Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages AI Deep Research
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

New gTLD Intelligence Services (NGIS)
New gTLD Intelligence Services (NGIS)

Independent, evidence-based DNS and abuse intelligence for applicants, advisors, governments, and counsel participating in the ICANN 2026 New gTLD Program.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Attack Surface Discovery API
Attack Surface Discovery API

Uncover entire attack surfaces with this API to embed asset discovery, vulnerability scanning, and technology metadata into your platform. Now in early access.

MCP Server
MCP Server

Talk to our APIs using LLMs. Connect your preferred LLM to WhoisXML API and simply chat about WHOIS, DNS, threat intelligence, and more.

Jake AI
Jake AI

I’m your Domain Intelligence Assistant. I make it easy to explore WHOIS, DNS, and threat data from WhoisXML API — I’m cloud-based, fast, and always ready to help.

WhoisXML API Domain Intelligence Advisor (via ChatGPT)
WhoisXML API Domain Intelligence Advisor (via ChatGPT)

A custom GPT for WHOIS, DNS, IP, and threat intelligence research. Connects ChatGPT directly to WhoisXML API to enable fast, conversational investigations and domain insights.

Discover what you really pay for when buying commercial Internet intelligence data.

Download now
×
Contact Us

WhoisXML API Blog

follow us in feedly
All posts CyberSec Navigator Domain activity highlights Events For developers Partnerships Product blogs Product updates

To Cache A Predator: ILOVEPOOP Toolkit Discovery, Global Traffic & Honeypot Observations Exploiting React2Shell (CVE-2025-55182)

Executive Summary

This report inaugurates To Cache A Predator, a threat research series from the WXA Internet Abuse Signal Collective (WXA IASC) that correlates open and closed source data - including global telemetry, enrichment datasets, and honeypot observations - to track attacker infrastructure and tactics across global networks. This first episode consolidates our current findings on CVE-2025-55182 (“React2Shell”).

Across WXA IASC NetFlow-derived telemetry, U.S. exposure enrichment, and Niihama honeypot data, React2Shell-associated activity shows a coherent campaign defined by:

Continue reading

Proactive vs. Predictive vs. Preemptive Security

If you’ve heard about preemptive security before, it’s probably because Gartner has warned tech product leaders against ignoring or delaying the implementation of preemptive security capabilities in their cybersecurity solutions. 

According to Gartner, failing to invest in preemptive security puts product leaders at risk — they could face career-ending cyberattacks and lose market share within two to four years.
All of that sounds very bleak. But what exactly is this preemptive security thing — and what does it mean for both cybersecurity solutions companies and their end users?

Continue reading

The Rise of AI Agent Surface Management (ASM-AI)

Authors:
Ching Chiao, Head of APAC & Corporate Development, Whois API, Inc.
Ed Gibbs, Field CTO, WHOIS API Inc.

The Newest Member of Your Team Is a Bot—and They Have the Keys to the Vault

For two decades, cybersecurity has been a game of containment—building higher walls around processes and tighter boxes around applications. But the sudden, viral rise of "Agentic AI" has effectively signaled a demolition of those boundaries. Whether it is senior engineers buying Mac Minis for the sole purpose of hosting an instance of Moltbot (formerly known as Clawdbot) or enterprises deploying autonomous agents to manage SOC workflows, the paradigm has shifted. We are no longer just using AI; we are hiring digital employees and handing them the keys to our identity kingdom without so much as a background check. By granting these agents "delegated authority" to act on our behalf, we have created a massive, unsecured territory: we are calling it AI Agent Surface Management (ASM-AI) .

Continue reading

Turning Internet-Wide Data into Better New gTLD Decisions

Introducing New gTLD Intelligence Services (NGIS): The intelligence layer for New gTLD applicants, brand protection professionals, and the ICANN community.

Author:
Ching Chiao, Head of APAC & Corporate Development, Whois API, Inc.

As the ICANN community prepares for the next New gTLD application window, set to open in April 2026, one thing is already clear. This round will be far more data-driven than the last.

In 2012, many New gTLD decisions were shaped by marketing narratives, forward-looking projections, and limited historical evidence. Since then, the domain name ecosystem has matured. Registries, governments, brand owners, and evaluators now have access to years of operational, DNS, and abuse data that did not exist during the first round.

For the 2026 program, critical steps such as string selection, public comment periods, formal objections, and GAC advice will increasingly rely on objective, defensible evidence rather than subjective interpretation. Stakeholders are expected to justify positions with data.

This shift reflects a broader expectation across the community. Different stages of the application process raise different questions, from early feasibility and risk assessment to later scrutiny around confusion and public interest.

That shift is what led us to build New gTLD Intelligence Services (NGIS).

Continue reading

December 2025: Domain Activity Highlights

WhoisXML API analyzed 10.2+ million domains registered between 1 and 31 December 2025 to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number rose by 16.9% from 8.7+ million NRDs last month.

We also determined the top TLD extensions used by 27.3+ billion domains from our DNS database’s A record full file dated 4 December 2025, indicating a 14.6% drop from November’s 31.9+ billion domains.

Next, we studied the top TLDs of 1.1+ million domains, up by 5.0% from 1.0+ million in November, detected as IoCs this month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Continue reading
Turning Abuse Signals into Coordinated Action: Strengthening Digital Trust and Internet Resilience in Latin America and the Caribbean

Turning Abuse Signals into Coordinated Action: Strengthening Digital Trust and Internet Resilience in Latin America and the Caribbean

A conversation with Gonzalo Romero, Director of Abuse Signal Coordination (LAC), WhoisXML API

We are pleased to welcome Gonzalo Romero to WhoisXML API as Director of Abuse Signal Coordination for Latin America and the Caribbean (LAC). In this welcome interview, Gonzalo shares his perspectives on Internet abuse intelligence, ecosystem coordination, and digital trust.

Although grounded in his work across LAC, the insights discussed here reflect global challenges and considerations relevant to Internet abuse coordination worldwide.

Continue reading

DNS Reconnaissance: Real-Life Use Cases and Tools

Every successful penetration test or red team exercise begins with a scope. From there, DNS reconnaissance is one of the most useful ways to start building an asset map.
But DNS reconnaissance use cases aren’t limited to pentesting — one can do a lot of interesting things using DNS data as a starting point. In this post, we will look at the other applications of DNS reconnaissance and the tools that turn simple DNS queries into actionable data points for a security assessment. If you need a refresher on DNS basics before diving into DNS reconnaissance, check out this DNS primer.

Continue reading

WhoisXML API Participates in the Black Hat Europe 2025

Brendan O’Doherty, Intelligence Partnerships at WhoisXML API, joined over 4,500 security professionals at Black Hat Europe 2025, which took place from December 8 to 11, 2025, at Excel London in the United Kingdom.

As with Black Hat USA back in August 2025, the week kicked off with a few days of intensive cybersecurity training sessions before transitioning into two days of main briefings and business hall activities.

Here’s a recap of the most prominent themes of the event.

Continue reading
follow us in feedly
Try our WhoisXML API for free
Get started