Internet Abuse Signal Collective (IASC) is a collaborative data-sharing network led by WhoisXML API that brings together organizations and individual experts working to detect, investigate, and reduce Internet abuse.
The collective exists because no single organization has a complete view of malicious activity across the Internet. Registrars, registries, DNS resolvers, ISPs, CERTs, CSIRTs, cybersecurity vendors, threat intelligence teams, researchers, and investigators each see different parts of the threat landscape. IASC helps combine those perspectives into a broader, more useful intelligence picture.
Learn more: https://main.whoisxmlapi.com/internet-abuse-signal-collective
The mission of IASC is to improve global cyber defense by enabling responsible intelligence sharing across trusted partners.
IASC aims to:
- Combine diverse Internet telemetry and threat intelligence sources.
- Improve visibility into malicious infrastructure, campaigns, and attacker behavior.
- Help partners detect, investigate, and mitigate abuse faster.
- Support cybersecurity research, public-interest investigations, and coordinated defense.
- Create a more complete, data-driven view of Internet activity than any one participant could build alone.
IASC gathers, correlates, enriches, and shares Internet abuse signals contributed by participating organizations and experts.
Core focus areas include:
Uncover large-scale campaigns, infrastructure relationships, attacker behavior, and emerging patterns across aggregated data sources.
Help defenders identify indicators of compromise, add context to threat events, and detect attack patterns across the broader Internet.
Aggregate and enrich diverse signals into actionable intelligence on emerging threats and malicious activity.
Support deeper investigations by revealing hidden connections between domains, IP addresses, DNS infrastructure, malware infrastructure, phishing campaigns, spam operations, command-and-control systems, and related Internet artifacts.
IASC welcomes contributors from commercial, government, nonprofit, academic, and independent research communities.
Potential partners include:
- Domain registrars and registries
- DNS resolvers
- Internet service providers
- CERTs and CSIRTs
- Cybersecurity vendors
- Threat intelligence teams
- Anti-abuse and trust & safety teams
- Academic and independent researchers
- Investigative organizations
- Public-interest cybersecurity groups
- Industry experts with relevant data, expertise, or capabilities
Partners can contribute many types of Internet and threat-related data, including:
- Domain names
- Domain history
- DNS history
- Passive DNS or active DNS observations
- IP addresses
- Network and traffic-flow signals
- DNS and NetFlow traffic flows
- Domain, IP, URL, and file indicators of compromise
- Malware infrastructure
- Phishing infrastructure
- Command-and-control infrastructure
- Honeypot telemetry
- Spam and malvertising signals
- Credential-harvesting page paths
- Geospatial IP intelligence
- WiFi intelligence
- Email addresses and registrant intelligence
- Corporate or firmographic context
- Research findings, reports, or investigative leads
Not every partner needs to contribute the same type or volume of data. The value of the collective comes from combining different kinds of visibility.
IASC is designed as a collaborative exchange. Members contribute unique data, expertise, or capabilities and receive access to a broader pool of intelligence in return.
Partner benefits may include:
- Broader visibility into Internet abuse activity
- Enriched context around domains, IP addresses, DNS infrastructure, and threat campaigns
- Better investigative pivots across multiple data sources
- Support for internal security operations and threat hunting
- Research collaboration opportunities
- Access to intelligence that would be difficult or impossible to collect alone
- Participation in a community focused on practical abuse mitigation
The level and scope of access may vary based on the value, sensitivity, and type of contribution. IASC representatives work with partners to define an appropriate collaboration model.
IASC operates on a simple principle:
Contribute what you can responsibly share, and gain access to broader intelligence that helps everyone defend better.
At a high level:
-
Partners contribute signals
Participants share relevant Internet telemetry, threat intelligence, research, or investigative findings. -
IASC correlates and enriches data
Signals are combined with other contributed data and WhoisXML API’s Internet intelligence resources to produce richer context. -
Partners use the intelligence
Members can use IASC data to improve security operations, support investigations, conduct research, enhance products, and strengthen cyber defense. -
The collective improves over time
As more partners contribute, the shared intelligence pool becomes broader, more accurate, and more useful.
All IASC data should be used responsibly and for legitimate purposes aligned with combating Internet abuse and cyber threats.
Participants should:
- Respect applicable laws and regulations.
- Protect sensitive data.
- Follow agreed data-handling rules.
- Avoid misuse of shared intelligence.
- Use contributed data for defensive, investigative, research, and abuse-mitigation purposes.
- Preserve source confidentiality when required.
- Coordinate with IASC before publishing sensitive findings based on shared data.
Organizations interested in contributing can use the following workflow:
-
Contact IASC
- Visit the IASC page and use the contact form or partnership inquiry path.
- Describe your organization, area of expertise, and the type of data or capability you may be able to contribute.
-
Define the contribution
- Identify data categories, format, update frequency, retention expectations, and sensitivity level.
- Clarify whether data can be shared broadly, shared with restrictions, or used only for derived intelligence.
-
Establish access and handling rules
- Agree on acceptable use, access level, confidentiality, redistribution limits, and attribution preferences.
-
Begin data exchange
- Share data through an agreed secure method.
- IASC correlates, enriches, and integrates the contribution into the broader intelligence pool.
-
Review and improve
- Evaluate the value of the exchange.
- Adjust contribution scope, frequency, or access model as needed.
When sharing indicators or signals, contributors should include as much context as possible.
{
"indicator": "example-malicious-domain.tld",
"indicator_type": "domain",
"threat_type": "phishing",
"first_observed": "2026-05-13T12:00:00Z",
"last_observed": "2026-05-13T14:30:00Z",
"confidence": "high",
"source": "partner-name-or-source-code",
"evidence": [
"credential harvesting page observed",
"domain co-resolves with known phishing infrastructure",
"reported by multiple victims"
],
"tags": [
"phishing",
"credential-theft",
"brand-impersonation"
],
"tlp": "AMBER",
"notes": "Provide any relevant investigation context, restrictions, or handling guidance."
}This example is illustrative only. Actual contribution schemas, enrichment fields, sensitivity markings, and sharing methods should be agreed with IASC representatives.
The following categories are especially useful for collective abuse detection and investigation:
| Category | Example Signals |
|---|---|
| Domains | Newly observed domains, suspicious registrations, lookalikes, typo domains |
| DNS | Passive DNS, active DNS, nameserver changes, MX changes, fast-flux patterns |
| IP & Network | Malicious IPs, hosting clusters, ASN context, NetFlow-style traffic relationships |
| Threat Infrastructure | C2 servers, malware distribution infrastructure, phishing kits, redirectors |
| Abuse Reports | Spam, phishing, malware, credential harvesting, scam infrastructure |
| Honeypots | Attack attempts, payload delivery, scanner activity, exploit attempts |
| Research | Campaign reports, actor tracking, infrastructure mapping, investigative pivots |
| Geospatial / WiFi | Location-linked Internet signals useful for attribution or exposure analysis |
IASC can support a wide range of cyber defense and research activities, including:
- Phishing detection and investigation
- Malware infrastructure tracking
- Command-and-control infrastructure discovery
- Scam and fraud infrastructure analysis
- Spam and malvertising investigation
- Infrastructure clustering
- Threat actor monitoring
- Brand impersonation and typosquatting research
- Incident response enrichment
- Abuse-report validation
- Law enforcement and public-interest investigations
- Academic and independent security research
- Security product enrichment
- Internet-scale exposure and risk analysis
IASC is led by WhoisXML API, a provider of domain, DNS, IP, WHOIS, passive DNS, SSL certificate, threat intelligence, and Internet infrastructure intelligence.
WhoisXML API contributes its broad Internet intelligence capabilities to help enrich partner-contributed signals and create a more complete view of malicious and suspicious online activity.
IASC is a data-sharing collaborative network led by WhoisXML API. It brings together organizations and experts to exchange Internet telemetry and threat intelligence for the purpose of detecting, investigating, and mitigating cyber threats.
No. IASC welcomes organizations and individual contributors with relevant data, expertise, research, or investigative capabilities.
Yes. Research groups, academic teams, and independent researchers can participate, contribute data, or explore collaboration opportunities.
Yes. Partners are encouraged to use IASC data to strengthen internal security, support research, improve investigations, and enhance cybersecurity operations or products, subject to agreed responsible-use guidelines.
IASC may support flexible arrangements. Organizations with limited data may still contribute expertise, research, analysis, or other capabilities.
No. IASC is intended for a broad set of participants, including defenders, infrastructure operators, researchers, investigators, public-interest organizations, and security teams.
To explore partnership, data contribution, research collaboration, or data access:
- Visit the IASC page: https://main.whoisxmlapi.com/internet-abuse-signal-collective
- Select Join the IASC or Partner with the IASC.
- Describe your organization, data, research interest, or use case.
- Work with IASC representatives to define a responsible collaboration model.
This README describes the Internet Abuse Signal Collective at a high level. It does not grant rights to access, redistribute, or commercialize IASC data.
All data access, contribution, redistribution, attribution, confidentiality, and usage terms should be governed by the applicable IASC partnership agreement or data-sharing arrangement.
WhoisXML API
Website: https://main.whoisxmlapi.com/
IASC: https://main.whoisxmlapi.com/internet-abuse-signal-collective