The most comprehensive internet data at your service.

The same dataset that powers the Deepinfo Platform is available directly. As bulk feeds for analytics teams, or as APIs for engineering teams building their own tools. Both options, one dataset.

Talk to our data team Read the docs

Domain

paypal-secure-login.com

Registered 3h ago · Panama

Phishing signal

SSL Certificate

*.api.stripe.com

Let's Encrypt · valid 89d

Valid

Subdomain

staging.internal.acme.io

A → 10.0.1.44 · exposed

Internal leak

DNS Record

mx1.protonmail.com

MX 10 · TTL 300s

Threat Intel

185.220.101.47

Tor exit node · AS204 · DE

Malicious

Whois

deepinfo.com

Created 2019-03-14 · active

Clean

Subdomain

dev.dashboard.notion.so

CNAME → prod-lb-42.aws.com

CNAME

SSL Certificate

vault.hashicorp.com

DigiCert · expires 14d

Expiring soon

Vulnerability

CVE-2021-44228

Log4Shell · CVSS 10.0 · mass exploit

Critical

Domain

apple.com

Registered 1987-02-19 · US · active

Clean

DNS Record

ns1.cloudflare.com

NS · TTL 86400s · global

Infrastructure

AS15169 · Google

8.3M IPs · 190 countries

AS lookup

Threat Intel

212.109.220.47

Ransomware C2 · UA · active

IOC

SSL Certificate

DigiCert EV · valid 271d

Valid

Domain

micros0ft-update.net

Registered 1h ago · BY

Typosquat

Whois

github.com

Created 2007-10-09 · Registrar: CSC

Active

DNS Record

_dmarc.amazon.com

TXT · v=DMARC1; p=quarantine

Protected

Subdomain

legacy-ftp.old.storage.ibm.com

A → 129.42.60.216 · open 21/tcp

Exposed

SSL Certificate

*.discord.com

DigiCert · valid 301d

Valid

Vulnerability

CVE-2024-21762

FortiOS SSL VPN · CVSS 9.6

Critical

Domain

paypal-secure-login.com

Registered 3h ago · Panama

Phishing signal

SSL Certificate

*.api.stripe.com

Let's Encrypt · valid 89d

Valid

Subdomain

staging.internal.acme.io

A → 10.0.1.44 · exposed

Internal leak

DNS Record

mx1.protonmail.com

MX 10 · TTL 300s

Threat Intel

185.220.101.47

Tor exit node · AS204 · DE

Malicious

Whois

deepinfo.com

Created 2019-03-14 · active

Clean

Subdomain

dev.dashboard.notion.so

CNAME → prod-lb-42.aws.com

CNAME

SSL Certificate

vault.hashicorp.com

DigiCert · expires 14d

Expiring soon

Vulnerability

CVE-2021-44228

Log4Shell · CVSS 10.0 · mass exploit

Critical

Domain

apple.com

Registered 1987-02-19 · US · active

Clean

DNS Record

ns1.cloudflare.com

NS · TTL 86400s · global

Infrastructure

AS15169 · Google

8.3M IPs · 190 countries

AS lookup

Threat Intel

212.109.220.47

Ransomware C2 · UA · active

IOC

SSL Certificate

DigiCert EV · valid 271d

Valid

Domain

micros0ft-update.net

Registered 1h ago · BY

Typosquat

Whois

github.com

Created 2007-10-09 · Registrar: CSC

Active

DNS Record

_dmarc.amazon.com

TXT · v=DMARC1; p=quarantine

Protected

Subdomain

legacy-ftp.old.storage.ibm.com

A → 129.42.60.216 · open 21/tcp

Exposed

SSL Certificate

*.discord.com

DigiCert · valid 301d

Valid

Vulnerability

CVE-2024-21762

FortiOS SSL VPN · CVSS 9.6

Critical

Infrastructure

AS16509 · Amazon

12.4M IPs · 58 countries

AS lookup

Domain

amaz0n-orders.net

Typosquat · registered today

Brand abuse

DNS Record

_dmarc.google.com

TXT · v=DMARC1; p=reject

Protected

Vulnerability

CVE-2024-3400

PAN-OS · CVSS 10.0 · Active

Critical

Subdomain

api.v2.payments.shopify.com

A → 23.227.38.65

Active

SSL Certificate

Microsoft IT TLS CA · valid 341d

Valid

Threat Intel

198.51.100.22

C2 server · Cobalt Strike

IOC

Domain

cdn-assets.figma.com

Registered 2012 · US · active

Clean

Whois

tesla.com

Created 1992-11-04 · Registrar: CSC

Active

Subdomain

admin.legacy.corp.target.com

A → 192.168.1.1 · internal

Exposed

SSL Certificate

*.github.com

DigiCert · SHA-256 · valid 180d

Valid

Threat Intel

45.142.212.100

Phishing kit host · RU · active

Malicious

Domain

paypa1-verify.com

Registered 4h ago · VN

Phishing signal

Infrastructure

AS13335 · Cloudflare

6.9M IPs · 100+ countries

AS lookup

Vulnerability

CVE-2022-22965

Spring4Shell · CVSS 9.8

Critical

Whois

openai.com

Created 2015-10-14 · Registrar: MarkMonitor

Active

DNS Record

dkim._domainkey.sendgrid.net

TXT · DKIM public key · active

DKIM

SSL Certificate

*.dropbox.com

DigiCert EV · valid 255d

Valid

Domain

uber.com

Registered 2002-05-23 · US · active

Clean

Vulnerability

CVE-2023-34362

MOVEit Transfer SQLi · CVSS 9.8

Critical

Infrastructure

AS16509 · Amazon

12.4M IPs · 58 countries

AS lookup

Domain

amaz0n-orders.net

Typosquat · registered today

Brand abuse

DNS Record

_dmarc.google.com

TXT · v=DMARC1; p=reject

Protected

Vulnerability

CVE-2024-3400

PAN-OS · CVSS 10.0 · Active

Critical

Subdomain

api.v2.payments.shopify.com

A → 23.227.38.65

Active

SSL Certificate

Microsoft IT TLS CA · valid 341d

Valid

Threat Intel

198.51.100.22

C2 server · Cobalt Strike

IOC

Domain

cdn-assets.figma.com

Registered 2012 · US · active

Clean

Whois

tesla.com

Created 1992-11-04 · Registrar: CSC

Active

Subdomain

admin.legacy.corp.target.com

A → 192.168.1.1 · internal

Exposed

SSL Certificate

*.github.com

DigiCert · SHA-256 · valid 180d

Valid

Threat Intel

45.142.212.100

Phishing kit host · RU · active

Malicious

Domain

paypa1-verify.com

Registered 4h ago · VN

Phishing signal

Infrastructure

AS13335 · Cloudflare

6.9M IPs · 100+ countries

AS lookup

Vulnerability

CVE-2022-22965

Spring4Shell · CVSS 9.8

Critical

Whois

openai.com

Created 2015-10-14 · Registrar: MarkMonitor

Active

DNS Record

dkim._domainkey.sendgrid.net

TXT · DKIM public key · active

DKIM

SSL Certificate

*.dropbox.com

DigiCert EV · valid 255d

Valid

Domain

uber.com

Registered 2002-05-23 · US · active

Clean

Vulnerability

CVE-2023-34362

MOVEit Transfer SQLi · CVSS 9.8

Critical

THE DATA

Our dataset, at internet scale.

Deepinfo owns its dataset end to end. No third-party enrichment hops, no rented data, no stale cached results. We collect, enrich, and keep it current every day.

The same data that security teams rely on inside the Deepinfo Platform is what your analytics or engineering team gets when you choose Data Feeds or APIs.

400M+

Domains continuously collected, analyzed, and kept up to date

2B+

Subdomains mapped across the public internet

200B+

DNS records indexed with full historical context

30B+

SSL/TLS certificates collected and monitored over time

TWO WAYS TO USE IT

Bulk feeds. Or live APIs. Your call.

DATA FEEDS

Bulk internet data, complete, fresh, and ready to use.

12 curated datasets covering domains, subdomains, DNS records, certificates, IPs, Whois, and threat indicators. Delivered as daily batches, real-time streams, or full historical archives in the formats your team already uses.

Explore data feeds

API SERVICES

Integrate the internet's deepest data into anything you build.

8 API surfaces covering domain, subdomain, DNS, Whois, SSL, infrastructure, threat, brand, and vulnerability intelligence. Sub-second lookups, predictable pricing, authentication via API key or OAuth.

Explore APIs

WHO USES IT

Built for teams that build on data.

SECURITY VENDORS

Power your product with our data

Security ratings, attack surface products, threat intelligence platforms, and DNS filtering services build on Deepinfo data.

ENGINEERING TEAMS

Enrich, detect, automate

Enrich alerts in SIEM/SOAR, automate detection engineering, power internal security tools, and build custom investigations.

RESEARCHERS & ANALYSTS

Query the internet at scale

Security researchers, threat intelligence analysts, and academic teams use our data for internet-scale analysis and investigations.

GET STARTED

Talk to our data team.

Send us your use case. We'll come back with sample data, pricing, and a recommendation on whether feeds, APIs, or both fit best.

Contact the data team Read the docs