Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages AI Deep Research
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

New gTLD Intelligence Services (NGIS)
New gTLD Intelligence Services (NGIS)

Independent, evidence-based DNS and abuse intelligence for applicants, advisors, governments, and counsel participating in the ICANN 2026 New gTLD Program.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Attack Surface Discovery API
Attack Surface Discovery API

Uncover entire attack surfaces with this API to embed asset discovery, vulnerability scanning, and technology metadata into your platform. Now in early access.

MCP Server
MCP Server

Talk to our APIs using LLMs. Connect your preferred LLM to WhoisXML API and simply chat about WHOIS, DNS, threat intelligence, and more.

Jake AI
Jake AI

I’m your Domain Intelligence Assistant. I make it easy to explore WHOIS, DNS, and threat data from WhoisXML API — I’m cloud-based, fast, and always ready to help.

WhoisXML API Domain Intelligence Advisor (via ChatGPT)
WhoisXML API Domain Intelligence Advisor (via ChatGPT)

A custom GPT for WHOIS, DNS, IP, and threat intelligence research. Connects ChatGPT directly to WhoisXML API to enable fast, conversational investigations and domain insights.

Discover what you really pay for when buying commercial Internet intelligence data.

Download now
×
Contact Us

The Internet Abuse Signal Collective (IASC)

Today’s cyber threats move faster, hide deeper, and hit harder. Registrars and hosting providers are flooded with abuse reports, while SOCs and security vendors hold fragmented yet invaluable insights into APT actors and malware families. The absence of a complete view often leaves ample room for attackers to operate unseen until the damage is done.


The IASC is here to fight back, and this isn’t just data sharing; it’s a fortress of intelligence, pooling insights from the sharpest minds across the internet ecosystem. Law enforcement, U.S. military, intelligence agencies, and top cybersecurity players join forces here, creating a single, relentless stream of visibility. We’re exposing threat actors, tracking malware victims, and uncovering the attack patterns others miss.

Have questions?
The Internet Abuse Signal Collective (IASC)
2.7M+Calls to C2 infrastructure logged in 30 days
4.1B+IP & WiFi Signals
60K/dayVictim IPs observed across infections
1.5K+Average hits per IoC
99K+SSID matches linked to infected devices

Q4 2025 Update – Network visibility up 40% after onboarding new top-tier upstream peers.

Media Coverage

The Hacker News
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Dark Reading
Attackers Use New Tool to Scan for React2Shell Exposure
BankInfoSecurity
Nation-State and Cybercrime Exploits Tied to React2Shell
Cyber Security News
ILOVEPOOP Toolkit Exploiting React2Shell Vulnerability to Deploy Malicious Payload
OSINord
The Mystery of Nadia Marcinko: Epstein’s Alleged Right Hand and Her Digital Trail
GBHackers
React2Shell Vulnerability Exploited in the Wild, Analysts Warn
News.QQ.com
蠕虫式XMRig挖矿活动使用BYOVD漏洞利用和基于时间的逻辑炸弹
SecurityAffairs
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth
RedHotCyber
State-Sponsored “ILovePoop” Toolkit Targets Global Giants via React2Shell Vulnerability
Sina.com.cn
蠕虫式XMRig挖矿活动使用BYOVD漏洞利用和基于时间的逻辑炸弹
MalwareTips
Attackers Use New Tool to Scan for React2Shell Exposure

Data Contribution Types

The program welcomes contributions in many different forms, some crowd favorites of high-impact are below:

Domain names

Domain history

GeoSpatial IP Intelligence

GeoSpatial IP Intelligence

WiFi Intelligence

WiFi Intelligence

Global honeypot threat intelligence

Global honeypot threat intelligence

DNS & NetFlow traffic flows

DNS & NetFlow traffic flows

Command & control attack infrastructure

Command & control attack infrastructure

Malware infrastructure

Malware infrastructure

Phishing attack infrastructure

Phishing attack infrastructure

Malvertising & spam websites

Malvertising & spam websites

Credential harvesting page paths

Credential harvesting page paths

Domain, IP, URL IoCs

net org com

DNS History

IP addresses

Email addresses

Registrants

R

Brands

Corporate firmographic data

Corporate firmographic data

Field & Expert Perspectives

How Access Now Improved Incident Response for Human Rights Defenders
Access Now cuts phishing investigation time by 60% on its Digital Security Helpline using WhoisXML API's WHOIS API and MCP Server via Gemini CLI.
WhoisXML API Joins DEATHCon 2025
Alex Ronquillo and Ed Gibbs joined hundreds of detection engineering experts at DEATHCon 2025. Here’s a recap of the event’s major themes.
WhoisXML API Participates in the FIRST 2025 Technical Colloquium
WhoisXML API’s Ed Gibbs participated in the FIRST’s Mexico City Technical Colloquium and spoke about modern threat hunting using DNS and NetFlow telemetry.
Locating Missing Children through Collaboration
Learn how the National Child Protection Task Force (NCPTF) found 25 missing children in a multi-organizational operation that included WhoisXML API.
Darksight Analytics Improves Attribution in an Investment Fraud Investigation
Learn how WhoisXML API helped a Darksight Analytics investigator analyze a network of invoice factories involved in a fraud scheme.
WhoisXML API Is Now a Global Signal Exchange (GSE) Partner
WhoisXML API has joined the Global Signal Exchange (GSE) community to empower anti-fraud professionals with predictive threat intelligence.
WhoisXML API Attends the ICANN82 Community Forum
WhoisXML API attended ICANN82 to engage in key cross-community talks and gain insights from the event's major sessions and leaders.
WhoisXML API Presents Global DNS Trends at Europol
WhoisXML API shows how leveraging a satellite view of the global DNS can help identify, expand, and contextualize potential counterfeit domains. Read the report now.
Webinar | Investigating Misinformation: Analyze Iranian-Owned Domains Using WhoisXML API
In this webinar, WhoisXML API and Maltego experts will take a deeper look into these websites and connections between them using the capabilities of Maltego and historical WHOIS data from WhoisXML API.
GeoGuard and WhoisXML API Partnership: The Dark Side of VPN Use Explored
The research aimed to detect malicious IP addresses in IP blocks associated with VPN usage. The findings could serve as a warning to both cloud users and service providers.

IASC Partners – Who Can Join?

We’re building an elite cybersecurity force, uniting experts in threat intelligence, global internet registries, ISPs, DNS resolvers and more. Join a trusted network focused on relentless defense.

  • Cybersecurity Product Builders

    You want power and speed. Here’s both. Join the DNS visibility network trusted by 60+ Cyber 150 IT-Harvest companies and over 80% of Gartner’s top cybersecurity leaders. Gain insights into attack patterns, tactics, and hidden networks.

  • Threat Intelligence Teams

    Stop working in the dark. Access the full global threat landscape with real-time intelligence you can’t find in your own logs. Every attack pattern and vulnerability is laid out. Don’t just react—anticipate. Outmaneuver threats before they strike.

  • Registrars, Registries, and Network Stewards

    End repeat-offenders and bad actors who are notorious for abusing other ISPs and registrars services. Gain visibility into suspicious domains and abusers across the internet. Join us, and safeguard the internet ecosystem.

Learn more about the Internet Abuse Signal Collective

Contact Us

Trusted by
the smartest
companies