Pricing

from $10.00 / 1,000 domain analyzeds

Go to Apify Store

Domain Intelligence Scraper | $10/1K | WHOIS+DNS+SSL

Try for free

WHOIS + DNS + SSL + subdomain lookup for any domain. Perfect for OSINT, security audits, SEO research, lead generation.

Pricing

from $10.00 / 1,000 domain analyzeds

Rating

0.0

(0)

Developer

Apivault Labs

Actor stats

Bookmarked

Total users

Monthly active users

3 days ago

Last modified

🌐 Domain Intelligence Scraper | $10/1K | WHOIS + DNS + SSL + Subdomains

Bulk domain intelligence in one actor. Get WHOIS (registrar, dates, owner), DNS records (A, MX, NS, TXT, CAA), SSL certificate history, subdomain discovery, and HTTP security headers — all from a single API call. Perfect for cybersecurity, OSINT, SEO, and B2B enrichment.

✨ Key Features

📋 WHOIS via RDAP (modern, JSON, fast)
🌐 DNS records via Cloudflare DNS-over-HTTPS (A, AAAA, MX, NS, TXT, CNAME, CAA)
🔒 SSL certificate history via crt.sh (certificate transparency logs)
🕸️ Subdomain discovery from SSL certificate SANs (passive OSINT)
🛡️ HTTP security headers (HSTS, CSP, X-Frame-Options, Cloudflare/CloudFront detection)
📊 Bulk — process 100s of domains in parallel
🔒 Zero API keys — all public data sources

Input

Single domain deep dive

{
  "domains": ["apify.com"]
}

Bulk security audit

{
  "domains": ["company.com", "subsidiary.io", "legacy.net"],
  "extractSubdomains": true,
  "maxConcurrency": 10
}

DNS + WHOIS only (fast mode)

{
  "domains": ["lead1.com", "lead2.com", "lead3.com"],
  "extractWhois": true,
  "extractDns": true,
  "extractSsl": false,
  "extractSubdomains": false,
  "extractHttp": false
}

Input Parameters

Field	Type	Required	Description
`domains`	string[]	✅	Domains (URLs or bare). Example: `apify.com`
`extractWhois`	bool	❌	WHOIS via RDAP (default: true)
`extractDns`	bool	❌	DNS records (default: true)
`extractSsl`	bool	❌	SSL certificate data (default: true)
`extractSubdomains`	bool	❌	Subdomain discovery via crt.sh (default: true)
`extractHttp`	bool	❌	HTTP response headers (default: true)
`maxConcurrency`	int	❌	Parallel lookups (default: 5)
`timeout`	int	❌	Timeout per API call (default: 15)

Output

{
  "success": true,
  "domain": "apify.com",
  "whois": {
    "registrationDate": "2015-12-17T08:31:32Z",
    "expirationDate": "2028-12-17T08:31:32Z",
    "lastUpdatedDate": "2024-10-23T11:15:48Z",
    "registrar": "Gandi SAS",
    "registrantOrg": "Apify Technologies",
    "nameservers": ["ns1.digitalocean.com", "ns2.digitalocean.com"],
    "status": ["client transfer prohibited"]
  },
  "dns": {
    "a": ["18.184.171.89"],
    "aaaa": [],
    "mx": ["10 aspmx.l.google.com.", "20 alt1.aspmx.l.google.com."],
    "ns": ["ns1.digitalocean.com.", "ns2.digitalocean.com."],
    "txt": ["v=spf1 include:_spf.google.com ~all", "google-site-verification=..."],
    "cname": [],
    "caa": ["0 issue \"letsencrypt.org\""]
  },
  "ssl": {
    "certCount": 847,
    "latestIssuer": "C=US, O=Let's Encrypt, CN=R10",
    "latestNotBefore": "2026-04-15T10:23:00Z",
    "latestNotAfter": "2026-07-14T10:23:00Z",
    "latestCommonName": "apify.com"
  },
  "subdomains": ["api.apify.com", "console.apify.com", "docs.apify.com", ...],
  "subdomainCount": 47,
  "http": {
    "finalUrl": "https://apify.com/",
    "statusCode": 200,
    "server": "cloudflare",
    "xPoweredBy": "",
    "cfRay": "8f9a...abcd-FRA",
    "strictTransportSecurity": "max-age=63072000; includeSubDomains",
    "contentSecurityPolicy": "default-src 'self'...",
    "viaCloudflare": true,
    "viaCloudfront": false,
    "redirected": true
  }
}

Use Cases

🛡️ Cybersecurity Auditing

Detect missing HSTS / CSP headers across your domains
Find forgotten subdomains (attack surface mapping)
Discover expiring SSL certificates
Bulk-audit a portfolio after M&A

🔍 OSINT Investigations

Map an organization's entire domain infrastructure
Find associated subsidiaries via WHOIS registrant
Track nameserver patterns (Cloudflare, Route53, self-hosted)

📈 SEO Research

Analyze competitor DNS setup (CDN used, MX = which email provider)
Find expiring domains in your niche
Detect migration patterns (nameserver changes)

💼 B2B Lead Enrichment

Get company tech stack signals (Cloudflare, CloudFront, custom server)
Identify email provider (MX record → Google, Microsoft, etc.)
Estimate company size via subdomain count

🧬 Bulk Domain Audits

Feed a list of domains, get a full profile of each
Diff over time to spot changes

Pricing

$0.01 per domain ($10 per 1,000 domains)
All 5 data sources included in one price
Pay only for successfully processed domains

How it works

Five independent API calls per domain, all to free public services:

RDAP (rdap.org) — modern WHOIS, JSON format, no rate limit for normal use
Cloudflare DoH (cloudflare-dns.com/dns-query) — DNS-over-HTTPS, fast and reliable
crt.sh — public certificate transparency log, sometimes slow but free
HTTPS HEAD request — lightweight, just response headers
crt.sh SAN extraction — subdomains from SSL cert history

No proxies needed. No API keys. No rate limit surprises.

Notes

WHOIS privacy: many registrars hide owner contact (GDPR). You'll get registrar + dates but often not registrant name.
crt.sh can be slow — during peak hours, subdomain queries may take 10-20 seconds.
Subdomain discovery is passive — you only find subdomains that appeared in SSL certs. Not a full port scan.
DNS reflects what public DNS servers cache, not the authoritative zone.

Pro tips

Security audits: check strictTransportSecurity and contentSecurityPolicy across your assets
Lead enrichment: mx containing aspmx.l.google.com = Google Workspace customer
Tech stack: server: cloudflare + cf-ray header = hosted behind Cloudflare
M&A due diligence: run on both buyer and target domains to spot subsidiaries
Combine with our Shopify/WooCommerce scrapers to validate e-commerce tech stack of target companies

Cyber Attack Surface — DNS, SSL & CVE Exposure

ryanclinton/cyber-attack-surface-report

Comprehensive external attack surface report that maps any domain's infrastructure, vulnerabilities, and exposure using 11 sub-actors in parallel.

Ryan Clinton

Supernet DNS Lookup

superlativetech/dns-lookup

Bulk DNS records lookup. Query MX, SPF, DMARC, DKIM, TXT, CNAME, A, AAAA, NS, SOA and reverse DNS for any domain or IP. Batch thousands or query one instantly using the Standby API. For email reputation scoring, see Supernet Domain Health. For whois, see Supernet Whois.

Superlative

107

WebSight API — AI-Native Web Intelligence

george.the.developer/websight-api

One API call for 7 types of web intelligence from any URL: clean markdown, tech stack, SEO audit, contacts, structured data, AI score, domain intel. Token-optimized for AI agents. Cached.

George Kioko

Lovable Sites Scraper - Find & Enrich lovable.app Apps

makework36/lovable-sites-scraper

Discover sites built with Lovable.dev. Enumerates *.lovable.app subdomains from public sources (CT logs, RapidDNS, hackertarget) and enriches each with title, description, Open Graph tags and custom domain detection. Perfect for lead-gen, competitive intel and market research on AI-built apps.

deusex machine

SaaS Competitive Intelligence

ryanclinton/saas-competitive-intel

Automatically monitor and analyze competitor SaaS websites to extract pricing plans, job openings, team size, tech stack, and social media presence. Enter a list of competitor URLs and get structured competitive intelligence data back in JSON, CSV, or Excel format — no manual research required.

Ryan Clinton

🧱 Wappalyzer Replacement — Tech Stack Detection API

nexgendata/wappalyzer-replacement

Bulk tech stack detection from any website. Uses OSS Wappalyzer fingerprint rulesets (6000+ technologies across 100+ categories) via HTTP analysis. Replaces the paywalled Wappalyzer API.

Stephan Corbeil

Domain Tools Data Scraper - WHOIS Alternative

fatihai-tools/domain-info-scraper

Scrape data from Domain Tools fast. Bulk URL or query input, structured JSON/CSV output, no login required. Free trial — perfect alternative to WHOIS, GoDaddy WHOIS. Use for lead generation, market research, competitive analysis.

fatih dağüstü

Cheapest Google Maps Leads Scraper (Email Validation Included)

expanditumarca/google-maps-leads-generator

Discover business leads from Google Maps using geographic grid search — captures every business in an area, not just top results. Each lead is enriched with domain intelligence: DNS, WHOIS, SSL status, server geolocation, and fully validated emails.

Expandí tu Marca

5.0

(2)

🌐 Domain Intel MCP — AI WHOIS & DNS Analysis

nexgendata/domain-intelligence-mcp-server

MCP server for AI assistants to perform WHOIS lookups, DNS record analysis, SSL certificate checks, and domain intelligence. Works with Claude, Cursor, and any MCP-compatible client.

Stephan Corbeil

🏢 Company Data Aggregator — Crunchbase API Alternative

nexgendata/company-data-aggregator

Bulk company profile lookup. Aggregates WHOIS, DNS, GitHub org, SSL certs, tech stack headers, robots/sitemap — zero auth, zero paid APIs. Replaces the Crunchbase Free API (killed 2023).

Stephan Corbeil

1.0

(1)

Website Intelligence Analyzer (OSINT)

onescales/website-intelligence-analyzer-osint

All-in-one website analysis tool. Run 30 OSINT checks on any URL — DNS, SSL, WHOIS, tech stack, security headers, email security, open ports, and more. Get a complete site profile in seconds.