Domain Intelligence API

Threat intelligence endpoints for client integrations.

The public API exposes reviewed Domain Intelligence data through scoped client API keys. The first public surface is the Infostealers API, which returns current C2 infrastructure tied to known infostealer families.

Authentication

Use a client API key with the right API group. Keys are bearer secrets and should never be sent in URLs.

Infostealers

List current infostealer C2 hosts or check an individual host over a bounded time window.

OpenAPI

Download the small machine-readable contract for the public endpoints currently available.

Base URL

https://api.domainintelligence.uk

All public endpoints are versioned under /v1. Browser traffic and API traffic use separate hostnames.