WHOIS, DNS, SSL, headers, screenshots, reputation, email security, subdomains, CT logs, BGP and ASN, fingerprinting, threat intelligence, and DNS security (DNSSEC/CAA) in one request — with an aggregate risk score in every response.
Sub-lookups can fail without failing the request. In those cases the API still returns 200 OK and surfaces the affected lookup details in the per-result errors array.
Tracing
Request Correlation
Pass an optional X-Client-Request-ID header for end-to-end tracing. The API echoes it back in response headers and includes it in server-side logs.
Self-Service
Account & Keys
Every plan can inspect its own usage and rotate its API key without contacting support.
Endpoint
Description
GET/v1/usage
Your aggregated usage for the last 30 days (override with ?days=1..365): request counts, cache hit rate, latency, status codes, and feature usage.
POST/v1/keys/rotate
Issues a fresh API key, returned exactly once. Previous keys keep working for a 24-hour grace window so deployed clients can be switched over without downtime.
The rotated key cannot be retrieved again — store it immediately. The response includes old_keys_expire_at so you know exactly when previous keys stop working.
Release Notes
What's New
v0.53.0 2026-06-12
Improved reliability under load: heavy lookups are now bounded and isolated so one slow or failing lookup can't affect other requests
v0.52.0 2026-06-11
Every domain lookup now includes an aggregate risk score (0–100 with risk level and per-component breakdown) computed from all returned data
New dns_security option — DNSSEC deployment (DS/DNSKEY, signing algorithms) and CAA records, available on all plans
email_security now also checks MTA-STS (including the published policy), TLS-RPT, and BIMI
New GET /v1/usage — view your own request counts, cache hit rate, and feature usage
New POST /v1/keys/rotate — self-service API key rotation; old keys keep working for a 24h grace window
Machine-readable OpenAPI 3.1 spec now served at /docs/openapi.yaml
All responses now include Strict-Transport-Security, Referrer-Policy, and Content-Security-Policy headers
Failed lookups are now retried sooner: error responses cache for a short negative TTL instead of the full cache window
v0.51.0 2026-04-16
Subdomain enumeration is now subject to a tighter per-plan domain cap (subdomain.max_domains.*). The config keys and defaults shipped earlier; this is the missing enforcement
v0.50.1 2026-04-04
Domain normalization now strips any URL scheme (ftp, ssh, etc.), not just http/https
v0.50.0 2026-04-04
Domain inputs with paths, ports, query strings, and fragments are now normalized instead of rejected
v0.44.0 2026-04-03
DNS lookups now use external resolvers (Google, Cloudflare, OpenDNS) with automatic fallback
v0.41.0 2026-03-29
New endpoint: POST /v1/ip/lookup — GeoIP, ASN, reverse DNS, abuse contact, and threat intelligence for IP addresses
IP threat intelligence requires a pro plan (same as domain threat_intel)
GeoIP and ASN data powered by MaxMind GeoLite2 databases (loaded from disk, refreshable via admin endpoint)
v0.40.0 2026-03-28
Domain input validation now rejects ports, paths, query strings, fragments, and userinfo
v0.38.0 2026-03-22
Partial lookup failures now include error_count in the response for better client-side observability
v0.36.0 2026-03-19
VirusTotal provider is now best-effort when rate-limited instead of failing the whole lookup
Added threat intelligence section to API docs
v0.34.0 2026-03-17
Added Stripe billing integration with webhook handling and API key provisioning
New /billing/success page for post-checkout key retrieval
Customer Portal link for subscription management
v0.33.0 2026-03-16
Added threat intelligence lookups — VirusTotal, URLhaus, and AlienVault OTX with weighted scoring
Threat intel available for pro and admin plans via threat_intel option
v0.32.0 2026-03-15
Added BGP/ASN lookups with origin AS, prefix, and RIR information
BGP data available for all plans via bgp option
v0.31.0 2026-03-14
Added certificate transparency log lookups via crt.sh
CT log data available for all plans via ct_logs option
v0.30.0 2026-03-13
Added technology fingerprinting — detects web servers, frameworks, CDNs, and more from HTTP headers
~90 built-in detection rules, hot-reloadable via admin endpoint
v0.19.0 2026-03-05
Added subdomain enumeration via certificate transparency data
Subdomain results included in domain lookup response via subdomains option
v0.18.0 2026-03-04
Added X-Client-Request-ID header support for client-supplied request correlation
v0.16.0 2026-03-02
Added email security analysis — SPF, DKIM, and DMARC record validation
Email security available for all plans via email_security option
v0.15.0 2026-02-28
Plan-based limits on domains per request — free: 1, basic: 5, pro: 20