Cyber Threat Hunting | WhoisXML API

Cyber Threat Hunting

Proactively searching for advanced vulnerabilities gone undetected by existing cybersecurity measures requires access to readily interpretable information on traffic sources, IT infrastructure, and all other online properties.

Our elite array of tools, feeds, and APIs allow threat hunters to dynamically search for latent attack vectors with comprehensive and well-parsed WHOIS and IP data to uncover threat actors that have been overlooked, reduce dwell time, and reinforce IT environments against malicious attacks.

Have questions?

Contact us at

13.7+ billionWHOIS records
721+ millionDomains tracked
2,864+TLDs & ccTLDs
4.2+ billionDomains and subdomains

Customizable solution components

Enterprise Security Intelligence Packages

A suite of WHOIS, Domain, and IP intelligence packages designed to meet the needs of the most advanced cybersecurity users — in-house security departments, managed security service providers, and cyber forensics investigators and threat hunters.

Enterprise Tools Packages

A set of tools and platforms that's useful for domain research & monitoring, threat investigation, threat intelligence and general cyber-security research.

Enterprise API Packages

A comprehensive set of APIs for domain, WHOIS, DNS and IP research & monitoring, plus threat investigation, threat defense and SIEM (security information & event management) data enrichment.

Enterprise Data Feed Packages

A comprehensive set of data feeds that contain both real-time and historic domains, WHOIS, DNS, IP and cyber threat intelligence datasets that are useful for efficient big data infosec analytics, forensic analysis, SIEM (security information & event management) data enrichment. Ideal when enterprise or government security policies prohibit the use of API calls outside the internal network.

You can select all of the mentioned components or pick those you specifically need. For pricing and details contact us.

Practical usage

  • Make informed, time-sensitive decisions with easy-to-use API resources and analytical tools.
  • Sharpen your analysts’ active defense strategies and countermeasures against a threat actor with the aid of timely and relevant threat intelligence.
  • Relieve security professionals’ burden of doing repetitive manual tasks by letting our solutions do the scouring of thousands of records.
  • Effectively anticipate and reverse engineer the tools, tactics, and procedures (TTPs) that cyber attackers use to infiltrate your systems and websites.
  • Enhance collaborative efforts within your team, as well as between your organization and external parties such as managed security service providers (MSSPs).
  • Expose weaknesses in your clients’ systems, web app servers, and networks that could result in stolen credentials and sensitive financial information.
  • Identify unusual sessions and processes running in your network based on correlated data from our reverse WHOIS and DNS lookup and IP geolocation databases. You can also consult our threat intelligence feeds for insight on threat indicators.
  • Explore low-level alerts from a certain period and isolate precise matches according to log data to bring to light potentially malicious events.
  • Gather and build actionable threat intelligence to test various hypotheses against external adversaries that could be part of greater cybercrime networks.

Customer success stories

Fight phishing with Machine Learning - the Fresh-Phish project

In spite of its simplicity, phishing is one of the most intensive harmful activities on the Internet, having a tremendous negative impact. Machine learning is the maybe most exciting, paradigm changing software technology of our age. And it has become a part of the armamentary of the fight against phishing. WHOIS and DNS data are necessary for the actuation this powerful weapon. The data available from WhoisXML API, Inc's WHOIS API and DNS Lookup API services were used in one of the pioneering projects...

Read full story

Lonnie Reed

"I tried to create a method of discovering who is behind fraudulent web sites, but was unable to locate domain registration’s raw data to make this viable. You must be able to search every domain registration that uses the same phone number or same address or e-mail address in the domain registration. The consistent and structured data provided by WhoisXML API made it possible to perform such searches. Finally, I managed to group and identify suspected fraudulent web sites. "

For pricing details and building your customized solution, please contact us!