Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages AI Deep Research
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

New gTLD Intelligence Services (NGIS)
New gTLD Intelligence Services (NGIS)

Independent, evidence-based DNS and abuse intelligence for applicants, advisors, governments, and counsel participating in the ICANN 2026 New gTLD Program.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Attack Surface Discovery API
Attack Surface Discovery API

Uncover entire attack surfaces with this API to embed asset discovery, vulnerability scanning, and technology metadata into your platform. Now in early access.

MCP Server
MCP Server

Talk to our APIs using LLMs. Connect your preferred LLM to WhoisXML API and simply chat about WHOIS, DNS, threat intelligence, and more.

Jake AI
Jake AI

I’m your Domain Intelligence Assistant. I make it easy to explore WHOIS, DNS, and threat data from WhoisXML API — I’m cloud-based, fast, and always ready to help.

WhoisXML API Domain Intelligence Advisor (via ChatGPT)
WhoisXML API Domain Intelligence Advisor (via ChatGPT)

A custom GPT for WHOIS, DNS, IP, and threat intelligence research. Connects ChatGPT directly to WhoisXML API to enable fast, conversational investigations and domain insights.

Discover what you really pay for when buying commercial Internet intelligence data.

Download now
×
Contact Us

The Internet Abuse Signal Collective (IASC)

Today’s cyber threats move faster, hide deeper, and hit harder. Registrars and hosting providers are flooded with abuse reports, while SOCs and security vendors hold fragmented yet invaluable insights into APT actors and malware families. The absence of a complete view often leaves ample room for attackers to operate unseen until the damage is done.


The IASC is here to fight back, and this isn’t just data sharing; it’s a fortress of intelligence, pooling insights from the sharpest minds across the internet ecosystem. Law enforcement, U.S. military, intelligence agencies, and top cybersecurity players join forces here, creating a single, relentless stream of visibility. We’re exposing threat actors, tracking malware victims, and uncovering the attack patterns others miss.

Have questions?
The Internet Abuse Signal Collective (IASC)
2.7M+Calls to C2 infrastructure logged in 30 days
60K/dayVictim IPs observed across infections
1.5K+Average hits per IoC
99K+SSID matches linked to infected devices

Q4 2025 Update – Network visibility up 40% after onboarding new top-tier upstream peers.

How Access Now Strengthened Digital Rights Protection with WHOIS API

Access Now cuts phishing investigation time by 60% on its Digital Security Helpline using WhoisXML API's WHOIS API and MCP Server via Gemini CLI.

Read post
WhoisXML API Joins DEATHCon 2025

Alex Ronquillo and Ed Gibbs joined hundreds of detection engineering experts at DEATHCon 2025. Here’s a recap of the event’s major themes.

Read post
WhoisXML API Participates in the FIRST 2025 Technical Colloquium

WhoisXML API’s Ed Gibbs participated in the FIRST’s Mexico City Technical Colloquium and spoke about modern threat hunting using DNS and NetFlow telemetry.

Read post
Locating Missing Children through Collaboration

Learn how the National Child Protection Task Force (NCPTF) found 25 missing children in a multi-organizational operation that included WhoisXML API.

Read post
Fraud Investigation with WHOIS History API

Learn how WhoisXML API helped a Darksight Analytics investigator analyze a network of invoice factories involved in a fraud scheme.

Read post
WhoisXML API Attends the ICANN82 Community Forum

WhoisXML API attended ICANN82 to engage in key cross-community talks and gain insights from the event's major sessions and leaders.

Read post
WhoisXML API Presents Global DNS Trends at Europol

WhoisXML API shows how leveraging a satellite view of the global DNS can help identify, expand, and contextualize potential counterfeit domains. Read the report now.

Read post
Webinar | Investigating Misinformation: Analyze Iranian-Owned Domains Using WhoisXML API

In this webinar, WhoisXML API and Maltego experts will take a deeper look into these websites and connections between them using the capabilities of Maltego and historical WHOIS data from WhoisXML API.

Read post
GeoGuard and WhoisXML API Partnership: The Dark Side of VPN Use Explored

The research aimed to detect malicious IP addresses in IP blocks associated with VPN usage. The findings could serve as a warning to both cloud users and service providers.

Read post

IASC Partners – Who Can Join?

We’re building an elite cybersecurity force, uniting experts in threat intelligence, global internet registries, ISPs, DNS resolvers and more. Join a trusted network focused on relentless defense.

  • Cybersecurity Product Builders

    You want power and speed. Here’s both. Join the DNS visibility network trusted by 60+ Cyber 150 IT-Harvest companies and over 80% of Gartner’s top cybersecurity leaders. Gain insights into attack patterns, tactics, and hidden networks.

  • Threat Intelligence Teams

    Stop working in the dark. Access the full global threat landscape with real-time intelligence you can’t find in your own logs. Every attack pattern and vulnerability is laid out. Don’t just react—anticipate. Outmaneuver threats before they strike.

  • Registrars, Registries, and Network Stewards

    End repeat-offenders and bad actors who are notorious for abusing other ISPs and registrars services. Gain visibility into suspicious domains and abusers across the internet. Join us, and safeguard the internet ecosystem.

Data Contribution Types

The program welcomes contributions in many different forms, some crowd favorites of high-impact are below:

Domain names

Domain history

R

Brands

Registrants

Corporate firmographic datas

Corporate firmographic data

Email addresses

IP addresses

net org com

DNS History

Domain, IP, URL IoCs

DNS & NetFlow traffic flows

DNS & NetFlow traffic flows

DNS & NetFlow traffic flows

Credential harvesting page paths

Malvertising & spam websites

Malvertising & spam websites

Malware infrastructure

Malware infrastructure

Command & control attack infrastructure

Command & control attack infrastructure

Phishing attack infrastructure

Phishing attack infrastructure

Learn more about the Internet Abuse Signal Collective

Contact Us

Trusted by
the smartest
companies