SecurityTrails Developer Hub

The SecurityTrails Developer Hub

Welcome to the SecurityTrails developer hub. You'll find comprehensive guides and documentation to help you start working with SecurityTrails as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started
Suggest Edits

General

The following are general purpose end points to test the SecurityTrails API and to get overall usage data.

 
Suggest Edits

Ping

You can use this simple endpoint to test your authentication and access to the SecurityTrails API.

 
gethttps://api.securitytrails.com/v1/ping
curl --request GET \
  --url 'https://api.securitytrails.com/v1/ping?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/ping',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ping?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/ping?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ping"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "success": true
}
{
    "message": "Invalid API key"
}
{
    "message": "API rate limit exceeded"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 
Suggest Edits

Usage (Coming soon)

 
gethttps://api.securitytrails.com/v1/account/usage
** Please note that this API request is currently unavailable. **
A binary file was returned

You couldn't be authenticated

{
  "this_month": {
    "total_used": 123,
    "total_available": 200,
    "projected_used": 250,
    "overage_rate": 0.05
  }
}
 

The stats provided are for the present month and include:

  • total_used - The number of API requests made
  • total_available - The total available number of API requests for the month
  • projected_used - The projected number of API calls you will make this month
  • overage_rate - The rate per requests (in USD) you will pay once you hit your quota if auto-billing is enabled (in increments of 1000 requests).
Suggest Edits

Domain details

 
Suggest Edits

Get Domain

Returns the current data about the given domain. In addition to the current data, you also get the current statistics associated with a particular record. For example, for a records you'll get how many other domains have the same IP.

 
gethttps://api.securitytrails.com/v1/domain/hostname
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "hostname": "securitytrails.com",
  "alexa_rank": 83756,
  "current_dns": {
    "a": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ]
    },
    "aaaa": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
          "ip_count": 10231
        }
      ]
    },
    "mx": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "priority": 50,
          "host": "aspmx5.googlemail.com",
          "host_count": 102341
        },
        {
          "priority": 40,
          "host": "aspmx4.googlemail.com",
          "host_count": 200123
        }
      ]
    },
    "ns": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "nameserver": "ns4.dnsmadeeasy.com",
          "nameserver_count": 5213
        },
        {
          "nameserver": "ns3.dnsmadeeasy.com",
          "nameserver_count": 1223
        }
      ]
    },
    "soa": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ttl": 43200,
          "email": "dns.dnsmadeeasy.com",
          "email_count": 10
        }
      ]
    },
    "txt": {
      "first_seen": "2017-05-26",
      "values": [
        {
          "value": "v=spf1 a mx include:spf.google.com include:sendgrid.net  include:spf.mandrillapp.com"
        },
        {
          "value": "include:datadrivenemail.com ?all, google-site-verification=GbnLta6smBzoW8Oes1WafBhRoBwx4YSnvY8SFoQHmpI"
        }
      ]
    }
  }
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 

The data set contains the following info:

  • a - IPv4 current data
  • aaaa - IPv6 current data
  • mx - Mail Exchanger current data
  • ns - Name server current data
  • soa - SOA current data
  • txt - TXT current data
Suggest Edits

List Subdomains

Returns subdomains for a given hostname

 
gethttps://api.securitytrails.com/v1/domain/hostname/subdomains
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com/subdomains?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com/subdomains',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com/subdomains?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com/subdomains?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com/subdomains"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "subdomains": [
    "api",
    "em",
    "mail",
    "www"
  ]
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 
Suggest Edits

List Tags

Returns tags for a given hostname

 
gethttps://api.securitytrails.com/v1/domain/hostname/tags
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com/tags?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com/tags',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com/tags?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com/tags?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com/tags"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "tags": [
    "porn"
  ]
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 
Suggest Edits

Find associated domains

Find all domains that are related to a domain you input

 
gethttps://api.securitytrails.com/v1/domain/hostname/associated
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/google.com/associated?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/google.com/associated',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/google.com/associated?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/google.com/associated?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/google.com/associated"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "records": [
    {
      "whois": {
        "registrar": "MarkMonitor Inc.",
        "expiresDate": 1518671592000,
        "createdDate": 1108444392000
      },
      "mail_provider": [
        "Google Inc."
      ],
      "hostname": "youtube.com",
      "host_provider": [
        "Google Inc."
      ],
      "computed": {
        "company_name": "Google Inc."
      },
      "alexa_rank": 2
    },
    {
      "whois": {
        "registrar": "MarkMonitor Inc. (R84-AFIN)",
        "expiresDate": 1498226553000,
        "createdDate": 1056376953000
      },
      "mail_provider": [
        "Google Inc."
      ],
      "hostname": "google.co.in",
      "host_provider": [
        "Google Inc."
      ],
      "computed": {
        "company_name": "Google Inc."
      },
      "alexa_rank": 7
    },
    {
      "whois": {
        "registrar": null,
        "expiresDate": null,
        "createdDate": null
      },
      "mail_provider": [
        "Google Inc."
      ],
      "hostname": "google.de",
      "host_provider": [
        "Google Inc."
      ],
      "computed": {
        "company_name": null
      },
      "alexa_rank": 23
    }
  ],
  "record_count": 3,
  "meta": {
    "total_pages": 1,
    "query": "whois_email = 'dns-admin@google.com'",
    "page": 1,
    "max_page": 100
  },
  "endpoint": "/v1/domain/google.com/associated"
}
{
	"message": "Request could not be completed",
	"endpoint": "/v1/domain/.../associated"
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 

Business Plan or higher required

Using this API endpoint requires a subscription to our Business Plan (or higher).

How we find associated domains
We go through the most recent WHOIS data of the input domain and try to find identifying email addresses or organizations that we could use to identify domains that have a relationship with the input domain. If the input domain is privacy guarded, the domains WHOIS history is used to pull email addresses/organizations. Our algorithms are constantly refined to provide the best results possible.

Refining the search further
The JSON we return contains a query field. This field is the DSL - DSL - DSL stands for “Domains Specific Language” query we used to find the results we are displaying. Using this query, you can add your own refinements and run it through our Domain Search API.

Suggest Edits

Get WHOIS

Returns the current WHOIS data about a given domain with the stats merged together

 
gethttps://api.securitytrails.com/v1/domain/hostname/whois
curl --request GET \
  --url 'https://api.securitytrails.com/v1/domain/oracle.com/whois?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/domain/oracle.com/whois',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domain/oracle.com/whois?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/domain/oracle.com/whois?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domain/oracle.com/whois"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "domain": "securitytrails.com",
  "status": [
    "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
    "clientTransferProhibited https://icann.org/epp#clientTransferProhibited"
  ],
  "registrarName": "MONIKER ONLINE SERVICES LLC",
  "nameServers": [
    "NS0.DNSMADEEASY.COM",
    "NS1.DNSMADEEASY.COM"
  ],
  "started": 1496321354991,
  "ended": 1496321354991,
  "expiresDate": 1517749970791,
  "updatedDate": 1485263570791,
  "createdDate": 1075900370791,
  "contactEmail": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
  "contacts": [
    {
      "type": "registrant",
      "telephone": "18006886311",
      "street1": "2320 NE 9th St, Second Floor",
      "street2": "Suite 2211",
      "street3": "",
      "street4": "",
      "state": "FL",
      "postalCode": "33304",
      "organization": "Moniker Privacy Services",
      "name": "Moniker Privacy Services",
      "fax": "19545859186",
      "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
      "country": "UNITED STATES",
      "city": "Fort Lauderdale",
      "telephone_count": 10,
      "street1_count": 5,
      "street2_count": 5,
      "street3_count": 5,
      "street4_count": 5,
      "postalCode_count": 12123,
      "organization_count": 2,
      "name_count": 10,
      "fax_count": 24,
      "email_count": 2,
      "city_count": 285943
    },
    {
      "type": "registrant",
      "telephone": "18006886311",
      "street1": "2320 NE 9th St, Second Floor",
      "street2": "Suite 2211",
      "street3": "",
      "street4": "",
      "state": "FL",
      "postalCode": "33304",
      "organization": "Moniker Privacy Services",
      "name": "Moniker Privacy Services",
      "fax": "19545859186",
      "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
      "country": "UNITED STATES",
      "city": "Fort Lauderdale",
      "telephone_count": 10,
      "street1_count": 5,
      "street2_count": 5,
      "street3_count": 5,
      "street4_count": 5,
      "postalCode_count": 12123,
      "organization_count": 2,
      "name_count": 10,
      "fax_count": 24,
      "email_count": 2,
      "city_count": 285943
    },
    "type: administrativeContact",
    {
      "type": "registrant",
      "telephone": "18006886311",
      "street1": "2320 NE 9th St, Second Floor",
      "street2": "Suite 2211",
      "street3": "",
      "street4": "",
      "state": "FL",
      "postalCode": "33304",
      "organization": "Moniker Privacy Services",
      "name": "Moniker Privacy Services",
      "fax": "19545859186",
      "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
      "country": "UNITED STATES",
      "city": "Fort Lauderdale",
      "telephone_count": 10,
      "street1_count": 5,
      "street2_count": 5,
      "street3_count": 5,
      "street4_count": 5,
      "postalCode_count": 12123,
      "organization_count": 2,
      "name_count": 10,
      "fax_count": 24,
      "email_count": 2,
      "city_count": 285943
    },
    "type: technicalContact"
  ]
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 

Prototyper Plan or higher required

Using this API endpoint requires a subscription to our Prototyper Plan (or higher).

Suggest Edits

Search Domain (DSL)

Filter and search specific records using our DSL with this endpoint

 
posthttps://api.securitytrails.com/v1/domains/list
curl --request POST \
  --url 'https://api.securitytrails.com/v1/domains/list?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/domains/list',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domains/list?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/domains/list?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domains/list"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "records": [
    {
      "whois": {
        "registrar": "MarkMonitor Inc.",
        "expiresDate": 1512104400000,
        "createdDate": 597042000000
      },
      "mail_provider": [
        "Oracle Corporation"
      ],
      "hostname": "oracle.com",
      "host_provider": [
        "Oracle Corporation"
      ],
      "computed": {
        "company_name": "Oracle Corporation"
      },
      "alexa_rank": 352
    },
    {
      "whois": {
        "registrar": "Tucows Domains Inc.",
        "expiresDate": 1529093746000,
        "createdDate": 1118866546000
      },
      "mail_provider": [
        "Oracle Corporation"
      ],
      "hostname": "taleo.net",
      "host_provider": [
        "Oracle Corporation"
      ],
      "computed": {
        "company_name": "Oracle Corporation"
      },
      "alexa_rank": 413
    }
  ],
  "record_count": 2,
  "meta": {
    "total_pages": 1,
    "query": "whois_email = 'domain-contact_ww_grp@oracle.com'",
    "page": 1,
    "max_page": 100
  },
  "endpoint": "/v1/search/list"
}
{
  "message": "values contain invalid characters"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

The page of the returned results.

Body Params

query
string
required
 

Professional Plan or higher required

Using this API endpoint requires a subscription to our Professional Plan (or higher).
DSL 'like' statements requires a subscription to our Business Plan.

Available fields

For a full description including examples please see How to use the DSL.

  • ipv4
  • ipv6
  • mx
  • ns
  • cname
  • subdomain
  • apex_domain
  • soa_email
  • tld
  • whois_email
  • whois_street1
  • whois_street2
  • whois_street3
  • whois_street4
  • whois_telephone
  • whois_postalCode
  • whois_organization
  • whois_name
  • whois_fax
  • whois_city
  • keyword
  • dropped (false is the default)
  • private_registration
  • computed_organization
Suggest Edits

Search statistics

 
posthttps://api.securitytrails.com/v1/domains/stats
curl --request POST \
  --url 'https://api.securitytrails.com/v1/domains/stats?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/domains/stats',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/domains/stats?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/domains/stats?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/domains/stats"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "tld_count": 54,
  "hostname_count": 655,
  "domain_count": 655
}
{
  "message": "values contain invalid characters"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

Body Params

filter
object
 
filter.ipv4
string

Can include a CIDR subnet mask

filter.ipv6
string
filter.apex_domain
string
filter.keyword
string
filter.mx
string
filter.ns
string
filter.cname
string
filter.subdomain
string
filter.soa_email
string
filter.tld
string
filter.whois_email
string
filter.whois_street1
string
filter.whois_street2
string
filter.whois_street3
string
filter.whois_street4
string
filter.whois_telephone
string
filter.whois_postalCode
string
filter.whois_organization
string
filter.whois_name
string
filter.whois_fax
string
filter.whois_city
string
query
string
 

Please see Search Domain (filter) and Search Domain (DSL) for the full reference on how to use search. This endpoints accepts both, filters and DSL queries. The returned object contains:

  • tld count
  • hostname count
  • domain count
 
Suggest Edits

DNS history by record type

Lists out specific historical information about the given hostname parameter

 
gethttps://api.securitytrails.com/v1/history/hostname/dns/type
curl --request GET \
  --url 'https://api.securitytrails.com/v1/history/oracle.com/dns/a?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/history/oracle.com/dns/a',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/history/oracle.com/dns/a?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/history/oracle.com/dns/a?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/history/oracle.com/dns/a"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "pages": 1,
  "type": "a/ipv4",
  "records": [
    {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ],
      "organizations": [
        "netDNA"
      ],
      "last_seen": "2016-05-31"
    },
    {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ],
      "organizations": [
        "netDNA"
      ],
      "last_seen": "2016-05-31"
    },
    {
      "first_seen": "2017-05-26",
      "values": [
        {
          "ip": "200.121.20.1",
          "ip_count": 10231
        }
      ],
      "organizations": [
        "netDNA"
      ],
      "last_seen": "2016-05-31"
    }
  ]
}
{
  "message": "The requested domain has invalid characters"
}

Path Params

hostname
string
required
type
string
required

allowed values: a, aaaa, mx, ns, soa or txt

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

The page of the returned results

 

The returned data is paginated with 100 records are shown per page.

Supported record types

The API currently supports a, aaaa, mx, ns, soa and txt records.
If you are looking for other record types, please contact us.

In addition of fetching the historical data for particular type, the count statistic is returned aswel, which represents the number of that particular resource against current data. (a records will have an ip_count field which will represent the number of records that has the same IP as that particular
record)

These types represent the historical records below, respectively:

  • a - Ipv4 historical data
  • aaaa - Ipv6 historical data
  • mx - Mail Exchanger historical data
  • ns - Name server historical data
  • soa - SOA historical data
  • txt - TXT historical data
Suggest Edits

WHOIS history by domain

Returns historical WHOIS information about the given domain

 
gethttps://api.securitytrails.com/v1/history/hostname/whois
curl --request GET \
  --url 'https://api.securitytrails.com/v1/history/oracle.com/whois?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/history/oracle.com/whois',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/history/oracle.com/whois?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/history/oracle.com/whois?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/history/oracle.com/whois"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "result": {
    "items": [
      {
        "domain": "securitytrails.com",
        "status": [
          "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
          "clientTransferProhibited https://icann.org/epp#clientTransferProhibited"
        ],
        "registrarName": "MONIKER ONLINE SERVICES LLC",
        "nameServers": [
          "NS0.DNSMADEEASY.COM",
          "NS1.DNSMADEEASY.COM"
        ],
        "started": 1496321354991,
        "ended": 1496321354991,
        "expiresDate": 1517749970791,
        "updatedDate": 1485263570791,
        "createdDate": 1075900370791,
        "contactEmail": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
        "contacts": [
          {
            "type": "registrant",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "administrativeContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "technicalContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          }
        ]
      },
      {
        "domain": "securitytrails.com",
        "status": [
          "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
          "clientTransferProhibited https://icann.org/epp#clientTransferProhibited"
        ],
        "registrarName": "MONIKER ONLINE SERVICES LLC",
        "nameServers": [
          "NS0.DNSMADEEASY.COM",
          "NS1.DNSMADEEASY.COM"
        ],
        "started": 1496321354991,
        "ended": 1496321354991,
        "expiresDate": 1517749970791,
        "updatedDate": 1485263570791,
        "createdDate": 1075900370791,
        "contactEmail": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
        "contacts": [
          {
            "type": "registrant",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "administrativeContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          },
          {
            "type": "technicalContact",
            "telephone": "18006886311",
            "street1": "2320 NE 9th St, Second Floor",
            "street2": "Suite 2211",
            "street3": "",
            "street4": "",
            "state": "FL",
            "postalCode": "33304",
            "organization": "Moniker Privacy Services",
            "name": "Moniker Privacy Services",
            "fax": "19545859186",
            "email": "583deb4451349adee6102bad59627c5e24d92f98f62f6b26aa56a905555a607e@securitytrails.com.whoisproxy.org",
            "country": "UNITED STATES",
            "city": "Fort Lauderdale",
            "telephone_count": 10,
            "street1_count": 5,
            "street2_count": 5,
            "street3_count": 5,
            "street4_count": 5,
            "postalCode_count": 12123,
            "organization_count": 2,
            "name_count": 10,
            "fax_count": 24,
            "email_count": 2,
            "city_count": 285943
          }
        ]
      }
    ]
  }
}

Path Params

hostname
string
required

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

The page of the returned results

 

Prototyper Plan or higher required

Using this API endpoint requires a subscription to our Prototyper Plan (or higher).

Suggest Edits

Explore IPs

Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses.

 
gethttps://api.securitytrails.com/v1/ips/nearby/ipaddress
curl --request GET \
  --url 'https://api.securitytrails.com/v1/ips/nearby/8.8.8.8?apikey=your_api_key'
var request = require("request");

var options = { method: 'GET',
  url: 'https://api.securitytrails.com/v1/ips/nearby/8.8.8.8',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ips/nearby/8.8.8.8?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api.securitytrails.com/v1/ips/nearby/8.8.8.8?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ips/nearby/8.8.8.8"

querystring = {"apikey":"your_api_key"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "blocks": [
    {
      "ip_count": 3,
      "ip": "1.1.1.0/32"
    },
    {
      "ip_count": 19247,
      "ip": "1.1.1.1/32",
      "current": true
    },
    {
      "ip_count": 64,
      "ip": "1.1.1.2/32"
    },
    {
      "ip_count": 13,
      "ip": "1.1.1.3/32"
    },
    {
      "ip_count": 6,
      "ip": "1.1.1.4/32"
    },
    {
      "ip_count": 7,
      "ip": "1.1.1.5/32"
    },
    {
      "ip_count": 2,
      "ip": "1.1.1.6/32"
    },
    {
      "ip_count": 2,
      "ip": "1.1.1.7/32"
    },
    {
      "ip_count": 2,
      "ip": "1.1.1.8/32"
    },
    {
      "ip_count": 3,
      "ip": "1.1.1.9/32"
    },
    {
      "ip_count": 5,
      "ip": "1.1.1.10/32"
    },
    {
      "sites": 13,
      "ip": "1.1.1.11/32"
    },
    {
      "ip_count": 332,
      "ip": "1.1.1.12/32"
    },
    {
      "ip_count": 0,
      "ip": "1.1.1.13/32"
    },
    {
      "ip_count": 0,
      "ip": "1.1.1.14/32"
    },
    {
      "ip_count": 0,
      "ip": "1.1.1.15/32"
    }
  ]
}
{
  "message": "The IP mask is not supported"
}

Path Params

ipaddress
string
required

Starting IP address (optionally with CIDR subnet mask)

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

 

Business Plan or higher required

Using this API endpoint requires a subscription to our Business Plan (or higher).

Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses. This works by providing a specific IP address (or by starting at the whole unzoomed level). Explorer will always yield IPs that will be grouped in blocks, so the output will always be 16.

Examples

  • Searching for /28 block will return all 16 /32 IP addresses in /28 block.
  • Searching for /24 block will return all /28 IP blocks in /24 block.
Suggest Edits

Search IPs (DSL)

 
posthttps://api.securitytrails.com/v1/ips/list
curl --request POST \
  --url 'https://api.securitytrails.com/v1/ips/list?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/ips/list',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ips/list?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/ips/list?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ips/list"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  "records": [
    {
      "ptr": "ns1",
      "ip": "109.73.164.63"
    },
    {
      "ptr": "ns1",
      "ports": [
        22
      ],
      "ip": "138.128.164.19"
    },
    {
      "ptr": "ns1",
      "ports": [
        21,
        22,
        80,
        443
      ],
      "ip": "138.128.168.3"
    }
  ],
  "record_count": 3,
  "meta": {
    "total_pages": 1,
    "query": "ptr_part = 'ns1'",
    "page": 1,
    "max_page": 100
  },
  "endpoint": "/v1/ips/list"
}
{
	"message": "Syntax error.",
	"endpoint": "/v1/ips/list"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

page
int32

Body Params

query
string
required

The DSL query you want to run against the IPs database.

 

Professional Plan or higher required

Using this API endpoint requires a subscription to our Professional Plan (or higher).
DSL 'like' statements requires a subscription to our Business Plan.

Available fields to query in the IPs database:

  • ptr_part - matches the end of the ptr record. it must exactly match a fragment so for example microsoft.com would match any ptr record that ends with microsoft.com test.microsoft.com would match, but test.otherserviceatmicrosoft.com would not.

  • ptr - matches the full ptr record exactly

  • port - matches open ports. These are numeric so operators like between gt lt > >= <= etc. are all supported. e.g. port between 1000 and 4000 or port <= 100. We are keeping the following ports in our index: FTP 21, FTPs 990, HTTP 80, HTTPS 443, Redis 6379, SSH 22, CouchDB 5984, ElasticSearch 9200, Memcached 11211

  • ip - matches the ip address. network masks are supported. e.g. 1.1.1.1/24

Example DSL query

ip in ('1.1.1.1/24', '2.2.2.2/24' and ptr_part != 'microsoft.com') or (ptr_part = 
'microsoft.com' and ip = '3.3.3.3/24')
Suggest Edits

IP Search statistics

 
posthttps://api.securitytrails.com/v1/ips/stats
curl --request POST \
  --url 'https://api.securitytrails.com/v1/ips/stats?apikey=your_api_key'
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.securitytrails.com/v1/ips/stats',
  qs: { apikey: 'your_api_key' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://api.securitytrails.com/v1/ips/stats?apikey=your_api_key")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.securitytrails.com/v1/ips/stats?apikey=your_api_key");

xhr.send(data);
import requests

url = "https://api.securitytrails.com/v1/ips/stats"

querystring = {"apikey":"your_api_key"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
	"top_ptr_patterns": [
		{
			"key": "x-x.amazon.com",
			"count": 6787
		},
		{
			"key": "x-x-x-x.amazon.com",
			"count": 3254
		},
		{
			"key": "smtp-out-x-x.amazon.com",
			"count": 662
		},
		{
			"key": "freeip.amazon.com",
			"count": 220
		}
	],
	"ports": [
		{
			"key": 443,
			"count": 246
		},
		{
			"key": 80,
			"count": 79
		},
		{
			"key": 22,
			"count": 5
		},
		{
			"key": 21,
			"count": 2
		}
	],
	"total": 11899,
	"endpoint": "/v1/ips/stats"
}
{
  "message": "values contain invalid characters"
}

Query Params

apikey
string
required

Your SecurityTrails API key. See authentication documentation

Body Params

query
string
required
 

Please see Search IPs for the full reference on how to use search. By appending /stats at the end of the search URL, instead of getting the usual records, a stats object is given in the response. This object contains some useful information like:

  • Reverse DNS pattern identification (RDNS entries are grouped and displayed as x)
  • ports (number of open ports found)
  • total results