An essential component of journalism and security research is access to accurate and timely Internet data. WhoisXML API has worked with security researchers and journalists for a long time to advance cybersecurity knowledge, notably for the identification and study of emerging and prevalent cyber-attacks, scams, and threat actors’ techniques.
Do you have an exciting research project or investigation where WHOIS, IP, or DNS data can help make the Internet a safer place? We want to hear about it.
Contact us at
We offer the most exhaustive domain, DNS, and IP intelligence data sets, covering 11.5+ billion WHOIS records, 2,864+ TLDs, 100+ billion historical DNS lookups, 11.5+ million IP netblocks, and 99.68% of all active IPv4 and IPv6 addresses.
To continually strengthen data coverage and quality, we also established ongoing data exchange programs with key Internet and cybersecurity players, such as ISPs, registrars, registries, and major security vendors.
We have worked with various security researchers and journalists notably to:
Each collaboration is unique, though it’s likely to include one or more of the following items:
Yes, we expect security researchers and journalists to mention our company and its contributions in published materials where relevant.
We understand this may not always be possible with ongoing law enforcement and security investigations. Feel free to contact us if this is the case and let us know how we can support your work.
Some of our key coverage statistics include:
Learn how ProPrivacy, VirusTotal, and WhoisXML API partnered to create and maintain a list of suspicious domain names linked to the COVID-19 pandemic.
Learn how the National Child Protection Task Force (NCPTF) has teamed up with dozens of OSINT technology partners and law enforcement investigators to work on dozens of missing children cases.
Learn how academic researchers partnered with WhoisXML API and used our WHOIS database to lay the groundwork for more effective vulnerability notifications.
Learn how WhoisXML API and a Bloomberg columnist raised awareness of coronavirus-related domain names possibly used in suspicious or malicious online activities.