Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Access our web-based solution to dig into and monitor all domain events of interest.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.
Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.
Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.
Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.
Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.
Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.
We offer comprehensive services for the integration of our data – from consultations to the precise definition of the basic needs of the business to increase the work efficiency.
Set up and manage public WHOIS servers for your business. Our WHOIS parsing system is a utility that collects extensive information about any given domain by sending series of DNS and WHOIS queries. The report is generated in raw as well as in parsed format.
Regardless of whether you are a startup, a small business or a global one, our team is always ready to help you. Enterprises operating on a scale can also choose special premium support management with high priority 24/7 email and telephone responses and other professional services.
Get customized reports on TLDs covering datasets falling under domain name, WHOIS and DNS category.
Make your threat intelligence more comprehensive and relevant with a complete view of the DNS.
Contact us at 
Cyber threat intelligence lies behind most cybersecurity strategies, platforms, or operation centers. Yet the scale and scope of today’s ever-dynamic and geographically dispersed threat landscape means organizations cannot settle for partially informed or run-of-the-mill threat intelligence. Accounting for every bit of information, including countless real-time and historical Internet events, matters to proactively notice, monitor, and protect networks from threat actors.
Cyber threat intelligence can only be as good as the raw data used in its development. Historical coverage of DNS, WHOIS, and other Internet records facilitates malicious infrastructure investigation and disruption by exposing otherwise hidden connections. These critical Internet events significantly contribute to every stage of the threat intelligence development cycle—enabling early threat detection, real-time threat analysis, broader threat expansion, and timely threat disruption.
Scalable data access. Flexible licensing models. Better coverage and higher total value delivered. Those are just a few differentiators of our enterprise data solutions and packages tailored to your business priorities.
| Tier | Product | Frequency/updates |
|---|---|---|
| P | Real-time & Historic Whois Streaming | Real-time Stream, Daily & Quarterly Feed, Real-time API Lookups |
| P | Real-time & Historic Passive DNS Coverage | Daily + Weekly Feed, Real-time API Lookups |
| P | Enterprise APIs & Threat Intelligence APIs | Enterprise APIs T5 & Threat Intelligence APIs (1M CPM) |
| 1 | Real-time Whois Data Coverage | Daily & Quarterly Feed, Real-time API |
| 1 | Real-time DNS Coverage | Weekly Feeds, Real-time API |
| 1 | IP Geolocation & Netblocks Data Coverage | Daily Feeds |
| 1 | Website Contacts & Categorization Feed | Daily Feed |
| 2 | Subdomains Database Feed | Daily Feed |
| 2 | IP Netblocks (IPv4 + IPv6) | Daily Feed |
| 2 | IP Geolocation Database | Daily Feed |
| 2 | Typosquatting Data Feed (Enriched) | Daily Feed |
| 2 | Disposable Email Domains Feed | Daily Feed |
| 2 | MAC Address Vendor Database | Daily Feed |
See what complete domain and DNS intelligence looks like in practice.
Download Data SampleTalk to us. We’re eager to listen and find innovative ways to contribute to your success.
Contact UsThe WhoisXML API data engine is built and frequently upgraded to offer you the most complete, updated, and unique Internet intelligence footprints since 2010. Don’t get lost in all the red tape and unforeseen technical complexities of finding your own domain and DNS data. Our technology is ready to give back months or years of development cycle time to your most pressing and mission-critical projects and deployments.
Our Internet intelligence sources enriched the various processes required in the development of cyber threat intelligence, including:
Detect suspicious domains, subdomains, nameservers, IP addresses, and other Internet-related records as soon as they get added, updated, or dropped, including cyber properties that seem to imitate legitimate brands and those that currently or historically share the same infrastructure as known threats.
Gather accurate geolocation, ownership, administration, DNS infrastructure details, and other Internet intelligence raw materials needed to deepen threat contextualization and bring you one step closer to fully understanding and pinning down threat actors.
Analyze tactics, techniques, and procedures (TTPs) in real-time by observing and detecting old and new patterns in domain registration events, nameserver assignments, registrar affiliation, top-level domains (TLDs), IP geolocation, and other data that can be associated with threat actors.
Anticipate the badness of a domain, subdomain, or IP address before they are weaponized by following breadcrumbs left behind by the adversaries’ inevitable reuse of digital assets, such as nameservers, registrars, IP ranges, Secure Sockets Layer (SSL) certificates, and suspicious domain types.
Track down malicious properties to their respective owners, registrars, registries, and Internet service providers (ISPs) to intercept threat actors. Expose their domain, DNS, and IP connections to take steps toward disrupting malevolent infrastructure.
Pinpoint domains, subdomains, and IP addresses that currently share the same details or infrastructure as those used in confirmed threats or have recently or historically done so to support threat prevention efforts, from preemptive blocking to fueling security heuristics analysis and threat prevention models.
A comprehensive and unhindered view of real-time and historical Internet events can help make your cyber threat intelligence more complete and powerful. Learn how in this use case sheet.
DownloadWe are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.
What Our Clients Say
"Through WhoisXML API, we can access DNS, WHOIS, and IP intelligence with real-time and passive coverage. The data works seamlessly with our other intelligence sources, allowing us to derive the most complete cyber threat intelligence so we can analyze and predict threat actor behaviors and provide timely insights to our users."
CTO & Co-Founder
Threat Intelligence Feed Provider
"We found certain nameservers that were always used for a phishing campaign, having those in our rules enabled us to catch phishing sites before they affected our user base. WhoisXML API is a responsive and reliable provider of domain intelligence. Whenever there are issues, they are quick to respond and resolve them. Working with them is smooth and straightforward."
Christine Bejerasco, Senior Analyst
F-Secure Labs