[Maximum 100 domains are allowed]
A bulk WHOIS lookup queries WHOIS records for many domains in a single operation, instead of running one lookup at a time. You paste or upload a list of domains and receive structured registrant, registrar, and expiry data for each one in the same response. WhoisFreaks supports bulk queries across 1,528 TLDs through both the free tool (up to 100 domains per batch) and the Bulk WHOIS API (thousands of domains per minute with parallel processing).
Feature: Submit up to 100 domains per batch through the free web tool, or thousands per minute through the API
Feature: Paste a domain list, upload a .txt file, or POST a JSON array - all formats accepted
Feature: Consistent, parsed schema across every result regardless of source registry (thick or thin WHOIS)
Feature: Credits are deducted only for successful lookups; failed or invalid domains do not count against quota
For automated workflows, scheduled domain portfolio audits, and high-volume threat-intelligence pipelines, the Bulk WHOIS API processes thousands of domains per minute with parallel domain processing, JSON output, and rate-limit controls.
Bulk WHOIS lookups solve the same problem at scale that single WHOIS lookups solve at the unit level. When you need ownership, registrar, and expiry data across dozens or hundreds of domains - whether for portfolio audits, threat investigation, or M&A due diligence - running queries one at a time is the bottleneck. The four use cases below are where bulk processing matters most.
SOC and DFIR teams run bulk WHOIS against IOC feeds (suspicious domain lists from EDR alerts, threat intel sharing groups, or DNS sinkhole logs) to enrich each domain with registrant, registrar, and creation-date context in one batch - turning a flat list of indicators into actionable infrastructure profiles.
Domain portfolio managers and registrar resellers run bulk WHOIS daily against their full inventory to catch upcoming expirations, transfer-locked status changes, and registrar-level issues before they cause downtime. Output integrates directly with internal monitoring dashboards and ticketing systems.
Threat intel analysts pivot from a single suspicious registrant or registrar to bulk WHOIS across hundreds of related domains in one query, surfacing campaigns where the same actor reused a registrant email, organization, or nameserver across an entire phishing or malware infrastructure cluster.
Brand protection teams run bulk WHOIS against typosquat candidate lists generated from their brand domains (e.g., character substitutions, homoglyphs, additional TLDs) to identify which variations are actually registered, who owns them, and which warrant UDRP filings or takedown actions.
WhoisFreaks supports bulk WHOIS across 1,528+ TLDs, with data sourced through both the WHOIS protocol and RDAP, plus custom scrapers for registries that expose neither. Every result is parsed into a normalized schema so downstream tools see consistent field names whether the source registry was thick or thin.
Credits are deducted only for successful lookups - failed or invalid domains in your batch do not count against your quota. This makes bulk processing cost-predictable even when you're running unverified lists like newly-discovered IOCs or typosquat candidates.
