pricing background

Domain Reputation API Documentation

Domain Reputation API

ASK AI
The WhoisFreaks Domain Reputation API is a real-time domain threat assessment service. Given any domain name, it returns a comprehensive risk verdict, trust score, DGA (Domain Generation Algorithm) analysis, threat intelligence matches, and actionable security signals — all in a single API call.

Authorization

You can make authorized requests to our API by passing API key as a query parameter. To get your API key, login to our billing dashboard and get your API key! If your API key has been compromised, you can change it by clicking on reset button in billing dashboard.

Important References

  • For details on request limits and handling rate limiting, refer here
  • For a complete overview of API credit consumption and usage, refer here

Query Parameters

Required
  • apiKey
    Retrieve your API key from the billing dashboard.
  • domainName
    The domain name to assess (e.g., `example.com`). Must contain at least one dot, max 253 characters. Automatically lowercased.

Request

shellnodejsjavapythonphprubyjscsharpgocswiftjquery
SHELL
Loading request...

Response

Loading response...

Fields Description

Fields
Details
Example
input
Input object containing the analyzed domain
domain
Domain name being analyzed
example.com
assessed_at
Timestamp when the assessment was performed
2026-07-08T08:12:29Z
version
API/response schema version
1.0.0
processing_time_ms
Time taken to process the request, in milliseconds
742
risk_category
Overall risk assessment for the domain
verdict
Final verdict of the risk assessment
suspicious
confidence
Confidence score for the verdict
0.94
primary_threat
Main threat type identified
phishing
severity
Severity level of the risk
high
threat_types
List of threat types associated with the domain
["phishing", "spam"]
sources
Threat intelligence sources that flagged the domain
source
Name of the threat intelligence source
Spamhaus
indicator
Indicator matched by this source
example.com
threat_type
Threat type reported by this source
phishing
confidence
Confidence score from this source
0.97
first_seen
First time this indicator was seen by the source
2026-07-01T10:22:00Z
last_seen
Last time this indicator was seen by the source
2026-07-08T05:00:00Z
pivot_matches
Related pivots (NS, email, etc.) linked to known threats
pivot
Pivot value (e.g. nameserver or email)
ns1.exampledns.com
pivot_type
Type of pivot
ns
total_related_threats
Total number of threats related to this pivot
34
confidence
Confidence score for the pivot match
0.92
dga_score
Domain Generation Algorithm (DGA) detection results
score
DGA likelihood score
0.81
is_dga
Indicates whether the domain is likely DGA-generated
true
model
Model used to compute the DGA score
deterministic_features_v1
features
Underlying lexical/statistical features used in DGA detection
domain_length
Length of the domain name
17
vowel_consonant_ratio
Ratio of vowels to consonants in the domain
0.18
ngram_perplexity
N-gram perplexity score of the domain string
3.91
shannon_entropy
Shannon entropy of the domain string
4.72
digit_letter_ratio
Ratio of digits to letters in the domain
0.23
consonant_streak_max
Maximum consecutive consonant streak in the domain
6
tld_in_known_dga_set
Indicates if the TLD belongs to a known DGA set
false
interpretation
Human-readable interpretation of the DGA score
likely_dga
trust_signals
Trust scoring and supporting signals for the domain
trust_score
Overall trust score
12
trust_band
Trust score band/category
low
signals
Signals contributing to the trust score
positive
Signals that positively affect trust score
code
Signal code identifier
valid_ssl
weight
Weight assigned to the signal
8
polarity
Polarity of the signal
positive
category
Category the signal belongs to
ssl_certificate
evidence
Evidence supporting the signal
TLS certificate issued by DigiCert
confidence
Confidence score for the signal
1.0
negative
Signals that negatively affect trust score
code
Signal code identifier
dmarc_missing
weight
Weight assigned to the signal
5
polarity
Polarity of the signal
negative
category
Category the signal belongs to
email_security
evidence
Evidence supporting the signal
No DMARC record
confidence
Confidence score for the signal
1.0
neutral
Signals that are neutral to trust score
code
Signal code identifier
content_unavailable
weight
Weight assigned to the signal
0
polarity
Polarity of the signal
neutral
category
Category the signal belongs to
content_analysis
evidence
Evidence supporting the signal
Website did not respond
confidence
Confidence score for the signal
1.0
indicators
Individual trust/risk indicators for the domain
is_newly_registered
Indicates whether the domain was recently registered
true
uses_free_extension
Indicates whether the domain uses a free TLD extension
false
uses_free_ssl
Indicates whether the domain uses a free SSL certificate
true
has_privacy_whois
Indicates whether WHOIS privacy protection is enabled
true
ssl_age_days
Age of the SSL certificate in days
18
has_dmarc
Indicates whether a DMARC record exists
false
has_spf
Indicates whether an SPF record exists
true
redirects_externally
Indicates whether the domain redirects to an external site
true
javascript_obfuscated
Indicates whether obfuscated JavaScript was detected
true
domain_age_days
Age of the domain in days
24
registrar
Domain registrar name
Namecheap
intelligence
Threat intelligence details for the indicator of compromise (IOC)
ioc_type
Type of the indicator of compromise
domain
ioc_value
Value of the indicator of compromise
example.com
related_iocs
Other IOCs related to this domain
type
Type of the related IOC
ipv4
value
Value of the related IOC
93.184.216.34
confidence
Confidence score for the related IOC
0.91
feed_tags
Tags associated with this IOC from threat feeds
["verdict:suspicious", "severity:high", "campaign:phishing"]
stix_pattern
STIX pattern representation of the IOC
[domain-name:value='example.com']
recommended_action
Recommended action based on the assessment
block
first_seen
First time this IOC was observed
2026-07-01T10:22:00Z
last_seen
Last time this IOC was observed
2026-07-08T05:00:00Z
evidence_summary
Summary of reasons behind the risk assessment
why_flagged
List of reasons why the domain was flagged
["Detected in multiple phishing feeds", "Newly registered domain"]
errors
List of errors encountered during processing, if any
["WHOIS lookup failed", "DNS lookup timed out"]