Search the global domain corpus, by any field.
Filter the full domain corpus by any of 149 indexed fields and 11 query operators. Boolean must / must_not / should clauses, sorting, and pagination.
A query language over the full domain corpus.
The Domain Search API exposes the indexed domain corpus that drives Deepinfo's discovery and brand-protection workflows. Pass a JSON filter body and the API returns matching domains with the full enrichment surface, paginated or as an export.
Filters compose with boolean clauses: must for required match, must_not for exclusion, should for any-of. Each filter clause names a field, a query operator, and a value. The corpus indexes 149 fields covering FQDN structure, Whois state, DNS records, SSL certificates, and risk attributes; the supported operators include eq, in, wildcard, fuzzy, startswith, endswith, contains_any, contains_all, lte, gte, and exists.
Use Domain Search when the question crosses fields. The reverse-* and finder APIs are tuned for single-field pivots; this one runs the long-form filter compositions that don't fit those.
POST a JSON filter body, get matching domains back.
Endpoint:
POST https://api.deepinfo.com/v1/discovery/domain-searchRequest body is a JSON object with two top-level keys: filters (with must, must_not, should filter clauses) and sort. Each clause names a field, query operator, and value.
Query parameters (pagination and export):
Authentication is by API token in the request header. See docs.deepinfo.com for the full request reference.
See what the API returns.
Real response structure for the Search the global domain corpus, by any field endpoint. Field coverage may vary based on query parameters and data availability.
{
"_request": {
"filters": {
"must": [
{"name": "domain.extension", "type": "eq", "value": "com"},
{"name": "domain.name.keywords", "type": "contains_any", "value": ["login"]},
{"name": "domain.whois.create_date", "type": "gte", "value": "2026-04-25"}
]
},
"sort": [{"field": "domain.whois.create_date", "order": "desc"}]
},
"results": [
{
"fqdn": "secure-login-portal.com",
"domain": {"name": "secure-login-portal", "extension": "com"},
"whois": {"create_date": "2026-05-01", "registrar": "NameCheap, Inc."},
"risk_score": 78
},
{
"fqdn": "acme-login-verify.com",
"domain": {"name": "acme-login-verify", "extension": "com"},
"whois": {"create_date": "2026-04-30", "registrar": "GoDaddy.com, LLC"},
"risk_score": 82
}
],
"pagination": {"page": 1, "page_size": 50, "total": 1284}
}Sample response shown. Real responses depend on query parameters, data availability, and API version. Talk to us for full schema documentation.
Workflows this API plugs into directly.
Phishing Detection and Prevention
Run continuous filter compositions against new registrations to surface lookalikes and brand-keyword domains.
Read the use caseBrand Impersonation Protection
Sweep the corpus for brand-keyword combinations across SAN, registrant, and TLD dimensions.
Read the use caseThreat Hunting
Run hypothesis-driven filter compositions across registrar, name-server, and registrant patterns at corpus scale.
Read the use case“149 indexed fields with boolean operators turned ad-hoc threat hunts into reproducible queries. We script complex pivots in our notebooks and re-run them across new investigations without rebuilding the logic each time.”
Other discovery APIs.
Everything Deepinfo knows about one domain, in one call.
Pass a domain.
See API APIEvery subdomain under any apex, in one call.
Pass an apex domain.
See API APIEvery TLD permutation of a name, in one call.
Pass a domain name (without TLD).
See API APIFind every domain that looks like yours.
Pass a seed domain.
See API APIFind every domain registered to an email.
Pass an email address.
See API APIDomains registered at the same moment.
Pass a seed domain.
See APIRun a sample filter, or have us walk you through the field set.
Most teams start with one filter composition against their domains and iterate. We'll set up token access and walk through the 149 indexed fields.