Cyber Threat Hunting | WhoisXML API
Products APIs Data feeds Web tools Domain Research & Monitoring Enterprise packages Cyber Threat Intelligence
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

×
Contact Us

Cyber Threat Hunting

Proactively searching for advanced vulnerabilities gone undetected by existing cybersecurity measures requires access to readily interpretable information on traffic sources, IT infrastructure, and all other online properties.



Our elite array of tools, feeds, and APIs allow threat hunters to dynamically search for latent attack vectors with comprehensive and well-parsed WHOIS and IP data to uncover threat actors that have been overlooked, reduce dwell time, and reinforce IT environments against malicious attacks.

Have questions?

Contact us at

11.5+ billionWHOIS records
582+ millionDomains tracked
2,864+TLDs & ccTLDs
1.2+ billionDomains and subdomains

Customizable solution components

Enterprise Security Intelligence Packages

A suite of WHOIS, Domain, and IP intelligence packages designed to meet the needs of the most advanced cybersecurity users — in-house security departments, managed security service providers, and cyber forensics investigators and threat hunters.

Enterprise Tools Packages

A set of tools and platforms that's useful for domain research & monitoring, threat investigation, threat intelligence and general cyber-security research.

Enterprise API Packages

A comprehensive set of APIs for domain, WHOIS, DNS and IP research & monitoring, plus threat investigation, threat defense and SIEM (security information & event management) data enrichment.

Enterprise Data Feed Packages

A comprehensive set of data feeds that contain both real-time and historic domains, WHOIS, DNS, IP and cyber threat intelligence datasets that are useful for efficient big data infosec analytics, forensic analysis, SIEM (security information & event management) data enrichment. Ideal when enterprise or government security policies prohibit the use of API calls outside the internal network.

You can select all of the mentioned components or pick those you specifically need. For pricing and details contact us.

Practical usage

  • Make informed, time-sensitive decisions with easy-to-use API resources and analytical tools.
  • Sharpen your analysts’ active defense strategies and countermeasures against a threat actor with the aid of timely and relevant threat intelligence.
  • Relieve security professionals’ burden of doing repetitive manual tasks by letting our solutions do the scouring of thousands of records.
  • Effectively anticipate and reverse engineer the tools, tactics, and procedures (TTPs) that cyber attackers use to infiltrate your systems and websites.
  • Enhance collaborative efforts within your team, as well as between your organization and external parties such as managed security service providers (MSSPs).
  • Expose weaknesses in your clients’ systems, web app servers, and networks that could result in stolen credentials and sensitive financial information.
  • Identify unusual sessions and processes running in your network based on correlated data from our reverse WHOIS and DNS lookup and IP geolocation databases. You can also consult our threat intelligence feeds for insight on threat indicators.
  • Explore low-level alerts from a certain period and isolate precise matches according to log data to bring to light potentially malicious events.
  • Gather and build actionable threat intelligence to test various hypotheses against external adversaries that could be part of greater cybercrime networks.

Customer success stories

Fight phishing with Machine Learning - the Fresh-Phish project

In spite of its simplicity, phishing is one of the most intensive harmful activities on the Internet, having a tremendous negative impact. Machine learning is the maybe most exciting, paradigm changing software technology of our age. And it has become a part of the armamentary of the fight against phishing. WHOIS and DNS data are necessary for the actuation this powerful weapon. The data available from WhoisXML API, Inc's WHOIS API and DNS Lookup API services were used in one of the pioneering projects...

Read full story

Lonnie Reed

"I tried to create a method of discovering who is behind fraudulent web sites, but was unable to locate domain registration’s raw data to make this viable. You must be able to search every domain registration that uses the same phone number or same address or e-mail address in the domain registration. The consistent and structured data provided by WhoisXML API made it possible to perform such searches. Finally, I managed to group and identify suspected fraudulent web sites. "

For pricing details and building your customized solution, please contact us!

Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to