Lookalike Domains API

This endpoint returns lookalike domains detected for your organization. It supports two modes:

  • Org-wide mode (when query is empty): return all lookalikes for your organization.

  • Domain mode (when query is a domain): return lookalikes only if that domain exists in your org’s watchlist; otherwise, return an error with the list of allowed domains.

Endpoint

POST https://api.whiteintel.io/get_lookalike_domains.php
Content-Type: application/json

Auth: API key in the request body. Access: Enterprise (and higher) plans only.

Request Body

Field
Type
Required
Default
Constraints
Notes

apikey

string

Your API key.

query

string

""

domain or empty

If empty, returns all org results. If provided, must be in your org’s watchlist.

page

int

1

>= 1

1-based page index.

limit

int

500

1..5000

Page size.

Example Requests Org-wide (all lookalikes for your org):

curl -L 'https://api.whiteintel.io/get_lookalike_domains.php' \
  -H 'Content-Type: application/json' \
  --data '{"apikey":"<YOUR_KEY>","page":1,"limit":500}'

Single watchlist domain:

curl -L 'https://api.whiteintel.io/get_lookalike_domains.php' \
  -H 'Content-Type: application/json' \
  --data '{"apikey":"<YOUR_KEY>",query:"example.com","page":1,"limit":500}'

Behavior

  1. Validate API key, plan eligibility, rate limit, and daily quota.

  2. Normalize query (trim/lowercase).

  3. If query is empty → return all lookalikes for the user’s organization_id (paginated).

  4. If query is not empty:

    • Ensure the domain exists in the org’s watchlist (entry_type = 'domain').

    • If it doesn’t, return an error with allowed_queries (the user’s/org’s watchlist domains).

    • If it does, return lookalikes where original_entry = query (exact match; no LIKE).

Success Response

{
    "success": true,
    "remaining_daily_calls": 472,
    "results": [{
        "data_type": "lookalike",
        "original_entry": "example.com",
        "detected_domain": "examp1e.com",
        "detected_domain_ip": ["203.0.113.10", "2001:db8::10"],
        "detected_domain_ns": ["ns1.provider.net", "ns2.provider.net"],
        "whois_json": {
            "domain_name": "examp1e.com",
            "registrar": "Registrar LLC",
            "creation_date": "2023-06-01T00:00:00Z",
            "creation_date_iso": "2023-06-01T00:00:00Z"
        },
        "creation_date_iso": "2023-06-01 00:00:00",
        "discovered_at": "2025-09-06 11:28:53"
    }]
}

Validation Failure (200 with guidance)

{
  "success": false,
  "error": "Query must be empty or one of your watchlist domains.",
  "allowed_queries": ["example.com", "acme.org", "brand.io"]
}
PreviousLast Leaks APINextThreat Feed API

Last updated