Output format | Documentation | Domain Reputation API | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
WhoisXML API Predictive Threat Intelligence
Predictive Threat Intelligence

Detect and block access to and from dangerous domain names before malicious actors can weaponize them. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.

Learn More
×
Contact Us
API docs Integrations Pricing
Making requests Output format Error codes Server-to-Server OAuth
Balance information Generate new API key
API 1.0 documentation

Output format

{
    "mode": "fast",
    "reputationScore": 88.11,
    "testResults": [
        {
            "test": "WHOIS Domain check",
            "testCode": 93,
            "warnings": [
                {
                    "warningDescription": "Owner details are publicly available",
                    "warningCode": 2009
                }
            ]
        },
        {
            "test": "SSL certificate validity",
            "testCode": 87,
            "warnings": [
                {
                    "warningDescription": "Recently obtained certificate, valid from  2022-05-09 08:32:32",
                    "warningCode": 6001
                }
            ]
        },
        {
            "test": "SSL vulnerabilities",
            "testCode": 88,
            "warnings": [
                {
                    "warningDescription": "HTTP Strict Transport Security not set",
                    "warningCode": 6015
                },
                {
                    "warningDescription": "TLSA record not configured or configured wrong",
                    "warningCode": 6019
                },
                {
                    "warningDescription": "OCSP stapling not configured",
                    "warningCode": 6006
                }
            ]
        }
    ]
}

Output parameters

mode
Selected mode.
reputationScore
Composite safety score based on numerous security data sources.
0 is dangerous, and 100 is safe.
testResults[0].test

The test name which reduced the final score. See available test names.
testResults[0].testCode

Unique numeric test identifier. See available test codes.
testResults[0].warnings

The list of warnings detected during the test execution. See available warning names.
testResults[0].warnings[0].warningDescription

Warning description. See available warning descriptions.
testResults[0].warnings[0].warningCode

List of unique numeric warning codes. See available warning codes.

Test codes

Code Test name
26 Mail servers Reverse IP addresses match
32 Mail servers Real-time blackhole check
61 WHOIS and DNS name servers match
62 WHOIS Domain status
71 Open ports and services
74 Name servers configuration check
75 Name servers response
76 Name servers configuration meets best practices
80 Mail servers configuration check
81 Mail servers response
82 Malware databases check
84 SOA record configuration check
87 SSL certificate validity
88 SSL vulnerabilities
91 Potentially dangerous content
92 Host configuration issues
93 WHOIS Domain check

Warning codes

Code Warning
1001 Name servers with private IPs found.
1002 Some name servers don’t respond.
1003 Some name servers allow recursive queries.
1004 Some name servers don’t provide A record for target domain name.
1005 Some name servers are listed by authoritative servers but not by parent ones.
1006 Some name servers are not listed by authoritative name servers.
1007 Name servers with invalid domain names found.
1008 NS records with CNAME found.
1009 Glue is required but not provided. No IPv4/IPv6 glue found on some authoritative or parent name servers.
1010 NS records are different on different name servers.
1011 Name servers not allowing TCP connections to be found.
1012 Domain’s name servers number doesn’t meet recommendations. It’s recommended to have 2-7 name servers.
1013 Some name servers are located on a single ASN.
1014 Some name servers are located in the same network.
1015 Versions are exposed for some name servers.
1016 Name servers without A records found. Those servers are not reachable via IPv4.
1017 Name servers without AAAA record found. Those servers are not reachable via IPv6.
1018 SOA serial number is valid but not following general convention.
1019 SOA expire interval doesn’t meet recommended range. It should be [604800 .. 1209600].
1020 SOA minimum TTL doesn’t meet recommended range. It should be [3600 .. 86400].
1022 Some name servers have different serial numbers.
1023 SOA refresh interval doesn’t meet recommended range. It should be [1200 .. 43200].
1024 SOA retry interval doesn’t meet recommended range. It should be [120 .. 7200].
1025 SOA zone's administrative contact email is not set.
1026 Unable to fetch domain's NS records.
2001 Recently registered domain.
2002 Domain name’s registration expired.
2003 Domain name’s registration expires soon.
2004 Domain name’s WHOIS status isn’t safe.
2005 Domain name is registered in a free zone.
2006 Domain’s name servers not found in the WHOIS record.
2007 WHOIS record's Name Servers don't match ones returned by the parent NS.
2008 Domain is registered in a country considered to be offshore.
2009 Domain name’s owner details are publicly available.
3001 Directory listing is allowed on website.
3002 IFrames found on the website.
3003 Links to .apk files found on the website.
3004 Links to .exe files found on the website.
3005 Opened .git directory in the document root found.
3006 There are open ports on the target server.
3007 Redirects found on website.
3008 Scripts opening new windows found.
4001 Target domain name or URL listed on some malware blocklists.
4002 Target domain name or URL listed on some phishing blocklists.
4003 Target domain name or URL listed on some spam blocklists.
4004 Target domain name or URL listed on some reputation blocklists.
4005 Target domain name or URL listed on some denial of service attack data blocklists.
5000 Some mail servers' domain names received through Reverse DNS are resolving to different IP addresses than the ones provided in the initial A records. Emails sent from servers configured this way may be rejected.
5001 Some mail servers are found with real-time blocklist check.
5002 Can't connect to some mail servers.
5003 For some mail servers, greeting response doesn't contain the mail server's domain name.
5004 Some mail servers don't allow setting postmaster@%host% as recipient.
5005 Some mail servers don't allow setting abuse@%host% as recipient.
5006 A records are not configured for some mail servers.
5007 AAAA records are not configured for some mail servers.
5008 CNAME in MX records found.
5009 Some MX records contain invalid domain names.
5010 Private IPs usage in MX records detected.
5011 IP addresses found in MX records.
5012 Non-identical MX records on name servers found.
5013 Some MX records defined more than once.
5014 Some mail servers use the same IPv4 address.
5015 SPF record is not configured.
5016 DMARC record is not configured.
5017 Non-identical SPF/DMARC records on name servers found.
5018 Google mail servers are configured with a wrong TTL.
5019 Google mail servers are configured with an incorrect Top server.
5020 The following mail servers use the same IPv6 address.
6023 No SSL certificates found.
6001 Recently obtained SSL certificate detected.
6002 SSL certificate is not valid yet.
6003 SSL certificate expires soon.
6004 SSL certificate expired.
6005 CRL check failed.
6006 OCSP check failed.
6007 Target hostname isn’t present in SSL certificate.
6008 SSL certificate is self-signed.
6009 TLSv1.2 not supported but should be.
6010 SSLv2 is supported but shouldn’t be.
6011 SSLv3 is supported but shouldn’t be.
6012 Suboptimal cipher suites supported.
6013 SSL compression enabled on server.
6014 HPKP headers set.
6015 HTTP Strict Transport Security not set.
6017 Heartbleed vulnerability detected.
6018 TLS_FALLBACK_SCSV not supported.
6019 TLSA record not set.
6020 TLSA record configured incorrectly.
6021 OCSP stapling not configured.
6022 Public key listed on Debian’s blocklist.