API docs

Evaluate a domain's or IP address reputation based on numerous security data sources as well as on an instant host's audit procedure. For a given domain name or IP address, collect and evaluate over hundreds of parameters and calculate the resulting reputation score.

Making requests

GEThttps://domain-reputation-api.whoisxmlapi.com/api/v1?apiKey=YOUR_API_KEY&domainName=google.com

It takes up to 2 minutes to activate your account after Sign Up.

Input parameters: required

apiKey
Get your personal API KEY on My products page.
domainName
The target domain name or IPv4 address.

Input parameters: optional

mode
API can check your domain in 2 modes: 'fast' - some heavy tests and data collectors will be disabled. 'full' - all the data and the tests will be processed.

Acceptable values: fast (1 credit) | full (3 credits)

Default: fast
outputFormat
Response output format.

Acceptable values: JSON | XML

Default: JSON

Free access

After Sign Up you automatically get a free subscription plan limited to 100 queries per month.

Sample output

JSON
XML
                            {
   "reputationScore": 84.07,
   "testResults": [
      {
         "test": "WHOIS Domain check",
         "warnings": [
            "Owner details are publicly available"
         ]
      },
      {
         "test": "Malware databases check",
         "warnings": [
            "Listed on StopForumSpam"
         ]
      },
      {
         "test": "SSL certificate validity",
         "warnings": [
            "Recently obtained certificate, valid from  2019-03-01 09:43:57"
         ]
      },
      {
         "test": "SSL vulnerabilities",
         "warnings": [
            "HPKP headers not set",
            "HTTP Strict Transport Security not set",
            "Heartbeat extension disabled",
            "TLSA record not configured or configured wrong",
            "OCSP stapling not configured"
         ]
      }
   ]
}
                        
                            <xml>
   <reputationScore>84.07</reputationScore>
   <testResults>
     <testResult>
       <test>WHOIS Domain check</test>
       <warnings>
         <warning>Owner details are publicly available</warning>
       </warnings>
     </testResult>
     <testResult>
       <test>Malware databases check</test>
       <warnings>
         <warning>Listed on StopForumSpam</warning>
       </warnings>
     </testResult>
     <testResult>
       <test>SSL certificate validity</test>
       <warnings>
         <warning>Recently obtained certificate, valid from  2019-03-01 09:43:57</warning>
       </warnings>
     </testResult>
     <testResult>
       <test>SSL vulnerabilities</test>
       <warnings>
         <warning>HPKP headers not set</warning>
         <warning>HTTP Strict Transport Security not set</warning>
         <warning>Heartbeat extension disabled</warning>
         <warning>TLSA record not configured or configured wrong</warning>
         <warning>OCSP stapling not configured</warning>
       </warnings>
     </testResult>
   </testResults>
</xml>
                        
reputationScore
Composite safety score based on numerous security data sources. 0 is dangerous, and 100 is safe.
testResults[0].test

The test name which reduced the final score. By now, the following tests are available:

  • Open ports and services
  • WHOIS Domain check
  • WHOIS Domain status
  • Host configuration issues
  • Mail servers response
  • Malware databases check
  • Mail servers configuration check
  • WHOIS and DNS name servers match
  • Name servers response
  • Name servers configuration check
  • Name servers configuration meets best practices
  • Potentially dangerous content
  • Mail servers Real-time blackhole check
  • Mail servers Reverse IP addresses match
  • SOA record configuration check
  • SSL certificate validity
  • SSL vulnerabilities
testResults[0].warnings

The list of warnings detected during the test execution. By now, the following warnings are available:

  • Directory listing is allowed.
  • Opened .git directory in the document root.
  • Port XXX open.
  • Recently registered.
  • Expires soon.
  • Expired %days% ago
  • Registered in a free zone ... .
  • Registered in a country considered to be offshore: ... .
  • Same as Domain owner.
  • Domain status unknown
  • A records not configured for mail servers: ... .
  • AAAA records not configured for mail servers: ... .
  • CNAME in MX records found: ... .
  • Private IPs usage in MX records detected: ... .
  • IP addresses found in MX records: ... .
  • The following mail servers use the same IPv4/IPv6 address: ... .
  • Non-identical SPF/DMARC records on name servers found.
  • SPF record not configured.
  • DMARC record now configured
  • Non-identical MX records on name servers found.
  • Can't connect to the following %mailserver% .
  • %mailserver% doesn't allow to set postmaster@%host% as a recipient.
  • %mailserver% doesn't allow to set abuse@%host% as a recipient.
  • Greeting response doesn't contain the mail server's domain name.
  • Listed on ... .
  • Name servers with private IPs found: ...
  • No response from the listed name servers: ...
  • The listed name servers allow recursive queries.
  • Found name servers which don't provide A record for the domain.
  • Found name servers which are not listed by the authoritative name servers: ...
  • Found name servers which are listed by the authoritative servers, but not by the parent ones: ... .
  • Glue is required, but not provided. No IPv4/IPv6 glue found on the authoritative or parent name servers: ... .
  • NS records are different on different name servers.
  • Name servers not allowing TCP connections found: ... .
  • Domain has X name servers. Recommended to be between 2 and 7.
  • Some name servers are located on a single ASN.
  • Some name servers are located in the same network.
  • Name servers with no A record found: ... . Those servers are not reachable via IPv4.
  • Name servers with no AAAA record found: ... . Those servers are not reachable via IPv6.
  • Name servers with invalid domain names found: ... .
  • Version is exposed for the listed name servers: ... .
  • NS records with CNAME found: ... .
  • Redirects found.
  • Scripts opening new windows found.
  • IFrames found.
  • Links to .exe files found.
  • Links to .apk files found.
  • Mail server %server% listed on %blacklist%
  • MX records contain invalid domain names: ... .
  • Some name servers have different serial numbers: ... .
  • The expire interval is %expire-time%. Recommended range is [604800 .. 1209600].
  • The minimum TTL is %ttl%. Recommended range is [3600 .. 86400].
  • Primary master name server is not listed on the parent name servers.
  • Although the serial number is valid, it's not following the general convention: ... .
  • The refresh interval is %refresh%. Recommended range is [1200 .. 43200].
  • The retry interval is %retry%. Recommended range is [120 .. 7200].
  • Zone's administrative contact email is not set.
  • Domain name servers not found in Whois record.
  • WHOIS record's Name Servers don't match the ones returned by the parent NS.
  • Some mail servers' domain names received through Reverse DNS are resolving to different IP addresses than the ones provided in the initial A records. Emails sent from the servers configured this way may be rejected
  • SSL certificate self-signed.
  • TLS_FALLBACK_SCSV not supported.
  • SSL compression enabled.
  • HPKP headers not set.
  • HTTP Strict Transport Security not set.
  • OCSP stapling not configured.
  • TLSA record not configured or configured wrong.
  • Heartbeat extension disabled.
  • Heartbleed vulnerability detected. Please update OpenSSL.
  • CRL check: ... .
  • OCSP check: ... .
  • Expires soon. Valid until ... .
  • Certificate expired at ... .
  • Recently obtained certificate, valid from ... .
  • Certificate's not valid yet. Valid from: ... .

Account balance information

GEThttps://user.whoisxmlapi.com/service/account-balance?apiKey=YOUR_API_KEY
apiKey
Required. Get your personal API KEY on My products page.
productId
Optional. A list of the products' IDs can be found in the response.

- You can always check your account balance on the My products page. - Note that the following products use the same WHOIS credits: WHOIS API, Bulk WHOIS API, Domain Availability API. - Note that the following products use the same Domain Research Suite credits: Brand Alert API, Registrant Alert API, Reverse WHOIS API, WHOIS History API, Reverse IP/DNS API, Reverse MX API, Reverse NS API.
Try our Domain Reputation API for free
Get started
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs. For more info regarding the request types, see the Contact us page.

Or shoot us an email to