You have been redirected from is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close
home Transform Hub data categories - Cybersecurity


By Maltego Technologies
WhoisXML API integration in Maltego
Cybersecurity Infrastructure Anti-terrorism CERT

WhoisXML Transforms for Maltego

For over a decade, WhoisXML has been gathering, analyzing, and correlating domain, IP, and DNS data to make the Internet more transparent and secure. They collect and parse the necessary domain data and turn them into understandable and readily consumable intelligence sources. Their unique collection of cyber threat intelligence feeds have proven invaluable in augmenting the capabilities of commercial security platforms (SIEM, SOAR, and TIP) and helping Security Operations Centers (SOCs) & Managed Security Service Providers (MSSPs) achieve superior network visibility.

WhoisXML coverage includes 7+ billion historical WHOIS records across 2864+ TLDs and ccTLDs, 2.3+ billion domains and subdomains, 9.5+ million IP netblocks, 99.5% of IPs in use, and 500 billion historic DNS lookups gathered from over a decade of data aggregation.

Users also benefit from their diverse sets of APIs designed to facilitate cybercrime detection, response, and prevention.

With Maltego Transforms for Whois, investigators gain access to WhoisXML API and leverage advanced IP and Domain Data intelligence in their investigative workflows within Maltego.

Maltego Transforms are available for the following WhoisXML API’s:

  • WHOIS API: Provides the registration details, also known as the WHOIS record data, of a domain name, an IP address, or an email address.
  • Historical Whois API: Track all changes in domain ownership and registration for the past 10 years from a daily-updated database that contains billions of current and historical WHOIS records.
  • Reverse Whois API: Get a list of all the linked domains that contain the identifier such as a domain owner’s name, email address, phone number, postal address, etc.


  • Look up the hidden identity of past domain owners and identify the attacker’s historical footprints — before privacy records.
  • Map out attackers’ infrastructure -find all domains, websites, IP addresses, and more details connected to a crime or criminal.
  • Infosec professionals can enhance their solutions and services and protect users against spam, dangerous websites, network infiltrations, and other online misdeeds as well as to investigate third-party risks.
  • Mitigate phishing and other malware-enabled attacks by enabling Digital forensics and incident response (DFIR) and other cybersecurity consultants o provide clients with easy-to-read lists of domains that may have ties to cybercrime, thus allowing them to enhance their cyber defense.
  • Pivot across other disparate data sources available on the Transform Hub and gain a more comprehensive perspective in investigations.
  • Cybersecurity investigators, forensics companies, and Law Enforcement agencies are not the only ones that benefit from the data that WhoisXML API provides. Investors and market researchers can also use WHOIS data to make informed business decisions such as enrich their marketing campaigns, conduct research, uncover market trends, and establish new business opportunities.

Typical Users of This Data

  • Security Operations Centers (SOCs)
  • Managed Security Service Providers (MSSPs)
  • Law enforcement agencies (LEAs)
  • Threat hunters
  • Cyber Forensics Analysts
  • Security Engineers

alt WhoisXML Transforms for Maltego

Pricing & Access

Pricing Tier: Free Trial

Hub Type: Commercial Hub and Community Hub

Requirements: For full solution access, Maltego One license, and WhoisXML API subscription


1. Free Trial: Register for a free API key here: ,then simply download the WhoisXML API hub item on Maltego Client and enter your trial key to start using WhoisXML API data on Maltego.

2. Data Allowance: Start using the WhoisXML API Transforms via our free data allowance with the following Transform run limits.

  • Maltego CE: 10 DRS credits and 25 Whois credits per month
  • Maltego Pro: 250 DRS credits and 250 Whois credits per month
  • Maltego Enterprise: 500 DRS credits and 500 Whois credits per month

3. Bring your own key: If you are already an exisitng customer of WhoisXML API, then simply download the WhoisXML API hub item on Maltego Client and enter the paid API key to start using WhoisXML API data on Maltego.


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About WhoisXML API

WhoisXML is a cyber threat intelligence provider trusted by over 50,000 clients and have been ranked one of Inc. 5000 fastest growing IT companies since 2016. Our customer base includes commercial security platforms (SIEM, SOAR, and TIP), Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs), Fortune 1000 companies, top cybercrime & law enforcement units, government agencies, banks, payment processors, telcos, and brand protection agencies. We also work closely with domain registries/registrars, domain investors/brokers, marketing researchers, big-data warehouses, web analytics firms, investment funds, VC firms, SMBs with a digital footprint, and more.

For more information, visit:

Pick the right product and get started.