WhoisXML API: Difference between revisions

(6 intermediate revisions by 3 users not shown)

Line 1:

{{~~CompanyInfo~~| ~~logo = Whoisxmlapi logo.png~~

{{Organization|

| ~~industry~~ = ~~Internet intelligence~~

|country = USA

| ~~founded~~ = ~~California, 2014~~

|date_founded = 2010

| ~~founders = Jonathan Zhang~~

|facebook = [https://www.facebook.com/whoisxmlapi/ WhoisXML API]

~~| country = USA~~

|focus = Internet intelligence

~~| website~~ = [https://www.~~whoisxmlapi~~.com/ whoisxmlapi~~.com~~]

|founders = Jonathan Zhang

| ~~blog~~ = [https://www.~~whoisxmlapi~~.com/~~blog~~ WhoisXML API ~~Blog~~]

|linkedin = [https://www.linkedin.com/company/whois-api-llc WhoisXML API]

| ~~facebook~~ = ~~[https://www~~.~~facebook.com/whoisxmlapi/ WhoisXML API]~~

|logo = Whoisxmlapi logo.png

| ~~linkedin~~ = [https://www.~~linkedin~~.com/~~company/whois-api-llc WhoisXML API]~~

|website = https://www.whoisxmlapi.com/

| ~~twitter~~ = whoisxmlapi

|x = whoisxmlapi

}}

'''WhoisXML API''' is ~~a cyber intelligence~~ provider specializing in ~~domain~~, IP, and [[DNS~~]] datasets. The company also provides~~ specialized Internet intelligence sources ~~and services~~, such as predictive threat intelligence, website categorization, IP geolocation, and email verification.

'''WHOIS API, Inc''', doing business under the brand name '''WhoisXML API'''<ref>[https://www.whoisxmlapi.com/ Official website]</ref>, is an OEM data provider specializing in delivering large datasets of normalized WHOIS, IP, and DNS intelligence, along with other specialized Internet intelligence sources, such as predictive threat intelligence, website categorization, IP geolocation, and email verification.

WhoisXML API ~~has been an Inc. 5000 honoree from 2017~~ to ~~2019~~ and ~~2021 to 2023 <ref>[https://www.inc.com/profile/whois-api Inc.com]</ref>~~ and ~~has offered its services to~~ more ~~than~~ 52,000 ~~users. Its~~ clients ~~include~~ Fortune 500 companies, security and technology solutions providers, and ~~governmental~~ organizations.

WhoisXML API Internet infrastructure intelligence data is used to build cybersecurity platforms, strengthen security services, and make cybersecurity processes and pipelines more meaningful and contextualized. Over 52,000 companies rely on WhoisXML API’s products, with its clients comprising Fortune 500 companies, security and technology solutions providers in the [https://cyber150.com/ Cyber 150 list], and government organizations.

WhoisXML API has ~~extensive domain and DNS~~ data ~~coverage in the market. As of 1 September 2023, its repositories cover~~ more than 16.7 billion ~~[[Whois|~~WHOIS]] records and ~~99.5% of all~~ the [[IP ~~Address|IP addresses]] in use~~.<ref>[https://main.whoisxmlapi.com/whoisxmlapi-in-figures WhoisXML API in Figures]</ref> The company has partnered and continues to collaborate with large data aggregators worldwide, including domain [[Registry|registries]], [[Registrar|registrars]], [[Internet Service Provider|ISPs]], and security agencies.

WhoisXML API has been aggregating Internet intelligence data for more than 15 years and has since accumulated hundreds of billions of data points—including 23.8 billion+ historical WHOIS records, 116 billion+ DNS records, and the IP records of 10.5 million+ netblocks<ref>[https://main.whoisxmlapi.com/whoisxmlapi-in-figures WhoisXML API in Figures]</ref>.

To accumulate data in these repositories, WhoisXML API has established long-term partnerships with major data aggregators worldwide, including domain registries, registrars, ISPs, ICANN<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-joins-industry-leaders-at-the-icann82-community-forum WhoisXML API Joins Industry Leaders at the ICANN82 Community Forum]</ref>, and security agencies.

==History and Growth==

WhoisXML API was ~~incorporated in 2014. However, it was initially conceptualized~~ in 2010 ~~when~~ its CEO and founder Jonathan Zhang worked on a network security project that required access to structured WHOIS data.~~<ref>[https://en.secnews.gr/426736/whoisxml-api-jonathan-zhang/ WhoisXML API: Jonathan Zhang explains everything about the service]. (19 October 2022). SecNews.</ref>~~ Zhang’s struggle to find a unified and readily integrable data source led to the idea of creating a company that would help organizations with that business problem.

WhoisXML API was founded in 2010 after its CEO and founder, Jonathan Zhang, worked on a network security project that required access to structured WHOIS data. Zhang’s struggle to find a unified and readily integrable data source led to the idea of creating a company that would help organizations with that business problem.

WhoisXML API’s overarching goal is to make the Internet safer and more transparent. The company does that by providing comprehensive and in-depth cyber intelligence.

WhoisXML API has consistently been recognized as one of the fastest-growing companies by the Financial Times in 2022<ref>[https://www.ft.com/content/6ee8f978-a2e0-4644-b7c7-0718a334adb7 FT ranking: The Americas’ Fastest-Growing Companies 2022]</ref>, 2023<ref>[https://r.statista.com/en/growth-champions/americas-fastest-growing-companies-2023/ranking/ The Americas' Fastest Growing Companies 2023]</ref>, 2024<ref>[https://www.ft.com/content/d4a20767-ea0f-4f8e-972d-84a513345784 FT ranking: The Americas’ Fastest-Growing Companies 2024]</ref>, and 2025<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-ranks-in-the-financial-times-top-fastest-growing-companies-in-2025 WhoisXML API Ranks in the Financial Times Top Fastest-Growing Companies in 2025]</ref> and by Inc. 5000<ref>[https://www.whoisxmlapi.com/blog/whoisxml-api-ranked-in-inc-5000-2024-fastest-growing-companies-in-america WhoisXML API Ranked in Inc. 5000 2024 Fastest-Growing Companies in America]</ref> for seven years.

==Products and Services==

WhoisXML API offers ~~several~~ products and services through ~~various~~ consumption models—APIs, data feeds, and web-based GUIs. Below is a list of the ~~products~~ WhoisXML API ~~offers~~ as of ~~1 September 2023~~.

WhoisXML API offers various products and services through different consumption models—APIs, data feeds, and web-based GUIs. Below is a list of the WhoisXML API products as of 7 July 2025.

{| class="wikitable"

!Type

!Domain/WHOIS

!DNS/IP

!Internet Intelligence

!Other Internet Intelligence

|-

!APIs

!WHOIS API

|WHOIS API

Bulk WHOIS API

Line 42:

Line 45:

Domain Availability API

!DNS Lookup API

|DNS Chronicle API

DNS Lookup API

Reverse IP API

Line 57:

Line 61:

IP Netblocks API

!Website Categorization API

|Website Categorization API

Domain Reputation API

Line 67:

Line 70:

Email Verification API

~~Website Contacts~~ API

Threat Intelligence API

MAC Address API

Line 74:

Line 77:

SSL Certificates API

~~Premium API Services~~

|-

!Data Feeds

!WHOIS Database Download

|WHOIS Database Download

WHOIS History Database Download

WHOIS History Database

Newly Registered Domains

Real-~~Time~~ Domain Registration

Real-time Domain Registration

!DNS Database Download

|DNS Database Download

Subdomains Database Download

IP Geolocation ~~Data Feed~~

IP Geolocation Database Download

IP Netblocks WHOIS Database

~~!Early DGA Detection Feed~~

Early Warning Phishing Feed

Regulatory Compliance IP Geolocation Data Feeds

|Early DGA Detection Data Feed

Early Warning Phishing Data Feed

First Watch Malicious Domains Data Feed

Typosquatting Data Feed

Line 100:

Line 102:

Threat Intelligence Data Feeds

Disposable Email Domains ~~Data Feed~~

Disposable Email Domains Database

Free Email Domains ~~Data Feed~~

Free Email Domains Database

Website ~~Contacts &~~ Categorization Database

Website Categorization Database

MAC Address Vendor Database

Line 110:

Line 112:

SSL Certificates Database

Real-~~Time~~ SSL Certificates Streaming

Real-time SSL Certificates Streaming

~~Newly Created Websites~~

~~All Registered Domains~~

|-

!Web Tools

!WHOIS Lookup

|WHOIS Lookup

Domain Age Checker

Bulk WHOIS Lookup

Line 128:

Line 127:

Domain Availability Lookup

!DNS Lookup

|DNS Chronicle Lookup

DNS Lookup

TXT Record Lookup

MX Record Lookup

CNAME Record Lookup

Reverse IP Lookup

Line 145:

Line 151:

IP Netblocks Lookup

!Website Categorization Lookup

|Website Categorization Lookup

Domain Reputation Lookup

Line 157:

Line 162:

Bulk Email Verification Lookup

~~Website Contacts~~ Lookup

Threat Intelligence Lookup

MAC Address Lookup

Line 166:

Line 171:

|}

===DNS ~~Database Coverage~~===

== Product Categories ==

In the ~~second quarter~~ of ~~2023~~, WhoisXML API ~~released Premium DNS Database~~, a ~~market~~-~~leading passive DNS repository~~ that the ~~company claims~~ has the ~~highest number~~ of ~~fully qualified domain names~~ (~~FQDNs~~).<ref>[https://~~world~~.~~einnews~~.com/~~pr_news~~/~~642359650~~/whoisxml-api-~~releases~~-~~premium~~-~~dns~~-~~database~~-with-~~market~~-~~leading~~-~~dns~~-~~coverage~~ WhoisXML API ~~Releases Premium DNS Database~~ with ~~Market~~-~~Leading DNS Coverage~~]. ~~(3 July 2023). EIN Newswires~~.</ref>

=== Domain Intelligence ===

WhoisXML API provides current and historical domain registration data aggregated using WHOIS and the new RDAP<ref>[https://whois.whoisxmlapi.com/blog/what-is-rdap What is RDAP?]</ref> protocol. This data includes details about the registrant, administrative and technical contacts, registration and expiration dates, nameservers, and the registrar responsible for the domain.

WhoisXML API domain data is used by digital forensics and incident response teams to uncover connections to malicious campaigns and manage attack surfaces by screening domain ownership. It helps identify discrepancies in customers’ WHOIS information, protecting against identity theft and fraud. The data also supports brand protection by detecting cybersquatting and trademark infringement and contributes to due diligence in third-party monitoring.

=== DNS Lookup and DNS History ===

WhoisXML API offers active DNS services and states that it has the most extensive passive DNS database in the market, comprising more than 50 types<ref>[https://dns-lookup.whoisxmlapi.com/api/documentation/making-requests WhoisXML API documentation]</ref> of DNS records, including A and AAAA records, MX records, NS records, TXT records, and SOA records.

Clients use WhoisXML API’s DNS data to understand their DNS configurations and identify vulnerabilities, such as exploitable dangling records. Cyber investigators pivot off DNS lookup responses to add more context to their investigations.

The company’s passive DNS data enables organizations to accelerate threat detection and response by analyzing historical DNS records for malware and threat patterns. It allows for continuous monitoring of threat actors' DNS footprints, exposing their malicious infrastructure and tactics, techniques and procedures (TTPs).

=== IP Intelligence ===

WhoisXML API provides comprehensive IP intelligence to clients seeking detailed context for any IP address. Their products offer IP geolocation data, including the IP address’ city, country, and latitude and longitude information. It also includes ASN information and IP netblock ownership details.

The data helps build attacker profiles, identify cybercriminal hotspots, and prevent fraud by verifying user locations during transactions. It also enables precise geotargeting and content personalization for marketing professionals.

=== Threat Intelligence Feeds ===

WhoisXML API offers a variety of tactical Threat Intelligence Data Feeds that list malicious indicators involved in cyberattacks, phishing, botnets, malware, command-and-control (C&C) servers, spam, and other suspicious activities. These feeds are categorized by threat type, updated daily, and delivered in structured formats (e.g., CSV, JSONL) for easy integration.

The company offers 10 different types of data:

* Malicious IPv4/IPv6 address data feeds

* Malicious domain name data feed

* Malicious URL data feed

* Malicious file hash data feed

* Hosts files

* Nginx ngx_http_access_module compatible IPv4/IPv6 denylists in CIDR notation

* Raw IPv4/IPv6 denylists

* Raw domain denylist

* Raw CIDR denylist

* Malicious IPv4/IPv6 ranges in CIDR notation data feeds

=== Predictive Threat Intelligence ===

WhoisXML API's predictive threat intelligence relies on extensive historical domain data and advanced machine learning models to identify clusters of newly registered domains that are likely to be used for malicious purposes, such as phishing, typosquatting, malware distribution, and command-and-control (C&C) operations. Their predictive threat intelligence data feeds include:

* First Watch Malicious Domains Data Feed

* Newly Registered Domains Data Feed

* Typosquatting Data Feed

* Early DGA Detection Data Feed

* Early Warning Phishing Data Feed

* Disposable Email Domains Database

=== '''Data Delivery Models''' ===

WhoisXML API datasets are available through the following data delivery models:

* '''APIs and lookups''': APIs allow for on-demand data retrieval, where users send a specific query and receive immediate results. This delivery model is designed for applications where up-to-date information is critical, such as live fraud detection and intrusion detection/prevention systems (IDPS). Each API has a web-based lookup version that allows users to test the tool and view a sample of the API responses.

* '''Database or data feeds''': WhoisXML API delivers large datasets, either as a complete database or as daily, weekly, or monthly data feeds. This model is ideal for use cases requiring bulk data processing, historical analysis, building extensive internal datasets, or integrating data into large-scale SIEM systems for comprehensive threat intelligence.

'''The Domain Research Suite (DRS)''': DRS<ref>[https://drs.whoisxmlapi.com/ Domain Research Suite (DRS)]</ref> is a web-based platform that integrates nine WhoisXML API tools into a single, user-friendly interface without needing to integrate APIs. It's designed for manual investigations, ad-hoc research, and monitoring by users who need quick insights and alerts without the need to write code, such as brand managers, cybersecurity analysts, or legal professionals.

==Partnerships ==

WhoisXML API maintains long-term continuous partnerships with several data aggregators and cybersecurity platforms. It regularly coordinates with ICANN, contributing to the organization’s policymaking discussions in ICANN77<ref>[https://itp.cdn.icann.org/en/files/icann77-policy-outcome-report-05jul23-en.pdf ICANN77 Policy Outcome Report]</ref>, ICANN82<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-joins-industry-leaders-at-the-icann82-community-forum WhoisXML API Joins Industry Leaders at the ICANN82 Community Forum]</ref>, and ICANN83<ref>[https://www.linkedin.com/feed/update/urn:li:activity:7332762552273108993/ WhoisXML API is heading to ICANN83 Policy Forum]</ref>.

WhoisXML API has also become an integration partner of several cybersecurity marketplaces and platforms, including Maltego<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-transforms-now-available-on-maltego WhoisXML API Transforms Now Available on Maltego]</ref>, OWASP Amass<ref>[https://main.whoisxmlapi.com/blog/owasp-amass-and-whoisxml-api-are-now-integration-partners OWASP Amass and WhoisXML API Are Now Integration Partners]</ref>, Snowflake<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-launches-newly-registered-domains-feed-community-edition-on-snowflake-marketplace WhoisXML API Launches Newly Registered Domains Feed (Community Edition) on Snowflake Marketplace]</ref><ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-is-now-a-snowflake-partner WhoisXML API Is Now a Snowflake Partner]</ref>, Anomali<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-announces-api-integration-with-anomali-threatstream WhoisXML API Announces API Integration with Anomali ThreatStream]</ref>, Sumo Logic<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-is-now-a-sumo-logic-partner WhoisXML API Is Now a Sumo Logic Partner]</ref>, Pangea<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-integration-is-now-available-on-pangea WhoisXML API Integration Is Now Available on Pangea]</ref>, Cyware<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-integration-is-now-available-on-cyware WhoisXML API Integration Is Now Available on Cyware]</ref>, Query.AI<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-integration-is-now-available-on-query-ai WhoisXML API Integration Is Now Available on Query.AI]</ref>, Logpresso<ref>[https://main.whoisxmlapi.com/blog/cyber-threat-detection-gets-a-boost-with-logpresso-and-whoisxml-api-partnership Cyber Threat Detection Gets a Boost with Logpresso and WhoisXML API Partnership]</ref>, and Core4ce<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-data-is-now-available-on-core4ces-cyberscape WhoisXML API Data Is Now Available on Core4ce’s Cyberscape]</ref>. This means that WhoisXML API’s cyber intelligence is accessible from within these platforms, provided that the user has an API key.

~~===Cyber Threat Intelligence===~~

WhoisXML API presented a study on Global DNS trends at Europol’s 13th Operation In Our Sites (IOS) conference in April 2022<ref>[https://main.whoisxmlapi.com/white-papers/whoisxml-api-presents-global-dns-trends-at-europol WhoisXML API Presents Global DNS Trends at Europol]</ref>, where researchers found bulk-registered typosquatting domains targeting luxury brands. In 2025, WhoisXML API partnered with Global Signal Exchange (GSE)<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-is-now-a-global-signal-exchange-gse-partner WhoisXML API Is Now a Global Signal Exchange (GSE) Partner]</ref> and contributed its Early Warning Phishing Feed to the project’s open data layer. WhoisXML API also joined the Internet Abuse Signal Collective (IASC)<ref>[https://main.whoisxmlapi.com/internet-abuse-signal-collective Internet Abuse Signal Collective (IASC)]</ref>, analyzing more than 50 active malware families and processing over five petabytes of DNS, WHOIS, IP, and NetFlow records.

WhoisXML API ~~supplies~~ a ~~wide range~~ of ~~Threat Intelligence APIs that users can analyze~~ and ~~integrate into existing security solutions~~. ~~These APIs include:~~

*Domain Infrastructure Analysis API

== Collaborations ==

*SSL Certificates Chain API

Over the years, WhoisXML API has worked with various researchers and government agencies. Among its most notable collaborations were with:

*SSL Configuration Analysis API

*Domain Malware Check API

*Connected Domains API

*Domain Reputation Scoring API

~~The company also offers Threat Intelligence Data Feeds that list malicious Internet assets involved in [[phishing]], [[Botnet Attacks|botnets]], [~~[~~malware]], C~~&~~C servers, [[spam]~~], ~~Tor exit nodes, and other cyber attacks and suspicious web activities~~.

* '''Darksight Analytics'''<ref>[https://main.whoisxmlapi.com/success-stories/darksight-analytics-whoisxml-api-exposing-an-investment-fraud-network Darksight Analytics & WhoisXML API: Exposing an Investment Fraud Network]</ref>''':''' The intelligence consultancy company collaborated with WhoisXML API to expose an investment fraud network. They used the Domain Research Suite to uncover connections and infrastructure used by scammers, helping to map out the malicious network.

~~===Domain Research Suite (DRS)===~~

* '''SIDN Labs and the Delft University of Technology'''<ref>[https://main.whoisxmlapi.com/success-stories/icann-supported-statistical-analysis-whoisxml-api-making-sense-of-dns-abuse-in-gtlds ICANN-Supported Statistical Analysis & WhoisXML API: Making Sense of DNS Abuse in gTLDs]</ref>: In an ICANN-supported statistical analysis of DNS abuse, researchers from these organizations combined various datasets, including WhoisXML API's WHOIS data, to identify cybercriminal behavior patterns, including specific registrar characteristics that contribute to such behaviors.

~~WhoisXML API has a web-based domain search~~ and ~~monitor platform called~~ the ~~“Domain Research Suite (DRS)~~.~~” DRS is a 9~~-in-~~1 solution designed to look up a domain’s current and historical~~ WHOIS ~~details~~, ~~pivot off any WHOIS record~~ to ~~find connected properties~~, ~~and search for domains or subdomains containing~~ specific ~~text strings. The suite also allows users~~ to ~~monitor domain registration activities~~. ~~It is composed of the following tools:~~

*~~Reverse~~ WHOIS ~~Search~~

* '''EU DisinfoLab'''<ref>[https://main.whoisxmlapi.com/success-stories/eu-disinfolab-uses-historical-whois-data-to-cast-a-light-on-indian-chronicles EU DisinfoLab Uses Historical WHOIS Data to Cast a Light on Indian Chronicles]</ref>: The nonprofit organization leveraged historical WHOIS data to investigate a large network of fake media outlets that led to the discovery of the "Indian Chronicles," a long-running disinformation campaign.

*WHOIS ~~History Search~~

*WHOIS Search

*Reverse DNS Search

*Domain Availability Check

*Domains & Subdomains Discovery

*Domain Monitor

*Registrant Monitor

*Brand Monitor

~~===IP Intelligence===~~

* '''Lighthouse Reports'''<ref>[https://main.whoisxmlapi.com/success-stories/whois-data-aids-lighthouse-reports-shed-light-on-years-long-surveillance-operations WHOIS Data Aids Lighthouse Reports Shed Light on Years-Long Surveillance Operations]</ref>: The investigative journalism collective utilized WhoisXML API's current and historical WHOIS records to identify the owners and infrastructure behind websites used for a massive surveillance operation.

In 2022, WhoisXML API launched the Regulatory Compliance IP Geolocation Data Feeds, which currently contains IP addresses and netblocks owned by entities based in locations restricted by the Office of Foreign Assets Control (OFAC). The company is planning to provide separate files specific to areas restricted by the International Traffic in Arms Regulations (ITAR) and the Common Foreign and Security Policy (CFSP).<ref>[https://~~www~~.~~einnews~~.com/~~pr_news/606112629~~/~~whoisxml~~-~~api~~-s-ip-~~intelligence~~-~~now~~-~~includes~~-~~regulatory~~-~~compliance~~-ip-~~data~~-~~feeds WhoisXML API’s IP Intelligence Now Includes Regulatory Compliance IP~~ Data ~~Feeds. (14 December 2022)~~]~~. EIN Newswires.~~</ref>

~~==Partnerships and Collaborations==~~

* '''CyberPeace Institute'''<ref>[https://main.whoisxmlapi.com/success-stories/cyberpeace-institute-and-whoisxml-api-enumerating-cloud-assets-with-passive-dns-intelligence CyberPeace Institute and WhoisXML API: Enumerating Cloud Assets with Passive DNS Intelligence]</ref>: A researcher at CyberPeace Institute used WhoisXML API’s passive DNS database to demonstrate the ease with which threat actors can enumerate cloud assets, specifically in multitenant applications.

WhoisXML API has worked with prestigious entities in the cybersecurity, fraud detection, brand protection, and law enforcement sectors. In April 2022, the company was invited to present at Europol’s 13th Operation In Our Sites (IOS) held in Alicante, Spain.<ref>[https://main.whoisxmlapi.com/success-stories/~~law~~-~~enforcement~~-~~solutions/~~whoisxml-api-~~presents~~-~~global~~-~~dns~~-~~trends~~-at-~~europol~~ WhoisXML API ~~Presents Global~~ DNS ~~Trends at Europol~~]</ref>

In 2020, WhoisXML API worked with a Bloomberg columnist to raise awareness about coronavirus-themed domains<ref>[https://www.bloomberg.com/opinion/articles/2020-04-01/coronavirus-means-opportunity-for-suspicious-websites#xj4y7vzkg Don’t Click That Link! It Might Be Viral]. (2 April 2020). Bloomberg.</ref> that were likely to figure in malicious activities. Its other collaborations include those with the National Child Protection Task Force (~~NCPTF~~),<ref>[https://main.whoisxmlapi.com/success-stories/~~law-enforcement-solutions/the~~-~~national~~-~~child~~-~~protection~~-~~task-force~~-whoisxml-api-~~osint~~-~~tech~~-~~that-saves-lives The National Child Protection Task Force~~ (~~NCPTF~~) & WhoisXML ~~API—OSINT Tech That Saves Lives~~]</ref> ~~ScamAdviser,<ref>[https~~:~~//main.whoisxmlapi.com/success-stories/cyber-security-solutions/domain-registration-data-aids-in-understanding-the-state-~~of~~-online-scams Domain Registration Data Aids in Understanding the State~~ of ~~Online Scams] </ref> and EU DisinfoLab.<ref>[https://main.whoisxmlapi.com/success-stories/fraud-detection-solutions/eu-disinfolab-uses-historical-whois-~~data~~-to-cast-a-light-on-indian-chronicles EU DisinfoLab Uses Historical~~ WHOIS ~~Data~~ to ~~Cast a Light on Indian Chronicles]</ref> WhoisXML API also became a member of~~ the ~~Business Constituency<ref>[https://www.icannbc.org/bc-membership-list BC Membership List]</ref> in 2023~~.

* '''University College London (UCL)'''<ref>[https://main.whoisxmlapi.com/success-stories/university-college-london-ucl-and-whoisxml-api-understanding-smishing-infrastructures University College London (UCL) and WhoisXML API: Understanding Smishing Infrastructures]</ref>: A UCL researcher investigated smishing infrastructures of thousands of domain names using automated access to WHOIS data through WHOIS API. This enabled him to identify the registrars criminals commonly abused to register smishing domains.

WhoisXML API ~~continues its call for partnerships under several programs~~, ~~namely:~~

* '''DomainHunter'''<ref>[https://main.whoisxmlapi.com/success-stories/domainhunter-whoisxml-api-detecting-and-profiling-potentially-malicious-domains DomainHunter & WhoisXML API: Detecting and Profiling Potentially Malicious Domains]</ref>: The threat detection system integrates the WHOIS API to identify and profile potentially malicious domains by extracting detailed registration data. This enabled DomainHunter to create in-depth threat profiles of suspicious domains that include context on domain age, ownership, and hosting infrastructure.

*~~Affiliate Programs~~

* '''NCPTF'''<ref>[https://www.linkedin.com/posts/the-national-child-protection-task-force_first-ever-northeast-florida-missing-child-activity-7341220350468243457-xmu6 23 Missing & Endangered Children Located in Northeast Florida] </ref>''':''' WhoisXML API supported the Missing Child Rescue Operation in Northeast Florida by supplying critical data points that aided in the efforts to locate missing children.

*Data Exchange Program for Internet Abuse Prevention

*Security Intel Exchange Program

*Research and Media Collaborations

==External Links==

@@ Line 1: / Line 1: @@
-{{CompanyInfo| logo            = Whoisxmlapi logo.png
+{{Organization|
-| industry        = Internet intelligence
+|country = USA
-| founded         = California, 2014
+|date_founded = 2010
-| founders        = Jonathan Zhang
+|facebook = [https://www.facebook.com/whoisxmlapi/ WhoisXML API]
-| country         = USA
+|focus = Internet intelligence
-| website         = [https://www.whoisxmlapi.com/ whoisxmlapi.com]
+|founders = Jonathan Zhang
-| blog            = [https://www.whoisxmlapi.com/blog WhoisXML API Blog]
+|linkedin = [https://www.linkedin.com/company/whois-api-llc WhoisXML API]
-| facebook        = [https://www.facebook.com/whoisxmlapi/ WhoisXML API]
+|logo = Whoisxmlapi logo.png
-| linkedin        = [https://www.linkedin.com/company/whois-api-llc WhoisXML API]
+|website = https://www.whoisxmlapi.com/
-| twitter         = whoisxmlapi
+|x = whoisxmlapi
 }}
-'''WhoisXML API''' is a cyber intelligence provider specializing in domain, IP, and [[DNS]] datasets. The company also provides specialized Internet intelligence sources and services, such as predictive threat intelligence, website categorization, IP geolocation, and email verification.
+'''WHOIS API, Inc''', doing business under the brand name '''WhoisXML API'''<ref>[https://www.whoisxmlapi.com/ Official website]</ref>, is an OEM data provider specializing in delivering large datasets of normalized WHOIS, IP, and DNS intelligence, along with other specialized Internet intelligence sources, such as predictive threat intelligence, website categorization, IP geolocation, and email verification.
-WhoisXML API has been an Inc. 5000 honoree from 2017 to 2019 and 2021 to 2023 <ref>[https://www.inc.com/profile/whois-api Inc.com]</ref> and has offered its services to more than 52,000 users. Its clients include Fortune 500 companies, security and technology solutions providers, and governmental organizations.
+WhoisXML API Internet infrastructure intelligence data is used to build cybersecurity platforms, strengthen security services, and make cybersecurity processes and pipelines more meaningful and contextualized. Over 52,000 companies rely on WhoisXML API’s products, with its clients comprising Fortune 500 companies, security and technology solutions providers in the [https://cyber150.com/ Cyber 150 list], and government organizations.
-WhoisXML API has extensive domain and DNS data coverage in the market. As of 1 September 2023, its repositories cover more than 16.7 billion [[Whois|WHOIS]] records and 99.5% of all the [[IP Address|IP addresses]] in use.<ref>[https://main.whoisxmlapi.com/whoisxmlapi-in-figures WhoisXML API in Figures]</ref> The company has partnered and continues to collaborate with large data aggregators worldwide, including domain [[Registry|registries]], [[Registrar|registrars]], [[Internet Service Provider|ISPs]], and security agencies.
+WhoisXML API has been aggregating Internet intelligence data for more than 15 years and has since accumulated hundreds of billions of data points—including 23.8 billion+ historical WHOIS records, 116 billion+ DNS records, and the IP records of 10.5 million+ netblocks<ref>[https://main.whoisxmlapi.com/whoisxmlapi-in-figures WhoisXML API in Figures]</ref>.
+To accumulate data in these repositories, WhoisXML API has established long-term partnerships with major data aggregators worldwide, including domain registries, registrars, ISPs, ICANN<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-joins-industry-leaders-at-the-icann82-community-forum WhoisXML API Joins Industry Leaders at the ICANN82 Community Forum]</ref>, and security agencies.
 ==History and Growth==
-WhoisXML API was incorporated in 2014. However, it was initially conceptualized in 2010 when its CEO and founder Jonathan Zhang worked on a network security project that required access to structured WHOIS data.<ref>[https://en.secnews.gr/426736/whoisxml-api-jonathan-zhang/ WhoisXML API: Jonathan Zhang explains everything about the service]. (19 October 2022). SecNews.</ref> Zhang’s struggle to find a unified and readily integrable data source led to the idea of creating a company that would help organizations with that business problem.
+WhoisXML API was founded in 2010 after its CEO and founder, Jonathan Zhang, worked on a network security project that required access to structured WHOIS data. Zhang’s struggle to find a unified and readily integrable data source led to the idea of creating a company that would help organizations with that business problem.
 WhoisXML API’s overarching goal is to make the Internet safer and more transparent. The company does that by providing comprehensive and in-depth cyber intelligence.
+WhoisXML API has consistently been recognized as one of the fastest-growing companies by the Financial Times in 2022<ref>[https://www.ft.com/content/6ee8f978-a2e0-4644-b7c7-0718a334adb7 FT ranking: The Americas’ Fastest-Growing Companies 2022]</ref>, 2023<ref>[https://r.statista.com/en/growth-champions/americas-fastest-growing-companies-2023/ranking/ The Americas' Fastest Growing Companies 2023]</ref>, 2024<ref>[https://www.ft.com/content/d4a20767-ea0f-4f8e-972d-84a513345784 FT ranking: The Americas’ Fastest-Growing Companies 2024]</ref>, and 2025<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-ranks-in-the-financial-times-top-fastest-growing-companies-in-2025 WhoisXML API Ranks in the Financial Times Top Fastest-Growing Companies in 2025]</ref> and by Inc. 5000<ref>[https://www.whoisxmlapi.com/blog/whoisxml-api-ranked-in-inc-5000-2024-fastest-growing-companies-in-america WhoisXML API Ranked in Inc. 5000 2024 Fastest-Growing Companies in America]</ref> for seven years.
 ==Products and Services==
-WhoisXML API offers several products and services through various consumption models—APIs, data feeds, and web-based GUIs. Below is a list of the products WhoisXML API offers as of 1 September 2023.
+WhoisXML API offers various products and services through different consumption models—APIs, data feeds, and web-based GUIs. Below is a list of the WhoisXML API products  as of 7 July 2025.
 {| class="wikitable"
 !Type
 !Domain/WHOIS
 !DNS/IP
-!Internet Intelligence
+!Other Internet Intelligence
 |-
 !APIs
-!WHOIS API
+|WHOIS API
 Bulk WHOIS API
@@ Line 42: / Line 45: @@
 Domain Availability API
-!DNS Lookup API
+|DNS Chronicle API
+DNS Lookup API
 Reverse IP API
@@ Line 57: / Line 61: @@
 IP Netblocks API
-!Website Categorization API
+|Website Categorization API
 Domain Reputation API
@@ Line 67: / Line 70: @@
 Email Verification API
-Website Contacts API
+Threat Intelligence API
 MAC Address API
@@ Line 74: / Line 77: @@
 SSL Certificates API
-Premium API Services
 |-
 !Data Feeds
-!WHOIS Database Download
+|WHOIS Database Download
+WHOIS History Database Download
-WHOIS History Database
 Newly Registered Domains
-Real-Time Domain Registration
+Real-time Domain Registration
-!DNS Database Download
+|DNS Database Download
 Subdomains Database Download
-IP Geolocation Data Feed
+IP Geolocation Database Download
 IP Netblocks WHOIS Database
-!Early DGA Detection Feed
-Early Warning Phishing Feed
+Regulatory Compliance IP Geolocation Data Feeds
+|Early DGA Detection Data Feed
+Early Warning Phishing Data Feed
+First Watch Malicious Domains Data Feed
 Typosquatting Data Feed
@@ Line 100: / Line 102: @@
 Threat Intelligence Data Feeds
-Disposable Email Domains Data Feed
+Disposable Email Domains Database
-Free Email Domains Data Feed
+Free Email Domains Database
-Website Contacts & Categorization Database
+Website Categorization Database
 MAC Address Vendor Database
@@ Line 110: / Line 112: @@
 SSL Certificates Database
-Real-Time SSL Certificates Streaming
+Real-time SSL Certificates Streaming
-Newly Created Websites
-All Registered Domains
 |-
 !Web Tools
-!WHOIS Lookup
+|WHOIS Lookup
+Domain Age Checker
 Bulk WHOIS Lookup
@@ Line 128: / Line 127: @@
 Domain Availability Lookup
-!DNS Lookup
+|DNS Chronicle Lookup
+DNS Lookup
+TXT Record Lookup
+MX Record Lookup
+CNAME Record Lookup
 Reverse IP Lookup
@@ Line 145: / Line 151: @@
 IP Netblocks Lookup
-!Website Categorization Lookup
+|Website Categorization Lookup
 Domain Reputation Lookup
@@ Line 157: / Line 162: @@
 Bulk Email Verification Lookup
-Website Contacts Lookup
+Threat Intelligence Lookup
 MAC Address Lookup
@@ Line 166: / Line 171: @@
 |}
-===DNS Database Coverage===
+== Product Categories ==
-In the second quarter of 2023, WhoisXML API released Premium DNS Database, a market-leading passive DNS repository that the company claims has the highest number of fully qualified domain names (FQDNs).<ref>[https://world.einnews.com/pr_news/642359650/whoisxml-api-releases-premium-dns-database-with-market-leading-dns-coverage WhoisXML API Releases Premium DNS Database with Market-Leading DNS Coverage]. (3 July 2023). EIN Newswires.</ref>
+=== Domain Intelligence ===
+WhoisXML API provides current and historical domain registration data aggregated using WHOIS and the new RDAP<ref>[https://whois.whoisxmlapi.com/blog/what-is-rdap What is RDAP?]</ref> protocol. This data includes details about the registrant, administrative and technical contacts, registration and expiration dates, nameservers, and the registrar responsible for the domain.
+WhoisXML API domain data is used by digital forensics and incident response teams to uncover connections to malicious campaigns and manage attack surfaces by screening domain ownership. It helps identify discrepancies in customers’ WHOIS information, protecting against identity theft and fraud. The data also supports brand protection by detecting cybersquatting and trademark infringement and contributes to due diligence in third-party monitoring.
+=== DNS Lookup and DNS History ===
+WhoisXML API offers active DNS services and states that it has the most extensive passive DNS database in the market, comprising more than 50 types<ref>[https://dns-lookup.whoisxmlapi.com/api/documentation/making-requests WhoisXML API documentation]</ref> of DNS records, including A and AAAA records, MX records, NS records, TXT records, and SOA records.
+Clients use WhoisXML API’s DNS data to understand their DNS configurations and identify vulnerabilities, such as exploitable dangling records. Cyber investigators pivot off DNS lookup responses to add more context to their investigations.
+The company’s passive DNS data enables organizations to accelerate threat detection and response by analyzing historical DNS records for malware and threat patterns. It allows for continuous monitoring of threat actors' DNS footprints, exposing their malicious infrastructure and tactics, techniques and procedures (TTPs).
+=== IP Intelligence ===
+WhoisXML API provides comprehensive IP intelligence to clients seeking detailed context for any IP address. Their products offer IP geolocation data, including the IP address’ city, country, and latitude and longitude information. It also includes ASN information and IP netblock ownership details.
+The data helps build attacker profiles, identify cybercriminal hotspots, and prevent fraud by verifying user locations during transactions. It also enables precise geotargeting and content personalization for marketing professionals.
+=== Threat Intelligence Feeds ===
+WhoisXML API offers a variety of tactical Threat Intelligence Data Feeds that list malicious indicators involved in cyberattacks, phishing, botnets, malware, command-and-control (C&C) servers, spam, and other suspicious activities. These feeds are categorized by threat type, updated daily, and delivered in structured formats (e.g., CSV, JSONL) for easy integration.
+The company offers 10 different types of data:
+* Malicious IPv4/IPv6 address data feeds
+* Malicious domain name data feed
+* Malicious URL data feed
+* Malicious file hash data feed
+* Hosts files
+* Nginx ngx_http_access_module compatible IPv4/IPv6 denylists in CIDR notation
+* Raw IPv4/IPv6 denylists
+* Raw domain denylist
+* Raw CIDR denylist
+* Malicious IPv4/IPv6 ranges in CIDR notation data feeds
+=== Predictive Threat Intelligence ===
+WhoisXML API's predictive threat intelligence relies on extensive historical domain data and advanced machine learning models to identify clusters of newly registered domains that are likely to be used for malicious purposes, such as phishing, typosquatting, malware distribution, and command-and-control (C&C) operations. Their predictive threat intelligence data feeds include:
+* First Watch Malicious Domains Data Feed
+* Newly Registered Domains Data Feed
+* Typosquatting Data Feed
+* Early DGA Detection Data Feed
+* Early Warning Phishing Data Feed
+* Disposable Email Domains Database
+=== '''Data Delivery Models''' ===
+WhoisXML API datasets are available through the following data delivery models:
+* '''APIs and lookups''': APIs allow for on-demand data retrieval, where users send a specific query and receive immediate results. This delivery model is designed for applications where up-to-date information is critical, such as live fraud detection and intrusion detection/prevention systems (IDPS). Each API has a web-based lookup version that allows users to test the tool and view a sample of the API responses.
+* '''Database or data feeds''': WhoisXML API delivers large datasets, either as a complete database or as daily, weekly, or monthly data feeds. This model is ideal for use cases requiring bulk data processing, historical analysis, building extensive internal datasets, or integrating data into large-scale SIEM systems for comprehensive threat intelligence.
+'''The Domain Research Suite (DRS)''': DRS<ref>[https://drs.whoisxmlapi.com/ Domain Research Suite (DRS)]</ref> is a web-based platform that integrates nine WhoisXML API tools into a single, user-friendly interface without needing to integrate APIs. It's designed for manual investigations, ad-hoc research, and monitoring by users who need quick insights and alerts without the need to write code, such as brand managers, cybersecurity analysts, or legal professionals.
+==Partnerships ==
+WhoisXML API maintains long-term continuous partnerships with several data aggregators and cybersecurity platforms. It regularly coordinates with ICANN, contributing to the organization’s policymaking discussions in ICANN77<ref>[https://itp.cdn.icann.org/en/files/icann77-policy-outcome-report-05jul23-en.pdf ICANN77 Policy Outcome Report]</ref>, ICANN82<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-joins-industry-leaders-at-the-icann82-community-forum WhoisXML API Joins Industry Leaders at the ICANN82 Community Forum]</ref>, and ICANN83<ref>[https://www.linkedin.com/feed/update/urn:li:activity:7332762552273108993/ WhoisXML API is heading to ICANN83 Policy Forum]</ref>.
+WhoisXML API has also become an integration partner of several cybersecurity marketplaces and platforms, including Maltego<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-transforms-now-available-on-maltego WhoisXML API Transforms Now Available on Maltego]</ref>, OWASP Amass<ref>[https://main.whoisxmlapi.com/blog/owasp-amass-and-whoisxml-api-are-now-integration-partners OWASP Amass and WhoisXML API Are Now Integration Partners]</ref>, Snowflake<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-launches-newly-registered-domains-feed-community-edition-on-snowflake-marketplace WhoisXML API Launches Newly Registered Domains Feed (Community Edition) on Snowflake Marketplace]</ref><ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-is-now-a-snowflake-partner WhoisXML API Is Now a Snowflake Partner]</ref>, Anomali<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-announces-api-integration-with-anomali-threatstream WhoisXML API Announces API Integration with Anomali ThreatStream]</ref>, Sumo Logic<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-is-now-a-sumo-logic-partner WhoisXML API Is Now a Sumo Logic Partner]</ref>, Pangea<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-integration-is-now-available-on-pangea WhoisXML API Integration Is Now Available on Pangea]</ref>, Cyware<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-integration-is-now-available-on-cyware WhoisXML API Integration Is Now Available on Cyware]</ref>, Query.AI<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-integration-is-now-available-on-query-ai WhoisXML API Integration Is Now Available on Query.AI]</ref>, Logpresso<ref>[https://main.whoisxmlapi.com/blog/cyber-threat-detection-gets-a-boost-with-logpresso-and-whoisxml-api-partnership Cyber Threat Detection Gets a Boost with Logpresso and WhoisXML API Partnership]</ref>, and Core4ce<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-data-is-now-available-on-core4ces-cyberscape WhoisXML API Data Is Now Available on Core4ce’s Cyberscape]</ref>. This means that WhoisXML API’s cyber intelligence is accessible from within these platforms, provided that the user has an API key.
-===Cyber Threat Intelligence===
+WhoisXML API presented a study on Global DNS trends at Europol’s 13th Operation In Our Sites (IOS) conference in April 2022<ref>[https://main.whoisxmlapi.com/white-papers/whoisxml-api-presents-global-dns-trends-at-europol WhoisXML API Presents Global DNS Trends at Europol]</ref>, where researchers found bulk-registered typosquatting domains targeting luxury brands. In 2025, WhoisXML API partnered with Global Signal Exchange (GSE)<ref>[https://main.whoisxmlapi.com/blog/whoisxml-api-is-now-a-global-signal-exchange-gse-partner WhoisXML API Is Now a Global Signal Exchange (GSE) Partner]</ref> and contributed its Early Warning Phishing Feed to the project’s open data layer. WhoisXML API also joined the Internet Abuse Signal Collective (IASC)<ref>[https://main.whoisxmlapi.com/internet-abuse-signal-collective Internet Abuse Signal Collective (IASC)]</ref>, analyzing more than 50 active malware families and processing over five petabytes of DNS, WHOIS, IP, and NetFlow records.
-WhoisXML API supplies a wide range of Threat Intelligence APIs that users can analyze and integrate into existing security solutions. These APIs include:
-*Domain Infrastructure Analysis API
+== Collaborations ==
-*SSL Certificates Chain API
+Over the years, WhoisXML API has worked with various researchers and government agencies. Among its most notable collaborations were with:
-*SSL Configuration Analysis API
-*Domain Malware Check API
-*Connected Domains API
-*Domain Reputation Scoring API
-The company also offers Threat Intelligence Data Feeds that list malicious Internet assets involved in [[phishing]], [[Botnet Attacks|botnets]], [[malware]], C&C servers, [[spam]], Tor exit nodes, and other cyber attacks and suspicious web activities.
+* '''Darksight Analytics'''<ref>[https://main.whoisxmlapi.com/success-stories/darksight-analytics-whoisxml-api-exposing-an-investment-fraud-network Darksight Analytics & WhoisXML API: Exposing an Investment Fraud Network]</ref>''':''' The intelligence consultancy company collaborated with WhoisXML API to expose an investment fraud network. They used the Domain Research Suite to uncover connections and infrastructure used by scammers, helping to map out the malicious network.
-===Domain Research Suite (DRS)===
+* '''SIDN Labs and the Delft University of Technology'''<ref>[https://main.whoisxmlapi.com/success-stories/icann-supported-statistical-analysis-whoisxml-api-making-sense-of-dns-abuse-in-gtlds ICANN-Supported Statistical Analysis & WhoisXML API: Making Sense of DNS Abuse in gTLDs]</ref>: In an ICANN-supported statistical analysis of DNS abuse, researchers from these organizations combined various datasets, including WhoisXML API's WHOIS data, to identify cybercriminal behavior patterns, including specific registrar characteristics that contribute to such behaviors.
-WhoisXML API has a web-based domain search and monitor platform called the “Domain Research Suite (DRS).” DRS is a 9-in-1 solution designed to look up a domain’s current and historical WHOIS details, pivot off any WHOIS record to find connected properties, and search for domains or subdomains containing specific text strings. The suite also allows users to monitor domain registration activities. It is composed of the following tools:
-*Reverse WHOIS Search
+* '''EU DisinfoLab'''<ref>[https://main.whoisxmlapi.com/success-stories/eu-disinfolab-uses-historical-whois-data-to-cast-a-light-on-indian-chronicles EU DisinfoLab Uses Historical WHOIS Data to Cast a Light on Indian Chronicles]</ref>: The nonprofit organization leveraged historical WHOIS data to investigate a large network of fake media outlets that led to the discovery of the "Indian Chronicles," a long-running disinformation campaign.
-*WHOIS History Search
-*WHOIS Search
-*Reverse DNS Search
-*Domain Availability Check
-*Domains & Subdomains Discovery
-*Domain Monitor
-*Registrant Monitor
-*Brand Monitor
-===IP Intelligence===
+* '''Lighthouse Reports'''<ref>[https://main.whoisxmlapi.com/success-stories/whois-data-aids-lighthouse-reports-shed-light-on-years-long-surveillance-operations WHOIS Data Aids Lighthouse Reports Shed Light on Years-Long Surveillance Operations]</ref>: The investigative journalism collective utilized WhoisXML API's current and historical WHOIS records to identify the owners and infrastructure behind websites used for a massive surveillance operation.
-In 2022, WhoisXML API launched the Regulatory Compliance IP Geolocation Data Feeds, which currently contains IP addresses and netblocks owned by entities based in locations restricted by the Office of Foreign Assets Control (OFAC). The company is planning to provide separate files specific to areas restricted by the International Traffic in Arms Regulations (ITAR) and the Common Foreign and Security Policy (CFSP).<ref>[https://www.einnews.com/pr_news/606112629/whoisxml-api-s-ip-intelligence-now-includes-regulatory-compliance-ip-data-feeds WhoisXML API’s IP Intelligence Now Includes Regulatory Compliance IP Data Feeds. (14 December 2022)]. EIN Newswires.</ref>
-==Partnerships and Collaborations==
+* '''CyberPeace Institute'''<ref>[https://main.whoisxmlapi.com/success-stories/cyberpeace-institute-and-whoisxml-api-enumerating-cloud-assets-with-passive-dns-intelligence CyberPeace Institute and WhoisXML API: Enumerating Cloud Assets with Passive DNS Intelligence]</ref>: A researcher at CyberPeace Institute used WhoisXML API’s passive DNS database to demonstrate the ease with which threat actors can enumerate cloud assets, specifically in multitenant applications.
-WhoisXML API has worked with prestigious entities in the cybersecurity, fraud detection, brand protection, and law enforcement sectors. In April 2022, the company was invited to present at Europol’s 13th Operation In Our Sites (IOS) held in Alicante, Spain.<ref>[https://main.whoisxmlapi.com/success-stories/law-enforcement-solutions/whoisxml-api-presents-global-dns-trends-at-europol WhoisXML API Presents Global DNS Trends at Europol]</ref>
-In 2020, WhoisXML API worked with a Bloomberg columnist to raise awareness about coronavirus-themed domains<ref>[https://www.bloomberg.com/opinion/articles/2020-04-01/coronavirus-means-opportunity-for-suspicious-websites#xj4y7vzkg Don’t Click That Link! It Might Be Viral]. (2 April 2020). Bloomberg.</ref> that were likely to figure in malicious activities. Its other collaborations include those with the National Child Protection Task Force (NCPTF),<ref>[https://main.whoisxmlapi.com/success-stories/law-enforcement-solutions/the-national-child-protection-task-force-whoisxml-api-osint-tech-that-saves-lives The National Child Protection Task Force (NCPTF) & WhoisXML API—OSINT Tech That Saves Lives]</ref> ScamAdviser,<ref>[https://main.whoisxmlapi.com/success-stories/cyber-security-solutions/domain-registration-data-aids-in-understanding-the-state-of-online-scams Domain Registration Data Aids in Understanding the State of Online Scams] </ref> and EU DisinfoLab.<ref>[https://main.whoisxmlapi.com/success-stories/fraud-detection-solutions/eu-disinfolab-uses-historical-whois-data-to-cast-a-light-on-indian-chronicles EU DisinfoLab Uses Historical WHOIS Data to Cast a Light on Indian Chronicles]</ref> WhoisXML API also became a member of the Business Constituency<ref>[https://www.icannbc.org/bc-membership-list BC Membership List]</ref> in 2023.
+* '''University College London (UCL)'''<ref>[https://main.whoisxmlapi.com/success-stories/university-college-london-ucl-and-whoisxml-api-understanding-smishing-infrastructures University College London (UCL) and WhoisXML API: Understanding Smishing Infrastructures]</ref>: A UCL researcher investigated smishing infrastructures of thousands of domain names using automated access to WHOIS data through WHOIS API. This enabled him to identify the registrars criminals commonly abused to register smishing domains.
-WhoisXML API continues its call for partnerships under several programs, namely:
+* '''DomainHunter'''<ref>[https://main.whoisxmlapi.com/success-stories/domainhunter-whoisxml-api-detecting-and-profiling-potentially-malicious-domains DomainHunter & WhoisXML API: Detecting and Profiling Potentially Malicious Domains]</ref>: The threat detection system integrates the WHOIS API to identify and profile potentially malicious domains by extracting detailed registration data. This enabled DomainHunter to create in-depth threat profiles of suspicious domains that include context on domain age, ownership, and hosting infrastructure.
-*Affiliate Programs
+* '''NCPTF'''<ref>[https://www.linkedin.com/posts/the-national-child-protection-task-force_first-ever-northeast-florida-missing-child-activity-7341220350468243457-xmu6 23 Missing & Endangered Children Located in Northeast Florida]  </ref>''':''' WhoisXML API supported the Missing Child Rescue Operation in Northeast Florida by supplying critical data points that aided in the efforts to locate missing children.
-*Data Exchange Program for Internet Abuse Prevention
-*Security Intel Exchange Program
-*Research and Media Collaborations
 ==External Links==