SecurityTrails API™

SecurityTrails API is a cybersecurity data API that provides access to current and historical DNS, WHOIS, domain, and IP intelligence for security researchers, analysts, and developers. The API exposes structured data endpoints covering: - DNS record history (A, MX, NS, and other record types) with timestamps and associated organizations - Historical and current WHOIS data, covering nearly 4.2 billion records - Subdomain and hostname enumeration across a database of over 2.6 billion tracked hostnames - Associated domain discovery to map an entity's online footprint - IP subnet and PTR record search - Passive DNS datasets with over 1 billion monthly records - Website technology fingerprinting across more than a thousand technologies - Domain name search across a database of over 630 million tracked domains Data is accessible via a RESTful API using an API key, returning JSON-formatted responses. The API is designed to be embedded into third-party applications, security platforms, and automated workflows. Documented use cases include: - Cyber forensics: correlating DNS changes with security incidents - Threat hunting: tracking command-and-control infrastructure and malware-related domains - Brand protection: detecting fraudulent use of trademarks on domains - Online fraud investigation: researching fraudulent domain and IP activity - Reputation scoring: supplying domain and IP data to scoring systems - Next-generation firewall enrichment: feeding indexed intelligence into firewall platforms - Mergers and acquisitions: mapping an organization's online assets The product is commercial and requires API key registration. It was previously associated with the Attack Surface Intelligence product, which has since moved to Recorded Future.