Skip to main content
POST
/
api
/
agent
/
domain
Domain Search
curl --request POST \
  --url https://encrata.com/api/agent/domain \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "query": "<string>"
}
'
{
  "domain": "tesla.com",
  "whois": {
    "registrar": "MarkMonitor Inc.",
    "created": "2003-07-15",
    "expires": "2027-07-15",
    "name_servers": ["a1-12.akam.net", "a10-67.akam.net"]
  },
  "dns": {
    "a": ["184.50.204.169"],
    "mx": ["tesla-com.mail.protection.outlook.com"],
    "txt": ["v=spf1 ..."]
  },
  "ssl": {
    "issuer": "DigiCert Inc",
    "valid_from": "2025-01-15",
    "valid_to": "2026-01-15",
    "subject_alt_names": ["tesla.com", "www.tesla.com"]
  },
  "threat_intel": {
    "malicious": false,
    "categories": []
  },
  "intel": {
    "domain": "tesla.com",
    "subdomains": ["www.tesla.com", "shop.tesla.com", "api.tesla.com"],
    "subdomain_count": 3,
    "hosts": [
      {
        "host": "www.tesla.com",
        "ips": ["184.50.204.169"],
        "ports": [80, 443],
        "url": "https://www.tesla.com",
        "status_code": 200,
        "title": "Tesla",
        "web_server": "nginx",
        "tech": ["Nginx", "React", "Cloudflare"],
        "cdn": "cloudflare",
        "tls": {
          "issuer": "DigiCert Inc",
          "subject": "tesla.com",
          "expires": "2026-01-15"
        }
      }
    ],
    "live_host_count": 1,
    "dns": {
      "a": ["184.50.204.169"],
      "ns": ["a1-12.akam.net"],
      "mx": ["tesla-com.mail.protection.outlook.com"]
    },
    "exposures": [],
    "active_scan": false,
    "deep_scan": false,
    "tools_run": ["subfinder", "dnsx", "httpx"]
  },
  "company": {
    "name": "Tesla, Inc.",
    "industry": "Automotive",
    "headquarters": "Austin, Texas, USA",
    "socials": {
      "linkedin": "https://www.linkedin.com/company/tesla-motors",
      "twitter": "https://twitter.com/tesla"
    },
    "registry": {
      "jurisdiction": "us_tx",
      "status": "active"
    },
    "confidence": 0.92
  },
  "credits": 1
}

Authentication

Requires an API key in the Authorization header.
Authorization: Bearer YOUR_API_KEY

Request

query
string
required
The domain name to search (e.g. tesla.com)

Response

Returns domain intelligence including WHOIS registration, DNS records, SSL certificate details, hosting/IP info, threat indicators, and a deep Domain Intelligence recon report (intel) plus company enrichment (company).
domain
string
The resolved domain name.
whois
object
WHOIS registration data — registrar, creation/expiry dates, and name servers.
dns
object
Apex DNS records (a, aaaa, cname, mx, ns, txt).
ssl
object
SSL/TLS certificate details — issuer, validity window, and subject alternative names.
threat_intel
object
Reputation / threat indicators for the domain.
intel
object
Domain Intelligence — a passive reconnaissance report built from subdomain enumeration, DNS resolution, and live HTTP probing. Safe to run against any domain (no intrusive scanning). May be null if recon returns no data.
company
object
Company enrichment for the organisation behind the domain — name, industry, headquarters, social profiles, and registry data. May be null if no enrichment data is available.
report
object
OSINT Report — a structured, 16-section intelligence report synthesized from every data source above plus keyless passive enrichment (HTTP security headers, .well-known files, Certificate Transparency logs, the Internet Archive / Wayback Machine, ASN / hosting attribution, and email-authentication posture). Designed for a single-domain “everything we know” view. May be null if no data is available.
extras
object
Extended domain intelligence — additional best-effort OSINT sources. Each sub-field is null when the source returns nothing. These signals are also folded into the report (risk, infrastructure, historical, and website sections).
credits
integer
Credits consumed by the request.
{
  "domain": "tesla.com",
  "whois": {
    "registrar": "MarkMonitor Inc.",
    "created": "2003-07-15",
    "expires": "2027-07-15",
    "name_servers": ["a1-12.akam.net", "a10-67.akam.net"]
  },
  "dns": {
    "a": ["184.50.204.169"],
    "mx": ["tesla-com.mail.protection.outlook.com"],
    "txt": ["v=spf1 ..."]
  },
  "ssl": {
    "issuer": "DigiCert Inc",
    "valid_from": "2025-01-15",
    "valid_to": "2026-01-15",
    "subject_alt_names": ["tesla.com", "www.tesla.com"]
  },
  "threat_intel": {
    "malicious": false,
    "categories": []
  },
  "intel": {
    "domain": "tesla.com",
    "subdomains": ["www.tesla.com", "shop.tesla.com", "api.tesla.com"],
    "subdomain_count": 3,
    "hosts": [
      {
        "host": "www.tesla.com",
        "ips": ["184.50.204.169"],
        "ports": [80, 443],
        "url": "https://www.tesla.com",
        "status_code": 200,
        "title": "Tesla",
        "web_server": "nginx",
        "tech": ["Nginx", "React", "Cloudflare"],
        "cdn": "cloudflare",
        "tls": {
          "issuer": "DigiCert Inc",
          "subject": "tesla.com",
          "expires": "2026-01-15"
        }
      }
    ],
    "live_host_count": 1,
    "dns": {
      "a": ["184.50.204.169"],
      "ns": ["a1-12.akam.net"],
      "mx": ["tesla-com.mail.protection.outlook.com"]
    },
    "exposures": [],
    "active_scan": false,
    "deep_scan": false,
    "tools_run": ["subfinder", "dnsx", "httpx"]
  },
  "company": {
    "name": "Tesla, Inc.",
    "industry": "Automotive",
    "headquarters": "Austin, Texas, USA",
    "socials": {
      "linkedin": "https://www.linkedin.com/company/tesla-motors",
      "twitter": "https://twitter.com/tesla"
    },
    "registry": {
      "jurisdiction": "us_tx",
      "status": "active"
    },
    "confidence": 0.92
  },
  "credits": 1
}

Domain Intelligence

The intel block is produced by Encrata’s self-hosted recon engine, which wraps the open-source ProjectDiscovery suite:
ToolPurpose
subfinderPassive subdomain enumeration (certificate transparency, public DNS aggregators)
dnsxDNS resolution (A/AAAA/CNAME/MX/NS/TXT) for the apex + every subdomain
httpxLive HTTP probing — status, title, server, tech stack, TLS, CDN/WAF detection
API requests run in passive mode only — no port scans or intrusive probes are sent to the target, so it is safe to query any domain. Active port scanning (naabu) and exposure/CVE scanning (nuclei) are reserved for authorised internal use and never run on user-supplied domains.

Credits

1 credit per request.