Current Whois state for any domain, in one call.
The Whois Lookup API returns the registration record for a domain right now: registrar, dates, registrant, name servers, and status codes. Both the raw Whois response and a parsed structured form are returned in the same call.
The full Whois record, raw and parsed.
Pass a domain on the query string. The response includes the original Whois server output, a structured parse of the same record, and the timestamp of the underlying lookup.
The parsed object exposes the fields most workflows need without forcing you to write a registrar-specific Whois parser: creation date, update date, expiry date, registrar, registrant block (organization, location, contact), name servers, and EPP status codes. The raw block is preserved for cases where the parsed view loses signal that matters to you.
Whois Lookup returns current state. For multi-snapshot history of the same domain, pair it with the Whois History API.
One endpoint, one parameter.
Endpoint:
GET https://api.deepinfo.com/v1/lookup/whois?domain={domain}Parameters:
Authentication is by API token in the request header. See docs.deepinfo.com for the full request reference.
See what the API returns.
Real response structure for the WHOIS Lookup endpoint. Field coverage may vary based on query parameters and data availability.
{
"domain": "example.com",
"query_time": "2026-05-04T12:00:00Z",
"registration": {
"registrant_name": "Example Organization Ltd.",
"registrant_organization": "Example Organization",
"registrant_country": "US",
"registrar": "Example Registrar Inc.",
"registrar_iana_id": "292",
"registrar_url": "https://example-registrar.com"
},
"dates": {
"created": "2010-03-15T08:42:33Z",
"updated": "2025-02-20T14:11:09Z",
"expires": "2027-03-15T08:42:33Z"
},
"nameservers": [
"ns1.example.com",
"ns2.example.com"
],
"status": [
"clientTransferProhibited",
"clientUpdateProhibited",
"clientDeleteProhibited"
],
"dnssec": "unsigned",
"raw_whois_available": true
}Sample response shown. Real responses depend on query parameters, data availability, and API version. Talk to us for full schema documentation.
Workflows this API plugs into directly.
Incident Investigation and Response
Resolve registrant, registrar, and timeline data while the incident is still hot. Pivot from one indicator to the next without leaving the workflow.
Read the use casePhishing Detection and Prevention
Score newly detected lookalikes by registrar reputation, registration age, and registrant signals before routing to takedown.
Read the use caseMergers and Acquisitions Due Diligence
Verify domain ownership claims in the data room against current Whois state. Surface forgotten registrations and inheritance gaps.
Read the use case“Current Whois lookups in our SOAR enrichment used to fail intermittently against rate-limited registrar endpoints. The hosted resolver returns reliably and our enrichment success rate climbed substantially after the switch.”
Other lookup APIs.
Current IP allocation state, in one call.
Pass an IP address.
See API APICurrent DNS state for an FQDN, in one call.
Pass an FQDN and one or more record types.
See API APICurrent TLS state for a host, in one call.
Pass a domain or IP.
See API APIFind every domain on an MX record.
Pass an MX record value.
See API APIFind every domain on a name server.
Pass a name server hostname.
See API APIFind every domain on an IP.
Pass an IP address or CIDR.
See API APICapture a target page as the user sees it.
Pass a URL.
See API APIDetect the technology stack of a target, in one call.
Pass a URL.
See API APILive web-page data for a target, in one call.
Pass a URL.
See API APIScan a target's open ports, in one call.
Pass a target.
See APIRun a sample call, or have us walk you through it.
Most teams test the API against five or ten of their own domains before integrating. We'll set up token access and answer schema questions on a call.