Cyber Threat Intelligence Feeds for a Safer Web | WhoisXML API

Domain & cyber threat intelligence feeds to bolster your enterprise security

Apply for access to our seven threat intelligence sources designed to facilitate the detection and investigation of emerging threats and gather insights on your and third parties’ security posture.

Get the most relevant data to be ahead of emerging security threats

Our 7 domain and threat intelligence sources provide:

  • Typosquatting domains feed

    Detect typosquatting domain names right when they are registered. Our typosquatting domain intelligence covers copycats, misspellings, and other suspicious domain variants that could serve to impersonate big brands or abuse their trademarks. Our feed is structured to flag new lookalike domains on the day after they appear on the DNS and where similarity could be deceptive.

  • Disposable domains

    Access lists of disposable domains provided by more than 2,000+ temporary email services. Disposable email addresses may figure in abusive registrations and spam or phishing communications.

  • Phishing URL data

    Know all confirmed phishing[1] URLs to better prevent credential and identify theft. Armed with that know-how, you can keep employees and all network users safe from accessing sites and pages that can put them and your company in harm’s way.


    [1] Phishing is a cybercrime technique where an attacker uses digital means of communication, such as emails or social media posts, to fool victims into revealing sensitive or confidential credentials.

  • Reputation data

    Check the reputation and risks associated with any domain or IP address. Our reputation data feed covers 120+ parameters that include host and server responses, configurations, and other potential issues; notable domain registration events; Secure Sockets Layer (SSL) certificate validity and possible vulnerabilities; malware database checks; and more.

  • Malicious URL data

    Get a list of website URLs that are known hosts of malicious files or redirect to dangerous pages. Some of them may even be rigged to drop harmful executable files on visitors’ systems.

  • Botnet C&C data

    Botnets gather user data and distribute commands through common-and-control (C&C) servers. Obtaining a list of all known C&C URLs is one way to prevent unauthorized network access from remote users.

  • DDoS attack data

    We provide URLs that may be part of an ongoing distributed denial-of-service (DDoS) attack[2] as well as their botnet controller locations and decoded commands used for attacks.


    [2] A DDoS attack utilizes a massive flow of non-human/bot traffic generated to disrupt a web server's normal operations until it crashes. DDoS attacks lead to business downtime and revenue loss.

What our domain threat intelligence database can do for you

Bolster the capability of cybersecurity systems

Bolster the capability of cybersecurity systems

  • Equip cyber threat intelligence platforms and other solutions with lists of known indicators of compromise (IoCs)—blacklisted IPs, botnets, C&C servers, hashes—retrieved from Darknets, black markets, Pastebin sites, Internet relay chat (IRC), social media, app stores, and more
  • Provide software in development a means to alert users about connected IP addresses and domains that can put their network at risk of data theft or malware infection by integrating cyber threat intelligence feeds.

Boost the functionality of third-party security products and services

  • Integrate domain threat intelligence feeds into security information and event management (SIEM); security orchestration, automation, and response (SOAR); and other solutions as an additional source of data.
  • Attacks can come from both known and unknown sources. Identify all potential attack vectors with the help of data from our threat intelligence database.
Boost the functionality of third-party security products and services
Maintain a healthy cybersecurity posture

Maintain a healthy cybersecurity posture

  • Make sure none of your domains and IP addresses are getting flagged as suspicious or malicious in several cyber threat intelligence feeds to maintain the integrity of your online infrastructure.
  • Sever ties to questionable domains and IP addresses. Our threat intelligence databases can clue you into the likely causes of poor reputation scores.

Intensify your cyber investigation capability

  • Is a suspicious domain or IP address trying to gain access to your network repeatedly? You may be the target of an ongoing attack. Use our cyber threat intelligence feeds to gauge the trustworthiness of the domain or IP address in question through enrichment and pivot analyses on hostnames, IPs, email addresses, and other digital entities.
  • No single threat repository is all-encompassing. Our threat intelligence database pulls data from several malware feeds and blocklists. You can rely on it to identify malware hosts, known phishing and spamming sites, or botnet C&C servers. Prevent them from gaining entry into your network by adding them to your blocklist.
Intensify your cyber investigation capability
Protect your online assets from all kinds of abuse

Protect your online assets from all kinds of abuse

  • Spot known malicious domains and IP addresses as soon as they access your network to thwart attempts and attacks as they happen with the help of reliable threat intelligence sources.
  • Pinpoint domains and IP addresses on shared hosts using a threat intelligence database and sever ties if any of them prove malicious. Any kind of connection to spam, malware, phishing, and other malicious pages can tarnish your brand reputation.
Threat Intelligence Data Feeds | WhoisXML API

Apply for access

Taking a more proactive stance on preventing crime, theft, and fraud is possible with robust threat intelligence sources. Contact us if you are interested to apply for access to Threat Intelligence Data Feeds.

Threat Intelligence Data Feeds | WhoisXML API

Are you looking to access our threat intelligence data via API calls?

Our threat data is available in the form of a series of enterprise-grade APIs designed for scalability and cover domain infrastructure analysis, SSL certificate chains and configuration, domain malware check, and more.