To integrate WhoisXMLAPI:

  • Retrieve a API Key from your WhoisXMLAPI account representative.
  • Add a WhoisXMLAPI connection in Query with the API key.
  • Ensure the API key is valid by Testing the connection in Query.
  • Use Query Search to surface cyber threat intelligence, geolocation, and reputation information about Domains, IP Addresses.


WhoisXMLAPI is a comprehensive resource for obtaining whois records for both domains and IP addresses. It presents in-depth information about domain registration, contact details, domain status, and historical ownership data. This information is pivotal for IT professionals and organizations aiming to monitor domain changes, verify online identities, and support forensic activities. By leveraging WhoisXML API, users can access a vast database of domain information to assist in maintaining network security and integrity.

By integrating WhoisXMLAPI with Query you can,

  • Search for a domain or IP's historical ownership, DNS servers and geo-location information.


Make sure to have a valid API key from your WhoisXMLAPI account representative.

  • API Key

Adding WhoisXMLAPI as a Connection Source in Query

  1. Go to the Connections page and click Add Connections. Select WhoisXMLAPI from the Threat Intelligence and Enrichment Category.
  2. In the General tab, add the following details.
    • Name - Give a custom name to your WhoisXMLAPI connection.
    • WhoisXMLAPI API Key - Enter your API key.

Querying from WhoisXMLAPI

Support for the following entities from WhoisXMLAPI API is available today.

  • Hostname (NOTE: This entity currently maps to Domain Names for searching from WhoisXMLAPI)
  • Domain Name (e.g., amazon.com)
  • IP Address (Public IPv4, e.g.


  • For more information on WhoisXMLAPI, please go to [here]