WhoisXML API

26.5+ million newly registered domains in Q1 2026. 6.7+ million of them were identified by First Watch as malicious from the moment they were registered. Our latest global domain activity analysis explores the #DNS trends, suspicious registration patterns, and shifting #TLD activity shaping today’s threat landscape. 📊 Explore the trends: circleid.com/posts/global-d… #ThreatIntelligence #CyberSecurity #DNS #DomainIntelligence

What #ransomware did in 2025? Extortion, leaks, business interruption, and more. We analyzed @PicusSecurity’s Top 10 Ransomware Group of 2025 list and mapped the #DNS footprint of the groups that defined 2025: #Qilin, #Akira, #Cl0p, #Play, #INCRansom, #SafePay, #Lynx, #RansomHub, #DragonForce, and #Babuk2. Building on 267 network #IoCs, we uncovered 9,537 new artifacts across domains, IPs, email‑connected infrastructure, and string‑connected assets. Download the full report → main.whoisxmlapi.com/threat-reports… #ThreatIntel #Cybersecurity #DNSintel #InfoSec

Investigate suspicious IPs, domains, URLs, CIDRs, and hashes faster with Threat Intelligence Lookup! Get actionable threat context in seconds for faster alert validation and investigations. Try it here: threat-intelligence.whoisxmlapi.com/lookup 📌 Available via Web Tool, API, and Database Download.

🚨 April 2026 Domain Activity Highlights: whoisxmlapi.com/blog/april-202… We analyzed 10.2M+ new domains: • 2.7M+ flagged with malicious intent • 1.1M+ confirmed malicious See how TLD trends and attacker behavior are evolving! #threatintelligence #cybersecurity #domainintel #infosec

What starts as a few malicious #GitHub repos can quickly unravel into a much larger threat ecosystem. Starting with just 20 #IoCs, our latest #ForceMemo investigation uncovered 650+ possible connected artifacts tied to the campaign—revealing how #DNS intelligence can expose the infrastructure behind evolving #malware operations. 🔎 Dive into the analysis: circleid.com/posts/forcemem… #ThreatIntelligence #CyberSecurity #GitHubSecurity #DNS #ThreatResearch #PythonSecurity

WhoisXML API is heading to #SOFWeek2026 by @GlobalSOF in Tampa! We’re looking forward to conversations around cyber defense, #threatintelligence, and the Internet data behind mission-focused #cybersecurity work. 👉 Attending #SOFWeek? Let’s connect: #Form-CTA" target="_blank" rel="nofollow noopener">join.whoisxmlapi.com/upcoming-recen… #InternetIntelligence #NationalSecurity

Great connecting with the #cybersecurity community at #BSidesSouthFlorida 2026. Proud that our own Ed Gibbs served on the event leadership team, with Tara Conneally and Erik Olson representing WhoisXML API onsite. Thanks to everyone who stopped by to chat with us—we’re already looking forward to next year. @bsidessoflo #BSides #cybersecurity #threatintelligence

We’re proud to be ranked #121 on the Inc. Regionals: Pacific 2026 list! 🎉 This recognition reflects our continued growth and commitment to delivering actionable cyber intelligence that helps organizations strengthen security worldwide. Thank you to our customers, partners, and team for being part of this milestone. Read more: whoisxmlapi.com/blog/whoisxml-… #IncRegionals #Cybersecurity #CyberIntelligence #DomainIntel

What if a GitHub account takeover campaign kept spreading through Python repos? Thanks to @step_security for the #ForceMemo initial 20 #IoCs, investigating which we uncovered 652 new possible artifacts → 1 bulk-registered domain with 11 look-alikes, 1 domain likely malicious, 86 email-connected domains, 9 IPs (4 malicious), and 557 string-connected domains. Download the full ForceMemo report→ main.whoisxmlapi.com/threat-reports… #ThreatIntel #Cybersecurity #GitHubSecurity #PythonSecurity

#LummaStealer is back—and #CastleLoader is helping it spread faster and stay hidden longer. Our latest #DNS deep dive reveals the infrastructure, obfuscation tactics, and DNS signals behind campaigns reaching 100K+ potential victims. 🔎 circleid.com/posts/dns-deep… #ThreatIntelligence #CyberSecurity #InfoSec #Malware

We analyzed 26.5+ million NRDs registered in Q1 2026. And do you know what? A total of 6.7+ million may have been registered with malicious intent. Download the report now to learn more about the trends we identified: main.whoisxmlapi.com/domain-activit… #DomainTrends #Trends #domainintel

Iran-affiliated #APTs blending into your enterprise traffic? Credit @S2W_Official for the 191 #IoCs, which we investigated and uncovered 3,565 new artifacts → 9,849 client IPs, 73 likely malicious domains, 1,841 potential victim IPs, 731 email-connected domains, 10 malicious IPs, and 2,824 connected domains. Download the full report → main.whoisxmlapi.com/threat-reports… #ThreatIntelligence #Cybersecurity #DNSintel #APT42 #APT34 #MuddyWater #PioneerKitten

#BSides South Florida is back on May 8 in Fort Lauderdale—and we’re excited to be part of it again. Proud that our own Ed Gibbs is on the leadership team, with Tara Conneally and Erik Olson attending. Grab your pass with 25% off using code WhoisAPI-25: whova.com/portal/registr… @bsidessoflo #BSidesSouthFlorida #cybersecurity #threatintelligence

AI agents don't just answer questions anymore. They take actions and operate autonomously while accessing your systems. At #RSAC2026, that shift was the defining conversation. Here's what our team took away from San Francisco at the @OneRSAC 2026: whoisxmlapi.com/blog/whoisxml-… #RSAC #ThreatIntelligence #AgenticAI

Thrilled to be part of @rightscon 2026! We’re looking forward to connecting with the community to explore how Internet intelligence—from #DNS to infrastructure visibility—can support transparency, accountability, and digital trust. 👉 Let’s connect: #Form-CTA" target="_blank" rel="nofollow noopener">join.whoisxmlapi.com/upcoming-recen… #RightsCon #RightsCon2026 #CyberSecurity #ThreatIntelligence #DigitalSafety

UAT-8099 targets vulnerable IIS servers across Asia, especially Thailand and Vietnam. Thanks to @TalosSecurity for the 27 #IoCs, expanding which we uncovered 12,876 new artifacts→ 12,787 email-connected domains, 13 IPs, 76 string-connected domains, and 3 IoC domains flagged 569 days early. Download the full UAT-8099 report → main.whoisxmlapi.com/threat-reports… #UAT8099 #ThreatIntelligence #Cybersecurity #DNSintel #InfoSec

From process injection to credential theft, the Red Report 2026 highlights how adversaries exploit trusted processes, credentials, and infrastructure to stay hidden longer. We revisited 11 featured threats and uncovered 147 network-based IoCs to better understand how these campaigns operate—and how early signals can expose them. 👉 Take a closer look: circleid.com/posts/a-look-b… #ThreatIntelligence #MITREATTACK #DNSintel #CyberSecurity #Infosec #CTI #ThreatHunting #SOC #RedReport2026

DNS cache poisoning continues to pose a threat to users worldwide, and Keiichiro Miyatake’s research team sought to study the deployment of countermeasures in #DNS environments. WhoisXML API took part in the project by providing #WHOIS data, enabling the team to conduct subsequent analyses. Learn more about the partnership in: main.whoisxmlapi.com/success-storie… #CachePoisoning #CyberSecurity #ThreatIntelligence #DomainIntel

#Keenadu is a firmware-level Android backdoor with broad control over infected devices. Thanks to @kaspersky for the intial 29 IoCs, expanding which we uncovered 209 new artifacts → 80 email-connected domains, 8 IPs, 52 IP-connected domains, and 69 string-connected domains. Download the full Keenadu report → main.whoisxmlapi.com/threat-reports… #AndroidSecurity #ThreatIntelligence #Cybersecurity #DNSintel #InfoSec

We’re excited to be at @rightscon 2026 Looking forward to conversations around digital rights, Internet governance, and the role of data in building a more transparent and secure Internet. Let’s connect: #Form-CTA" target="_blank" rel="nofollow noopener">join.whoisxmlapi.com/upcoming-recen… #RightsCon2026 #RightCon #CyberSecurity #ThreatIntelligence #DigitalSafety