Elevate your SIEM platform with domain and IP data | WhoisXML API
Products APIs Data feeds Web tools Domain Research & Monitoring Enterprise packages Cyber Threat Intelligence
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Enterprise Data Feed Packages
Enterprise Data Feed Packages

Downloadable domain, IP, and DNS datasets for efficient and unrestricted access to all of our intelligence sources within your network perimeter.

Enterprise Tools Packages
Enterprise Tools Packages

Access to our domain and threat intelligence tools in combo with package discounts for enterprise and government customers.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

×
Contact Us

Security Information and Event Management (SIEM) Solutions

Deep enrichment and contextualization are critical processes for detecting, triaging, and responding effectively to SIEM-detected alerts. Our comprehensive sources of domain, IP, and DNS intelligence are aggregated and processed to add immediate value to SIEM platforms and their capabilities.



Enable the enrichment of suspicious hostnames, IP addresses, email addresses, and more. Allow users to quickly pivot on recorded data points and identify connected footprints that might be part of an ongoing or upcoming attack.

Have questions?

Contact us at

11.5+ billionWHOIS records
582+ millionDomains tracked
2,864+TLDs & ccTLDs
1.2+ billionDomains and subdomains

Our SIEM value proposition

Fit for purpose

Use our intelligence in the way that best works for you—via API calls using our scalable infrastructure, direct database downloads for use within your environment, and/or web-based investigative tools.

Deep and wide coverage

Our intelligence covers root domains, subdomains, IP addresses, DNS records, asset and infrastructure owners, geolocation, and more.

Skip the extensive legwork

Avoid tons of manual work. Access well-parsed and normalized data in convenient formats for direct integration into your SIEM platforms. Benefit from our legal agreements with multiple third-parties to ensure the completeness of our data.

Know all about domain, IP, and DNS occurrences as they happen

Our data is regularly refreshed to include the hundreds of thousands of new occurrences (i.e., properties added, updates, etc.) throughout the Domain Name System and the IPv4 and IPv6 spaces.

Customizable solution components

Enterprise Security Intelligence Packages

An all-in suite of WHOIS, Domain, and IP intelligence packages containing all of our databases and unlimited access to WHOIS History API.

Enterprise Tools Packages

A set of tools and platforms useful for domain research & monitoring and the contextualization of domains and IP addresses connected to security events on the fly.

Enterprise API Packages

A comprehensive set of APIs for gathering domain, DNS, and IP intelligence while relying on our enterprise-grade API infrastructure.

Enterprise Data Feed Packages

A comprehensive set of domain, IP, and DNS data feeds ready for correlation with other sources. We offer a variety of download options with predictable pricing models.

You can select all of the mentioned components or pick those you specifically need. For pricing and details contact us.

Our intelligence sources enable SIEM users to:

  • Detect threats and investigate them by enriching domain and IP data found in network logs and blocklists.
  • Increase network visibility in near-real-time with our updated sources of intelligence.
  • Combine cyber threat intelligence sources to detect and monitor Internet assets in countries known for geopolitical cyber risks.
  • Run pivot analyses from recorded data points of interest found in WHOIS and DNS records.
  • Get reliable data to finetune threat response workflows and speed up response time.
  • Check the vulnerabilities and misconfigurations of web properties and their connected IP/DNS/subdomain assets.
  • Sort security events, reduce the number of false positives, save time, and identify breaches faster.

Our SIEM integrations include:

Learn more about our integrations

Customer success stories

SIEM Enrichment using WHOIS Data

IBM QRadar SIEM uses intelligence provided by WhoisXML API to execute DNS forensics analysis and spot potentially malicious domains, users, and IP addresses.

Read full story

WHOIS Data for Vulnerability Notifications

Domain owners’ and other contact information points contained in WHOIS records allow for faster notifications about vulnerable domain properties.

Read full story

For pricing details and building your customized solution, please contact us!

Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to