FAQ

Pre-Sales


Can I schedule a demo?
Yes, our team is available to perform demos. For scheduling, please contact our product experts.

Do you perform custom data jobs?
Yes. We have had significant success with custom data job performance for our clients, including projects dealing with associated domains and IPs, determining identification of multi-tenanted or single-tenanted IPs, and working with hedge funds. We have a great deal of resources and are equipped to deliver on many custom data jobs. For more information and to schedule a custom data job, please contact us at our Enterprise Sales department.

General


Why didn't I receive a verification email for my account?
Every new user needs to verify their account via email in order for their API key to be generated.
Occasionally, that email can be blocked or sent to the spam folder by a user's email service. If you are not receiving your verification email, please contact our support team so we can verify your account directly.

Can I change my account's email? Yes, you can do that from your account dashboard or by simply going to the link securitytrails.com/app/user/edit.

Do you pull associated domains from WHOIS and CT logs?
While we focus primarily on WHOIS signals, we're constantly adding more, including: CT logs, website copyright information, nameservers, IPs, tracking pixels and many other types of signals as WHOIS becomes less available due to GDPR.

How does GDPR hurt WHOIS results?
It undermines the reliability and usage of WHOIS data. We provide customers with historical WHOIS data, which can circumvent guarded WHOIS records.

How often is your WHOIS and DNS data updated?
Our WHOIS data, as well as all of our DNS data, is updated on a daily basis.

I can't find a certain domain or hostname—why isn't it there? Can you add it?
There are various reasons why the domain name you're looking for is not visible in our database. We're unable to add a domain name straight away, but you can report that domain to our support team and we'll be sure to include it in the future.

What Plan should I buy in order to download Feeds?
Feeds is a separate product from the API and requires you to subscribe to our feed service. For more information about Feeds please contact our team.

Do you sell a list of all the domains you know about?
Yes, we do. A list of all domains that we know is available on our Domain Data Feed. For more information about Feeds please contact our team.

Can I download WHOIS data in bulk?
At this time we do not offer bulk download of WHOIS data. The only way WHOIS data can be accessed is via our API or SurfaceBrowser™.

Can I buy a single TLD list of domains?
Yes, you can. For more information about purchasing a single TLD list of domains please contact our team.

Can I see older records than those presented on the website?
The historical DNS records shown on the web app are all the records we have for that domain.

I would like my personal information removed. How can I let you know?
Please submit a ticket to our support team with a link to the records in question. Should there be any sensitive or personally identifiable information included we will immediately forward your request for its removal to our Abuse team.

Do you accept payments via Alipay or WeChat?
Unfortunately we do not accept payments from Alipay or WeChat at this time. We do offer other convenient ways of payment for your subscription.

Do you accept Bitcoin or any other cryptocurrency payments?
Unfortunately we do not accept Bitcoin or other cryptocurrencies as a payment option at this time.

What time zone is used for your data output?
The time zone for our data output is the UTC time zone.

Website


Why are search results on the web app limited to 10 pages?
Search results on the website are currently limited to 10 pages to prevent data from being scraped. To see more results, you can use our API or one of our other products offered for purchase.

Why isn't my search by keyword working?
Keyword searches are specifically for searching the domain field. For example, "domain" would match www.domain.com, domain.io and mail.domain.co.uk but would not match www.somedomains.com or similar results. The Domain DSL on our API plans offers this feature.

Can I view WHOIS history on the web app?
Currently, WHOIS history is not available on the web app. However, WHOIS history is available via our API or SurfaceBrowser™.

Can I download search results on the web app?
Subscribing to SurfaceBrowser™ will you to download search results.

Technical


How do you generate the list of domains to lookup?
We use various methods for collecting domains. GTLDs and .ru, .uk, .se and .nu ccTLD zones are generated from their master zone files. All other ccTLDs are collected by Web Scrapers, Certificate Transparency logs, Scraping Wikipedia, Pastebin, and others — sabout 30 sources in total.

How do you generate the list of subdomains to lookup?
After we get the list of domains we check them to find subdomains. There are about 30 sources for subdomains.

How do you look up domains?
You can lookup domains directly on our web app. Just go to our website's main page securitytrails.com and once you open it you will see a search box. Input the desired domain name there, click on search and you'll get DNS records for that domain.

How many domains do you have?
We currently have around 320 million domains in our database. You can check out our daily domain statistics here: securitytrails.com/stats.

How many new domains do you find per day?
The number of newly added domains varies each day, and for more details you can check our domain statistics page. There you'll find the Top Level Domain Stats where you can see how many domains are added and how many are deleted.

How long does it take for a new domain to appear in the search?
Based on how we gather domain names, it can take up to 48 hours for gTLDs, depending on the time of day the domain was registered. For most ccTLDs with no available master zone files, it can take longer.

If I change my DNS records, how long does it take for these changes to show up in the search?
While we resolve all domains daily, it can take up to 36 hours for new records to show up.

What percentage of gTLDs do you have?
All of them. We gather gTLDs from their master zone files, so we have one hundred percent of them in our database.

What percentage of ccTLDs do you have?
As ccTLDs have to be crawled we cannot claim an exact percentage, but we know certainty that we have a large majority of them.

Can I see an IP address of a website that is hidden behind a proxy like Cloudflare?
There's a good chance you can. While you cannot merely type the desired domain name and get its hidden IP address immediately, you can use our service to investigate it further. For example, you can lookup historical records of the domain and if someone registered the domain without immediately hiding the IP address, then you would be able to see the real IP for that domain as a historical record. For further information, please refer to this article: Finding the IP address of a website behind Cloudflare.

Can I get all domains from a specific State/City?
It is possible to filter domains from a specific city by using one of our Search Domain API endpoints: https://docs.securitytrails.com/v1.0/reference#domain-search. And then you can use filter.whois_city to filter the desired city.

As every country is designated by its own administrative division, we do not offer filtering specifically by state. However, you can use one of our Search Domain API endpoints and then search for desired results by keyword (using filter.keyword) using the name of the State. If you need to search in multiple fields, exclude entries or filter further, take a look at our more advanced Domain DSL, https://docs.securitytrails.com/v1.0/reference#search-domain-dsl.
Do you use cached results or authoritative?
We use both. For historical DNS data, we use cached results from our passive DNS database.

Do you offer ASN information?
Yes, we do. ASN information is currently available on SurfaceBrowser™.

What is SOA email?
SOA email is the email address of the administrator responsible for a DNS zone.

What is a CNAME record?
A CNAME record, or Canonical Name record, is a DNS record that maps an alias domain name to a true or canonical domain name. For example, a CNAME record can map the web address www.securitytrails.com to the actual DNS records for securitytrails.com.

Do you have historical CNAME records?
Yes, by looking up the record the CNAME is referring to, you'll get the information you need.

API


What happens if I try to use features that are not available on my plan?
If you try to make an API call using endpoints that are not available on your plan, or if you try to use features available on higher-tiered plans, you'll get an HTTP response error 403 (Forbidden) with the following message:
"This feature is not available for your subscription package. Consider upgrading your package or contact support@securitytrails.com".
This message indicates that you would need to upgrade your current API Plan to use the desired feature.

Can I save response data from API request?
At this time we do not have that option available directly from the API. We are planning to release the Download API soon, however. In the meantime, you can save JSON from the response with a custom script.

Can I get data in a format like CSV instead of JSON?
At this time JSON is the only available output format for the API.

Can I request multiple pages of results with a single API call?
With each API request you can only get one page of results.
There is, however, an exception with the Scroll API endpoint. With Scroll you can also request one page with one API call, but with it you would get 200 results on each page, instead of the 100 results you would get with other API endpoints.

Why I can't get more than 100 pages with API?
We currently limit the number of pages you can get with most API endpoints to 100. This is governed by how the API works. For example, let's say the user wants to get page 50 of the results. To get that page, the server needs to go through the first 49 pages of the results to show page 50. That's why getting results is significantly harder if given requests seek more than 100 pages of results. However, there is an exception with our Scroll API, which allows scrolling over the Search Domain (DSL) endpoint. With Scroll there are no limitations, giving you all pages of the results, page by page.

Why do I get only 2000 results when using subdomain API endpoint?
We have currently limited the number of results you can get with subdomain API endpoint to 2000. The reason behind that is that a large majority of domains have less than 2000 subdomains. We thought it unnecessary to yield more than that number of results.

Can I get a demo to test your API?
Yes! Sign up for a free account to test the functionality of our API.

What 3rd party applications do you support?
You can check out the various 3rd party software we support on our integrations page.

How can I download Feeds with API?
The Domain Feed is a separate product from API, but we have enabled our Domain Feed users to access the data they need via API. To use that endpoint, a subscription to our Domain Feed is needed.

How can I perform a reverse DNS lookup?
By using our IP Search statistics API endpoint. Check out our API reference for more information on how you can use this endpoint, at https://docs.securitytrails.com/v1.0/reference#ip-search-statistics.

Can I perform a reverse WHOIS search?
Yes, by using filters on any of our Search Domain endpoints.

Filters you can use are:
email, street1, street2, street3, street4, telephone, postalCode, organization, name, fax, city

What happens if I go over quota?
If you go over the quota and try to make an API call you will receive the HTTP/1.1 429 (Too many requests) error.

How do I use Search IPs DSL endpoint and what response will I get from that API call?
In order to use that API endpoint you need, as with any other endpoint, your API key as well as what parameters you want to query.
Available fields to query in the IPs database are:

  • ptr_part — Matches the end of the ptr record. It must exactly match a fragment so, for example, microsoft.com would match any ptr record that ends with microsoft.com. test.microsoft.com would match, but test.otherserviceatmicrosoft.com would not.
  • ptr — Matches the full ptr record exactly.
  • port — Matches open ports. These are numeric, so operators between gt lt > >= <= etc. are all supported, e.g. port between 1000 and 4000 or port <= 100. We are keeping the following ports in our index: FTP 21, FTPs 990, HTTP 80, HTTPS 443, Redis 6379, SSH 22, CouchDB 5984, ElasticSearch 9200, Memcached 11211
  • ip - Matches the IP address. Network masks are supported. e.g. 1.1.1.1/24

An example query for this endpoint looks like this:
ip in ('1.1.1.1/24', '2.2.2.2/24' and ptr_part != 'microsoft.com') or (ptr_part = 'microsoft.com' and ip = '3.3.3.3/24')

For more information about this endpoint, check out our IP search API documentation.

Do you support multiple API keys on the same account?
Yes, we do.. Please contact our support team if you'd like to have more than one API key. We'll add one for you as this is a manual operation.

Can I have multiple email users under one quota?
At this time it is not possible to have multiple email addresses under one quota.

Can I rekey my API key?
Yes, you can. Please contact our support team to rekey your API key.
Can I increase my rate limit?
In most cases we can increase your rate limit up to 10 requests per second.re u. Please contact our support team for more information.

Do I have to authorize my API key in the GET URL?
No, it is not required to authorize your API key in GET URL.

Do you allow cross-origin resource sharing?
Yes; you will need to proxy it from server side first, otherwise API credentials would be exposed on the client side.

How do I know what my overages rate is?
We do not charge overages unless you have a customized contract with us.

Can I see which queries are using my credits?
Please refer to your API console at https://securitytrails.com/app/account for daily API volumes and anonymized query logs.

What plan should I buy to use Scroll API endpoint?
Our Scroll API endpoint is available to our Professional Plan subscribers or higher.

What is the Scroll API endpoint and how can I use it? How do I generate Scroll ID?
Our Scroll API endpoint gives you the capability to scroll over results of the Domain Search API (DSL) endpoint. That endpoint lets you get a larger amount of results quickly.

To use it, you first need to run an API call through Domain Search API (DSL) endpoint, enabling scroll=true https://docs.securitytrails.com/v1.0/reference#search-domain-dsl.
When you run that API call, the output will include the new scrolling ID.

Once you get the scrolling ID you can run API calls with our Scroll API endpoint.

See examples of a Scroll API request on this link: https://docs.securitytrails.com/v1.0/reference#scroll.

After you've run a Scroll API call, each time you run it you'll get the next page of results. What truly separates this endpoint from the others is that there is no limitation to pages and on every page, you'll get 200 results instead of the 100 you would normally get with other API endpoints.

SurfaceBrowser


How do you format the date from a CSV download?
The date in our data output is Unix time with nanoseconds.

Why isn't there a CSV download option for every page?
The pages where a download option doesn't exist are currently not downloadable. However, our developers are working on including the download option for every page.

Are trials provisioned instantly?
All trial accounts undergo review before being provisioned.This usually only takes a couple of minutes.

How do I cancel my trial?
Please get in touch with our support team before the trial period ends.

Can I clear my download list?
Yes, you can.On the right side of each download you'll see a trash bin. Clicking it will delete that download. To clear your list you'll need to delete each download one by one.

What is Unique User Agents Egress?
User Agents Egress shows unique user agents seen on individual IPs. User agents reveal a catalogue of technical data about the device and the software the visitor is using.

Can I identify the technologies behind websites with SurfaceBrowser™?
At this moment we do not investigate technologies used on websites. If you require this information, please get in touch with our team.

Can I save all HTTP response data of the domains/subdomains?
We do not currently display this information. This feature may be released in the future.

Can I search for HTTP response statuses with SurfaceBrowser™?
We do not currently display this information. This feature may be released in the future.

Is API related to SurfaceBrowser™?
The API and SurfaceBrowser™ are two different products. Most of the desired records and results can be found on both services but there are some differences.

  • With API you can do a keyword search, which is currently not possible with SurfaceBrowser™.
  • With SurfaceBrowser™ you can filter TLDs by creation or expiration month, which is currently not possible with API.
  • With API you can perform DSL like queries with our DSL API endpoints, while we do not have such filtration on SurfaceBrowser™.

Here are filters that are available on API:

  • Domains:

Apex Domain Subdomain TLD Registrar Computed Company Name

  • DNS: MX NS CNAME SOA Email IPv4 IPv6

  • WHOIS: WHOIS Email WHOIS Street 1 WHOIS Telephone WHOIS Postal Code WHOIS Organization WHOIS Name WHOIS Fax WHOIS City

  • DATES: Created Date Expires Date

With API you can use one of our Search Domain endpoints, which have filters like this:

ipv4 (can include a network mask) ipv6 mx ns cname subdomain apex_domain soa_email tld whois_email whois_street1 whois_street2 whois_street3 whois_street4 whois_telephone whois_postalCode whois_organization whois_name whois_fax whois_city

keyword (substring of a hostname, e.g. the value of oa would yield all hostnames containing oa characters)

There is also an option for using DSL-like queries on the API.

On SurfaceBrowser™ you can also see ASN information while that info is not available via API.

On SurfaceBrowser™ you can see Unique User Agents Egress information while that is not available via API.

When I download a CSV, why is it in the wrong format?
Most of the time a CSV will be formatted as expected, but occasionally there are edge cases where fields for a specific domain will stand out compared to the rest. We're currently figuring out and fixing those edge cases. Please contact our support team if you encounter one of these cases.

Is there a download limit with SurfaceBrowser™?
There is no download limit with SurfaceBrowser™. You can download everything that is available for download as long as your subscription to SurfaceBrowser™ is active.

Can SurfaceBrowser alert me when new infrastructure is found for my company?
We are currently working on an add-on to SurfaceBrowser™ that will make such an alert possible. For more information, please contact our team.

Billing


What are the differences between the packages you offer?
The packages we offer differ mainly in regard to the features our individual customers intend to use on the SecurityTrails API. We offer a free plan, as well! To check the specific features that are offered in our Pricing Plans, check out our Pricing page.

What forms of payment do you accept?
We accept all major credit cards online through our console. If you prefer to pay by PayPal or bank transfer, please contact us for additional assistance here.

Do you accept annual payments?
Yes, we accept annual pre-payments. Please contact us for additional information regarding annual pre-payment processing. We are currently expanding our menu to include an automated form for this option in the future.

Do you prorate the first month?
Yes. Billing for the first month is currently prorated. Monthly charges following the first month are billed at the start of each calendar month.

API


What languages do you have for API Docs?
Our API Docs are available for cURL, Node, Ruby, JavaScript and Python.

Where are your API Docs located on the SecurityTrails website?
To learn more about our API Docs, please access SecurityTrails API Docs by going to the Support drop-down menu and selecting API Docs. From this point, you can choose to start with our Introduction page or go directly to API Reference.

What kind of SDKs do you offer?
We offer a NodeJS and Python wrapper for SDKs. For more details, please visit our Integrations page.

Data


How far back does your DNS History go?
We began collecting our DNS record history in 2008.

How far back does your WHOIS data go?
The WHOIS data history chronology is multi-leveled. Some data, such as our ccTLDs, go back to last year; other data starts from a specific date in the past, dependent upon when we obtained a particular domain or when a specific domain was actually created.

If I find something cool in your data, can I submit it?
Yes. We have a data bounty program that rewards individuals reporting interesting data found on the SecurityTrails platform.

Do you offer JSON dumps of your data for offline access in your infrastructure?
We do offer JSON dumps of data for offline access. It is available for our Enterprise Clients. If you are interested in working with SecurityTrails as an Enterprise Client, please contact us for more information.

How do you differ from Farsight DNS?
The main difference between SecurityTrails and Farsight DNS is in the way we obtain the domain lists. Farsight DNS uses IPS data, while SecurityTrails uses zone files. For example, if SecurityTrails does not have access to a specific ccTLD, we would not have the data; in this case, we will use crawlers to obtain the domain. In addition, when there is no request for a domain, Farsight DNS will not have any data, but SecurityTrails will be able to provide it.

What integrations do you have?
We offer SpiderFoot, Splunk, Intrigue.io and Phantom Cyber for integration. We are constantly working on finding more partnerships with OSS so we can provide even more integrations. If you are interested in finding out about all of the integrations we offer, please check out our Integrations page.

Partnership


Do you exchange data?
At the moment, we do data exchange in specific circumstances. If you are interested in collaborating with us on trading data, please contact us here for more information.