🌐 Domain Intelligence Scraper | $10/1K | WHOIS + DNS + SSL + Subdomains

⚡ Use this Actor in n8n — no code

Building no-code workflows in n8n? Install our official community node and drop this Actor straight onto your canvas:

📦 n8n-nodes-apivault-domain-intel

Setup (30 seconds): in n8n go to Settings → Community Nodes → Install, paste n8n-nodes-apivault-domain-intel and confirm → add the new node to your workflow → paste your Apify API token → fill in the input and run.

Bulk domain intelligence in one actor. Get WHOIS (registrar, dates, owner), DNS records (A, MX, NS, TXT, CAA), SSL certificate history, subdomain discovery, and HTTP security headers — all from a single API call. Perfect for cybersecurity, OSINT, SEO, and B2B enrichment.

✨ Key Features

• 📋 WHOIS via RDAP (modern, JSON, fast)
• 🌐 DNS records via Cloudflare DNS-over-HTTPS (A, AAAA, MX, NS, TXT, CNAME, CAA)
• 🔒 SSL certificate history via crt.sh (certificate transparency logs)
• 🕸️ Subdomain discovery from SSL certificate SANs (passive OSINT)
• 🛡️ HTTP security headers (HSTS, CSP, X-Frame-Options, Cloudflare/CloudFront detection)
• 📊 Bulk — process 100s of domains in parallel
• 🔒 Zero API keys — all public data sources

Input

Single domain deep dive

{
  "domains": ["apify.com"]
}

Bulk security audit

{
  "domains": ["company.com", "subsidiary.io", "legacy.net"],
  "extractSubdomains": true,
  "maxConcurrency": 10
}

DNS + WHOIS only (fast mode)

{
  "domains": ["lead1.com", "lead2.com", "lead3.com"],
  "extractWhois": true,
  "extractDns": true,
  "extractSsl": false,
  "extractSubdomains": false,
  "extractHttp": false
}

Input Parameters

Field	Type	Required	Description
domains	string[]	✅	Domains (URLs or bare). Example: apify.com
extractWhois	bool	❌	WHOIS via RDAP (default: true)
extractDns	bool	❌	DNS records (default: true)
extractSsl	bool	❌	SSL certificate data (default: true)
extractSubdomains	bool	❌	Subdomain discovery via crt.sh (default: true)
extractHttp	bool	❌	HTTP response headers (default: true)
maxConcurrency	int	❌	Parallel lookups (default: 5)
timeout	int	❌	Timeout per API call (default: 15)

Output

{
  "success": true,
  "domain": "apify.com",
  "whois": {
    "registrationDate": "2015-12-17T08:31:32Z",
    "expirationDate": "2028-12-17T08:31:32Z",
    "lastUpdatedDate": "2024-10-23T11:15:48Z",
    "registrar": "Gandi SAS",
    "registrantOrg": "Apify Technologies",
    "nameservers": ["ns1.digitalocean.com", "ns2.digitalocean.com"],
    "status": ["client transfer prohibited"]
  },
  "dns": {
    "a": ["18.184.171.89"],
    "aaaa": [],
    "mx": ["10 aspmx.l.google.com.", "20 alt1.aspmx.l.google.com."],
    "ns": ["ns1.digitalocean.com.", "ns2.digitalocean.com."],
    "txt": ["v=spf1 include:_spf.google.com ~all", "google-site-verification=..."],
    "cname": [],
    "caa": ["0 issue \"letsencrypt.org\""]
  },
  "ssl": {
    "certCount": 847,
    "latestIssuer": "C=US, O=Let's Encrypt, CN=R10",
    "latestNotBefore": "2026-04-15T10:23:00Z",
    "latestNotAfter": "2026-07-14T10:23:00Z",
    "latestCommonName": "apify.com"
  },
  "subdomains": ["api.apify.com", "console.apify.com", "docs.apify.com", ...],
  "subdomainCount": 47,
  "http": {
    "finalUrl": "https://apify.com/",
    "statusCode": 200,
    "server": "cloudflare",
    "xPoweredBy": "",
    "cfRay": "8f9a...abcd-FRA",
    "strictTransportSecurity": "max-age=63072000; includeSubDomains",
    "contentSecurityPolicy": "default-src 'self'...",
    "viaCloudflare": true,
    "viaCloudfront": false,
    "redirected": true
  }
}

Use Cases

🛡️ Cybersecurity Auditing

• Detect missing HSTS / CSP headers across your domains
• Find forgotten subdomains (attack surface mapping)
• Discover expiring SSL certificates
• Bulk-audit a portfolio after M&A

🔍 OSINT Investigations

• Map an organization's entire domain infrastructure
• Find associated subsidiaries via WHOIS registrant
• Track nameserver patterns (Cloudflare, Route53, self-hosted)

📈 SEO Research

• Analyze competitor DNS setup (CDN used, MX = which email provider)
• Find expiring domains in your niche
• Detect migration patterns (nameserver changes)

💼 B2B Lead Enrichment

• Get company tech stack signals (Cloudflare, CloudFront, custom server)
• Identify email provider (MX record → Google, Microsoft, etc.)
• Estimate company size via subdomain count

🧬 Bulk Domain Audits

• Feed a list of domains, get a full profile of each
• Diff over time to spot changes

Pricing

• $0.01 per domain ($10 per 1,000 domains)
• All 5 data sources included in one price
• Pay only for successfully processed domains

How it works

Five independent API calls per domain, all to free public services:

1. RDAP (rdap.org) — modern WHOIS, JSON format, no rate limit for normal use
2. Cloudflare DoH (cloudflare-dns.com/dns-query) — DNS-over-HTTPS, fast and reliable
3. crt.sh — public certificate transparency log, sometimes slow but free
4. HTTPS HEAD request — lightweight, just response headers
5. crt.sh SAN extraction — subdomains from SSL cert history

No proxies needed. No API keys. No rate limit surprises.

Notes

• WHOIS privacy: many registrars hide owner contact (GDPR). You'll get registrar + dates but often not registrant name.
• crt.sh can be slow — during peak hours, subdomain queries may take 10-20 seconds.
• Subdomain discovery is passive — you only find subdomains that appeared in SSL certs. Not a full port scan.
• DNS reflects what public DNS servers cache, not the authoritative zone.

Pro tips

• Security audits: check strictTransportSecurity and contentSecurityPolicy across your assets
• Lead enrichment: mx containing aspmx.l.google.com = Google Workspace customer
• Tech stack: server: cloudflare + cf-ray header = hosted behind Cloudflare
• M&A due diligence: run on both buyer and target domains to spot subsidiaries
• Combine with our Shopify/WooCommerce scrapers to validate e-commerce tech stack of target companies