@whoisxmlapi profile picture
WhoisXML API @whoisxmlapi

WhoisXML API is a cyber intel provider that has been gathering, analyzing, and correlating domain, IP, and DNS data for a more secure and transparent Internet.

Joined March 2011
  • Tweets 5,027
  • Following 293
  • Followers 1,418
1,971 Photos and videos
When a suspicious domain appears on your radar, which type of cyber intelligence do you rely on first to assess the threat? #NationalInternetSafetyMonth #InternetSafetyMonth #Cybersecurity #ThreatIntel
0% Passive DNS intelligence
0% Domain registration data
0% Network infra Intel
0% All of the above
0 votes • 2 days
1
23
See you at #FIRSTCON26 in Denver. We're looking forward to connecting with incident response professionals from around the world and exchanging perspectives on threat intelligence, DNS abuse mitigation, and Internet security. Request a meeting: join.whoisxmlapi.com/upcomin… @FIRSTdotOrg #FIRSTConference #ThreatIntelligence #DNS #InternetSecurity
28
What if fake software downloads quietly handed attackers remote access? Thanks to #Hexastrike Cybersecurity for uncovering the #AtlasCross RAT campaign and the initial #IoCs. We investigated & expanded 13 network IoCs into 2,600 new artifacts: 829 client IPs, 33 victim IPs, 2,584 email-connected domains, 10 additional IPs, 33 IP-connected domains, and 35 string-connected domains. Download the full report → main.whoisxmlapi.com/threat-… #RAT #SilverFox #ThreatIntel #Cybersecurity #DNSintel
45
Looking forward to attending the Global Anti-Scam Summit Europe 2026 in Lisbon! Hosted by @ScamAlliance, it's always exciting to connect with people tackling online scams from different angles. We're especially looking forward to conversations around emerging fraud trends, new research ideas, and opportunities to collaborate on investigations. 👉 Request a meeting: join.whoisxmlapi.com/upcomin… #GASS2026 #GASSEurope #GASA #AntiScamSummit #FraudPrevention #FightScams #Cybercrime #ThreatIntelligence
1
1
28
What can the top 10 #ransomware families of 2025 tell us about where the threat is headed next? Our latest investigation analyzes the ransomware families featured in #Picus Security's top 10 ransomware list for 2025, uncovering the domains, infrastructure, and connections that reveal how today's ransomware operations continue to evolve. 🔎 Explore the research: circleid.com/posts/a-look-ba… #ThreatIntelligence #CyberSecurity #DNS #ThreatResearch #InfoSec
36
A suspicious IP is often just one piece of the puzzle. 🔎 IP Netblocks Lookup uncover related IP ranges, ASN data, ISP details, geolocation, and ownership information to support investigations and infrastructure analysis. Explore: ip-netblocks.whoisxmlapi.com… #ThreatIntelligence #CyberSecurity #ThreatHunting
0:20
101
What if a supply-chain compromise in trusted open‑source ecosystems turned #Axios into #malware delivery? #GTIG disclosed the Axios supply chain campaign and the initial #IoCs. @elastic and #GitHub followed with additional indicators. We expanded 22 IoCs into 1,770 new artifacts: 2 #typosquatting domains, one likely malicious domain, 676 email-connected domains, two malicious IPs, 58 IP-connected domains, and 1,034 string-connected domains. Download the full Axios Supply Chain Attack report → main.whoisxmlapi.com/threat-… #SupplyChainAttack #ThreatIntel #Cybersecurity #NPM
113
First Watch flagged 73 #APT42 and #APT34 domains as malicious before public reporting—some more than a year earlier. Analysis of 191 #IoCs tied to eight Iran-affiliated APT groups uncovered nearly 3,600 previously unidentified possibly malicious infrastructure. 🔎 circleid.com/posts/a-network… #ThreatIntelligence #CyberSecurity #APT #DNS
96
Need to investigate a domain’s DNS setup fast? 🔍 DNS Lookup helps security teams retrieve A, AAAA, MX, TXT, NS, SPF, CNAME, and other DNS records for faster #threathunting and infrastructure analysis. Explore it here: dns-lookup.whoisxmlapi.com/l… 📌 Available via Web Tool, API, and Database Download. #CyberSecurity #ThreatIntelligence #DNS #DFIR #SOC #Infosec
0:18
1
42
The window between initial access and attacker handoff has collapsed from 8 hours in 2022 to 22 seconds in 2025. Passive defense can't keep up with that. The industry needs to start disrupting threat actors. Our #RSAC2026 recap covers this and more in: whoisxmlapi.com/blog/whoisxm… @OneRSAC #RSAC #ThreatIntelligence #DNSIntelligence #DisruptCybercrime
23
26.5 million newly registered domains in Q1 2026. 6.7 million of them were identified by First Watch as malicious from the moment they were registered. Our latest global domain activity analysis explores the #DNS trends, suspicious registration patterns, and shifting #TLD activity shaping today’s threat landscape. 📊 Explore the trends: circleid.com/posts/global-do… #ThreatIntelligence #CyberSecurity #DNS #DomainIntelligence
30
What #ransomware did in 2025? Extortion, leaks, business interruption, and more. We analyzed @PicusSecurity’s Top 10 Ransomware Group of 2025 list and mapped the #DNS footprint of the groups that defined 2025: #Qilin, #Akira, #Cl0p, #Play, #INCRansom, #SafePay, #Lynx, #RansomHub, #DragonForce, and #Babuk2. Building on 267 network #IoCs, we uncovered 9,537 new artifacts across domains, IPs, email‑connected infrastructure, and string‑connected assets. Download the full report → main.whoisxmlapi.com/threat-… #ThreatIntel #Cybersecurity #DNSintel #InfoSec
108
Investigate suspicious IPs, domains, URLs, CIDRs, and hashes faster with Threat Intelligence Lookup! Get actionable threat context in seconds for faster alert validation and investigations. Try it here: threat-intelligence.whoisxml… 📌 Available via Web Tool, API, and Database Download.
0:29
61
🚨 April 2026 Domain Activity Highlights: whoisxmlapi.com/blog/april-2… We analyzed 10.2M new domains: • 2.7M flagged with malicious intent • 1.1M confirmed malicious See how TLD trends and attacker behavior are evolving! #threatintelligence #cybersecurity #domainintel #infosec
19
What starts as a few malicious #GitHub repos can quickly unravel into a much larger threat ecosystem. Starting with just 20 #IoCs, our latest #ForceMemo investigation uncovered 650 possible connected artifacts tied to the campaign—revealing how #DNS intelligence can expose the infrastructure behind evolving #malware operations. 🔎 Dive into the analysis: circleid.com/posts/forcememo… #ThreatIntelligence #CyberSecurity #GitHubSecurity #DNS #ThreatResearch #PythonSecurity
1
63
WhoisXML API is heading to #SOFWeek2026 by @GlobalSOF in Tampa! We’re looking forward to conversations around cyber defense, #threatintelligence, and the Internet data behind mission-focused #cybersecurity work. 👉 Attending #SOFWeek? Let’s connect: join.whoisxmlapi.com/upcomin… #InternetIntelligence #NationalSecurity
64
Great connecting with the #cybersecurity community at #BSidesSouthFlorida 2026. Proud that our own Ed Gibbs served on the event leadership team, with Tara Conneally and Erik Olson representing WhoisXML API onsite. Thanks to everyone who stopped by to chat with us—we’re already looking forward to next year. @bsidessoflo #BSides #cybersecurity #threatintelligence
29
We’re proud to be ranked #121 on the Inc. Regionals: Pacific 2026 list! 🎉 This recognition reflects our continued growth and commitment to delivering actionable cyber intelligence that helps organizations strengthen security worldwide. Thank you to our customers, partners, and team for being part of this milestone. Read more: whoisxmlapi.com/blog/whoisxm… #IncRegionals #Cybersecurity #CyberIntelligence #DomainIntel
20
What if a GitHub account takeover campaign kept spreading through Python repos? Thanks to @step_security for the #ForceMemo initial 20 #IoCs, investigating which we uncovered 652 new possible artifacts → 1 bulk-registered domain with 11 look-alikes, 1 domain likely malicious, 86 email-connected domains, 9 IPs (4 malicious), and 557 string-connected domains. Download the full ForceMemo report→ main.whoisxmlapi.com/threat-… #ThreatIntel #Cybersecurity #GitHubSecurity #PythonSecurity
54
#LummaStealer is back—and #CastleLoader is helping it spread faster and stay hidden longer. Our latest #DNS deep dive reveals the infrastructure, obfuscation tactics, and DNS signals behind campaigns reaching 100K potential victims. 🔎 circleid.com/posts/dns-deep-… #ThreatIntelligence #CyberSecurity #InfoSec #Malware
73
Load more