Search

The Iris Investigate API supports powerful search capabilities that enable you to find domains based on various attributes.

Search Overview

Iris Investigate supports a set of base search parameters and filter parameters. Base search parameters can be used on their own or in combination with each other, while filter parameters refine the base search.

Instead of a domain name, you can provide one or more search fields to the API, such as IP address, SSL hash, email, or more, and Iris Investigate will return any domain name with a record that matches those parameters. This enables "reverse" searching on one or more fields with a single API endpoint.

Example: Search by IP Address

Search for all domains linked to the IP address 199.30.228.112:

https://api.domaintools.com/v1/iris-investigate/?ip=199.30.228.112

Combining Search Parameters

Queries across multiple parameters are interpreted as a logical AND query, meaning multiple parameters will narrow a search to a smaller result set. The Iris Investigate API does not currently support logical OR queries.

Domain records returned in the result set are identical to records returned from a query for one or more domain names. For example, consider using the guided pivot counts to surface new ways to expand the result set. Or, you could sort on the risk score (highest to lowest) to show the results to the end user with riskiest domains listed first.

Search Types

Base Search Parameters

Base search parameters can be used independently or combined with other base parameters and filters. These include searches by:

• Domain attributes (domain name, TLD)
• Infrastructure (IP, nameserver, mail server)
• Identity (email, registrant, registrar)
• SSL/TLS certificates (hash, common name, organization)
• Tracking codes (Google Analytics, AdSense, etc.)
• And more

Filter Parameters

Filter parameters refine base searches by adding constraints such as:

• Date ranges (create date, expiration date, first seen)
• Risk scores
• Geographic location
• Domain status (active/inactive)
• Tags

RDAP & WHOIS Search

Search and filter within parsed WHOIS and RDAP fields, and compare records from both sources.

Search Examples

Example: Filter by TLD

Search for domaintools.com and domaintools.net with a filter for a .com TLD will surface domaintools.com as a result:

https://api.domaintools.com/v1/iris-investigate/?domain=domaintools.com,domaintools.net&tld=com

Example: Search by Email Domain

Search for domains registered with email addresses from a specific domain:

https://api.domaintools.com/v1/iris-investigate/?email_domain=example.com

See Also

• Pagination - Handle large result sets
• Guided Pivots - Use pivot counts to identify related domains
• Base Parameters - Complete list of base search parameters
• Filter Parameters - Complete list of filter parameters