Blog & How To Guides | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.

Learn More
×
Contact Us

WhoisXML API Blog

follow us in feedly
All posts Product launches and updates Partnerships Domain activity highlights CyberSec Navigator For developers Product blogs

Catch Domain Events Earlier with the includeCandidates Parameter in Real-Time Domain Registration Streaming

We are excited to announce that our development team has upgraded Real-Time Domain Registration Streaming to include a feature called “includeCandidates,” an optional Boolean parameter that allows users to immediately obtain simplified domain records directly from zone files before they undergo newly registered domain (NRD) processing.

The candidate records only have two fields, namely, “domainName” and “reason,” where the latter field can be “added” for NRDs or “dropped” for recently removed domains. 

Continue reading

Newly Registered Domains (NRD) Data Feed Now Offers Up to One Year of Historical Files

We are excited to share that Enterprise and Ultimate subscribers of the Newly Registered Domains (NRD) Data Feed will now have access to past data feed files, giving security professionals deeper context to help trace threat patterns and evolution. 

In particular, NRD Enterprise users can access files produced in the past 30 days from their subscription date, while NRD Ultimate users can go as far back as 365 days. With this new enhancement, WhoisXML API users can now use NRD data feeds to:

Continue reading

Enhance Response Speed for Historical Domain Records with the skipLiveWhois API Parameter

We are thrilled to announce that WHOIS History API has been upgraded to include a feature called “skipLiveWhois,” an optional parameter that enables users to skip WHOIS API requests when the latest indexed record is not fresh (i.e., there is no current WHOIS record from the past 24 hours). 

This enhancement is designed to improve the speed of historical WHOIS lookup requests by close to 90%—from 3.5 seconds to an average of 370 milliseconds.

Continue reading

ICANN's WHOIS Port 43 Shutdown: What It Means for You

Written by Ching Chiao, Head of APAC and Global Data Partnership & Alexandre François, Product Marketing Director
WhoisXML API

On January 28, 2025, ICANN (the Internet Corporation for Assigned Names and Numbers) will officially sunset the WHOIS Port 43 services. This decision marks a pivotal moment for the cybersecurity industry, domain registries, and anyone who relies on domain data for operational or investigative purposes. But what does this change mean, and how will it impact the broader ecosystem?

Continue reading

Our Passive DNS APIs Are Now Enriched with Wildcard and Active Output Parameters

We are thrilled to announce that several of our APIs have been upgraded to include new data points, namely, wildcard and active. In particular, both fields are now optional output parameters for Reverse IP API, Reverse DNS API, Reverse MX API, and Reverse NS API. Our newly launched DNS Chronicle API, meanwhile, has a wildcard field as part of its default output format.

Continue reading

WhoisXML API Unveils First Watch Malicious Domains Data Feed with 97% Predictive Precision

We are excited to introduce First Watch Malicious Domains Data Feed, the newest addition to our predictive threat intelligence product line. This innovative solution is designed to enhance early threat detection and response by identifying substantially more malicious domains than traditional feeds, right at the point of registration.

First Watch Malicious Domains Data Feed offers several key advantages for cybersecurity teams, whether they are part of in-house Security Operations Centers (SOCs) or Managed Security Service Providers (MSSPs).

Continue reading

DNS Database Download Is Now Reinforced with Wildcard and Active Fields

We are excited to announce that the Standard and Premium DNS Database files from DNS Database Download are now enriched with two new columns, namely, wildcard and active. These additions allow you to determine if a DNS record is part of a wildcard entry and check if a domain name or subdomain is active based on its most recent resolution status.

Continue reading

Quarterly WHOIS Database Download Files Are Now Available on Snowflake

We are excited to announce that Snowflake users can now request access to WHOIS Database Download’s quarterly gTLD and ccTLD files on the platform, available in three formats:

  • Simple: The simple CSV file contains the domain name, registrar name and email address, WHOIS and name servers, creation and expiration dates, and registrant and administrative contact details.
  • Regular: The regular CSV file contains all the fields in the Simple file, along with information about the billing, technical, and zone contacts.
  • Full: This file format contains all fields in the Simple file, in addition to the raw text from the WHOIS registry and registrar.
Continue reading
follow us in feedly
Try our WhoisXML API for free
Get started