Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.
Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.
Access our web-based solution to dig into and monitor all domain events of interest.
Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.
Detect and block access to and from dangerous domain names before malicious actors can weaponize them. Contact us today for more information.
Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.
Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.
Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.
Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.
Learn More{ "mode": "fast", "reputationScore": 97.51, "testResults": [ { "test": "Name servers configuration meets best practices", "testCode": 76, "warnings": [ "Some name servers are located on a single ASN: ns68.domaincontrol.com - AS26496, ns67.domaincontrol.com - AS26496" ], "warningCodes":[ 1013 ] }, { "test": "SOA record configuration check", "testCode": 84, "warnings": [ "The minimum TTL is 600. Recommended range is [3600 .. 86400]" ], "warningCodes":[ 1020 ] }, ... }
<xml> <mode>fast</mode> <reputationScore>97.51</reputationScore> <testResults> <testResult> <test>Name servers configuration meets best practices</test> <testCode>76</testCode> <warnings> <warning>Some name servers are located on a single ASN: ns68.domaincontrol.com - AS26496, ns67.domaincontrol.com - AS26496</warning> </warnings> <warningCodes> <warningCode>1013</warningCode> </warningCodes> </testResult> <testResult> <test>SOA record configuration check</test> <testCode>84</testCode> <warnings> <warning>The minimum TTL is 600. Recommended range is [3600 .. 86400]</warning> </warnings> <warningCodes> <warningCode>1020</warningCode> </warningCodes> </testResult> </testResults> </xml>
mode |
Selected mode.
|
reputationScore |
Composite safety score based on numerous security data sources.
0 is dangerous, and 100 is safe. |
testResults[0].test |
The test name which reduced the final score. See available test names. |
testResults[0].testCode |
Unique numeric test identifier. See available test codes. |
testResults[0].warnings |
The list of warnings detected during the test execution. See available warning names. |
testResults[0].warningCodes |
List of unique numeric warning codes. See available warning codes. |
Code | Test name |
---|---|
26 | Mail servers Reverse IP addresses match |
32 | Mail servers Real-time blackhole check |
61 | WHOIS and DNS name servers match |
62 | WHOIS Domain status |
71 | Open ports and services |
74 | Name servers configuration check |
75 | Name servers response |
76 | Name servers configuration meets best practices |
80 | Mail servers configuration check |
81 | Mail servers response |
82 | Malware databases check |
84 | SOA record configuration check |
87 | SSL certificate validity |
88 | SSL vulnerabilities |
91 | Potentially dangerous content |
92 | Host configuration issues |
93 | WHOIS Domain check |
Code | Warning |
---|---|
1001 | Name servers with private IPs found. |
1002 | Some name servers don’t respond. |
1003 | Some name servers allow recursive queries. |
1004 | Some name servers don’t provide A record for target domain name. |
1005 | Some name servers are listed by authoritative servers but not by parent ones. |
1006 | Some name servers are not listed by authoritative name servers. |
1007 | Name servers with invalid domain names found. |
1008 | NS records with CNAME found. |
1009 | Glue is required but not provided. No IPv4/IPv6 glue found on some authoritative or parent name servers. |
1010 | NS records are different on different name servers. |
1011 | Name servers not allowing TCP connections to be found. |
1012 | Domain’s name servers number doesn’t meet recommendations. It’s recommended to have 2-7 name servers. |
1013 | Some name servers are located on a single ASN. |
1014 | Some name servers are located in the same network. |
1015 | Versions are exposed for some name servers. |
1016 | Name servers without A records found. Those servers are not reachable via IPv4. |
1017 | Name servers without AAAA record found. Those servers are not reachable via IPv6. |
1018 | SOA serial number is valid but not following general convention. |
1019 | SOA expire interval doesn’t meet recommended range. It should be [604800 .. 1209600]. |
1020 | SOA minimum TTL doesn’t meet recommended range. It should be [3600 .. 86400]. |
1022 | Some name servers have different serial numbers. |
1023 | SOA refresh interval doesn’t meet recommended range. It should be [1200 .. 43200]. |
1024 | SOA retry interval doesn’t meet recommended range. It should be [120 .. 7200]. |
1025 | SOA zone's administrative contact email is not set. |
1026 | Unable to fetch domain's NS records. |
2001 | Recently registered domain. |
2002 | Domain name’s registration expired. |
2003 | Domain name’s registration expires soon. |
2004 | Domain name’s WHOIS status isn’t safe. |
2005 | Domain name is registered in a free zone. |
2006 | Domain’s name servers not found in the WHOIS record. |
2007 | WHOIS record's Name Servers don't match ones returned by the parent NS. |
2008 | Domain is registered in a country considered to be offshore. |
2009 | Domain name’s owner details are publicly available. |
3001 | Directory listing is allowed on website. |
3002 | IFrames found on the website. |
3003 | Links to .apk files found on the website. |
3004 | Links to .exe files found on the website. |
3005 | Opened .git directory in the document root found. |
3006 | There are open ports on the target server. |
3007 | Redirects found on website. |
3008 | Scripts opening new windows found. |
4001 | Target domain name or URL listed on some malware blocklists. |
4002 | Target domain name or URL listed on some phishing blocklists. |
4003 | Target domain name or URL listed on some spam blocklists. |
4004 | Target domain name or URL listed on some reputation blocklists. |
4005 | Target domain name or URL listed on some denial of service attack data blocklists. |
5000 | Some mail servers' domain names received through Reverse DNS are resolving to different IP addresses than the ones provided in the initial A records. Emails sent from servers configured this way may be rejected. |
5001 | Some mail servers are found with real-time blocklist check. |
5002 | Can't connect to some mail servers. |
5003 | For some mail servers, greeting response doesn't contain the mail server's domain name. |
5004 | Some mail servers don't allow setting postmaster@%host% as recipient. |
5005 | Some mail servers don't allow setting abuse@%host% as recipient. |
5006 | A records are not configured for some mail servers. |
5007 | AAAA records are not configured for some mail servers. |
5008 | CNAME in MX records found. |
5009 | Some MX records contain invalid domain names. |
5010 | Private IPs usage in MX records detected. |
5011 | IP addresses found in MX records. |
5012 | Non-identical MX records on name servers found. |
5013 | Some MX records defined more than once. |
5014 | Some mail servers use the same IPv4 address. |
5015 | SPF record is not configured. |
5016 | DMARC record is not configured. |
5017 | Non-identical SPF/DMARC records on name servers found. |
5018 | Google mail servers are configured with a wrong TTL. |
5019 | Google mail servers are configured with an incorrect Top server. |
5020 | The following mail servers use the same IPv6 address. |
6023 | No SSL certificates found. |
6001 | Recently obtained SSL certificate detected. |
6002 | SSL certificate is not valid yet. |
6003 | SSL certificate expires soon. |
6004 | SSL certificate expired. |
6005 | CRL check failed. |
6006 | OCSP check failed. |
6007 | Target hostname isn’t present in SSL certificate. |
6008 | SSL certificate is self-signed. |
6009 | TLSv1.2 not supported but should be. |
6010 | SSLv2 is supported but shouldn’t be. |
6011 | SSLv3 is supported but shouldn’t be. |
6012 | Suboptimal cipher suites supported. |
6013 | SSL compression enabled on server. |
6014 | HPKP headers set. |
6015 | HTTP Strict Transport Security not set. |
6017 | Heartbleed vulnerability detected. |
6018 | TLS_FALLBACK_SCSV not supported. |
6019 | TLSA record not set. |
6020 | TLSA record configured incorrectly. |
6021 | OCSP stapling not configured. |
6022 | Public key listed on Debian’s blocklist. |
We are here to listen. For a quick response, please select your request type. By submitting a request, you agree to our Terms of Service and Privacy Policy.