Whois API, LLC

Whois API, LLC WhoisXML API is a cyber intel provider that has been gathering, analyzing, and correlating domain, IP, and DNS data for a more secure and transparent Internet.

We are a cyber threat intelligence provider trusted by over 50,000 clients and have been ranked one of Inc. 5000 fastest growing IT companies since 2017. Our customer base includes commercial security platforms (SIEM, SOAR, and TIP), Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs), Fortune 1000 companies, top cybercrime & law enforcement units, government agencies, b

anks, payment processors, telcos, and brand protection agencies. We also work closely with domain registries/registrars, domain investors/brokers, marketing researchers, big-data warehouses, web analytics firms, investment funds, VC firms, SMBs with a digital footprint, and more!

06/05/2026

What if fake software downloads quietly handed attackers remote access?

Thanks to Cybersecurity for uncovering the RAT campaign and the initial IoCs. We mapped the footprint of the operation attributed to , which used domains impersonating trusted software brands across VPN, messaging, videoconferencing, cryptocurrency, and e‑commerce ecosystems.

Building on 13 network , we uncovered 2,600+ potentially new artifacts:
✅ 829 unique client IP addresses communicating with 2 domain IoCs
✅ 1 domain IoC bulk‑registered with 6 look‑alike domains.
✅ 5 domain IoCs likely registered with malicious intent.
✅ 829 unique potential victim IP addresses communicating with 2 of the domain IoCs.
✅ 33 IP addresses potentially owned by victims communicating with 1 IP IoC.
✅ 2,584 email‑connected domains.
✅ 10 additional IP addresses, 7 malicious.
✅ 33 IP‑connected domains.
✅ 35 string‑connected domains, 3 malicious.

Download the full report → https://main.whoisxmlapi.com/threat-reports/an-analysis-of-the-atlascross-rat-network-iocs

We’re excited to share that WhoisXML API will be at the Global Anti-Scam Summit (GASS) Europe 2026! Hosted by the Global...
06/04/2026

We’re excited to share that WhoisXML API will be at the Global Anti-Scam Summit (GASS) Europe 2026!

Hosted by the Global Anti-Scam Alliance (GASA), Europe brings together organizations from across industry, government, academia, and the wider anti-scam community to collaborate on combating and protecting consumers.

Representing our Research & Media Collaborations program, Alexandre François and Anna Danilova will be onsite to meet with researchers, journalists, investigators, and professionals, discuss opportunities for new research and investigations, and help build collaborations that contribute to a safer Internet.

If you're attending GASS Europe, we'd love to connect and learn more about the work you're doing to combat and cybercrime.

👉 Leave a request to connect here: https://join.whoisxmlapi.com/upcoming-recent-events -CTA

06/03/2026

What can the top 10 families of 2025 tell us about where the threat is headed next?

Our latest investigation analyzes the ransomware families featured in Picus Security's top 10 ransomware list for 2025, uncovering the domains, infrastructure, and connections that reveal how today's ransomware operations continue to evolve.

🔎 Explore the research: https://circleid.com/posts/a-look-back-at-the-top-10-ransomware-of-2025

06/02/2026

A single suspicious IP address can often be the starting point—not the full story.

IP Netblocks Lookup helps investigators uncover the broader infrastructure associated with an IP address, ASN, or organization. Access IP range information, ASN and ISP details, geolocation data, ownership records, and other contextual information that can support infrastructure analysis and threat investigations.

Whether you're mapping attacker infrastructure, enriching SIEM/SOAR workflows, or conducting attribution research, visibility into related IP assets can help reveal connections that might otherwise go unnoticed.

Explore the tool: https://ip-netblocks.whoisxmlapi.com/lookup

📌 The video demonstrates the IP Netblocks Lookup web interface. The same data is also available through API and database download options.

05/29/2026

What if a supply-chain compromise in trusted open‑source ecosystems turned into an attack path?

Thanks to for uncovering the Axios supply chain campaign and the initial . Elastic and also disclosed overlapping IoCs.
Building on their 22 IoCs, we uncovered 1,770 new artifacts:
✅ 16 unique client IP addresses communicating with 2 domain IoCs
✅ Two domain IoCsin typosquatting groups with 5–12 members each.
✅ One domain likely registered with malicious intent (651 days before reporting).
✅ 676 email-connected domains.
✅ Two additional IP addresses, both malicious.
✅ 58 IP-connected domains, four malicious.
✅ 1,034 string-connected domains, one malicious.

Download the full Axios Supply Chain Attack report → https://main.whoisxmlapi.com/threat-reports/the-dns-anatomy-of-the-axios-supply-chain-attack

05/27/2026

First Watch flagged 73 domains tied to and as likely malicious before they appeared in public reporting, some more than a year earlier.

Analysis of 191 network linked to eight Iran-affiliated groups uncovered 3,565+ new possible artifacts including connected domains, victim-linked IPs, and previously unidentified malicious infrastructure tied to these campaigns.

🔎 Explore the analysis:
https://circleid.com/posts/a-network-ioc-analysis-for-8-iran-affiliated-apt-groups

05/26/2026

Understanding a domain’s DNS setup can reveal valuable infrastructure insights during investigations.

With DNS Lookup, security teams can quickly retrieve DNS records including A, AAAA, MX, TXT, NS, SOA, SPF, and CNAME records to better understand domain configurations, infrastructure relationships, and potential anomalies.

Useful for investigating suspicious domains, validating DNS changes, and supporting threat hunting and DFIR workflows with fast access to actionable DNS intelligence.

Explore the tool here:
https://dns-lookup.whoisxmlapi.com/lookup

📌 The video highlights the DNS Lookup Web Tool, while the same data is also available via API and database download options.

26.5+ million newly registered domains in Q1 2026.6.7+ million of them were identified by First Watch as malicious from ...
05/22/2026

26.5+ million newly registered domains in Q1 2026.
6.7+ million of them were identified by First Watch as malicious from the moment they were registered.

Our latest global domain activity analysis explores the trends, suspicious registration patterns, and shifting activity shaping today’s threat landscape.

📊 Explore the trends:
https://circleid.com/posts/global-domain-activity-trends-seen-in-q1-2026

05/21/2026

What ransomware did in 2025? Extortion, leaks, business interruption, and more…

We analyzed Picus Security's Top 10 Ransomware Group of 2025 list and mapped the footprint of the groups that shaped the 2025 landscape: , , , , , , , , , and .

Building on 267 network , we uncovered 9,537 new artifacts:
✅ 1 domain IoC bulk‑registered with 8 look‑alike domains.
✅ 3 domains likely registered with malicious intent from the start.
✅ 2,626 unique potential victim IP addresses communicating with 40 of the IP IoCs.
✅ 8,491 email‑connected domains, 36 malicious.
✅ 9 additional IP addresses, 8 malicious.
✅ 713 IP‑connected domains, 75 malicious.
✅ 324 string‑connected domains, 2 malicious.

Download the full report → https://main.whoisxmlapi.com/threat-reports/a-look-back-at-the-top-10-ransomware-of-2025

Address

440 N Barranca Avenue #1362
West Covina, CA
91723

Telephone

+18002070885

Website

Alerts

Be the first to know and let us send you an email when Whois API, LLC posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Whois API, LLC:

Shortcuts

Share

Category