Success stories

Discover companies like yours who have found success
Université Grenoble Alpes

Cybercrime After the Sunrise: are the new gTLDs nests of abuse?

ICANN's new gTLD program, initiated in 2007 and started in 2013, resulted in the appearance of more than a thousand generic top-level domains, confirming the significant business demand for these. Some are related to regions or locations (like .amsterdam), some to communities (e.g. .pharmacy) or brands, and many of them are just words having a marketing value. But apart from the opportunities for customers, unfortunately they also pave new ways for cybercriminals for abusing the domain name system. Even though ICANN has built safeguards into the process to mitigate this risk, it has become a widely accepted surmise that new gTLDs are frequently the base camps of spamming, phishing, botnets and other forms of abuse. Is it really the case?

Read full story

DNS Forensics Using the Big Data Extension
of IBM’s QRadar Security Intelligence Platform

The basis of IBM’s key security solutions is the QRadar Security Intelligence Platform, a security information and event management system (SIEM). It is a unified platform covering many security-related tasks and incorporating a broad spectrum of solutions including the use of X-Force Threat Intelligence, IBM’s cloud-based threat intelligence platform.

The big data extension of QRadar can be used to do DNS forensics in order to identify risky domains, risky users, and risky IP addresses, and feed this information back to QRadar in order to define new protection rules...

Read full story
MITRE Corporation

WhoDat Project: an Interactive Pivotable Tool
for Working with WHOIS Data

As the analysis and research of WHOIS data is crucial in cybersecurity, the MITRE cooperation develops a front-end for the services provided by WhoisXML API in support of researchers' and analysts' work...

Read full story
Simon Fraser University

Dark Crawler, a Useful Tool to Assess Child
Exploitation from Online Communities

Child sexual offenders have always been quick to adapt technological advances, such as photography and film for the purposes of exploiting children. The move of child exploitation material (CEM) to the Internet has enabled them to form online communities which allow easier access to CEM, recruiting co offenders and business partners, as well as validating their deviant behavior amongst other offenders.

Despite the established harm inherent within child exploitation imagery and distribution online, current attempts to limit such content have been largely unsuccessful.

Dark Crawler is a tool used by search-engines to automatically navigate the Internet and collect information about each website and webpage which can be used to seek out specific content, such as child exploitation material...

Read full story
University of Michigan

The WPAD Name Collision Vulnerability
in the New gTLD Era: a Threat Crying for Urgent Solution

Sometimes certain comfortable and seemingly innocent protocols can introduce significant security risks, especially when the system's environment changes.

The WPAD (Web Proxy Autodiscovery) protocol is prevalently used to configure the web proxy settings of end systems such as desktops and other devices belonging to an administrative domain, e.g. a corporate network. The benefit of this solution is that system administrators can deploy local web proxy settings essentially without any user interaction. Due to a very progressive change in the domain registration policies, the otherwise very useful WPAD protocol has introduced the possibility of a new and very dangerous man-in-the-middle attack...

Read full story
University of Maryland, Northeastern University,
Duke University, Akamai Technologies

Is a HTTPS Webpage as Secure as Expected?

Encrypted communication on the Internet is most commonly realized by Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Webpages communicating sensitive content, including Internet banking, webshops, etc. use the HTTPS protocol which is based on this. E-mail servers, when communicating with clients in a secure manner, use the relevant e-mail transfer protocols such as SMTP, IMAP or POP3 over SSL/TLS.

In current practice web pages are often hosted at least in part by third-party hosting providers or content-delivery networks. Thus the hardware systems we communicate with belong to these third parties, which may host many other pages of completely different entities. And, in order to establish desired secure communications, these parties have to get hold of private keys of these entities. Currently, many providers overtake even the management of keys from their clients which gives rise to profound and possibly severe security implications...

Read full story
Institute for High Performance Computing
and Networking (ICAR-CNR); DIMES, University of Calabria

Malicious URL Detection via Machine Learning

Protection against malicious websites is an important task in cybersecurity. A common way of identifying such sites is the use of blacklists which contain a large set of URLs considered dangerous. There are various techniques for compiling such lists, and there is obviously a need for methods to verify if a suspicious site is really dangerous...

Read full story
Delft University of Technology

WHOIS Data for Vulnerability Notifications

One of the cornerstones of cybersecurity is threat intelligence sharing. Maintenance of our IT systems' security and their protection against malicious activity require up-to-date knowledge of the entire field. There are significant efforts to assist experts in this activity, including those of market leaders such as IBM X-Force Exchange.

Due to the decentralized architecture of the Internet, however, the collaboration of the actors as well as voluntary campaigns in order to detect vulnerabilities are also of utmost importance. If, however, the owners of the affected systems cannot be notified, these efforts can hardly achieve their positive goal. And in this notification process, WHOIS data have their use...

Read full story

Customer testimonials

We improve our solutions by interacting with customers.
Our success has been driven by your passion for the best.
Christine Bejerasco
Senior Analyst at F-Secure Labs
We found certain nameservers that were always used for a phishing campaign, having those in our rules enabled us to catch phishing sites before they affected our user base. Whoisxmlapi is a responsive and reliable provider of whois information. Whenever there are issues, they are quick to respond and resolve them. Working with them is smooth and straightforward.
Rich Sutton
VP of Engineering at Proofpoint
The Proofpoint Digital Risk team uses Whois data as an input to heuristic detection of suspicious and/or malicious domains. At Proofpoint, we're in the business of protecting our customers from threats across web, mobile, email and social. The Whois API service allows us to quickly integrate Whois lookups into our security heuristics and algorithms without having to worry about hosting services, staging and merging data, and the complicated task of normalization.
Antonio Piccolo
Getting whois information for 20.000 urls could be painful. Whoisxmlapi is a fast, flexible and reliable service that saved me a lot of time during my research work. Its API documentation and examples are well written and provide clear information, you are ready to run the queries in your favorite programming language in less than a couple of minutes.
White papers
Cyber Security
Investigation and Analysis

The Internet is not just the hotspot of all things digital and technical. Largely due to its ubiquity and countless (and frequently anonymous) points of entry, the web has given rise to a new breed of outlaw – cybercriminals who prey on the wealth of valuable information available online...

Read more

Trusted by
the smartest

Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs. For more info regarding the request types, see the Contact us page.

Or shoot us an email to