The full picture behind any domain.
DNS, hosting, CDN, email providers, subdomains, and security headers — the infrastructure layer most tools miss entirely.
What you see
Infrastructure intelligence that goes well beyond a standard WHOIS lookup.
DNS records
MX records reveal email providers. TXT records expose SPF and DMARC policies. NS records show the DNS provider. Together they paint a clear picture of a domain's mail infrastructure and security posture.
Hosting and CDN
Know whether a site is on AWS, GCP, Cloudflare, Fastly, or a regional provider. CDN identification tells you about caching strategy and global delivery setup.
Security headers
A quick view of which security headers are present or missing — HSTS, Content Security Policy, X-Frame-Options, Referrer-Policy, and more.
Runtime behaviour
Beyond the HTML source — Reconix loads the page in a real browser and captures what happens at runtime: third-party scripts, cookie drops, storage writes, and network calls.
Subdomain map
Reconix probes dozens of common subdomain prefixes and resolves them to IP addresses and CNAME records. You get a map of the domain's full infrastructure footprint — including staging environments, APIs, and CDN origins that aren't publicly listed.
Useful for competitive research, vendor due diligence, and understanding how a company's tech stack is actually deployed.
Example subdomain results
See the infrastructure behind any domain.
Infrastructure intelligence is included in every Reconix lookup.
Try Reconix free →No credit card required.