SecurityTrails Developer Hub

The SecurityTrails Developer Hub

Welcome to the SecurityTrails developer hub. You'll find comprehensive guides and documentation to help you start working with SecurityTrails as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started
Suggest Edits

General

The following are general purpose end points to test the SecurityTrails API

 
Suggest Edits

Ping

You can use this simple endpoint to test your authentication and access to the SecurityTrails API.

 
gethttps://api.securitytrails.com/v1/ping
curl --request GET \
  --url 'https://api.securitytrails.com/v1/ping?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/ping',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ping?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/ping?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ping"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "success": true
}
{
    "message": "Invalid API key"
}
{
    "message": "API rate limit exceeded"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 
Suggest Edits

Scroll

A fast and easy way to fetch many results. Currently only available for the DSL API endpoints.

 
gethttps://api.securitytrails.com/v1/scroll/scroll_id
curl --request GET \
  --url https://api.securitytrails.com/v1/scroll/scroll_id
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/scroll/scroll_id' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/scroll/scroll_id")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/scroll/scroll_id");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/scroll/scroll_id"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

(Returns the original endpoints results)

Path Params

scroll_id
string
required

The scroll_id returned in the scroll request.

Query Params

apikey
string

Your SecurityTrails API key. See authentication documentation

 

Limited availability

This endpoint can currently only be used with DSL query requests. The initial request will be done using the Search Domain (DSL) API.

As an example, when request data from the Domain Search API (DSL) in addition with the scroll=true option, you will receive the following output where you take the scroll_id parameter for use with this API endpoint.

{
"meta": {
        "total_pages": 30,
        "scroll_id": "DnF1ZXJ5VGhlbkZldGNoIAAAAAAAChXuFnM3aVhzcDJ6UnZhWndDeDlKdkRBVGcAAAAAAAoGjRZCeEVpX0FtWlN5Nkttd1Fua1ZPcE1BAAAAAAu4Cs4WQkJPb2k1UTlRNW1PWm9wRGRzWVBLZwAAAAAACy-mFllDN211RzFY...zblFyNUtQcTFBAAAAAAALXYIWVWZoM3dTX3dRTS1UR2ZPQ0ZaRVh3dwAAAAAACpU9FjdQbkZLWDBsUndtdHR6NW9LB",
        "query": "apex_domain = 'apple.com'",
        "page": 1
    }
}
Suggest Edits

Domain details

 
Suggest Edits

Get Domain

Returns the current data about the given domain. In addition to the current data, you also get the current statistics associated with a particular record. For example, for a records you'll get how many other domains have the same IP.

 
gethttps://api.securitytrails.com/v1/domain/hostname
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "hostname": "securitytrails.com",
  "alexa_rank": 83756,
  "current_dns": {
    "a": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ]
    },
    "aaaa": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
          "ip_count": 10231
        }
      ]
    },
    "mx": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "priority": 50,
          "host": "aspmx5.googlemail.com",
          "host_count": 102341
        },
        {
          "priority": 40,
          "host": "aspmx4.googlemail.com",
          "host_count": 200123
        }
      ]
    },
    "ns": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "nameserver": "ns4.dnsmadeeasy.com",
          "nameserver_count": 5213
        },
        {
          "nameserver": "ns3.dnsmadeeasy.com",
          "nameserver_count": 1223
        }
      ]
    },
    "soa": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ttl": 43200,
          "email": "dns.dnsmadeeasy.com",
          "email_count": 10
        }
      ]
    },
    "txt": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "value": "v=spf1 a mx include:spf.google.com include:sendgrid.net  include:spf.mandrillapp.com"
        },
        {
          "value": "include:datadrivenemail.com ?all, google-site-verification=GbnLta6smBzoW8Oes1WafBhRoBwx4YSnvY8SFoQHmpI"
        }
      ]
    }
  }
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 

The data set contains the following info:

  • a - IPv4 current data
  • aaaa - IPv6 current data
  • mx - Mail Exchanger current data
  • ns - Name server current data
  • soa - SOA current data
  • txt - TXT current data
Suggest Edits

List Subdomains

Returns subdomains for a given hostname

 
gethttps://api.securitytrails.com/v1/domain/hostname/subdomains
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com/subdomains?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com/subdomains',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com/subdomains?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com/subdomains?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com/subdomains"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "subdomains": [
    "api",
    "em",
    "mail",
    "www"
  ]
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 
Suggest Edits

List Tags

Returns tags for a given hostname

 
gethttps://api.securitytrails.com/v1/domain/hostname/tags
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com/tags?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com/tags',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com/tags?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com/tags?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com/tags"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "tags": [
    "porn"
  ]
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 
Suggest Edits

Find associated domains

Find all domains that are related to a domain you input

 
gethttps://api.securitytrails.com/v1/domain/hostname/associated
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/google.com/associated?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/google.com/associated',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/google.com/associated?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/google.com/associated?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/google.com/associated"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "records": [
    {
      "whois": {
        "registrar": "MarkMonitor Inc.",
        "expiresDate": 1518671592000,
        "createdDate": 1108444392000
      },
      "mail_provider": [
        "Google Inc."
      ],
      "hostname": "youtube.com",
      "host_provider": [
        "Google Inc."
      ],
      "computed": {
        "company_name": "Google Inc."
      },
      "alexa_rank": 2
    },
    {
      "whois": {
        "registrar": "MarkMonitor Inc. (R84-AFIN)",
        "expiresDate": 1498226553000,
        "createdDate": 1056376953000
      },
      "mail_provider": [
        "Google Inc."
      ],
      "hostname": "google.co.in",
      "host_provider": [
        "Google Inc."
      ],
      "computed": {
        "company_name": "Google Inc."
      },
      "alexa_rank": 7
    },
    {
      "whois": {
        "registrar": null,
        "expiresDate": null,
        "createdDate": null
      },
      "mail_provider": [
        "Google Inc."
      ],
      "hostname": "google.de",
      "host_provider": [
        "Google Inc."
      ],
      "computed": {
        "company_name": null
      },
      "alexa_rank": 23
    }
  ],
  "record_count": 3,
  "meta": {
    "total_pages": 1,
    "query": "whois_email = 'dns-admin@google.com'",
    "page": 1,
    "max_page": 100
  },
  "endpoint": "/v1/domain/google.com/associated"
}
{
	"message": "Request could not be completed",
	"endpoint": "/v1/domain/.../associated"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

The page of the returned results.

 

Professional Plan or higher required

Using this API endpoint requires a subscription to our Professional Plan (or higher).

How we find associated domains
We go through the most recent WHOIS data of the input domain and try to find identifying email addresses or organizations that we could use to identify domains that have a relationship with the input domain. If the input domain is privacy guarded, the domains WHOIS history is used to pull email addresses/organizations. Our algorithms are constantly refined to provide the best results possible.

Refining the search further
The JSON we return contains a query field. This field is the DSL - DSL - DSL stands for “Domains Specific Language” query we used to find the results we are displaying. Using this query, you can add your own refinements and run it through our Domain Search API.

Suggest Edits

Get WHOIS

Returns the current WHOIS data about a given domain with the stats merged together

 
gethttps://api.securitytrails.com/v1/domain/hostname/whois
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com/whois?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com/whois',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com/whois?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com/whois?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com/whois"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "domain": "securitytrails.com",
  "status": [
    "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
    "clientTransferProhibited https://icann.org/epp#clientTransferProhibited"
  ],
  "registrarName": "MONIKER ONLINE SERVICES LLC",
  "nameServers": [
    "NS0.DNSMADEEASY.COM",
    "NS1.DNSMADEEASY.COM"
  ],
  "started": 1496321354991,
  "ended": 1496321354991,
  "expiresDate": 1517749970791,
  "updatedDate": 1485263570791,
  "createdDate": 1075900370791,
  "contactEmail": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
  "contacts": [
    {
      "type": "registrant",
      "telephone": "18006886311",
      "street1": "2320 NE 9th St, Second Floor",
      "street2": "Suite 2211",
      "street3": "",
      "street4": "",
      "state": "FL",
      "postalCode": "33304",
      "organization": "Moniker Privacy Services",
      "name": "Moniker Privacy Services",
      "fax": "19545859186",
      "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
      "country": "UNITED STATES",
      "city": "Fort Lauderdale",
      "telephone_count": 10,
      "street1_count": 5,
      "street2_count": 5,
      "street3_count": 5,
      "street4_count": 5,
      "postalCode_count": 12123,
      "organization_count": 2,
      "name_count": 10,
      "fax_count": 24,
      "email_count": 2,
      "city_count": 285943
    },
    {
      "type": "registrant",
      "telephone": "18006886311",
      "street1": "2320 NE 9th St, Second Floor",
      "street2": "Suite 2211",
      "street3": "",
      "street4": "",
      "state": "FL",
      "postalCode": "33304",
      "organization": "Moniker Privacy Services",
      "name": "Moniker Privacy Services",
      "fax": "19545859186",
      "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
      "country": "UNITED STATES",
      "city": "Fort Lauderdale",
      "telephone_count": 10,
      "street1_count": 5,
      "street2_count": 5,
      "street3_count": 5,
      "street4_count": 5,
      "postalCode_count": 12123,
      "organization_count": 2,
      "name_count": 10,
      "fax_count": 24,
      "email_count": 2,
      "city_count": 285943
    },
    "type: administrativeContact",
    {
      "type": "registrant",
      "telephone": "18006886311",
      "street1": "2320 NE 9th St, Second Floor",
      "street2": "Suite 2211",
      "street3": "",
      "street4": "",
      "state": "FL",
      "postalCode": "33304",
      "organization": "Moniker Privacy Services",
      "name": "Moniker Privacy Services",
      "fax": "19545859186",
      "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
      "country": "UNITED STATES",
      "city": "Fort Lauderdale",
      "telephone_count": 10,
      "street1_count": 5,
      "street2_count": 5,
      "street3_count": 5,
      "street4_count": 5,
      "postalCode_count": 12123,
      "organization_count": 2,
      "name_count": 10,
      "fax_count": 24,
      "email_count": 2,
      "city_count": 285943
    },
    "type: technicalContact"
  ]
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 

Prototyper Plan or higher required

Using this API endpoint requires a subscription to our Prototyper Plan (or higher).

Suggest Edits

Search Domain (DSL)

Filter and search specific records using our DSL with this endpoint

 
posthttps://api.securitytrails.com/v1/domains/list
curl --request POST \
  --url 'https://api.securitytrails.com/v1/domains/list?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/domains/list',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domains/list?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/domains/list?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domains/list"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "records": [
    {
      "whois": {
        "registrar": "MarkMonitor Inc.",
        "expiresDate": 1512104400000,
        "createdDate": 597042000000
      },
      "mail_provider": [
        "Oracle Corporation"
      ],
      "hostname": "oracle.com",
      "host_provider": [
        "Oracle Corporation"
      ],
      "computed": {
        "company_name": "Oracle Corporation"
      },
      "alexa_rank": 352
    },
    {
      "whois": {
        "registrar": "Tucows Domains Inc.",
        "expiresDate": 1529093746000,
        "createdDate": 1118866546000
      },
      "mail_provider": [
        "Oracle Corporation"
      ],
      "hostname": "taleo.net",
      "host_provider": [
        "Oracle Corporation"
      ],
      "computed": {
        "company_name": "Oracle Corporation"
      },
      "alexa_rank": 413
    }
  ],
  "record_count": 2,
  "meta": {
    "total_pages": 1,
    "query": "whois_email = 'domain-contact_ww_grp@oracle.com'",
    "page": 1,
    "max_page": 100
  },
  "endpoint": "/v1/search/list"
}
{
  "message": "values contain invalid characters"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

include_ips
boolean

Resolves any A records and additionally returns IP addresses.

page
int32

The page of the returned results.

scroll
boolean

Request scrolling. See the Scrolling API endpoint.

Body Params

query
string
required
 

Professional Plan or higher required

Using this API endpoint requires a subscription to our Professional Plan (or higher).
DSL 'like' statements requires a subscription to our Business Plan.

Available fields

For a full description including examples please see How to use the DSL.

  • ipv4
  • ipv6
  • mx
  • ns
  • cname
  • subdomain
  • apex_domain
  • soa_email
  • tld
  • whois_email
  • whois_street1
  • whois_street2
  • whois_street3
  • whois_street4
  • whois_telephone
  • whois_postalCode
  • whois_organization
  • whois_name
  • whois_fax
  • whois_city
  • keyword
  • dropped (false is the default)
  • private_registration
  • computed_organization

This endpoint supports scrolling

Scrolling allows you to fetch many pages of results in an easy way. Check out the Scrolling API.

Suggest Edits

Search statistics

 
posthttps://api.securitytrails.com/v1/domains/stats
curl --request POST \
  --url 'https://api.securitytrails.com/v1/domains/stats?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/domains/stats',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domains/stats?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/domains/stats?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domains/stats"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "tld_count": 54,
  "hostname_count": 655,
  "domain_count": 655
}
{
  "message": "values contain invalid characters"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

Body Params

filter
object
 
filter.ipv4
string

Can include a CIDR subnet mask

filter.ipv6
string
filter.apex_domain
string
filter.keyword
string
filter.mx
string
filter.ns
string
filter.cname
string
filter.subdomain
string
filter.soa_email
string
filter.tld
string
filter.whois_email
string
filter.whois_street1
string
filter.whois_street2
string
filter.whois_street3
string
filter.whois_street4
string
filter.whois_telephone
string
filter.whois_postalCode
string
filter.whois_organization
string
filter.whois_name
string
filter.whois_fax
string
filter.whois_city
string
query
string
 

Please see Search Domain (filter) and Search Domain (DSL) for the full reference on how to use search. This endpoints accepts both, filters and DSL queries. The returned object contains:

  • tld count
  • hostname count
  • domain count
 
Suggest Edits

DNS history by record type

Lists out specific historical information about the given hostname parameter

 
gethttps://api.securitytrails.com/v1/history/hostname/dns/type
curl --request GET \
  --url 'https://api.securitytrails.com/v1/history/oracle.com/dns/a?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/history/oracle.com/dns/a',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/history/oracle.com/dns/a?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/history/oracle.com/dns/a?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/history/oracle.com/dns/a"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "pages": 1,
  "type": "a/ipv4",
  "records": [
    {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ],
      "organizations": [
        "netDNA"
      ],
      "last_seen": "2016-05-31"
    },
    {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ],
      "organizations": [
        "netDNA"
      ],
      "last_seen": "2016-05-31"
    },
    {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ],
      "organizations": [
        "netDNA"
      ],
      "last_seen": "2016-05-31"
    }
  ]
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required
type
string
required

allowed values: a, aaaa, mx, ns, soa or txt

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

The page of the returned results

 

The returned data is paginated with 100 records are shown per page.

Supported record types

The API currently supports a, aaaa, mx, ns, soa and txt records.
If you are looking for other record types, please contact us.

In addition of fetching the historical data for particular type, the count statistic is returned aswel, which represents the number of that particular resource against current data. (a records will have an ip_count field which will represent the number of records that has the same IP as that particular
record)

These types represent the historical records below, respectively:

  • a - Ipv4 historical data
  • aaaa - Ipv6 historical data
  • mx - Mail Exchanger historical data
  • ns - Name server historical data
  • soa - SOA historical data
  • txt - TXT historical data
Suggest Edits

WHOIS history by domain

Returns historical WHOIS information about the given domain

 
gethttps://api.securitytrails.com/v1/history/hostname/whois
curl --request GET \
  --url 'https://api.securitytrails.com/v1/history/oracle.com/whois?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/history/oracle.com/whois',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/history/oracle.com/whois?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/history/oracle.com/whois?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/history/oracle.com/whois"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "result": {
    "items": [
      {
        "domain": "securitytrails.com",
        "status": [
          "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
          "clientTransferProhibited https://icann.org/epp#clientTransferProhibited"
        ],
        "registrarName": "MONIKER ONLINE SERVICES LLC",
        "nameServers": [
          "NS0.DNSMADEEASY.COM",
          "NS1.DNSMADEEASY.COM"
        ],
        "started": 1496321354991,
        "ended": 1496321354991,
        "expiresDate": 1517749970791,
        "updatedDate": 1485263570791,
        "createdDate": 1075900370791,
        "contactEmail": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
        "contacts": [
          {
            "type": "registrant",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "administrativeContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "technicalContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          }
        ]
      },
      {
        "domain": "securitytrails.com",
        "status": [
          "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
          "clientTransferProhibited https://icann.org/epp#clientTransferProhibited"
        ],
        "registrarName": "MONIKER ONLINE SERVICES LLC",
        "nameServers": [
          "NS0.DNSMADEEASY.COM",
          "NS1.DNSMADEEASY.COM"
        ],
        "started": 1496321354991,
        "ended": 1496321354991,
        "expiresDate": 1517749970791,
        "updatedDate": 1485263570791,
        "createdDate": 1075900370791,
        "contactEmail": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
        "contacts": [
          {
            "type": "registrant",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "administrativeContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "technicalContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          }
        ]
      }
    ]
  }
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

The page of the returned results

 

Prototyper Plan or higher required

Using this API endpoint requires a subscription to our Prototyper Plan (or higher).

Suggest Edits

Explore IPs

Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses.

 
gethttps://api.securitytrails.com/v1/ips/nearby/ipaddress
curl --request GET \
  --url 'https://api.securitytrails.com/v1/ips/nearby/8.8.8.8?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/ips/nearby/8.8.8.8',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ips/nearby/8.8.8.8?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/ips/nearby/8.8.8.8?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ips/nearby/8.8.8.8"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "blocks": [
    {
      "ip_count": 3,
      "ip": "1.1.1.0/32"
    },
    {
      "ip_count": 19247,
      "ip": "1.1.1.1/32",
      "current": true
    },
    {
      "ip_count": 64,
      "ip": "1.1.1.2/32"
    },
    {
      "ip_count": 13,
      "ip": "1.1.1.3/32"
    },
    {
      "ip_count": 6,
      "ip": "1.1.1.4/32"
    },
    {
      "ip_count": 7,
      "ip": "1.1.1.5/32"
    },
    {
      "ip_count": 2,
      "ip": "1.1.1.6/32"
    },
    {
      "ip_count": 2,
      "ip": "1.1.1.7/32"
    },
    {
      "ip_count": 2,
      "ip": "1.1.1.8/32"
    },
    {
      "ip_count": 3,
      "ip": "1.1.1.9/32"
    },
    {
      "ip_count": 5,
      "ip": "1.1.1.10/32"
    },
    {
      "sites": 13,
      "ip": "1.1.1.11/32"
    },
    {
      "ip_count": 332,
      "ip": "1.1.1.12/32"
    },
    {
      "ip_count": 0,
      "ip": "1.1.1.13/32"
    },
    {
      "ip_count": 0,
      "ip": "1.1.1.14/32"
    },
    {
      "ip_count": 0,
      "ip": "1.1.1.15/32"
    }
  ]
}
{
  "message": "The IP mask is not supported"
}

Path Params

ipaddress
string
required

Starting IP address (optionally with CIDR subnet mask)

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 

Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses. This works by providing a specific IP address (or by starting at the whole unzoomed level). Explorer will always yield IPs that will be grouped in blocks, so the output will always be 16.

Examples

  • Searching for /28 block will return all 16 /32 IP addresses in /28 block.
  • Searching for /24 block will return all /28 IP blocks in /24 block.
Suggest Edits

Search IPs (DSL)

 
posthttps://api.securitytrails.com/v1/ips/list
curl --request POST \
  --url 'https://api.securitytrails.com/v1/ips/list?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/ips/list',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ips/list?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/ips/list?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ips/list"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "records": [
    {
      "ptr": "ns1",
      "ip": "109.73.164.63"
    },
    {
      "ptr": "ns1",
      "ports": [
        22
      ],
      "ip": "138.128.164.19"
    },
    {
      "ptr": "ns1",
      "ports": [
        21,
        22,
        80,
        443
      ],
      "ip": "138.128.168.3"
    }
  ],
  "record_count": 3,
  "meta": {
    "total_pages": 1,
    "query": "ptr_part = 'ns1'",
    "page": 1,
    "max_page": 100
  },
  "endpoint": "/v1/ips/list"
}
{
	"message": "Syntax error.",
	"endpoint": "/v1/ips/list"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

Body Params

query
string
required

The DSL query you want to run against the IPs database.

 

Professional Plan or higher required

Using this API endpoint requires a subscription to our Professional Plan (or higher).
DSL 'like' statements requires a subscription to our Business Plan.

Available fields to query in the IPs database:

  • ptr_part - matches the end of the ptr record. it must exactly match a fragment so for example microsoft.com would match any ptr record that ends with microsoft.com test.microsoft.com would match, but test.otherserviceatmicrosoft.com would not.

  • ptr - matches the full ptr record exactly

  • port - matches open ports. These are numeric so operators like between gt lt > >= <= etc. are all supported. e.g. port between 1000 and 4000 or port <= 100. We are keeping the following ports in our index: FTP 21, FTPs 990, HTTP 80, HTTPS 443, Redis 6379, SSH 22, CouchDB 5984, ElasticSearch 9200, Memcached 11211

  • ip - matches the ip address. network masks are supported. e.g. 1.1.1.1/24

Example DSL query

ip in ('1.1.1.1/24', '2.2.2.2/24' and ptr_part != 'microsoft.com') or (ptr_part = 
'microsoft.com' and ip = '3.3.3.3/24')
Suggest Edits

IP Search statistics

 
posthttps://api.securitytrails.com/v1/ips/stats
curl --request POST \
  --url 'https://api.securitytrails.com/v1/ips/stats?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/ips/stats',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ips/stats?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/ips/stats?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ips/stats"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
	"top_ptr_patterns": [
		{
			"key": "x-x.amazon.com",
			"count": 6787
		},
		{
			"key": "x-x-x-x.amazon.com",
			"count": 3254
		},
		{
			"key": "smtp-out-x-x.amazon.com",
			"count": 662
		},
		{
			"key": "freeip.amazon.com",
			"count": 220
		}
	],
	"ports": [
		{
			"key": 443,
			"count": 246
		},
		{
			"key": 80,
			"count": 79
		},
		{
			"key": 22,
			"count": 5
		},
		{
			"key": 21,
			"count": 2
		}
	],
	"total": 11899,
	"endpoint": "/v1/ips/stats"
}
{
  "message": "values contain invalid characters"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

Body Params

query
string
required
 

Please see Search IPs for the full reference on how to use search. By appending /stats at the end of the search URL, instead of getting the usual records, a stats object is given in the response. This object contains some useful information like:

  • Reverse DNS pattern identification (RDNS entries are grouped and displayed as x)
  • ports (number of open ports found)
  • total results
Suggest Edits

Feeds

Download full feeds of e.g. domains flatfile

 
Suggest Edits

Domains

Fetch zone files including authoritative nameservers with ease

 
gethttps://api.securitytrails.com/v1/feeds/domains/type
curl --request GET \
  --url 'https://api.securitytrails.com/v1/feeds/domains/type?apikey=apikey'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/feeds/domains/type',
  qs: { apikey: 'apikey' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/feeds/domains/type?apikey=apikey")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/feeds/domains/type?apikey=apikey");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/feeds/domains/type"

querystring = {"apikey":"apikey"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

The output is a .csv.gz binary file.
{
  "message": "Unsupported type. We support the following: new, all, dropped"
}

Path Params

type
string
required

valid values are "all", "dropped" or "new"

Query Params

apikey
string
required
filter
string

valid values are "cctld" and "gtld"

tld
string

Can be used to only return domains of a specific tld, such as "com"

ns
boolean

show nameservers in the list

 

Addon subscription required

Using this API endpoint requires an addon subscription. Learn more.

Download a list of domains based on a TLD or domain filter (gTLD, ccTLD). The response itself is streamed to a file, which means the data is received in chunks.

Whenever the TLD parameter is specified it takes priority over specifying filters.
The nameservers option works only for type and tld lookups.