Domain Intelligence (MCP)

What does Domain Intelligence do?

Pass any domain or URL and get back a structured intelligence card: WHOIS (registrar, age, expiration), DNS (A/MX/TXT/SPF/DMARC/NS), SSL cert chain (issuer, validity, SANs), plus inferred mail provider and hosting fingerprint, plus a deterministic LLM-ready markdown report. Designed to be called from an MCP agent loop for sales recon, security DD, KYC enrichment, or domain monitoring.

Built on public RDAP, native DNS, and direct TLS handshakes. Zero API keys, zero auth, zero proxies needed. Highest-margin actor in the portfolio.

Why use it from an AI agent?

• Sub-second runs for the typical case (full mode usually 1-3s).
• Universal one-call coverage - identity + email posture + hosting + SSL health in a single response.
• Zero credentials - no Reddit/GitHub-style PAT, no API keys to manage.
• Mail provider detection - infers Google Workspace / Microsoft 365 / Zoho / Fastmail / Proton / etc. from MX records.
• Hosting fingerprint - identifies Cloudflare / AWS Route 53 / Vercel / Netlify / OVH / etc. from NS records.
• Standby HTTP server - true MCP-over-HTTP endpoint with one-shot fallback.

Modes

Mode	What it returns	When to use
full (default)	WHOIS + DNS + SSL combined	Default for any unknown domain
whois	Registrar / age / expiration / nameservers / DNSSEC only	Domain age verification, KYC checks
dns	A / AAAA / MX / NS / TXT / SPF / DMARC / CAA	Email deliverability audits, mail provider detection
ssl	TLS cert chain, issuer, expiry, SANs	SSL monitoring, cert rotation alerts

{ "domain": "anthropic.com" }

{ "domain": "stripe.com", "mode": "dns" }

{ "domain": "https://www.openai.com/research", "mode": "ssl" }

Output (full mode)

{
    "meta": {
        "domain": "anthropic.com",
        "apexDomain": "anthropic.com",
        "mode": "full",
        "scrapedAt": "2026-05-08T15:00:00Z",
        "registrar": "MarkMonitor Inc.",
        "ageDays": 3520,
        "mailProvider": "Google Workspace",
        "sslIssuer": "Google Trust Services",
        "sslExpiresInDays": 67
    },
    "intelligence": {
        "registrar": "MarkMonitor Inc.",
        "registrarUrl": "https://www.markmonitor.com",
        "registrationDate": "2016-04-25T00:00:00Z",
        "expirationDate": "2027-04-25T00:00:00Z",
        "ageDays": 3520,
        "daysUntilExpiry": 720,
        "statuses": ["client transfer prohibited"],
        "nameservers": ["ada.ns.cloudflare.com", "bob.ns.cloudflare.com"],
        "dnssec": false,
        "mailProvider": "Google Workspace",
        "mailProviderConfidence": "high",
        "spfPresent": true,
        "dmarcPresent": true,
        "dmarcPolicy": "reject",
        "hostingFingerprint": "Cloudflare",
        "sslIssuer": "Google Trust Services",
        "sslExpiresInDays": 67,
        "sslValid": true,
        "sslSans": ["anthropic.com", "*.anthropic.com"],
        "sslSelfSigned": false
    },
    "whois": { "rdap": { "...": "..." } },
    "dns": { "a": [...], "mx": [...], "spf": "v=spf1 include:_spf.google.com ~all", "...": "..." },
    "ssl": { "leaf": { "...": "..." }, "chain": [ "..." ] },
    "llm_ready": {
        "summary": "anthropic.com: 9.6y old (registered 2016-04-25), registered via MarkMonitor Inc., DNS hosted on Cloudflare, mail via Google Workspace, SSL valid (issued by Google Trust Services, expires in 67d), SPF present, DMARC reject.",
        "markdown_report": "## Domain Intelligence Report\n..."
    }
}

Detection coverage

Mail providers (12+): Google Workspace, Microsoft 365, Zoho, Proton, Fastmail, Amazon SES, Mailgun, SendGrid, OVH, Mailjet, Postmark, iCloud.

Hosting fingerprints (12+): Cloudflare, AWS Route 53, Google Cloud DNS, Vercel, Netlify, OVH, GoDaddy, Gandi, Namecheap, DigitalOcean, Azure DNS, Hetzner.

Pricing (PPE)

Mode	Price per call
All modes	$0.001 actor start + $0.005 intelligence card = $0.006/call

Sources

• RDAP (data.iana.org/rdap/dns.json bootstrap + per-TLD RDAP servers) - the modern JSON-based replacement for legacy WHOIS. Operated by registrars / TLD operators directly.
• DNS - native Node dns/promises resolver against your container's DNS server.
• TLS - direct handshake via tls.connect, peer cert chain inspected.

Limits

• Legacy ccTLD WHOIS - some older ccTLDs (.de, .it, etc.) only expose data via legacy port-43 WHOIS, not RDAP. The Actor returns rdap_tld_not_supported for those.
• Multi-label TLD detection (e.g. .co.uk) uses a curated list, not the full Public Suffix List. Common cases work, exotic ones may misclassify the apex.
• DNS resolver depends on the container's resolver (typically Apify cloud's). For 100% reproducibility against an authoritative server, query the relevant NS directly.

Calling from an MCP agent

The Apify MCP server (mcp.apify.com) exposes this Actor as the tool call-actor with name domain-intelligence-mcp. Direct Standby HTTP:

curl -X POST -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $APIFY_TOKEN" \
  -d '{"domain":"anthropic.com"}' \
  https://<actor-standby-url>

Pairs naturally with

• web-company-intelligence-mcp for full company web fingerprint (tech stack + identity + this actor's domain card)
• fr-company-intelligence-mcp for French registry data on the same domain
• github-org-intelligence-mcp if the domain belongs to an open-source org