Output format | Documentation | SSL Certificate Chain API | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
WhoisXML API Predictive Threat Intelligence
Predictive Threat Intelligence

Detect and block access to and from dangerous domain names before malicious actors can weaponize them. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.

Learn More
×
Contact Us
API docs Pricing
Making requests Output format Balance information Error codes Server-to-Server OAuth

Output format

{
    "auditCreated": "2022-02-16 07:29:50 UTC",
    "domain": "gmail.com",
    "ip": "142.250.179.197",
    "port": 443,
    "certificates": [
        {
            "chainHierarchy": "end-user",
            "validationType": "domain",
            "validFrom": "2022-01-17 03:05:49 UTC",
            "validTo": "2022-04-11 03:05:48 UTC",
            "serialNumber": "D4:7F:65:8B:56:C6:15:78:0A:00:00:00:01:2F:92:52",
            "signatureAlgorithm": "SHA256-RSA",
            "subject": {
                "commonName": "gmail.com"
            },
            "issuer": {
                "country": "US",
                "organization": "Google Trust Services LLC",
                "commonName": "GTS CA 1C3"
            },
            "pem": "-----BEGIN CERTIFICATE-----\nMIIEizCCA3OgAwIBAgIRANR/ZYtWxhV4CgAAAAEvklIwDQYJKoZIhvcNAQELBQAw\nRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM\nTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjIwMTE3MDMwNTQ5WhcNMjIwNDEx\nMDMwNTQ4WjAUMRIwEAYDVQQDEwlnbWFpbC5jb20wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATEEtsEdZEunw+xUi15iv/SIC8hO65MsvyOf+947iJD+aM4WoHZDtXs\nRpM30zMDvXJjQXBvZa70U1lCyeMPlevzo4ICbzCCAmswDgYDVR0PAQH/BAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFP/e\nVTU773LjLFrU0OVwXP/V6VKJMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNx\nNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtp\nLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9j\nZXJ0cy9ndHMxYzMuZGVyMCEGA1UdEQQaMBiCCWdtYWlsLmNvbYILKi5nbWFpbC5j\nb20wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAz\nMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvemRBVHQwRXhfRmsu\nY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUARqVV63X6kSAwtaKJafTzfREs\nQXS+/Um4havy/HD+bUcAAAF+ZjZy4gAABAMARjBEAiBlz+EecX8873Z2zwTW+bJ9\n01P4rpw44eYxuSne080y5gIgYhfbqUIuPhS7HySr5Tl2Zjuz00g3t4X3WBDLyIxB\no+MAdwBRo7D1/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX5mNnDcAAAE\nAwBIMEYCIQCFF8I5TdmkybQH148AnfXgLKtd/fVzkLRL/s+389JrygIhAIGi2+XM\n3PRTXl1chmBODT5eU87a5d8M+Ce5SYKIizr8MA0GCSqGSIb3DQEBCwUAA4IBAQAV\n8k1aQFFutaL5OhUbYb7kKAz8UX8WkVv1EZaHqni/+zHcWDgwxmXLY5N/Blijv+tX\neo5I/bQRJDtYS1OviItIWsYoAepsCTOEJxu/l535fYFQhsPtpaD5fPX+HWA1DgVB\nLRlf4Dq1z0rDNUilegqzzs9b3/FTZvEcxZSP46OqSPBtqm23c/ZrmEUhmHLZ9N8M\nCBETNBNp/SLN6hV5sEkj0q4k1Wcm0NZVPl/01o+dzRNOQ68N7qF6xao2/MORsRXu\n093yuzaABE6Ecoo4LrNps+giydM4qAO3MkMrpdkh8KpwexKmXdxNq0infUL/whYW\nbPV5BSROhvHohv3zidtf\n-----END CERTIFICATE-----\n",
            "extensions": {
                "authorityKeyIdentifier": "8A:74:7F:AF:85:CD:EE:95:CD:3D:9C:D0:E2:46:14:F3:71:35:1D:27",
                "subjectKeyIdentifier": "FF:DE:55:35:3B:EF:72:E3:2C:5A:D4:D0:E5:70:5C:FF:D5:E9:52:89",
                "keyUsage": [
                    "Digital Signature"
                ],
                "extendedKeyUsage": [
                    "Server Authentication"
                ],
                "crlDistributionPoints": [
                    "http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl"
                ],
                "authorityInfoAccess": {
                    "issuers": [
                        "http://pki.goog/repo/certs/gts1c3.der"
                    ],
                    "ocsp": [
                        "http://ocsp.pki.goog/gts1c3"
                    ]
                },
                "subjectAlternativeNames": {
                    "dnsNames": [
                        "gmail.com",
                        "*.gmail.com"
                    ]
                },
                "certificatePolicies": [
                    {
                        "policyIdentifier": "2.23.140.1.2.1",
                        "policyQualifiers": null
                    },
                    {
                        "policyIdentifier": "1.3.6.1.4.1.11129.2.5.3",
                        "policyQualifiers": null
                    }
                ]
            },
            "publicKey": {
                "type": "ECDSA",
                "bits": 256,
                "pem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExBLbBHWRLp8PsVIteYr/0iAvITuu\nTLL8jn/veO4iQ/mjOFqB2Q7V7EaTN9MzA71yY0Fwb2Wu9FNZQsnjD5Xr8w==\n-----END PUBLIC KEY-----\n"
            }
        },
        { ... },
        { ... },
        { ... },
    ]
}

Output parameters

auditCreated
The date (UTC) when the certificate was collected from the server.
domain
The domain name the certificate chain is returned for.
ip
The IP address to which the SSL connection was established.
port
The port on which the SSL connection was established.
certificates
Array of SSL certificates collected for the domain name. The certificates are sorted from the end-user to the root one.
certificates[0].chainHierarchy
Position in the certificates chain: End-user, Intermediate or Root.
certificates[0].validationType

The certificate's validation type:

  • domain - Domain validation
  • organization - Organization validation
  • extended - Extended validation
  • individual - Individual validation
  • self-signed - Self-signed certificate
  • self-signed-ca - Self-signed CA certificate (typically, it’s the root certificate in the chain)
certificates[0].validFrom
The date and time (UTC) the certificate is valid from.
certificates[0].validTo
The date and time (UTC) the certificate expires.
certificates[0].serialNumber
Uniquely identifies the certificate within Certificate Authority (CA) systems to track revocation information..
certificates[0].signatureAlgorithm
The algorithm used to sign the public key certificate.
certificates[0].subject
The object that contains a distinguished name (DN) of the certificate’s subject (i.e. who the certificate was issued to). Some fields might be omitted since usually DN objects don’t contain all the available fields.
certificates[0].issuer
The object that contains a distinguished name (DN) of the certificate’s issuer (i.e. the one who issued the certificate.).
certificates[0].[issuer|subject].country
(optional) (C) Country
certificates[0].[issuer|subject].organization
(optional) (O) Organization
certificates[0].[issuer|subject].organizationUnit
(optional) Organization unit (OU)
certificates[0].[issuer|subject].locality
(optional) (L) City
certificates[0].[issuer|subject].province
(optional) (S) Province/State
certificates[0].[issuer|subject].streetAddress
(optional) (STREET) Street
certificates[0].[issuer|subject].postalCode
(optional) (PC) Postal code or ZIP-code
certificates[0].[issuer|subject].serialNumber
(optional) (SERIALNUMBER) Certificate serial number
certificates[0].[issuer|subject].commonName
(optional) (CN) Certificate's common name
certificates[0].pem
The PEM-encoded certificate’s raw data
certificates[0].extensions
Available certificate extensions. (RFC 5280
certificates[0].extensions.authorityKeyIdentifier
(optional) The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate.
certificates[0].extensions.subjectKeyIdentifier
(optional) The subject key identifier extension provides a means of identifying certificates that contain a particular public key.
certificates[0].extensions.keyUsage
(optional) The purposes of the key contained in the certificate.
certificates[0].extensions.extendedKeyUsage
(optional) Additional purposes of the key contained in the certificate.
certificates[0].extensions.crlDistributionPoints
(optional) The array of CRL (Certificate revocation list) distribution endpoints for the SSL certificate.
certificates[0].extensions.authorityInfoAccess
(optional) The extensions contains the information regarding the certificate issuers.
certificates[0].extensions.authorityInfo.issuers
(optional) Issuer's resources location.
certificates[0].extensions.authorityInfo.ocsp
(optional) OCSP (Online Certificate Status Protocol) endpoints.
certificates[0].extensions.subjectAlternativeNames
(optional) Alternatives names bound into the certificate.
certificates[0].extensions.subjectAlternativeNames.dnsNames
(optional) Alternative DNS names.
certificates[0].extensions.subjectAlternativeNames.emailAddresses
(optional) Alternative email addresses.
certificates[0].extensions.subjectAlternativeNames.ipAddresses
(optional) Alternative IP addresses.
certificates[0].extensions.subjectAlternativeNames.uris
(optional) Alternative URIs.
certificates[0].extensions.certificatePolicies
(optional) The information regarding the policies under which the certificate was issued and the purposes for which the certificate can be used.
certificates[0].extensions.certificatePolicies[0].policyIdentifier
The OID (object identifier) of the policy.
certificates[0].extensions.certificatePolicies[0].policyQualifiers
(optional) Policy qualifiers.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].policyQualifierId
The OID of the policy’s qualifier.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].cpsUri
(optional) Certification Practice Statement's URI.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice
(optional) User notice related to the certificate. It may be provided either in the form of notice reference or in the form of the explicit text.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.noticeRef
(optional) Contains the reference to the textual statement related to the certificate.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.noticeRef.organization
Organization which prepared the notice.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.noticeRef.noticeNumbers
The identifier of the particular textual statement prepared by the organization.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.explicitText
The explicit textual statement in the certificate.
certificates[0].publicKey
The certificate’s public key information.
certificates[0].publicKey.type
The public key algorithm.
certificates[0].publicKey.bits
The public key length (bits).
certificates[0].publicKey.pem
The PEM-encoded public key’s raw data.