Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Access our web-based solution to dig into and monitor all domain events of interest.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.
Downloadable domain, IP, and DNS datasets for efficient and unrestricted access to all of our intelligence sources within your network perimeter.
Access to our domain and threat intelligence tools in combo with package discounts for enterprise and government customers.
Packages designed to augment commercial and in-house security platforms, support managed security services, and facilitate investigations.
Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.
Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.
Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.
Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.
The Who Behind Cyber Threat Intelligence
For over a decade, we have been gathering, analyzing, and correlating domain, IP, and DNS data to make the Internet more transparent and secure. Our unique collection of cyber threat intelligence feeds have proven invaluable in augmenting the capabilities of commercial security platforms (SIEM, SOAR and TIP) and helping Security Operations Centers (SOCs) & Managed Security Service Providers (MSSPs) achieve superior network visibility.
Law enforcement agencies, threat hunters, cyber forensics analysts, and security engineers also benefit from our intelligence using our diverse sets of APIs, lookup and monitoring tools, and other products designed to facilitate cybercrime detection, response, and prevention. Fortune 1000 companies and SMBs with a digital footprint rely on our intelligence to extend their brand protection efforts, enrich their marketing campaigns, conduct research, uncover market trends, and establish new business opportunities.
Join more than 50K satisfied customers
Get access to complete domain name footprints, which include ownership, timeline, updates, statuses, and other essential registration details for about every domain on the Internet.
Learn moreDive into the biggest passive DNS database comprising billions of historical DNS data points and relevant records for the vast majority of IP addresses and hosts.
Learn moreObtain precise geographical data down to the postal code with latitude and longitude coordinates, network information, timezone, connected domains, and more for deeper contextualization.
Learn moreAccess the most structured and detailed IP ranges correlated with ownership data, contacts, and network records from WHOIS, Regional Internet Registries (RIRs), and other sources.
Learn moreEnjoy complete control with convenient download formats for custom integrations, investigations, and data enrichment efforts in line with security policies.
We offer domain, DNS, and IP data in meaningful ways to developers with forward, reverse, and bulk APIs and code libraries for all major programming languages.
Our lookup and monitoring tools are easy to use with straightforward reports for domain names, IP addresses, email addresses, and other search terms of interest.
A comprehensive set of data feeds containing both real-time and historical domains, WHOIS, DNS, IP, and cyber threat intelligence datasets that are useful for efficient big data infosec analytics, forensic analysis, SIEM (security information & event management) data enrichment.
Check Enterprise Data Feed PackagesAPI access through WhoisXMLAPI can be purchased as an annual subscription. The access pricing is based on the number of queries, which is measured monthly with per-minute rate limits. The pricing structure gives predictability to business planning and solution architecture.
Check Enterprise API PackagesCommercial security platform providers such as Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), and Threat Intelligence Platforms (TIPs), use our intelligence to boost their capabilities and achieve better threat contextualization and prioritization.
Managed Security Service Providers (MSSPs) use our data as part of their correlation processes to deliver visibility into their clients’ networks and better detect, analyze, and deal with all types of security events, threats, and vulnerabilities.
Security Operations Centers (SOCs) benefit from the breadth and depth of our intelligence to enhance ongoing cybersecurity processes and strategies. Access to our extensive data footprints, APIs, and tools helps detect, categorize, and respond to incidents.
Law enforcement & digital forensics professionals retrieve insights from our intelligence repositories to kickstart and unlock investigations as well as to gather pieces of evidence. Indicators of compromises often include domain names, DNS records, and IP addresses.
A better understanding of current and historical footprints can be of great value to digital marketers, business development managers, researchers, and other specialists to level up their business intelligence and build commercial applications.
Brand managers and legal specialists use our footprints and monitoring tools to stay updated on typosquatting, cybersquatting abuses, trademark infringements, and other abuses and misrepresentations of their brands' domain names.
Enhance your domain research toolkit by our enterprise-grade web-based solution that helps you in searching...
Learn moreAssess the domain's or IP addresses reputation and risk profile with a simple score based on a comprehensive...
Learn moreEasily detect all typosquatting domain names as soon as they are registered each day.
Learn moreGet well-parsed and normalized WHOIS information for any domain name, IP address or email.
Learn moreGet insights for the new business registered on the web.
Learn moreGet data feeds of new registered domains along with their WHOIS data generated in real time.
Learn moreMonitor exact matches, variations and common misspellings of your brand name & trademarks.
Learn moreGet the most relevant data to be ahead of emerging security threats.
Learn moreGet a complete daily list of all the registered domains and zone files.
Learn moreFind domains and subdomains related by specific terms in their hostnames.
Learn moreFind out the exact physical location of any IP address, email or domain name.
Learn moreFind out which domains were added or dropped by registrants, with given search criteria.
Learn moreWe provide complete and relevant domain WHOIS data which can be customized and easily integrated as per your business needs.
Learn moreListen to WhoisXML API CEO & Founder Jonathan Zhang talking about the company's beginnings and exploring the risks of DNS abuse associated with cases such as recent bulk-registered "voltswagen" domains.
ListenListen to OSINT Combine CEO Chris Poulter discuss key investigations and decisive pivot points to uncover insider threat networks and explore deep past connections with historical WHOIS data.
ListenListen to the WhoisXML API team look at Web properties connected to Ramnit and other possible ongoing phishing campaigns targeting cybersecurity companies.
ListenListen to the WhoisXML API team look at hundreds of domain and subdomain artifacts related to GameStop, Robinhood, and other financial-related terms gaining prominence.
ListenListen to WhoisXML API Sr. Director of Business Development Alexander Ronquillo look at how cybercriminals can weaponize the DNS as well as key considerations for effective cyber threat intelligence.
ListenCan vaccination become a big phishing theme? Listen to WhoisXML API Sr. Director of Business Development Alexander Ronquillo and Head of Content Alex Francois as they look at 12K suspicious COVID-19 vaccination domain names.
ListenWhoisXML API Sr. Technical Account Manager Ed Gibbs and Head of Content Alexandre Francois look at 19K+ domains & subdomains containing presidency-related strings.
ListenListen to WhoisXML API CEO and Founder Jonathan Zhang explore the link between cyber threat intelligence monitoring and new technological developments such as AI, 5G, and IoT devices.
ListenListen to WhoisXML API Sr. Sales Director Alex Ronquillo and Head of Content Alex Francois as they look at bitcoin-related domains and discuss newly-identified branded typosquatting domains.
ListenListen to Sr. Sales Director Alex Ronquillo's review of recent typosquatting domain registrations and suspicious new resolving subdomains containing big brands' names.
ListenListen to WhoisXML API CEO Jonathan Zhang look into cyber threat intelligence automation and some of the key quality aspects of domain and IP intelligence sources.
ListenListen to cyber threat intelligence specialists John Bambenek and Alex Ronquillo share key insights concerning the SolarWinds breach.
ListenListen to Sr. Sales Director Alex Ronquillo presenting a cyber threat intelligence analysis of SolarWind Orion's identified artifacts and expanded domain footprints.
ListenListen to WhoisXML API Sr. Sales Director Alex Ronquillo for more information on how to detect vulnerable third parties with domain and IP intelligence.
ListenTyposquatting domains are now sophisticated and can take several dangerous forms. WhoisXML API CEO Jonathan Zhang explores what to pay attention to in this podcast.
ListenCan domain and IP intelligence help tackle the multi-billion dollar Internet fraud problem? WhoisXML API Sr. Sales Director Alex Ronquillo offers some key perspectives in this podcast.
ListenWhoisXML API launches its Domains and Subdomains Discovery service with results available via API calls and shareable lookup reports.
Learn moreCybercriminals sometimes leave digital breadcrumbs when they register domain names. WhoisXML API CEO Jonathan Zhang explains how it is possible to track perpetrators' identities in this podcast.
ListenHow do you uncover lists of potentially suspicious domain names? In this podcast, WhoisXML API Sr. Sales Director Alex Ronquillo explains how to find connected domain footprints using an IP address or nameserver as an input.
ListenHow do you contextualize IP addresses? Listen to WhoisXML API CEO Jonathan Zhang to learn more about IP enrichment techniques such as geolocation, connected domain discovery, and netblock attribution in this podcast.
ListenHow does domain intelligence bring context around new typo domain registrations? WhoisXML API Sr. Sales Director Alex Ronquillo talks about using WHOIS data to spot suspicious registrations in this podcast.
ListenWhat's the link between COVID19 and domain name registrations? Listen to this podcast featuring WhoisXML API CEO Jonathan Zhang to understand the key patterns that potentially make pandemic-related domains dangerous.
ListenProPrivacy publishes a report that maps coronavirus-themed domain registrations throughout the pandemic based on data gathered in partnership with WhoisXML API and Alphabet's VirusTotal (Google).
Learn moreKnowBe4 looks into domain names containing "georgefloyd" and "blacklivesmatter" search strings based on WhoisXML API's typosquatting data feed files.
Learn moreWhoisXML API introduces new integration for ServiceNow Security Operations, offering near-real-time domain intelligence covering billions of WHOIS records.
Learn moreNo matter what type of cyber attack you face, be assured that our different sources of cyber threat intelligence will bring the visibility you need to support decision making.
Learn moreStay one step ahead of cybersquatters, phishers, and copycat competitors and protect your Internet domain names with the right set of data feeds and monitoring capabilities.
Learn moreSafeguard your organization and clients against payment transaction fraud and other scams with the help of actionable domain and IP intelligence covering location and ownership.
Learn moreGet extensive domain intelligence, including new registrations, recent expirations, reputation, and historical ownership to make informed decisions about your next domain investments.
Learn moreUse our vast cyber threat data in your investigations to uncover connections between domain names, IP addresses, and ownership information to track down cybercriminals.
Learn moreMonitor web asset acquisitions and fraudulent online transactions, identify investment opportunities, and verify merger and spinoff activities by using domain and IP intelligence.
Learn moreWork with our updated and comprehensive domain and IP intelligence sources to facilitate domain registration, administration, and transfer as well as to follow-up on instances of abuse concerning web assets under your management.
Learn moreBetter understand and target your audiences and customers with access to our diverse domain, DNS, and IP datasets put together in different formats to enrich your marketing and research activities.
Learn moreThe basis of IBM’s key security solutions is the QRadar Security Intelligence Platform, a security information and event management system (SIEM). It is a unified platform covering many security-related tasks and incorporating a broad spectrum of solutions including the use of X-Force Threat Intelligence, IBM’s cloud-based threat intelligence platform.
The big data extension of QRadar can be used to do DNS forensics in order to identify risky domains, risky users, and risky IP addresses, and feed this information back to QRadar in order to define new protection rules...
As the analysis and research of WHOIS data is crucial in cybersecurity, the MITRE cooperation develops a front-end for the services provided by WhoisXML API in support of researchers' and analysts' work...
IEEE was searching for a solution to automate its manual process of ensuring hundreds of independently-owned IEEE domain names were being updated with their latest information in the WHOIS Domain Name Registry. More specifically, there was a critical need of identifying upcoming domain name expirations early in order to alert their owners of potential losses...
Child sexual offenders have always been quick to adapt technological advances, such as photography and film for the purposes of exploiting children. The move of child exploitation material (CEM) to the Internet has enabled them to form online communities which allow easier access to CEM, recruiting co offenders and business partners, as well as validating their deviant behavior amongst other offenders.
Despite the established harm inherent within child exploitation imagery and distribution online, current attempts to limit such content have been largely unsuccessful.
Dark Crawler is a tool used by search-engines to automatically navigate the Internet and collect information about each website and webpage which can be used to seek out specific content, such as child exploitation material ...
Entrepreneurship is the central process through which economic growth and performance is fostered in a regional economy. Its evaluation is thus of paramount importance for policymakers and economists. However, the quantification of entrepreneurship, that is, introduction of measures to describe the attempts to start growth-oriented business, the likelihood of their success, the ability to raise venture capital, etc. is a challenging task due to the lack of globally available and accurate input data on e.g. business registration.
In a recent working paper a new approach is proposed to overcome this issue by using WHOIS registration data. The approach is applied to companies in Oxford and Cambridge, UK as a demonstration, by using data purchased from WhoisXML API.
Protection against malicious websites is an important task in cybersecurity. A common way of identifying such sites is the use of blacklists which contain a large set of URLs considered dangerous. There are various techniques for compiling such lists, and there is obviously a need for methods to verify if a suspicious site is really dangerous...
Encrypted communication on the Internet is most commonly realized by Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Webpages communicating sensitive content, including Internet banking, webshops, etc. use the HTTPS protocol which is based on this. E-mail servers, when communicating with clients in a secure manner, use the relevant e-mail transfer protocols such as SMTP, IMAP or POP3 over SSL/TLS.
In current practice web pages are often hosted at least in part by third-party hosting providers or content-delivery networks. Thus the hardware systems we communicate with belong to these third parties, which may host many other pages of completely different entities. And, in order to establish desired secure communications, these parties have to get hold of private keys of these entities. Currently, many providers overtake even the management of keys from their clients which gives rise to profound and possibly severe security implications...
One of the cornerstones of cybersecurity is threat intelligence sharing. Maintenance of our IT systems' security and their protection against malicious activity require up-to-date knowledge of the entire field. There are significant efforts to assist experts in this activity, including those of market leaders such as IBM X-Force Exchange.
Due to the decentralized architecture of the Internet, however, the collaboration of the actors as well as voluntary campaigns in order to detect vulnerabilities are also of utmost importance. If, however, the owners of the affected systems cannot be notified, these efforts can hardly achieve their positive goal. And in this notification process, WHOIS data have their use...
Sometimes certain comfortable and seemingly innocent protocols can introduce significant security risks, especially when the system's environment changes.
The WPAD (Web Proxy Autodiscovery) protocol is prevalently used to configure the web proxy settings of end systems such as desktops and other devices belonging to an administrative domain, e.g. a corporate network. The benefit of this solution is that system administrators can deploy local web proxy settings essentially without any user interaction. Due to a very progressive change in the domain registration policies, the otherwise very useful WPAD protocol has introduced the possibility of a new and very dangerous man-in-the-middle attack...
WhoisXML API is proud to announce its partnership with cybersecurity solution provider NormShield. NormShield enables enterprises to evaluate their external cyber risk posture by letting them conduct non-intrusive third-party risk assessments. NormShield’s growing client base operates in various industries, among which are financial services, healthcare, manufacturing, retail, and tech in general.
The results of third-party risk assessments powered by NormShield come in the form of intuitive scorecards that immediately tell enterprise users what their most salient cyber risks are. The scorecards also contain recommendations on how to deal with each risk based on its priority level.
NormShield relies on comprehensive and accurate domain, subdomain, and IP address data to conduct thorough risk evaluation of its clients’ suppliers, subsidiaries, and other stakeholders. The company has partnered with us to integrate the IP Neblocks WHOIS Database Feed and Whois Database Feed into its processes — now monitoring more than 1.2 billion domains, 7 billion WHOIS records across 2,864 top-level domains (TLDs), and 9.1 million IP netblocks.
Here is more about the challenges our products have helped to deal with and the exciting details of this fruitful collaboration.
We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.
