Domain Search
Lookups
Domain Search
Look up comprehensive intelligence about a domain — WHOIS registration, DNS records, SSL certificates, hosting infrastructure, threat data, urlscan.io screenshot, blocklist status, reverse-IP, popularity rank, typosquatting, IP reputation, and breach exposure.
POST
Domain Search
Authentication
Requires an API key in theAuthorization header.
Request
The domain name to search (e.g.
tesla.com)Response
Returns domain intelligence including WHOIS registration, DNS records, SSL certificate details, hosting/IP info, threat indicators, and a deep Domain Intelligence recon report (intel) plus company enrichment (company).
The resolved domain name.
WHOIS registration data — registrar, creation/expiry dates, and name servers.
Apex DNS records (
a, aaaa, cname, mx, ns, txt).SSL/TLS certificate details — issuer, validity window, and subject alternative names.
Reputation / threat indicators for the domain.
Domain Intelligence — a passive reconnaissance report built from subdomain
enumeration, DNS resolution, and live HTTP probing. Safe to run against any domain
(no intrusive scanning). May be
null if recon returns no data.Company enrichment for the organisation behind the domain — name, industry,
headquarters, social profiles, and registry data. May be
null if no enrichment
data is available.OSINT Report — a structured, 16-section intelligence report synthesized from
every data source above plus keyless passive enrichment (HTTP security headers,
.well-known files, Certificate Transparency logs, the Internet Archive / Wayback
Machine, ASN / hosting attribution, and email-authentication posture). Designed for
a single-domain “everything we know” view. May be null if no data is available.Extended domain intelligence — additional best-effort OSINT sources. Each
sub-field is
null when the source returns nothing. These signals are also folded
into the report (risk, infrastructure, historical, and website sections).Credits consumed by the request.
Domain Intelligence
Theintel block is produced by Encrata’s self-hosted recon engine, which wraps the
open-source ProjectDiscovery suite:
| Tool | Purpose |
|---|---|
subfinder | Passive subdomain enumeration (certificate transparency, public DNS aggregators) |
dnsx | DNS resolution (A/AAAA/CNAME/MX/NS/TXT) for the apex + every subdomain |
httpx | Live HTTP probing — status, title, server, tech stack, TLS, CDN/WAF detection |
naabu) and
exposure/CVE scanning (nuclei) are reserved for authorised internal use and never run
on user-supplied domains.