Cyber Threat Intelligence Feeds for a Safer Web | WhoisXML API
Products APIs Data feeds Web tools Domain Research & Monitoring Enterprise packages Cyber Threat Intelligence
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Enterprise Data Feed Packages
Enterprise Data Feed Packages

Downloadable domain, IP, and DNS datasets for efficient and unrestricted access to all of our intelligence sources within your network perimeter.

Enterprise Tools Packages
Enterprise Tools Packages

Access to our domain and threat intelligence tools in combo with package discounts for enterprise and government customers.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

×
Contact Us
Pricing

Domain & cyber threat intelligence feeds to bolster your enterprise security

Apply for early access to our seven threat intelligence sources designed to facilitate the detection and investigation of emerging threats and gather insights on your and third parties’ security posture.

Apply for early access
Get the most relevant data to be ahead of emerging security threats

Our 7 domain and threat intelligence sources provide:

  • Typosquatting domains feed

    Detect typosquatting domain names right when they are registered. Our typosquatting domain intelligence covers copycats, misspellings, and other suspicious domain variants that could serve to impersonate big brands or abuse their trademarks. Our feed is structured to flag new lookalike domains on the day after they appear on the DNS and where similarity could be deceptive.

  • Disposable domains

    Access lists of disposable domains provided by more than 2,000+ temporary email services. Disposable email addresses may figure in abusive registrations and spam or phishing communications.

  • Phishing URL data

    Know all confirmed phishing[1] URLs to better prevent credential and identify theft. Armed with that know-how, you can keep employees and all network users safe from accessing sites and pages that can put them and your company in harm’s way.


    [1] Phishing is a cybercrime technique where an attacker uses digital means of communication, such as emails or social media posts, to fool victims into revealing sensitive or confidential credentials.

  • Reputation data

    Check the reputation and risks associated with any domain or IP address. Our reputation data feed covers 120+ parameters that include host and server responses, configurations, and other potential issues; notable domain registration events; Secure Sockets Layer (SSL) certificate validity and possible vulnerabilities; malware database checks; and more.

  • Malicious URL data

    Get a list of website URLs that are known hosts of malicious files or redirect to dangerous pages. Some of them may even be rigged to drop harmful executable files on visitors’ systems.

  • Botnet C&C data

    Botnets gather user data and distribute commands through common-and-control (C&C) servers. Obtaining a list of all known C&C URLs is one way to prevent unauthorized network access from remote users.

  • DDoS attack data

    We provide URLs that may be part of an ongoing distributed denial-of-service (DDoS) attack[2] as well as their botnet controller locations and decoded commands used for attacks.


    [2] A DDoS attack utilizes a massive flow of non-human/bot traffic generated to disrupt a web server's normal operations until it crashes. DDoS attacks lead to business downtime and revenue loss.

What our domain threat intelligence database can do for you

Bolster the capability of cybersecurity systems

Bolster the capability of cybersecurity systems

  • Equip cyber threat intelligence platforms and other solutions with lists of known indicators of compromise (IoCs)—blacklisted IPs, botnets, C&C servers, hashes—retrieved from Darknets, black markets, Pastebin sites, Internet relay chat (IRC), social media, app stores, and more
  • Provide software in development a means to alert users about connected IP addresses and domains that can put their network at risk of data theft or malware infection by integrating cyber threat intelligence feeds.

Boost the functionality of third-party security products and services

  • Integrate domain threat intelligence feeds into security information and event management (SIEM); security orchestration, automation, and response (SOAR); and other solutions as an additional source of data.
  • Attacks can come from both known and unknown sources. Identify all potential attack vectors with the help of data from our threat intelligence database.
Boost the functionality of third-party security products and services
Maintain a healthy cybersecurity posture

Maintain a healthy cybersecurity posture

  • Make sure none of your domains and IP addresses are getting flagged as suspicious or malicious in several cyber threat intelligence feeds to maintain the integrity of your online infrastructure.
  • Sever ties to questionable domains and IP addresses. Our threat intelligence databases can clue you into the likely causes of poor reputation scores.

Intensify your cyber investigation capability

  • Is a suspicious domain or IP address trying to gain access to your network repeatedly? You may be the target of an ongoing attack. Use our cyber threat intelligence feeds to gauge the trustworthiness of the domain or IP address in question through enrichment and pivot analyses on hostnames, IPs, email addresses, and other digital entities.
  • No single threat repository is all-encompassing. Our threat intelligence database pulls data from several malware feeds and blocklists. You can rely on it to identify malware hosts, known phishing and spamming sites, or botnet C&C servers. Prevent them from gaining entry into your network by adding them to your blocklist.
Intensify your cyber investigation capability
Protect your online assets from all kinds of abuse

Protect your online assets from all kinds of abuse

  • Spot known malicious domains and IP addresses as soon as they access your network to thwart attempts and attacks as they happen with the help of reliable threat intelligence sources.
  • Pinpoint domains and IP addresses on shared hosts using a threat intelligence database and sever ties if any of them prove malicious. Any kind of connection to spam, malware, phishing, and other malicious pages can tarnish your brand reputation.
Threat Intelligence Data Feeds | WhoisXML API

Apply for early access

Taking a more proactive stance on preventing crime, theft, and fraud is possible with robust threat intelligence sources. Contact us if you are interested to apply for early access to Threat Intelligence Data Feeds.

Order database
Threat Intelligence Data Feeds | WhoisXML API

Are you looking to access our threat intelligence data via API calls?

Our threat data is available in the form of a series of enterprise-grade APIs designed for scalability and cover domain infrastructure analysis, SSL certificate chains and configuration, domain malware check, and more.

Learn more about Threat Intelligence API
Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to