A domain name, hostname, FQDN, URL, HTML link or email address to lookup
live
no
boolean
true
For domains that we have never seen before then perform various live checks and realtime reconnaissance. NOTE: this option may add additional non-deterministic delay to the request, if you require consistently fast API response times or just want to check our domain blocklists then you can disable this option
API Response
Parameter
Type
Description
valid
boolean
True if a valid domain was found. For a domain to be considered valid it must be registered and have valid DNS NS records
fqdn
string
The fully qualified domain name (FQDN)
domain
string
The primary domain name excluding any subdomains. This is also referred to as the second-level domain (SLD)
is-subdomain
boolean
Is the FQDN a subdomain of the primary domain
tld
string
The top-level domain (TLD)
tld-cc
string
For a country code top-level domain (ccTLD) this will contain the associated ISO 2-letter country code
rank
integer
The domains estimated global traffic rank with the highest rank being 1. A value of 0 indicates the domain is currently ranked outside of the top 1M of domains
is-gov
boolean
Is this domain under a government or military TLD
is-opennic
boolean
Is this domain under an OpenNIC TLD
is-pending
boolean
True if this domain is unseen and is currently being processed in the background. This field only matters when the 'live' lookup setting has been explicitly disabled and indicates that not all domain data my be present yet
is-adult
boolean
This domain is hosting adult content such as porn, webcams, escorts, etc
is-malicious
boolean
Consider this domain malicious as it is currently listed on at least 1 blocklist
blocklists
array
An array of strings indicating which blocklist categories this domain is listed on. Current possible values are:
phishing - Domain has recently been hosting phishing links or involved in the sending of phishing messages
malware - Domain has recently been hosting malware or involved in the distribution of malware
spam - Domain has recently been sending spam either directly or indirectly
anonymizer - Domain is involved in anonymizer activity such as disposable email, hosting proxies or tor services
nefarious - Domain is involved in nefarious or malicious activity such as hacking, fraud or other abusive behavior
sensors
array
An array of objects containing details on which specific blocklist sensors have detected this domain:
Parameter
Type
Description
id
integer
The sensor ID. This is a permanent and unique ID for each sensor
blocklist
string
The primary blocklist category this sensor belongs to
description
string
Contains details about the sensor source and what type of malicious activity was detected
registered-date
string
The ISO date this domain was registered or first seen on the internet. An empty value indicates we could not reliably determine the date
age
integer
The number of days since the domain was registered. A domain age of under 90 days is generally considered to be potentially risky. A value of 0 indicates no registration date was found for this domain
registrar-name
string
The name of the domain registrar owning this domain
registrar-id
integer
The IANA registrar ID (0 if no registrar ID was found)
dns-provider
string
The primary domain of the DNS provider for this domain
mail-provider
string
The primary domain of the email provider for this domain. An empty value indicates the domain has no valid MX records
API Performance
Characteristic
Value
Description
Avg Latency
15-5000ms (fixed or variable)
This API can be configured using the 'live' option for fixed low-latency responses or non-deterministic latency for realtime reconnaissance
Max Rate
10/second
Maximum inbound request rate. Exceeding this will result in request throttling
Max Concurrency
250
Maximum concurrent/simultaneous requests. Exceeding this will result in error code 06 [TOO MANY CONNECTIONS]