diff --git a/misp_modules/modules/expansion/dnstrails.py b/misp_modules/modules/expansion/dnstrails.py
index 79afeb3..d1c276a 100644
--- a/misp_modules/modules/expansion/dnstrails.py
+++ b/misp_modules/modules/expansion/dnstrails.py
@@ -16,7 +16,10 @@ log.addHandler(ch)
 misperrors = {'error': 'Error'}
 mispattributes = {
     'input': ['hostname', 'domain', 'ip-src', 'ip-dst'],
-    'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email']
+    'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email',
+               'whois-registrant-email', 'whois-registrant-phone',
+               'whois-registrant-name',
+               'whois-registrar', 'whois-creation-date', 'domain']
 }
 
 moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
@@ -77,6 +80,14 @@ def handle_domain(api, domain, misperrors):
 
     r, status_ok = expand_subdomains(api, domain)
 
+    if status_ok:
+        result_filtered['results'].extend(r)
+    else:
+        misperrors['error'] = 'Error dns result'
+        return misperrors
+
+    r, status_ok = expand_whois(api, domain)
+
     if status_ok:
         result_filtered['results'].extend(r)
     else:
@@ -181,6 +192,7 @@ def expand_subdomains(api, domain):
     r = []
     status_ok = False
 
+
     try:
         results = api.subdomains(domain)
 
@@ -200,10 +212,47 @@ def expand_subdomains(api, domain):
     return r, status_ok
 
 
+def expand_whois(api, domain):
+    r = []
+    status_ok = False
+
+    try:
+        results = api.whois(domain)
+
+        if results:
+            status_ok = True
+            item_registrant = __select_registrant_item(results)
+
+            r.append({
+                'types': ['whois-registrant-email', 'whois-registrant-phone',
+                          'whois-registrant-name', 'whois-registrar',
+                          'whois-creation-date'],
+                'values': [item_registrant['email'],
+                           item_registrant['telephone'],
+                           item_registrant['name'], results['registrarName'],
+                           results['creationDate']],
+                'categories': ['attribution'],
+                'comment': 'whois information of %s by securitytrails' % domain
+            }
+
+            )
+
+    except APIError as e:
+        misperrors['error'] = e
+
+    return r, status_ok
+
 def introspection():
     return mispattributes
 
 
 def version():
     moduleinfo['config'] = moduleconfig
-    return moduleinfo
\ No newline at end of file
+    return moduleinfo
+
+
+def __select_registrant_item(entry):
+    if 'contacts' in entry:
+        for c in entry['contacts']:
+            if c['type'] == 'registrant':
+                return entry