By Maltego Technologies
WhoisXML Transforms for Maltego
For over a decade, WhoisXML has been gathering, analyzing, and correlating domain, IP, and DNS data to make the Internet more transparent and secure. They collect and parse the necessary domain data and turn them into understandable and readily consumable intelligence sources. Their unique collection of cyber threat intelligence feeds have proven invaluable in augmenting the capabilities of commercial security platforms (SIEM, SOAR, and TIP) and helping Security Operations Centers (SOCs) & Managed Security Service Providers (MSSPs) achieve superior network visibility.
WhoisXML coverage includes 7+ billion historical WHOIS records across 2864+ TLDs and ccTLDs, 2.3+ billion domains and subdomains, 9.5+ million IP netblocks, 99.5% of IPs in use, and 500 billion historic DNS lookups gathered from over a decade of data aggregation.
Users also benefit from their diverse sets of APIs designed to facilitate cybercrime detection, response, and prevention.
With Maltego Transforms for Whois, investigators gain access to WhoisXML API and leverage advanced IP and Domain Data intelligence in their investigative workflows within Maltego.
Maltego Transforms are available for the following WhoisXML API’s:
- WHOIS API: Provides the registration details, also known as the WHOIS record data, of a domain name, an IP address, or an email address.
- Historical Whois API: Track all changes in domain ownership and registration for the past 10 years from a daily-updated database that contains billions of current and historical WHOIS records.
- Reverse Whois API: Get a list of all the linked domains that contain the identifier such as a domain owner’s name, email address, phone number, postal address, etc.
- Look up the hidden identity of past domain owners and identify the attacker’s historical footprints — before privacy records.
- Map out attackers’ infrastructure -find all domains, websites, IP addresses, and more details connected to a crime or criminal.
- Infosec professionals can enhance their solutions and services and protect users against spam, dangerous websites, network infiltrations, and other online misdeeds as well as to investigate third-party risks.
- Mitigate phishing and other malware-enabled attacks by enabling Digital forensics and incident response (DFIR) and other cybersecurity consultants o provide clients with easy-to-read lists of domains that may have ties to cybercrime, thus allowing them to enhance their cyber defense.
- Pivot across other disparate data sources available on the Transform Hub and gain a more comprehensive perspective in investigations.
- Cybersecurity investigators, forensics companies, and Law Enforcement agencies are not the only ones that benefit from the data that WhoisXML API provides. Investors and market researchers can also use WHOIS data to make informed business decisions such as enrich their marketing campaigns, conduct research, uncover market trends, and establish new business opportunities.
Typical Users of This Data
- Security Operations Centers (SOCs)
- Managed Security Service Providers (MSSPs)
- Law enforcement agencies (LEAs)
- Threat hunters
- Cyber Forensics Analysts
- Security Engineers
Pricing & Access
Pricing Tier: Free Trial
Hub Type: Commercial Hub and Community Hub
Requirements: For full solution access, Maltego One, Classic or XL license, and WhoisAPI subscription
1. Free Trial: Register for a free API key here: https://main.whoisxmlapi.com/signup ,then simply download the Whois API hub item on Maltego Client and enter your trial key to start using Whois data on Maltego.
2. Bring your own key: If you are already an exisitng customer of WhoisXML, then simply download the Whois API hub item on Maltego Client and enter the paid API key to start using Whois data on Maltego.
Reach out to us to learn more about this data integration and how to access it.
About WhoisXML API
WhoisXML is a cyber threat intelligence provider trusted by over 50,000 clients and have been ranked one of Inc. 5000 fastest growing IT companies since 2016. Our customer base includes commercial security platforms (SIEM, SOAR, and TIP), Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs), Fortune 1000 companies, top cybercrime & law enforcement units, government agencies, banks, payment processors, telcos, and brand protection agencies. We also work closely with domain registries/registrars, domain investors/brokers, marketing researchers, big-data warehouses, web analytics firms, investment funds, VC firms, SMBs with a digital footprint, and more.
For more information, visit: https://www.whoisxmlapi.com/