JsonWhoIs

Use the JsonWhoIs integration to enrich domain indicators.

Configure JsonWhoIs on Demisto

  1. Navigate to Settings > Integrations  > Servers & Services.

  2. Search for JsonWhoIs.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionExample
    NameA meaningful name for the integration instance.JsonWhoIs_instance_1
    API TokenYour JsonWhoIs API tokenN/A
    System proxyRuns the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration.https://proxyserver.com
    Trust any certificate (not secure)When selected, certificates are not checked.N/A
    Do Not Use by DefaultIf checked the commands will not be used by default (this is influenced if two command are the same).N/A
  4. Click Test to validate the new instance.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

Get enriched data

Returns enriched data for Domains, URLs, and IP addresses.

Base Command

whois

Input
Argument NameDescriptionRequired
queryThe URL, IP address, or domain to enrich.Required
Context Output
PathTypeDescription
Domain.WHOIS.DomainStatusBooleanWhether the domain is registered.
Domain.WHOIS.NameServersStringThe name servers.
Domain.WHOIS.CreationDateDateThe creation date.
Domain.WHOIS.UpdatedDateDateThe updated date.
Domain.WHOIS.ExpirationDateDateThe expiration date.
Domain.WHOIS.Registrant.NameStringThe registrant name.
Domain.WHOIS.Registrant.EmailStringThe registrant email.
Domain.WHOIS.Registrant.PhoneStringThe registrant phone.
Domain.WHOIS.Registrar.NameStringThe registrar name.
Domain.WHOIS.Registrar.UrlStringThe registrar email.
Domain.WHOIS.Registrar.OrganizationStringThe registrar organization name.
Domain.WHOIS.Registrar.IdNumberThe registrar ID.
Domain.WHOIS.Admin.NameStringThe Admin name.
Domain.WHOIS.Admin.EmailStringThe Admin email.
Domain.WHOIS.Admin.PhoneStringThe Admin phone.
Command Example
!whois query=demisto.com
Context Example
{
"Domain": {
"WHOIS": {
"Admin": [
{
"Email": "5be9245893ff486d98c3640879bb2657.protect@whoisguard.com",
"Name": "WhoisGuard Protected",
"Phone": "+507.8365503"
}
],
"CreationDate": "2015-01-16T21:36:27.000Z",
"DomainStatus": "registered",
"ExpirationDate": "2026-01-16T21:36:27.000Z",
"NameServers": [
{
"Name": "pns31.cloudns.net"
},
{
"Name": "pns32.cloudns.net"
},
{
"Name": "pns33.cloudns.net"
},
{
"Name": "pns34.cloudns.net"
}
],
"Registrant": [
{
"Email": "5be9245893ff486d98c3640879bb2657.protect@whoisguard.com",
"Name": "WhoisGuard Protected",
"Phone": "+507.8365503"
}
],
"Registrar": {
"Id": "1068",
"Name": "NameCheap, Inc.",
"Url": "http://www.namecheap.com"
},
"UpdatedDate": "2019-05-14T16:14:12.000Z"
}
}
}
Human Readable Output
Admin account
EmailNamePhone
5be9245893ff486d98c3640879bb2657.protect@whoisguard.comWhoisGuard Protected+507.8365503
Name servers
Name
pns31.cloudns.net
pns32.cloudns.net
pns33.cloudns.net
pns34.cloudns.net
Registrant
EmailNamePhone
5be9245893ff486d98c3640879bb2657.protect@whoisguard.comWhoisGuard Protected+507.8365503
Registrar
IdNameUrl
1068NameCheap, Inc.http://www.namecheap.com
Others
CreationDateDomainStatusExpirationDateUpdatedDate
2015-01-16T21:36:27.000Zregistered2026-01-16T21:36:27.000Z2019-05-14T16:14:12.000Z

Troubleshooting

The JsonWhoIs API is not stable. We recommend attempting a query three times before considering the query to fail.