided whois text for a specific domain input argument name type required description domain string required parameter for parse whois text text string required parameter for parse whois text output parameter type description headers array http headers for the request file name string name of the resource file string output field file reason string response reason phrase status code number http status code of the response address string output field address whois server string output field whois server registrar string output field registrar raw text string output field raw text city string output field city raw json object output field raw json domain name object name of the resource registrar object output field registrar whois server object output field whois server referral url object url endpoint for the request updated date object date value creation date object date value expiration date object date value name servers object name of the resource status object status value emails object output field emails dnssec object output field dnssec name object name of the resource org object output field org address object output field address example \[ { "headers" \[], "reason" "ok", "status code" 200, "address" null, "whois server" null, "registrar" null, "raw text" "google com", "city" null, "raw json" { "domain name" null, "registrar" null, "whois server" null, "referral url" null, "updated date" null, "creation date" null, "expiration date" null, "name servers" null, "status" null, "emails" null, "dnssec" null, "name" null, "org" null, "address" null, "city" null }, "name servers" null, "emails" null, "country" null, "zipcode" null, "name" null, "org" null } ] whois lookup perform a whois lookup to retrieve domain registration and availability information a domain name is required as input input argument name type required description domain string required parameter for whois lookup raise boolean optional raise an error if the whois lookup fails output parameter type description headers array http headers for the request reason string response reason phrase status code number http status code of the response address object output field address whois server string output field whois server registrar string output field registrar raw text string output field raw text city object output field city raw json object output field raw json domain name string name of the resource registrar string output field registrar whois server string output field whois server referral url object url endpoint for the request updated date string date value creation date string date value expiration date string date value name servers array name of the resource status string status value emails array output field emails dnssec string output field dnssec name object name of the resource org string output field org address object output field address city object output field city state string output field state example \[ { "headers" \[], "reason" "ok", "status code" 200, "address" null, "whois server" "whois markmonitor com", "registrar" "markmonitor, inc ", "raw text" " domain name google com\r\n registry domain id 2138514 domain com vrsn\r\n r ", "city" null, "raw json" { "domain name" "google com", "registrar" "markmonitor, inc ", "whois server" "whois markmonitor com", "referral url" null, "updated date" "2019 09 09t15 39 04z", "creation date" "1997 09 15t07 00 00z", "expiration date" "2028 09 13t07 00 00z", "name servers" \[], "status" "serverdeleteprohibited (https //www icann org/epp#serverdeleteprohibited)", "emails" \[], "dnssec" "unsigned", "name" null, "org" "google llc", "address" null, "city" null }, "name servers" \[ "ns1 google com", "ns2 google com", "ns3 google com" ], "emails" \[ "abusecomplaints\@markmonitor com", "whoisrequest\@markmonitor com" ], "country" "us", "zipcode" null, "name" null, "org" "google llc" } ] whois lookup by ip perform a whois lookup for a given ipv4 or ipv6 address and parse the retrieved data input argument name type required description ip string required an ipv4 or ipv6 address raise boolean optional raise an error if the whois lookup fails output parameter type description headers array http headers for the request file name string name of the resource file string output field file reason string response reason phrase status code number http status code of the response nir object output field nir asn registry string output field asn registry asn string output field asn asn cidr string unique identifier asn country code string output field asn country code asn date string date value asn description string output field asn description query string output field query network object output field network handle string output field handle status array status value remarks array output field remarks title string output field title description string output field description links object output field links notices array output field notices title string output field title description string output field description links object output field links links array output field links example \[ { "headers" \[], "reason" "ok", "status code" 200, "nir" null, "asn registry" "arin", "asn" "14061", "asn cidr" "107 170 192 0/18", "asn country code" "us", "asn date" "2013 12 30", "asn description" "digitalocean asn, us", "query" "107 170 254 17", "network" { "handle" "net 107 170 0 0 1", "status" \[], "remarks" \[], "notices" \[], "links" \[], "events" \[], "raw" null, "start address" "107 170 0 0", "end address" "107 170 255 255", "cidr" "107 170 0 0/16", "ip version" "v4", "type" "direct allocation", "name" "digitalocean 107 170 0 0", "country" null, "parent handle" "net 107 0 0 0 0" }, "entities" \[ "do 13" ], "objects" { "do 13" {} }, "raw" null } ]