Register for our next deep dive! Learn how to equip your team with strategies and tools to detect and dismantle organized crime on Thursday, July 25, 2024, at 16:00 CET.Register now! close
home Transform Hub data categories - Infrastructure & Network Information


By Maltego Technologies
Leverage advanced IP and domain data to facilitate cybercrime detection, response, and prevention.
WhoisXML API integration in Maltego
Infrastructure & Network Information Due Diligence Fraud & Abuse

WhoisXML API Transforms for Maltego

For over a decade, WhoisXML API has been gathering, analyzing, and correlating domain, IP, and DNS data to make the Internet more transparent and secure. They collect and parse the necessary domain data and turn them into understandable and readily consumable intelligence sources. Their unique collection of cyber threat intelligence feeds have proven invaluable in augmenting the capabilities of commercial security platforms (SIEM, SOAR, and TIP) and helping Security Operations Centers (SOCs) & Managed Security Service Providers (MSSPs) achieve superior network visibility.

WhoisXML API coverage includes 15.6+ billion historical WHOIS records across 7298 TLDs and ccTLDs, 4.2+ billion domains and subdomains, 13.1+ million IP netblocks, 99.5% of IPs in use, and billions of DNS lookups gathered from over a decade of data aggregation.

Users also benefit from their diverse sets of APIs designed to facilitate cybercrime detection, response, and prevention.

With Maltego Transforms for Whois, investigators gain access to WhoisXML API tools and leverage advanced IP and Domain Data intelligence in their investigative workflows within Maltego.

Maltego Transforms are available for the following WhoisXML API tools:

  • WHOIS API: Provides the registration details, also known as the WHOIS record data, of a domain name, an IP address, or an email address.
  • Historical Whois API: Track all changes in domain ownership and registration for the past 10 years from a daily-updated database that contains billions of current and historical WHOIS records.
  • Reverse Whois API: Get a list of all the linked domains that contain the identifier such as a domain owner’s name, email address, phone number, postal address, etc.


  • Look up the hidden identity of past domain owners and identify the attacker’s historical footprints — before privacy records.
  • Map out attackers’ infrastructure -find all domains, websites, IP addresses, and more details connected to a crime or criminal.
  • Infosec professionals can enhance their solutions and services and protect users against spam, dangerous websites, network infiltrations, and other online misdeeds as well as to investigate third-party risks.
  • Mitigate phishing and other malware-enabled attacks by enabling Digital forensics and incident response (DFIR) and other cybersecurity consultants o provide clients with easy-to-read lists of domains that may have ties to cybercrime, thus allowing them to enhance their cyber defense.
  • Pivot across other disparate data sources available on the Transform Hub and gain a more comprehensive perspective in investigations.
  • Cybersecurity investigators, forensics companies, and Law Enforcement agencies are not the only ones that benefit from the data that WhoisXML API provides. Investors and market researchers can also use WHOIS data to make informed business decisions such as enrich their marketing campaigns, conduct research, uncover market trends, and establish new business opportunities.

Typical Users of This Data

  • Security Operations Centers (SOCs)
  • Managed Security Service Providers (MSSPs)
  • Law enforcement agencies (LEAs)
  • Threat hunters
  • Cyber Forensics Analysts
  • Security Engineers

alt WhoisXML Transforms for Maltego


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About WhoisXML API

WhoisXML API is a cyber threat intelligence provider trusted by over 50,000 clients and have been ranked one of Inc. 5000 fastest growing IT companies since 2017. Our customer base includes commercial security platforms (SIEM, SOAR, and TIP), Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs), Fortune 1000 companies, top cybercrime & law enforcement units, government agencies, banks, payment processors, telcos, and brand protection agencies. We also work closely with domain registries/registrars, domain investors/brokers, marketing researchers, big-data warehouses, web analytics firms, investment funds, VC firms, SMBs with a digital footprint, and more.

For more information, visit

Pick the right product and get started.