Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN,
and other network ownership details.
Access our web-based solution to dig into
and monitor all domain events of interest.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
New gTLD Intelligence Services (NGIS)
Independent, evidence-based DNS and abuse intelligence for applicants, advisors, governments, and counsel participating in the ICANN 2026 New gTLD Program.
Predictive Threat Intelligence Feeds
Detect and block access to and from dangerous domain names before malicious actors can weaponize them. Contact us today for more information.
Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.
Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.
Security Intelligence (SI) Suite
Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.
Uncover entire attack surfaces with this API to embed asset discovery, vulnerability scanning, and technology metadata into your platform. Now in early access.
Talk to our APIs using LLMs. Connect your preferred LLM to WhoisXML API and simply chat about WHOIS, DNS, threat intelligence, and more.
I’m your Domain Intelligence Assistant. I make it easy to explore WHOIS, DNS, and threat data from WhoisXML API — I’m cloud-based, fast, and always ready to help.
WhoisXML API Domain Intelligence Advisor (via ChatGPT)
A custom GPT for WHOIS, DNS, IP, and threat intelligence research. Connects ChatGPT directly to WhoisXML API to enable fast, conversational investigations and domain insights.
DynamoDB is Amazon’s fully managed NoSQL database service that’s designed for high-performance applications at scale. DynamoDB is known for its single-digit millisecond response times, automatic scaling, and built-in security features.
Mirroring Sun Tzu’s wisdom, “To know your enemy, you must become your enemy,” today’s cybersecurity landscape demands that security teams see their IT infrastructure through attackers’ eyes. This proactive approach is vital, notably considering the Data Breach Investigations Report (DBIR) finding that 65% of data breaches stem from external sources.
Adopting an attacker mindset enables security teams to identify and address attack vectors early and continuously manage their attack surfaces. This strategy entails asking questions like, “What assets can threat actors see and use as entry points?” and “How can compromising these assets impact other assets?”
WhoisXML API has recently created two scripts to provide IP Netblocks Database users with a fast and easy way to retrieve the netblocks data of any IP address. The first script allows developers to create a binary tree database and save it as a pickle file, while the second script enables them to search the binary tree for a specific IP address.
Secure shell (ssh) is the typical tool for getting secure command-line access to Linux (and other Unix flavor) systems. Notably, most Linux-based servers are administered remotely via ssh access. Hence the security of the ssh service is of paramount importance, especially since it is often a very attractive part of the attack surface of an organization.
The present blog provides a discussion on setting up efficient firewall rules for the ssh service, and extending the whitelist easily with the help of WhoisXML API’s IP Netblocks API. The method also works for other services using inbound tcp connections. We discuss a typical iptables firewall on a Linux system. Basic expertise in Linux tools and firewalls is assumed. The recipe works as it is, or with minor modifications also on other systems.
It is normal for large enterprises, especially multinational corporations (MNCs), to maintain an IP netblock or several IP ranges for their website hosting requirements. This approach allows them to quickly set up sites as the need arises. There might be problems, though, when a company relies on a single service provider. Any operational disruption on the provider’s part means a halt to its business as well.
This post tackles the challenges that relying on a single web host brings and how access to an IP Netblocks WHOIS database may help alleviate them. In case you are not fully familiar with the notion of netblocks, check this post for an introduction to the subject.
Hackers are known to hijack IP addresses for use in various illegal activities. They could thus use your IP address in a malicious campaign, but that doesn’t mean you’re guilty. And so, your infosec team needs to gather enough evidence to counter accusations of foul play against you. You may also need to help the authorities by looking into who is behind a threat.
The first step in that direction is answering the question: What is my IP range? Solutions like IP Netblocks API or IP Netblocks WHOIS Database could be of help. That’s not where the buck stops, though, you’ll need to use a host of IP and domain intelligence tools next. For this reason, we created this guide for you.
Indicators of compromise (IoCs) are anomalous network or computer artifacts such as malware signatures, file hashes, or domains that point to a possible breach. This data is aggregated from multiple external threat feeds and log files from internal applications and systems. The analysis of IoCs is part and parcel of an infosec professional’s daily workload. After all, an organization’s security hinges on its ability to detect and act on IoCs that could lead to full-blown cyber attacks timely.
Every day, analysts encounter IoCs of varying severity, as reported by their organization’s security orchestration, automation, and response (SOAR) and security information and event management (SIEM) solutions. The problem with such alerts is that some may be associated with old IoCs that are no longer active or are now being used for legitimate purposes.
That explains the need for constant IoC management. By monitoring IoCs in context, security analysts can find out which ones warrant their attention most as the volume of alerts can easily overwhelm an understaffed security team. But was does “context” mean here? And which sources of data can support in providing it?
Among other data feeds, IP Netblocks WHOIS Database can ease the burden of IoC enrichment activities for analysts. Let’s find out how.
It is pretty standard for cybercriminals to spend time exploring a network for weaknesses they can exploit. That’s why cybersecurity experts must continuously monitor their systems and logs for any signs of future attacks. They can do so with various IP and domain intelligence tools, notably using IP Netblocks API as a first step.
How exactly? In this post, we provide a demonstration of how organizations can better ensure their infrastructure’s security and possibly even prevent breaches.
We are here to listen. For a quick response, please select your request type. By submitting a request, you agree to our Terms of Service and Privacy Policy.
