Investigator Use
Whoxy is a WHOIS data aggregation and reverse lookup platform that provides current and historical domain registration records, reverse WHOIS search by registrant email or name, bulk WHOIS lookups via API, and domain monitoring capabilities. Its database covers hundreds of millions of domain records across all major TLDs.
For OSINT investigators, Whoxy's reverse WHOIS capability is its most powerful investigative feature. By searching for a registrant email address, name, or phone number, investigators can retrieve all domains ever registered using that identifying information. This pivot transforms a single data point — often discovered through a breach database, forum post, or document — into a complete domain portfolio for an individual or organization.
Email-based reverse WHOIS is particularly effective because people frequently use personal email addresses to register domains before considering operational security. A single exposed registrant email can map dozens of domains, revealing the full scope of an actor's online presence including business operations, side projects, and infrastructure that would not otherwise be connected.
Whoxy's historical WHOIS records are archived before GDPR and ICANN privacy changes made current WHOIS data widely opaque. Historical records from before privacy protection was applied often contain unredacted registrant names, email addresses, physical addresses, and phone numbers — data that is now systematically hidden in current WHOIS records.
Bulk WHOIS lookup via API enables programmatic processing of large domain lists — useful when an investigation has produced hundreds of domains that need systematic registration data enrichment. API rate limits vary by subscription tier.
Domain monitoring allows investigators to set alerts for WHOIS data changes on specific domains — registration, transfer, expiration, and registrant information changes — supporting proactive tracking of suspect domains.
For corporate investigation, Whoxy can establish the full domain portfolio of a target organization, revealing all domains registered under the corporate name or with corporate email addresses.
Document all reverse WHOIS search parameters, returned domain lists, and query dates. Historical WHOIS data accessed should be preserved as screenshots or exports, as this data may be further restricted by future policy changes.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
ARIN
Domain OSINT
ARIN is a nonprofit, member-based organization that administers IP addresses & ASNs in support of the operation and growth of the Internet.
Central Ops
Domain OSINT
Free online network tools, including traceroute, nslookup, dig, whois, ping, and our own Domain Dossier and Email Dossier. Works with IPv6.
Cert Graph Crawler
Domain OSINT
An open source intelligence tool to crawl the graph of certificate Alternate Names
DNS History
Domain OSINT
DNS History archives historical DNS records, letting investigators track IP changes, hosting migrations, and infrastructure pivots over time.
DNS twister
Domain OSINT
DNS Twister generates and monitors domain permutations for typosquatting detection, brand protection, and phishing infrastructure discovery.
Domain Tools
Domain OSINT
DomainTools provides WHOIS lookup, IP history, domain ownership records, and reverse WHOIS for domain and infrastructure investigation.