Lookups and Monitors¶

Access historical domain intelligence and automated alerting through Lookups and Monitors APIs.

Lookups¶

Research domain history, infrastructure, and registration data.

Domain Profile¶

Get comprehensive domain overview with WHOIS, DNS, and website data:

from domaintools import API

api = API('your_username', 'your_api_key')

# Get domain profile
profile = api.domain_profile('domaintools.com')
print(profile.response()['registrant']['name'])

WHOIS Lookup¶

Get current WHOIS registration information:

# Current WHOIS
whois = api.whois('domaintools.com')
print(whois.response())

WHOIS History¶

Track historical WHOIS records over time:

# Get WHOIS history
history = api.whois_history('domaintools.com')

for record in history.response().get('history', []):
    print(f"{record['date']}: {record['whois']['registration']['registrar']}")

Domain Search¶

Search for domains by keyword with advanced filters:

# Search for domains
results = api.domain_search(
    'security',
    max_length=15,
    has_hyphen=False
)

for result in results.response().get('results', []):
    print(result['sld'])

Reverse IP¶

Find domains hosted on the same IP address:

# Reverse IP lookup
domains = api.reverse_ip(domain='domaintools.com')
count = domains.response()['ip_addresses']['domain_count']
print(f"Found {count} domains on this IP")

Reverse WHOIS¶

Find domains with matching WHOIS fields:

# Reverse WHOIS
results = api.reverse_whois('DomainTools, LLC')

for domain in results.response().get('domains', []):
    print(domain)

Reverse Name Server¶

Find domains using the same name servers:

# Reverse name server
results = api.reverse_name_server('ns1.google.com')

for domain in results.response().get('primary_domains', []):
    print(domain)

Risk Score¶

Get domain risk assessment with evidence:

# Get risk score
risk = api.risk('example.com')
print(f"Risk score: {risk.response()['risk_score']}")

Reputation¶

Score domain reputation:

# Get reputation score
reputation = api.reputation('google.com')
print(f"Risk score: {reputation.response()['risk_score']}")

Parsed WHOIS¶

Get structured WHOIS data in consistent format:

# Parsed WHOIS
parsed = api.parsed_whois('domaintools.com')
print(parsed.response())

Hosting History¶

Track historical hosting and IP address changes:

# Hosting history
history = api.hosting_history('domaintools.com')

for record in history.response().get('ip_history', []):
    print(f"{record['actiondate']}: {record['action']}")

Monitors¶

Configure automated alerts for infrastructure and registration changes.

Understanding Monitor Responses¶

Monitors return alert data when matches are found. Empty results or 404 responses may indicate:

No data for the specified date range (valid result)
No alerts found (valid result)
Monitor not configured

from domaintools import API

api = API('your_username', 'your_api_key')

# All monitors follow the same pattern
alerts = api.brand_monitor(query='google')
response = alerts.response()

if response:
    print(f"Total alerts: {response.get('total', 0)}")
    for alert in response.get('alerts', [])[:5]:
        print(f"  {alert['domain']} - {alert['status']}")
else:
    print("No alerts found")

Brand Monitor¶

Alert on domains matching brand terms:

# Brand monitor
alerts = api.brand_monitor(query='google')
response = alerts.response()

print(f"Total alerts: {response['total']}")
for alert in response['alerts'][:5]:
    print(f"  {alert['domain']} - {alert['status']}")

IP Monitor¶

Alert on new domains hosted on monitored IPs:

# IP monitor (use days_back=0 for today's data)
alerts = api.ip_monitor(query='65.55.53.233', days_back=0)

response = alerts.response()
if response:
    print(f"Found {response.get('total', 0)} alerts")

Name Server Monitor¶

Alert on domains using monitored name servers:

# Name server monitor
alerts = api.name_server_monitor(query='google.com', days_back=0)

response = alerts.response()
if response:
    print(f"Found {response.get('total', 0)} alerts")

Registrant Monitor¶

Alert on domains with matching registrant information:

# Registrant monitor
alerts = api.registrant_monitor(query='google', days_back=0)

response = alerts.response()
if response:
    print(f"Found {response.get('total', 0)} alerts")

Monitor Parameters¶

All monitors support these parameters:

query - Search term (required)
days_back - Number of days to look back (default 0 for today)

Note: Using days_back=0 queries today's data, which is most likely to have results. Larger values may return 404 if no data exists for that date range.

Response handling¶

Accessing Data¶

# Get full response structure
profile = api.domain_profile('google.com')
data = profile.data()  # Returns {'response': {...}}

# Get just the response content
response = profile.response()  # Returns {...}

# Access specific fields
title = profile['website_data']['title']

# Check status
if profile.status == 200:
    print("Success!")

Iterating Results¶

# Iterate over search results
for result in api.domain_search('example').response().get('results', []):
    print(result['sld'])

Type Casting¶

# Cast to native types
risk_score = float(api.reputation('google.com'))
risk_int = int(api.reputation('google.com'))

Common use cases¶

Domain Research Workflow¶

# Research a domain
domain = 'example.com'

# Get profile
profile = api.domain_profile(domain)

# Get risk score
risk = api.risk(domain)

# Get WHOIS history
history = api.whois_history(domain)

# Find related domains on same IP
related = api.reverse_ip(domain=domain)

Monitor Workflow¶

# Set up monitoring
brand_term = 'mycompany'

# Check for new brand matches
alerts = api.brand_monitor(query=brand_term, days_back=0)

if alerts.response():
    for alert in alerts.response()['alerts']:
        # Process alert
        print(f"New match: {alert['domain']}")

Next Steps¶

Iris Platform - Deep domain analysis
Threat Feeds - Real-time intelligence
Advanced Features - Combining lookups with other products
Examples - Complete code examples