Security Intel Exchange Program | WhoisXML API

WhoisXML API’s Security Intel Exchange Program

Organized cybercrime has become the norm. As threat groups’ Internet infrastructure are increasingly volatile and difficult to track, WhoisXML API launched the Security Intel Exchange Program.


The program facilitates the exchange of critical domain, IP, and DNS intelligence between leading security companies and threat researchers worldwide to achieve greater scale, scope, and precision to ultimately monitor and respond to every meaningful Internet security event.


Application to the Security Intel Exchange Program is open. Contact us for more information about eligibility criteria.

Have questions?
4.2 Billion+Domains and subdomains
16.7 Billion+WHOIS records
Multi-billionDNS records
12+Years of data crawling

Why Join the Security Intel Exchange Program?

  • Collaborate with leading security partners

    Members of the Security Intel Exchange Program includes top security companies, OSINT investigators, threat researchers, and some of the largest ISPs and Internet registries.

  • Stay alert to the largest Internet threats

    The program enables members to collate threat data in real-time to help tackle some of the most pressing security issues and ongoing cyber attacks.

  • Get access to comprehensive and meaningful intelligence

    Our combined domain, DNS, and IP footprints cover billions of historical WHOIS records and DNS lookup events across most TLDs and virtually every IP address in use.

Download Our Data Exchange Brochure for More Information

Frequently Asked Questions

What data sources are you looking to exchange?

We are actively looking to provide data from our DNS, subdomains, WHOIS, and geolocation databases in exchange for data contributions from our partners’ DNS, subdomains, WHOIS databases and other potential sources.

How do you evaluate potential partnerships?

Key criteria include the volume, freshness, and uniqueness of the partner data as well as relevance for cybersecurity, especially to monitor and investigate today’s most prominent attacks and threat groups.

What are examples of suspicious Internet events that you monitor?

Among other events, we keep a close eye on:

  • Suspicious newly registered / typosquatting / bulk-registered domains
  • New phishing subdomains hiding under legitimate domains
  • Disposable Internet properties
  • Connected IP, DNS, domain footprints
  • Sudden and unexpected changes in Internet property ownership and IP / IP range allocation

What can you offer?

Some of our key coverage statistics include:

  • 16.7B+ historical WHOIS records
  • 7,596+ TLDs and ccTLDs
  • 2B+ hostnames
  • 500B+ historic DNS lookups
  • 32M+ netblocks for 215K+ ISPs

Is there a trial period for new partners?

Yes, new partners and WhoisXML API typically enter into an initial evaluation period of up to several weeks during which both sides can assess the benefits derived from the data exchange.

How do we get started?

Please fill the form below or contact us at to discuss the next steps.

Get Started with the Security Intel Exchange Program

Tell us a bit more about how you would like to participate in the program

Partner Success Stories

Mapping Malicious Coronavirus Domain Footprints

Learn how ProPrivacy, VirusTotal, and WhoisXML API partnered to create and maintain a list of suspicious domain names linked to the COVID-19 pandemic.

Read full story

OSINT Tech That Saves Lives

Learn how the National Child Protection Task Force (NCPTF) has teamed up with dozens of OSINT technology partners and law enforcement investigators to work on dozens of missing children cases.

Read full story