API Documentation

Driftnet contains comprehensive domain name registration data, and makes that data reverse-searchable.

To look up WHOIS data for a domain, call domain/whois.

If you want the apex domain to be automatically extracted from your hostname query, set the apex_domain=true qualifier.

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/domain/whois?domain=google.com' \
  | jq .

{
  "query": "google.com",
  "server": "whois.markmonitor.com",
  "domain": {
    "created": "1997-09-15T07:00:00+0000",
    "created_norm": "1997-09-15T07:00:00Z",
    "dnssec": "unsigned",
    "expires": "2028-09-13T07:00:00+0000",
    "expires_norm": "2028-09-13T07:00:00Z",
    "id": "2138514_DOMAIN_COM-VRSN",
    "name": "google.com",
    "nameservers": [
      "ns1.google.com",
      "ns4.google.com",
      "ns3.google.com",
      "ns2.google.com"
    ],
    "registrar_email": "[email protected]",
    "registrar_id": "292",
    "registrar_name": "MarkMonitor, Inc.",
    "registrar_url": "http://www.markmonitor.com",
    "status": "clientUpdateProhibited,clientTransferProhibited,clientDeleteProhibited,serverUpdateProhibited,serverTransferProhibited,serverDeleteProhibited",
    "updated": "2019-09-09T15:39:04+0000",
    "updated_norm": "2019-09-09T15:39:04Z"
  },
  "registrant": {
    "country": "US",
    "email": "Select Request Email Form at https://domains.markmonitor.com/whois/google.com",
    "organization": "Google LLC",
    "province": "CA",
    "redacted": true
  },
  ...
}

The query value in the result contains the domain which was looked up, and the server value contains the server which answered the lookup.

The domain section shows information on the domain. Notice that the date fields each have a _norm variant: this is the date after normalization into ISO8601 format.

The registrant, admin, tech and billing sections each contain point-of-contact information for the domain. If the redacted flag is set, Driftnet believes that the point-of-contact record may have been partially or fully redacted.

As with IP registrations, Driftnet enables reverse-searching of Domain registration data for asset discovery purposes.

Domain registration reverse search uses the domain/reverse endpoint. The query you'll want to use most often is phrase=:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/domain/reverse?phrase=virgin+atlantic' \
  | jq .

{
  "page": 0,
  "pages": 1,
  "result_count": 1,
  "results": [
    {
      "query": "virginatlanticcargopost.com",
      "server": "whois.publicdomainregistry.com",
      "domain": {
        "created": "2020-05-07T20:36:20Z",
        ...

Driftnet returns a maximum of 100 results per page. Use the page= parameter to select a particular page number. Page numbering starts at zero.

For more fine-grained control over where the reverse search matches, use the street=, postalcode= and phone= parameters. To allow a degree of sloppy matching, set slop=. To search organization names, but allow the terms to occur in any order, use the name= parameter.

You can also reverse-search on nameserver, which is often handy:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/domain/reverse?nameserver=parkpage.foundationapi.com' \
  | jq .

Nameserver searches are right-anchored, so a search for example.com will match foo.example.com, etc.

Sometimes, you might only be interested in domains which were created, updated or which expire in a given time range.

To restrict to only these results, use the created_from= and created_to= qualifiers. (Or, the updated/expires versions.)

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/domain/reverse?nameserver=parkpage.foundationapi.com&created_from=2019-05-13T00:00:00Z&created_to=2019-05-13T23:59:59Z' \
  | jq .