Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages AI Deep Research
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Attack Surface Discovery API
Attack Surface Discovery API

Uncover entire attack surfaces with this API to embed asset discovery, vulnerability scanning, and technology metadata into your platform. Now in early access.

MCP Server
MCP Server

Talk to our APIs using LLMs. Connect your preferred LLM to WhoisXML API and simply chat about WHOIS, DNS, threat intelligence, and more.

Jake AI
Jake AI

I’m your Domain Intelligence Assistant. I make it easy to explore WHOIS, DNS, and threat data from WhoisXML API — I’m cloud-based, fast, and always ready to help.

WhoisXML API Domain Intelligence Advisor (via ChatGPT)
WhoisXML API Domain Intelligence Advisor (via ChatGPT)

A custom GPT for WHOIS, DNS, IP, and threat intelligence research. Connects ChatGPT directly to WhoisXML API to enable fast, conversational investigations and domain insights.

Discover what you really pay for when buying commercial Internet intelligence data.

Download now
×
Contact Us
Read other articles Download PDF

WhoisXML API Participates in Black Hat USA 2025

WhoisXML API Participates in Black Hat USA 2025

WhoisXML API representatives led by Alex Ronquillo, Vice President, and Ed Gibbs, VP of Research and Development, joined more than 20,000 attendees at Black Hat USA 2025, which took place on 2–7 August 2025, at the Mandalay Bay Convention Center in Las Vegas.

The keynotes, briefings, and different sessions provided a comprehensive look at the current state of cybersecurity, with recurring themes shaping the industry. In this blog post, we’ll recap five of the most prominent themes from Black Hat.

Cyber Threat Transformation

The consensus at Black Hat was clear—cyber threats are undergoing a massive transformation driven by the rapid evolution and weaponization of AI, rendering traditional cybersecurity methods insufficient.

Many sessions highlighted this evolution, with speakers noting that adversaries are increasingly using AI, making attacks more autonomous and sophisticated. A striking example that our own researchers recently investigated is the AkiraBot framework, which uses OpenAI to generate custom outreach messages to spam website chats and contact forms.

Nicole Perlroth, founding partner of Silver Buckshot Ventures, aptly said in her keynote, “What we once coined advanced persistent threats (APTs)—Stuxnet, Shamoon, NotPetya, Cloudhopper, SolarWinds, and Volt Typhoon—could well be child’s play for what comes next.” She highlighted that the attack surface itself is expanding beyond just code and infrastructure. It now includes people, institutions, and even truth itself, as AI can be used to distort reality.

Similarly, Chris Inglis, former U.S. National Cyber Director, delivered a keynote on how the increasing reliance on digital infrastructure has created both opportunities and dangerous vulnerabilities. His talk, “From Slide Rules to GenAI,” explored how transformative technologies like GenAI are reshaping the threat landscape and overwhelming traditional risk management.

Shifting to Proactive and Resilient Security Models

Since traditional cybersecurity approaches are no longer enough, another major theme was the move from reactive defense to more proactive, resilient, and preventive strategies. This included the need to transition from attack surface management (ASM) to risk surface management (RSM), which focuses on what a business stands to lose and prioritizes its most valuable assets. Aligned with this approach is the emergence of the risk operations centers (ROCs) to enable money-minded continuous threat exposure management (CTEM).

Another example of a proactive and resilient security model is the NSA’s Continuous Autonomous Penetration Testing (CAPT) Service, which helps organizations find, fix, and verify exploitable weaknesses before attackers can leverage them. During a session, speakers from Horizon3.ai and the NSA Cybersecurity Collaboration Center provided real-life examples of vulnerabilities that once put the Defense Industrial Base (DIB) at risk, including the attack paths enabled by misconfigurations, weak credentials, and unpatched systems.

AI is playing a powerful role in this shift. Just as threat actors can exploit large language models (LLMs) with malicious inputs, cybersecurity teams can use AI to enhance threat intelligence and implement proactive defense mechanisms. For example, cybersecurity teams can plug tactical and predictive threat intelligence into AI tools through Model Context Protocol (MCP) servers.

Google, for its part, presented possibly the first AI-powered agent at Black Hat. The AI agent can autonomously perform digital forensics analysis on massive volumes of data. It is also proficient at threat hunting even without predefined attack signatures.

Modernizing SOCs and Cybersecurity Workflows

Several sessions resonated with some of the most common hindrances to security operations center (SOC) operations—fragmented tools, limited data visibility, and a shortage of skilled personnel. This aligns with a study by ISC2, which revealed that 60% of respondents agreed the skills gap impacted their ability to keep their organizations safe from cyber threats.

One session further exposed critical SOC blind spots. Because medium- and low-severity alerts make up the bulk of the notifications that SOC teams receive, they are often overlooked and not thoroughly investigated. Attackers take advantage of this fact by deliberately triggering only medium- and low-severity alerts.

In light of this, some sessions proposed a new vision for security operations—simplified workflows, empowered teams who use data more effectively, and scalable processes. In a Main Stage session, Microsoft demonstrated this new and modernized approach by eliminating internal silos through unified threat intelligence, incident response, and threat hunting.

Microsoft representatives shared techniques their threat hunters use to uncover hidden malicious activity in near real-time, how intelligence teams attribute nation-state groups, and how their bug bounty program enhances global threat intelligence.

Cybersecurity’s Intersection with Geopolitics and National Security

The role of cybersecurity in national security and counter-intelligence was also a prominent topic during Black Hat. Ron Deibert, Director of The Citizen Lab, discussed his organization’s pioneering investigations into digital security and human rights. His keynote, “Chasing Shadows,” recounted how The Citizen Lab’s counter-intelligence work for civil society exposed state cyber espionage and the global spread of mercenary spyware targeting journalists, activists, and human rights defenders.

Deibert’s talk also highlighted how his team became targets as well, caught in the same crosshairs as those they were trying to protect. He also looked ahead to future challenges posed by AI-enabled subversion, Dark PR, and advertising intelligence.

The conference also highlighted the need for collaboration between the public and private sectors to protect the DIB, which is a high-value target for advanced threat actors. NSA’s partnership with Horizon3.ai, as detailed in their session, shows how this collaboration can be executed to strengthen national security from the ground up.

Legal, Constitutional, and Ethical Aspects of Cybersecurity

Black Hat also provided a platform for discussions on the legal, constitutional, and ethical aspects of technology, particularly in relation to constitutional law and privacy. Jennifer Granick, Surveillance and Cybersecurity Counsel at the ACLU, delivered a powerful message on how the current legal system is “terrible at threat modeling.” She argued that lawmakers and courts often fail to anticipate the long-term consequences of new technologies and cybersecurity policies, leading to mistakes that civil libertarians have warned about.

Several other briefings echoed this theme, including two separate Briefings Policy Track Meetup sessions, which brought together senior government officials and policymakers. These gatherings provided a forum for open discussion on the intersection of government policy and the security industry.

Other sessions, such as “AppleStorm—Unmasking the Privacy Risks of Apple Intelligence” and “Use and Abuse of Personal Information—Politics Edition,” further demonstrated the growing importance of privacy and ethics as new technologies emerge.

About WhoisXML API

WhoisXML API is a seasoned OEM data provider specializing in delivering well-parsed, normalized, and comprehensive WHOIS, IP, and DNS intelligence. With more than 15 years of industry experience, we have amassed a vast repository of data, encompassing more than 23.8+ billion historical WHOIS records, 50+ billion hostnames, 116+ billion DNS records, 10.5+ million IP netblocks, and 99.5% coverage of active IPv4 and IPv6 addresses.

We offer a wide range of domain, DNS, and other Internet intelligence solutions delivered via comprehensive databases, secure APIs, and intuitive web GUIs. Regardless of consumption model, our intelligence serves as a robust foundation for leading cybersecurity products and services, with products like predictive threat intelligence data feeds leveraging AI predictive analytics capabilities and domain telemetry to enable organizations to detect potential malicious web properties early.

Trusted by more than 52,000 satisfied customers spanning the cybersecurity, marketing, law enforcement, e-commerce, and financial services industries, WhoisXML API has consistently been recognized for its rapid growth and innovation, earning multiple accolades as an Inc. 5000 honoree and a Financial Times Top Fastest-Growing Company.

Related posts
Read other articles Download PDF
Try our WhoisXML API for free
Get started