Cyber Threat Intelligence Feeds for a Safer Web | WhoisXML API

Domain & cyber threat intelligence feeds to bolster your enterprise security

Apply for early access to our seven threat intelligence sources designed to facilitate the detection and investigation of emerging threats and gather insights on your and third parties’ security posture.

Apply for early access
Get the most relevant data to be ahead of emerging security threats

Our 7 domain and threat intelligence sources provide:

  • Typosquatting domains feed

    Detect typosquatting domain names right when they are registered. Our typosquatting domain intelligence covers copycats, misspellings, and other suspicious domain variants that could serve to impersonate big brands or abuse their trademarks. Our feed is structured to flag new lookalike domains on the day after they appear on the DNS and where similarity could be deceptive.

  • Disposable domains

    Access lists of disposable domains provided by more than 2,000+ temporary email services. Disposable email addresses may figure in abusive registrations and spam or phishing communications.

  • Phishing URL data

    Know all confirmed phishing[1] URLs to better prevent credential and identify theft. Armed with that know-how, you can keep employees and all network users safe from accessing sites and pages that can put them and your company in harm’s way.


    [1] Phishing is a cybercrime technique where an attacker uses digital means of communication, such as emails or social media posts, to fool victims into revealing sensitive or confidential credentials.

  • Reputation data

    Check the reputation and risks associated with any domain or IP address. Our reputation data feed covers 120+ parameters that include host and server responses, configurations, and other potential issues; notable domain registration events; Secure Sockets Layer (SSL) certificate validity and possible vulnerabilities; malware database checks; and more.

  • Malicious URL data

    Get a list of website URLs that are known hosts of malicious files or redirect to dangerous pages. Some of them may even be rigged to drop harmful executable files on visitors’ systems.

  • Botnet C&C data

    Botnets gather user data and distribute commands through common-and-control (C&C) servers. Obtaining a list of all known C&C URLs is one way to prevent unauthorized network access from remote users.

  • DDoS attack data

    We provide URLs that may be part of an ongoing distributed denial-of-service (DDoS) attack[2] as well as their botnet controller locations and decoded commands used for attacks.


    [2] A DDoS attack utilizes a massive flow of non-human/bot traffic generated to disrupt a web server's normal operations until it crashes. DDoS attacks lead to business downtime and revenue loss.

What our domain threat intelligence database can do for you

Bolster the capability of cybersecurity systems

Bolster the capability of cybersecurity systems

  • Equip cyber threat intelligence platforms and other solutions with lists of known indicators of compromise (IoCs)—blacklisted IPs, botnets, C&C servers, hashes—retrieved from Darknets, black markets, Pastebin sites, Internet relay chat (IRC), social media, app stores, and more
  • Provide software in development a means to alert users about connected IP addresses and domains that can put their network at risk of data theft or malware infection by integrating cyber threat intelligence feeds.

Boost the functionality of third-party security products and services

  • Integrate domain threat intelligence feeds into security information and event management (SIEM); security orchestration, automation, and response (SOAR); and other solutions as an additional source of data.
  • Attacks can come from both known and unknown sources. Identify all potential attack vectors with the help of data from our threat intelligence database.
Boost the functionality of third-party security products and services
Maintain a healthy cybersecurity posture

Maintain a healthy cybersecurity posture

  • Make sure none of your domains and IP addresses are getting flagged as suspicious or malicious in several cyber threat intelligence feeds to maintain the integrity of your online infrastructure.
  • Sever ties to questionable domains and IP addresses. Our threat intelligence databases can clue you into the likely causes of poor reputation scores.

Intensify your cyber investigation capability

  • Is a suspicious domain or IP address trying to gain access to your network repeatedly? You may be the target of an ongoing attack. Use our cyber threat intelligence feeds to gauge the trustworthiness of the domain or IP address in question through enrichment and pivot analyses on hostnames, IPs, email addresses, and other digital entities.
  • No single threat repository is all-encompassing. Our threat intelligence database pulls data from several malware feeds and blocklists. You can rely on it to identify malware hosts, known phishing and spamming sites, or botnet C&C servers. Prevent them from gaining entry into your network by adding them to your blocklist.
Intensify your cyber investigation capability
Protect your online assets from all kinds of abuse

Protect your online assets from all kinds of abuse

  • Spot known malicious domains and IP addresses as soon as they access your network to thwart attempts and attacks as they happen with the help of reliable threat intelligence sources.
  • Pinpoint domains and IP addresses on shared hosts using a threat intelligence database and sever ties if any of them prove malicious. Any kind of connection to spam, malware, phishing, and other malicious pages can tarnish your brand reputation.

Trusted by
the smartest
companies

Threat Intelligence Data Feeds | WhoisXML API

Apply for early access

Taking a more proactive stance on preventing crime, theft, and fraud is possible with robust threat intelligence sources. Contact us if you are interested to apply for early access to Threat Intelligence Data Feeds.

Threat Intelligence Data Feeds | WhoisXML API

Are you looking to access our threat intelligence data via API calls?

Our threat data is available in the form of a series of enterprise-grade APIs designed for scalability and cover domain infrastructure analysis, SSL certificate chains and configuration, domain malware check, and more.

You may be interested

Brand Alert
Brand Alert

Monitor exact matches, variations and common misspellings of your brand name & trademarks.

Learn more
Newly Created Websites Data Feed
Newly Created Websites Data Feed

Get insights for the new business registered on the web.

Learn more
Domain Research Suite
Domain Research Suite

Enhance your domain research toolkit by our enterprise-grade web-based solution that helps you in searching...

Learn more
Newly Registered Domains
Newly Registered Domains

Keep track of the best business opportunities online.

Learn more
Subdomains Lookup
Subdomains Lookup

Discover subdomains related to the target domain name.

Learn more
IP Geolocation
IP Geolocation

Find out the exact physical location of any IP address, email or domain name.

Learn more
Screenshot Service
Screenshot Service

Instantly get a screenshot of any web page.

Learn more
Reverse WHOIS
Reverse WHOIS

Find connections between various domains, individuals and organizations.

Learn more
Reverse NS
Reverse NS

Find all domains that use the same name server.

Learn more
Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Get the most relevant data to be ahead of emerging security threats.

Learn more
Real-time Domain Registration
Real-time Domain Registration

Get data feeds of new registered domains along with their WHOIS data generated in real time.

Learn more
Reverse MX
Reverse MX

Reveal all the domains that use the same mail server.

Learn more
Registrant Alert
Registrant Alert

Find out which domains were added or dropped by registrants, with given search criteria.

Learn more
Reverse IP/DNS
Reverse IP/DNS

Find relations like ownership between hostnames and IPs.

Learn more
US Internet Retailers Database
US Internet Retailers Database

Get access to the biggest US Internet Retailers Database.

Learn more
DNS Lookup Services
DNS Lookup Services

Identify who is hosting a particular domain name or website.

Learn more
WHOIS Database Download
WHOIS Database Download

We provide complete and relevant domain WHOIS data which can be customized and easily integrated as per your business needs.

Learn more
Domain Availability
Domain Availability

The most accurate domain availability checker offered on the market.

Learn more
WHOIS Search
WHOIS Search

Get well-parsed and normalized WHOIS information for any domain name, IP address or email.

Learn more
IP Netblocks
IP Netblocks

Find out which IP range the particular IP belongs to.

Learn more
Domain Reputation API
Domain Reputation API

Assess the domain's or IP addresses reputation and risk profile with a simple score based on a comprehensive...

Learn more
Typosquatting Data Feed
Typosquatting Data Feed

Easily detect all typosquatting domain names as soon as they are registered each day.

Learn more
Email Verification
Email Verification

Ensure the validity and quality of any email address.

Learn more
All Registered Domains
All Registered Domains

Get a complete daily list of all the registered domains and zone files.

Learn more
Website Categorization
Website Categorization

Define website category of the given domain.

Learn more
Website Contacts
Website Contacts

Get full contacts data of the given domain.

Learn more
Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to