External Attack Surface Management (EASM) Solutions | WhoisXML API
Products APIs Data feeds Web tools Domain Research & Monitoring Enterprise packages Cyber Threat Intelligence
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

×
Contact Us

External Attack Surface Management (EASM) Solutions

Stay ahead of threat actors by getting a complete view of attack surfaces beyond firewalls. Internet-facing assets, such as domain names, IP addresses, subdomains, and DNS records, can be vulnerable and exploited as attack vectors.



WhoisXML API’s External Attack Surface Management (EASM) Solutions enable you to comprehensively discover, validate, prioritize, and monitor external digital assets.



Our EASM Solutions comprise a customizable set of domain, WHOIS, IP, DNS, and cyber threat intelligence sources to supplement attack surface management capabilities and provide a 360° view of the Internet.

Have questions?

Contact us at

11.5+ billionWHOIS records
582+ millionDomains tracked
2,864+TLDs & ccTLDs
1.2+ billionDomains and subdomains

Benefits of Working with WhoisXML API for External Attack Surface Management

  • Complete, timely, and relevant WHOIS, IP, and DNS footprint data

    We provide vast and complete Internet data footprints and have gathered, analyzed, and parsed WHOIS, IP, and DNS data for more than a decade now.

  • Various consumption models to support multiple use cases

    We offer different consumption models, including a wide array of APIs, data feeds, and web-based solutions to fit your organization’s needs for data access.

  • Multiple data exchange and integration partners

    We work with dozens of registrars, registries, ISPs, and security vendors to provide the best data coverage, quality, and integration options through our data exchange and partnership programs.

Take control of your cyber attack surface at every step:

1. Asset discovery

External asset discovery refers to the process of bringing to light domains, IP addresses, and relevant DNS records that could serve as attack vectors.

Here are some of the ways we can help at this stage:

  • Discover domains and subdomains related to your or your clients’ organizations
  • Uncover subdomains that could have dangling DNS records
  • Track down domains and subdomains connected to your organization based on IP address resolutions

2. Asset attribution and validation

Uncovered external assets must be analyzed and processed for anomalies and vulnerabilities. Our EASM Solutions can help by providing context in terms of:

  • Checking the current and historical WHOIS ownership data of Internet properties
  • Identifying the geolocation, network information, and related infrastructure of IP addresses and ranges
  • Discovering vulnerabilities in SSL configurations and certificates, domain infrastructure, and dozens of other potential attack vectors

3. Remediation prioritization

Get insights into which assets are the most vulnerable and require immediate attention and remediation.

Here are some of the ways we can help at this stage:

  • Rank domain names and IP addresses according to their risk scores
  • Take immediate action on assets that are flagged “malicious”
  • Assess vulnerabilities and address the most severe ones first

4. Continuous monitoring

External attack surface management is a never-ending and multidimensional process.

Our EASM Solutions can notably help in these ways:

  • Monitor when company-related assets appear in the DNS
  • Notice when previously identified attack vectors and vulnerable assets get updated or become newly active
  • Visualize changes to the content that typosquatting domains and subdomains host

Customizable EASM Components

  • Passive DNS Data

    DNS Database Download is a comprehensive passive DNS data repository covering 2+ billion hostnames and 100 billion historical DNS events across A, MX, NS, TXT, CNAME, and SOA records.

  • Subdomain Data

    Subdomains Database Download contains more than 2.3 billion records, over 1 million of which are added daily to the database to keep track of all the latest subdomains created.

  • WHOIS and Historical WHOIS Records

    WHOIS Database Download is an extensive repository of more than 11.5 billion current and historical WHOIS records with all the relevant dates and critical registrant, registrar, and other data points.

  • IP Geolocation Data

    IP Geolocation Data Feed provides geographical context to IPv4 and IPv6 addresses, covering over 300,000 unique locations and 99.68% of all active IP addresses.

  • IP Netblocks Data

    IP Netblocks WHOIS Database is an IP intelligence repository containing information on 9.5+ million IP netblocks and 48,000+ IP ranges, including their ownership, network, and contact information.

  • Website Contact and Categorization Data

    Website Contacts & Categorization Database uses machine-learning algorithms to classify websites into different categories and provide the most relevant web contact points.

  • Domain Research Suite (DRS)

    Domain Research Suite (DRS) is an extensive web-based set of tools to discover domain and subdomains, search across our entire WHOIS and DNS footprints for connections, and monitor domain name activity for specific strings, registrants, and Internet properties.

  • Domain Brand Monitoring

    Brand Monitor alerts organizations of potentially rogue domain registration activities that involve their brand and company names. Brand Monitor’s results are stored within the Domain Research Suite (DRS) for immediate follow-up pivoting and contextualization.

  • Domain Reputation

    Domain Reputation API and Threat Intelligence APIs deliver complete risk profiles for Internet properties considering more than 100 parameters such as presence on malware databases, domain infrastructure, SSL configurations, open ports, and more.

WhoisXML API | WhoisXML API

Looking for an all-in-one package? Learn more about the Security Intelligence (SI) Suite.

The SI Suite is WhoisXML API’s ultimate WHOIS, IP, DNS, and subdomain data package for external attack surface management and all types of security R&D and product initiatives.

Learn more about Security Intelligence (SI) Suite

Related Success Stories

Enriching attack surface mapping with domain and IP intelligence

WhoisXML API is part of the OWASP Amass Project and contributes to the ecosystem in different ways to support advanced attack surface mapping and external asset discovery.

Read full story

WhoisXML API transforms are available on Maltego

WhoisXML API data footprints are now accessible on Maltego to support security investigations and advanced visual representations of Internet-facing assets and their connected data points.

Read full story

Third-party risk monitoring with domain and IP intelligence

NormShield uses our comprehensive sets of domain, subdomain, and IP intelligence sources to conduct thorough risk evaluations and deliver results through intuitive scorecards.

Read full story

WHOIS data helps identify dangerous web assets

IBM’s QRadar collects DNS transactions and correlates them with WHOIS data to support fraud prevention by identifying risky domains and IP addresses.

Read full story

For pricing details and building your customized solution, please contact us!

Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to