Request Domain Information
The API Reference information for retrieving domain information can be found here.
Overview
The DNS Security API can be used to request information about domains based on analysis information generated by the DNS Security subscription service. Consider the following examples:
Keep a few things in mind when formatting your API query:
- All the query strings in Get requests must be a URL-Encoded parameter string. If you use a space in the URL-Encoded request, you must include either a plus sign (+) or %20 to replace the space.
- You can specify the content type of the request body and response by specifying the Content-Type header. Some responses generate an HTTP response in addition to a JSON object.
- Do not embed API keys in code or application source tree files. This can inadvertently expose the API key. Instead, consider storing the API key in environmental variables or files that are excluded from your application source tree files.
Example 1: Request information about multiple domains in batch mode.
When start and end dates are not specified for each domain, all available data is returned. The domains in this example request are considered to be risky or dangerous (at the time of publication - this can change as domains are reanalyzed by DNS Security), and are classified with the following current threat categories: annexpublishers.org malware, tipmuch.com malware, and classclean.net command-and-control.
curl -X POST -d '{"domains": [{"domain": "annexpublishers.org"}, {"domain": "tipmuch.com"}, {"domain": "classclean.net"}]}' 'https://api.dns.service.paloaltonetworks.com/v1/domain/info' \
-H 'X-DNS-API-APIKEY: api_key' \
-H 'Content-Type: application/json'
A successful API call returns an HTTP response code of 200, indicating success; additionally, the API provides a JSON object with various data fields containing the results of the request.
{
"success": true,
"message": "",
"results": [
{
"domain": "annexpublishers.org",
"verdict": 1,
"category": "malware",
"categoryHistories": [
{
"category": "malware",
"time": "2022-09-05T08:55:38Z",
"evidences": [
"Corroborated by intelligence sources",
"URL sandbox analysis found this URL to be malicious."
]
},
{
"category": "health-and-medicine",
"time": "2020-07-18T14:06:44Z",
"evidences": ["Entity no longer malicious by PANW crawlers"]
}
],
"ipHistories": [
{
"ip": "107.180.37.105",
"type": "a",
"first": "2020-03-25T06:04:21Z",
"last": "2022-09-15T11:11:12Z",
"count": 487,
"asn": {
"ASNumber": 26496,
"ASName": "AS26496, Unknown"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "162.222.227.194",
"type": "a",
"first": "2019-12-29T01:14:13Z",
"last": "2020-03-23T21:41:23Z",
"count": 2,
"asn": {
"ASNumber": 46606,
"ASName": "UNIFIEDLAYER-AS-1, US"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
}
]
},
{
"domain": "tipmuch.com",
"verdict": 1,
"category": "malware",
"categoryHistories": [
{
"category": "malware",
"time": "2022-06-25T13:25:57Z",
"evidences": [
"Corroborated by intelligence sources",
"Associated with known malicious URL"
]
},
{
"category": "training-and-tools",
"time": "2022-06-25T08:35:08Z",
"evidences": [
"Corroborated by intelligence sources",
"Associated with known malicious URL"
]
}
],
"ipHistories": [
{
"ip": "17.0.0.10",
"type": "a",
"first": "2022-04-18T16:46:29Z",
"last": "2022-04-18T16:46:29Z",
"count": 1,
"asn": {
"ASNumber": 714,
"ASName": "APPLE-ENGINEERING, US"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "34.98.99.30",
"type": "a",
"first": "2020-10-29T11:16:52Z",
"last": "2020-10-29T11:16:52Z",
"count": 2,
"asn": {
"ASNumber": 15169,
"ASName": "GOOGLE, US"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "192.3.3.147",
"type": "a",
"first": "2020-11-04T01:17:40Z",
"last": "2022-09-15T07:55:40Z",
"count": 10,
"asn": {
"ASNumber": 36352,
"ASName": "AS-COLOCROSSING, US"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
}
]
},
{
"domain": "classclean.net",
"verdict": 0,
"category": "command-and-control",
"categoryHistories": [
{
"category": "command-and-control",
"time": "2021-09-10T18:36:35Z",
"evidences": [
"Associated with a malicious sample submitted and analyzed by WildFire",
"Corroborated by intelligence sources",
"Associated with known domain generation algorithms",
"Manual review",
"Associated with known bad IPs"
]
},
{
"category": "malware",
"time": "2020-09-22T06:03:23Z",
"evidences": [
"Associated with a malicious sample submitted and analyzed by WildFire",
"Corroborated by intelligence sources",
"Manual review",
"Associated with known bad IPs"
]
}
],
"ipHistories": []
}
]
}
Example 2: Request information about multiple domains in batch mode with a date range constraint.
The domains toglooman.com and gmail.om return passive DNS data results based on the specified date range constraint. The date range constraint is based on user-specified start and end dates and are applied to all domains referenced in the request. In this example, data generated between 2021-12-31 to 2022-12-31 is returned.
curl -X POST -d '{"domains": [{"domain": "toglooman.com"},{"domain": "gmail.om"}],"start": "2021-12-31","end": "2022-12-31"}' 'https://api.dns.service.paloaltonetworks.com/v1/domain/info' \
-H 'X-DNS-API-APIKEY: api_key' \
-H 'Content-Type: application/json'
A successful API call returns an HTTP response code of 200, indicating success; additionally, the API provides a JSON object with various data fields containing the results of the request.
{
"success": true,
"message": "",
"results": [
{
"domain": "toglooman.com",
"category": "malware",
"whoisRecords": [
{
"domainName": "toglooman.com",
"registrarName": "URL Solutions, Inc.",
"contactEmail": "toglooman.com.to7cn1e2igxi@domains-anonymizer.com",
"whoisServer": "whois.pananames.com",
"nameServers": "NS-1200.AWSDNS-22.ORG|NS-1622.AWSDNS-10.CO.UK|NS-880.AWSDNS-46.NET|NS-97.AWSDNS-12.COM|",
"createdDate": "2020-12-15T04:41:05Z",
"updatedDate": "2020-12-15T04:41:08Z",
"expiresDate": "2021-12-15T04:41:05Z",
"standardRegCreatedDate": "2020-12-15 04:41:05 UTC",
"standardRegUpdatedDate": "2020-12-15 04:41:08 UTC",
"standardRegExpiresDate": "2021-12-15 04:41:05 UTC",
"status": "clientTransferProhibited",
"Audit_auditUpdatedDate": "2020-12-16 08:00:00 UTC",
"registrant_email": "toglooman.com.to7cn1e2igxi@domains-anonymizer.com",
"registrant_name": "Private Whois",
"registrant_organization": "GLOBAL DOMAIN PRIVACY SERVICES INC",
"registrant_street1": "Tower Financial Center Flr 35, 50th St y E. Mendez St",
"registrant_city": "Panama",
"registrant_state": "NA",
"registrant_postalCode": "NA",
"registrant_country": "PANAMA",
"registrant_fax": "",
"registrant_telephone": "14692250522",
"administrativeContact_email": "admin.toglooman.com.to7cn1e2igxi@domains-anonymizer.com",
"administrativeContact_name": "Private Whois",
"administrativeContact_organization": "GLOBAL DOMAIN PRIVACY SERVICES INC",
"administrativeContact_city": "Panama",
"administrativeContact_state": "NA",
"administrativeContact_postalCode": "NA",
"administrativeContact_country": "PANAMA",
"administrativeContact_fax": "",
"administrativeContact_telephone": "14692250522",
"technicalContact_email": "tech.toglooman.com.to7cn1e2igxi@domains-anonymizer.com",
"technicalContact_name": "Private Whois",
"technicalContact_organization": "GLOBAL DOMAIN PRIVACY SERVICES INC",
"technicalContact_city": "Panama",
"technicalContact_state": "NA",
"technicalContact_postalCode": "NA",
"technicalContact_country": "PANAMA",
"technicalContact_fax": "",
"technicalContact_telephone": "14692250522",
"registrarIANAID": "1449"
}
],
"categoryHistories": [
{
"category": "malware",
"time": "2021-12-26T23:21:47Z",
"evidences": [
"Corroborated by intelligence sources",
"Associated with known malicious URL",
"Manual review"
]
},
{
"category": "grayware",
"time": "2021-12-06T18:56:39Z",
"evidences": [
"Corroborated by intelligence sources",
"Associated with known malicious URL",
"Manual review"
]
}
],
"ipHistories": [
{
"ip": "127.42.0.22",
"type": "a",
"first": "2022-06-17T22:29:07Z",
"last": "2022-06-17T22:29:07Z",
"count": 1,
"asn": {
"ASNumber": 0,
"ASName": "Not routed, None"
},
"geo": {
"countryCode": "ZZ",
"countryName": "Reserved"
}
},
{
"ip": "127.42.0.126",
"type": "a",
"first": "2022-06-04T00:25:36Z",
"last": "2022-06-04T00:25:37Z",
"count": 2,
"asn": {
"ASNumber": 0,
"ASName": "Not routed, None"
},
"geo": {
"countryCode": "ZZ",
"countryName": "Reserved"
}
},
{
"ip": "162.159.36.12",
"type": "a",
"first": "2022-07-08T12:33:22Z",
"last": "2022-07-19T13:18:19Z",
"count": 3,
"asn": {
"ASNumber": 13335,
"ASName": "CLOUDFLARENET, US"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "2001:cdba::3257:9652",
"type": "aaaa",
"first": "2022-06-06T06:54:26Z",
"last": "2022-06-06T06:54:26Z",
"count": 2,
"asn": {
"ASNumber": 0,
"ASName": "Not routed, None"
},
"geo": {
"countryCode": "",
"countryName": ""
}
},
{
"ip": "2a06:98c1:54::2:4fd4",
"type": "aaaa",
"first": "2022-07-08T12:31:10Z",
"last": "2022-07-08T12:31:10Z",
"count": 1,
"asn": {
"ASNumber": 13335,
"ASName": "CLOUDFLARENET, US"
},
"geo": {
"countryCode": "",
"countryName": ""
}
}
]
},
{
"domain": "gmail.om",
"category": "malware",
"whoisRecords": [
{
"domainName": "gmail.om",
"registrarName": "Oman Data Park LLC (ODP)",
"contactEmail": "sales@muscatnet.com",
"whoisServer": "",
"nameServers": "",
"createdDate": "",
"updatedDate": "22-Mar-2016 07:37:10 UTC",
"expiresDate": "",
"standardRegCreatedDate": "",
"standardRegUpdatedDate": "2016-03-22 07:37:10 UTC",
"standardRegExpiresDate": "",
"status": "serverUpdateProhibited (Violating the terms of registration|serverTransferProhibited (Violating the terms of registration|serverDeleteProhibited (Violating the terms of registration|serverRenewProhibited (Violating the terms of registration|inactive|serverHold",
"Audit_auditUpdatedDate": "2020-09-10 18:12:45 UTC",
"registrant_email": "sales@muscatnet.com",
"registrant_name": "Hassan Jaafar",
"registrant_organization": "Muscat Net LLC",
"registrant_street1": "",
"registrant_city": "114",
"registrant_state": "",
"registrant_postalCode": "",
"registrant_country": "OMAN",
"registrant_fax": "",
"registrant_telephone": "",
"administrativeContact_email": "",
"administrativeContact_name": "",
"administrativeContact_organization": "",
"administrativeContact_city": "",
"administrativeContact_state": "",
"administrativeContact_postalCode": "",
"administrativeContact_country": "",
"administrativeContact_fax": "",
"administrativeContact_telephone": "",
"technicalContact_email": "sales@muscatnet.com",
"technicalContact_name": "Hassan Jaafar",
"technicalContact_organization": "Muscat Net LLC",
"technicalContact_city": "114",
"technicalContact_state": "",
"technicalContact_postalCode": "",
"technicalContact_country": "OMAN",
"technicalContact_fax": "",
"technicalContact_telephone": "",
"registrarIANAID": ""
}
],
"categoryHistories": [
{
"category": "malware",
"time": "2022-01-28T04:45:45Z",
"evidences": [
"Associated with a malicious sample submitted and analyzed by WildFire",
"Corroborated by intelligence sources"
]
},
{
"category": "parked",
"time": "2018-11-28T06:29:18Z",
"evidences": []
}
],
"ipHistories": [
{
"ip": "1.1.1.1",
"type": "a",
"first": "2022-01-06T22:15:27Z",
"last": "2022-12-17T02:27:46Z",
"count": 6008,
"asn": {
"ASNumber": 13335,
"ASName": "CLOUDFLARENET, US"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "23.32.182.107",
"type": "a",
"first": "2022-05-12T04:10:51Z",
"last": "2022-05-23T03:20:37Z",
"count": 2,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "23.48.95.144",
"type": "a",
"first": "2022-05-11T16:02:30Z",
"last": "2022-05-11T16:02:30Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "AU",
"countryName": "Australia"
}
},
{
"ip": "23.49.56.180",
"type": "a",
"first": "2022-05-12T09:14:26Z",
"last": "2022-05-12T15:18:00Z",
"count": 2,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "23.55.56.18",
"type": "a",
"first": "2022-04-16T13:10:30Z",
"last": "2022-05-22T12:10:34Z",
"count": 3,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "JP",
"countryName": "Japan"
}
},
{
"ip": "23.56.173.164",
"type": "a",
"first": "2022-04-17T16:26:24Z",
"last": "2022-05-12T20:21:57Z",
"count": 2,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "23.61.0.215",
"type": "a",
"first": "2022-05-14T00:08:52Z",
"last": "2022-05-14T00:08:52Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "SG",
"countryName": "Singapore"
}
},
{
"ip": "23.62.61.24",
"type": "a",
"first": "2022-05-12T05:11:37Z",
"last": "2022-05-12T05:11:37Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "NL",
"countryName": "Netherlands"
}
},
{
"ip": "23.202.231.167",
"type": "a",
"first": "2022-08-25T20:06:10Z",
"last": "2022-11-29T02:25:50Z",
"count": 3,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "23.210.249.62",
"type": "a",
"first": "2022-04-16T07:37:20Z",
"last": "2022-04-16T07:37:20Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "FR",
"countryName": "France"
}
},
{
"ip": "23.217.138.108",
"type": "a",
"first": "2022-08-25T20:06:10Z",
"last": "2022-11-29T02:25:50Z",
"count": 3,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "2.16.76.108",
"type": "a",
"first": "2022-03-19T19:41:04Z",
"last": "2022-03-19T19:41:04Z",
"count": 2,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "GB",
"countryName": "United Kingdom"
}
},
{
"ip": "36.86.63.182",
"type": "a",
"first": "2022-03-25T02:38:06Z",
"last": "2022-08-15T02:22:30Z",
"count": 5,
"asn": {
"ASNumber": 7713,
"ASName": "TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID"
},
"geo": {
"countryCode": "ID",
"countryName": "Indonesia"
}
},
{
"ip": "64.124.235.146",
"type": "a",
"first": "2022-03-19T03:30:11Z",
"last": "2022-03-19T03:30:11Z",
"count": 1,
"asn": {
"ASNumber": 6461,
"ASName": "ZAYO-6461, US"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
},
{
"ip": "92.122.154.17",
"type": "a",
"first": "2022-08-20T05:13:17Z",
"last": "2022-08-20T05:13:17Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "GB",
"countryName": "United Kingdom"
}
},
{
"ip": "104.109.250.59",
"type": "a",
"first": "2022-05-13T01:54:52Z",
"last": "2022-05-22T08:38:09Z",
"count": 2,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "CH",
"countryName": "Switzerland"
}
},
{
"ip": "104.116.243.59",
"type": "a",
"first": "2022-03-19T21:11:48Z",
"last": "2022-03-19T21:11:48Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "TW",
"countryName": "Taiwan ROC"
}
},
{
"ip": "104.120.139.18",
"type": "a",
"first": "2022-05-11T18:03:55Z",
"last": "2022-05-11T18:03:55Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "SG",
"countryName": "Singapore"
}
},
{
"ip": "104.124.54.145",
"type": "a",
"first": "2022-05-12T09:44:47Z",
"last": "2022-05-25T15:17:22Z",
"count": 5,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "IN",
"countryName": "India"
}
},
{
"ip": "184.26.91.58",
"type": "a",
"first": "2022-03-19T02:29:29Z",
"last": "2022-05-19T10:36:33Z",
"count": 3,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "HK",
"countryName": "Hong Kong"
}
},
{
"ip": "184.84.165.19",
"type": "a",
"first": "2022-03-19T02:59:49Z",
"last": "2022-03-19T02:59:49Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "AU",
"countryName": "Australia"
}
},
{
"ip": "192.0.2.0",
"type": "a",
"first": "2022-10-27T06:59:01Z",
"last": "2022-12-28T11:01:12Z",
"count": 18,
"asn": {
"ASNumber": 0,
"ASName": "Not routed, None"
},
"geo": {
"countryCode": "ZZ",
"countryName": "Reserved"
}
},
{
"ip": "192.204.27.106",
"type": "a",
"first": "2022-03-20T16:23:33Z",
"last": "2022-03-20T16:23:33Z",
"count": 1,
"asn": {
"ASNumber": 20940,
"ASName": "AKAMAI-ASN1, NL"
},
"geo": {
"countryCode": "US",
"countryName": "United States"
}
}
]
}
]
}