Whois API, LLC

Name: Whois API, LLC
Address: 440 N Barranca Avenue #1362, West Covina, CA, 91723, US
Telephone: +18002070885

WhoisXML API is a cyber intel provider that has been gathering, analyzing, and correlating domain, IP, and DNS data for a more secure and transparent Internet.

We are a cyber threat intelligence provider trusted by over 50,000 clients and have been ranked one of Inc. 5000 fastest growing IT companies since 2017. Our customer base includes commercial security platforms (SIEM, SOAR, and TIP), Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs), Fortune 1000 companies, top cybercrime & law enforcement units, government agencies, b

anks, payment processors, telcos, and brand protection agencies. We also work closely with domain registries/registrars, domain investors/brokers, marketing researchers, big-data warehouses, web analytics firms, investment funds, VC firms, SMBs with a digital footprint, and more!

05/29/2026

What if a supply-chain compromise in trusted open‑source ecosystems turned into an attack path?

Thanks to for uncovering the Axios supply chain campaign and the initial . Elastic and also disclosed overlapping IoCs.
Building on their 22 IoCs, we uncovered 1,770 new artifacts:
✅ 16 unique client IP addresses communicating with 2 domain IoCs
✅ Two domain IoCsin typosquatting groups with 5–12 members each.
✅ One domain likely registered with malicious intent (651 days before reporting).
✅ 676 email-connected domains.
✅ Two additional IP addresses, both malicious.
✅ 58 IP-connected domains, four malicious.
✅ 1,034 string-connected domains, one malicious.

Download the full Axios Supply Chain Attack report → https://main.whoisxmlapi.com/threat-reports/the-dns-anatomy-of-the-axios-supply-chain-attack

05/27/2026

First Watch flagged 73 domains tied to and as likely malicious before they appeared in public reporting, some more than a year earlier.

Analysis of 191 network linked to eight Iran-affiliated groups uncovered 3,565+ new possible artifacts including connected domains, victim-linked IPs, and previously unidentified malicious infrastructure tied to these campaigns.

🔎 Explore the analysis:
https://circleid.com/posts/a-network-ioc-analysis-for-8-iran-affiliated-apt-groups

05/26/2026

Understanding a domain’s DNS setup can reveal valuable infrastructure insights during investigations.

With DNS Lookup, security teams can quickly retrieve DNS records including A, AAAA, MX, TXT, NS, SOA, SPF, and CNAME records to better understand domain configurations, infrastructure relationships, and potential anomalies.

Useful for investigating suspicious domains, validating DNS changes, and supporting threat hunting and DFIR workflows with fast access to actionable DNS intelligence.

Explore the tool here:
https://dns-lookup.whoisxmlapi.com/lookup

📌 The video highlights the DNS Lookup Web Tool, while the same data is also available via API and database download options.

05/25/2026

The window between initial access and attacker handoff has collapsed from 8 hours in 2022 to 22 seconds in 2025. Passive defense can't keep up with that. The industry needs to start disrupting threat actors. Our RSAC 2026 recap covers this and more in: https://www.whoisxmlapi.com/blog/whoisxml-api-at-rsac-2026-key-insights-and-trends
RSAC Conference

05/22/2026

26.5+ million newly registered domains in Q1 2026.
6.7+ million of them were identified by First Watch as malicious from the moment they were registered.

Our latest global domain activity analysis explores the trends, suspicious registration patterns, and shifting activity shaping today’s threat landscape.

📊 Explore the trends:
https://circleid.com/posts/global-domain-activity-trends-seen-in-q1-2026

05/21/2026

What ransomware did in 2025? Extortion, leaks, business interruption, and more…

We analyzed Picus Security's Top 10 Ransomware Group of 2025 list and mapped the footprint of the groups that shaped the 2025 landscape: , , , , , , , , , and .

Building on 267 network , we uncovered 9,537 new artifacts:
✅ 1 domain IoC bulk‑registered with 8 look‑alike domains.
✅ 3 domains likely registered with malicious intent from the start.
✅ 2,626 unique potential victim IP addresses communicating with 40 of the IP IoCs.
✅ 8,491 email‑connected domains, 36 malicious.
✅ 9 additional IP addresses, 8 malicious.
✅ 713 IP‑connected domains, 75 malicious.
✅ 324 string‑connected domains, 2 malicious.

Download the full report → https://main.whoisxmlapi.com/threat-reports/a-look-back-at-the-top-10-ransomware-of-2025

05/20/2026

Investigating a suspicious IP, domain, URL, CIDR, or file hash?

Threat Intelligence Lookup helps analysts and SOC teams move from a single indicator to meaningful threat context in seconds. Access intelligence from multiple trusted sources to support faster alert validation, risk assessment, and incident investigation workflows.

The platform is designed for threat hunters, security operations teams, and researchers who need quick, actionable visibility during investigations.

You can explore it here:
https://threat-intelligence.whoisxmlapi.com/lookup

📌 The video demonstrates the web interface, but the same intelligence is also available through API access and database downloads.

05/19/2026

🚨 April 2026 Domain Activity Highlights Are Here: https://www.whoisxmlapi.com/blog/april-2026-domain-activity-highlights

We analyzed 10.2M+ newly registered domains, and uncovered key shifts in registrars, TLDs, and emerging threat patterns.

What stood out:
• NRDs increased month over month
• 2.7M+ domains were flagged with malicious intent
• 1.1M+ domains were confirmed malicious, which decreased by 2.0% from March

Using First Watch, we identified the top TLDs used in malicious registrations, and analyzed confirmed threats from our Threat Intelligence Data Feeds to see how attacker behavior is evolving.

💡 What this means:
Threat actors continue to adapt, spreading activity across TLDs and shifting from early indicators to confirmed abuse patterns.

Stay ahead of domain-based threats with actionable DNS intelligence from WhoisXML API.

05/18/2026

What starts as a few malicious repos can quickly unravel into a much larger threat ecosystem.

Starting with just 20 IoCs, our latest investigation uncovered 650+ possible connected artifacts tied to the campaign—revealing how intelligence can expose the infrastructure behind evolving operations.

🔎 Dive into the analysis:
https://circleid.com/posts/forcememo-in-the-dns-spotlight

05/15/2026

We’re excited to share that Ed Gibbs, Vice President of Research at WhoisXML API, will be attending in Tampa!

SOF Week is where the special operations, defense, government, and technology communities come together to exchange ideas, explore mission-driven innovation, and discuss what’s next in national security.

With more than 30 years of experience, including work across DNS, WHOIS, NetFlow telemetry, , and Internet infrastructure research, Ed brings a sharp perspective to the conversations happening there.

We’re proud to have WhoisXML API represented at such a high-caliber gathering and look forward to the conversations ahead.

👉 Attending? Let’s connect: https://join.whoisxmlapi.com/upcoming-recent-events -CTA

See you in Tampa!

Address

440 N Barranca Avenue #1362
West Covina, CA
91723

Telephone

+18002070885

Website

https://www.whoisxmlapi.com/

Alerts

Be the first to know and let us send you an email when Whois API, LLC posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Whois API, LLC: