Deprecated API

Check out the new Domain Risk V2 for improved performance, accuracy, and support.

Domain Risk Analysis API

Fast, synchronous domain-level risk assessment for high-volume screening and real-time validation.

Overview

What is Domain Risk Analysis?

Domain Risk Analysis provides fast, synchronous risk assessment for domains and URLs. It checks for typosquatting, suspicious keywords, domain age, and SSL certificate issues—ideal for high-volume screening and real-time validation.

Synchronous

2-5 seconds

Pricing

$0.0025/scan

Domain Analysis

No content scraping

What It Analyzes

• Domain patterns (typosquatting, suspicious keywords)
• DNS and RDAP (domain age, registration)
• SSL certificate validation

When to Use Domain Risk Analysis

• High-volume URL screening (1000s/day)
• Real-time validation requirements
• Domain-level threat detection only
• Cost-sensitive operations

Analyze a Domain

Send a POST request to analyze a domain for security risks. The analysis is synchronous and returns a risk ID and results immediately.

Endpoint

POST https://api.urlert.com/v1/domain-risks

Request Body

{
  "url": "https://secure-login.paypa1.com/verify-account"
}

Code Examples

curl -X POST https://api.urlert.com/v1/domain-risks \
  -H "Authorization: Bearer u_sk_your_api_token_here" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://secure-login.paypa1.com/verify-account"}'

import requests

response = requests.post(
    'https://api.urlert.com/v1/domain-risks',
    headers={
        'Authorization': 'Bearer u_sk_your_api_token_here',
        'Content-Type': 'application/json'
    },
    json={'url': 'https://secure-login.paypa1.com/verify-account'}
)

data = response.json()
print(data['risk_id'])

const response = await fetch('https://api.urlert.com/v1/domain-risks', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer u_sk_your_api_token_here',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ url: 'https://secure-login.paypa1.com/verify-account' })
});

const data = await response.json();
console.log(data.risk_id);

Response (200 OK)

{
  "risk_id": "990e8400-e29b-41d4-a716-446655440004",
  "status": "completed",
  "created_at": "2024-01-15T10:30:00Z"
}

Example Responses

{
  "risk_id": "990e8400-e29b-41d4-a716-446655440004",
  "url": "https://example.com",
  "created_at": "2024-01-15T10:30:00Z",
  "report": {
    "request_url": "https://example.com",
    "final_assessment": "Benign",
    "threat_type": "Benign",
    "confidence_score": 95,
    "executive_summary": "No security issues detected.",
    "evidence_findings": []
  }
}

{
  "risk_id": "990e8400-e29b-41d4-a716-446655440004",
  "url": "https://secure-login.paypa1.com/verify-account",
  "created_at": "2024-01-15T10:30:00Z",
  "report": {
    "request_url": "https://secure-login.paypa1.com/verify-account",
    "final_assessment": "Malicious",
    "threat_type": "Phishing / Credential Theft",
    "confidence_score": 90,
    "executive_summary": "The domain 'paypa1.com' is a high-confidence typosquat of 'paypal.com' and is newly registered (3 days old). The subdomain 'secure-login' also contains suspicious keywords.",
    "evidence_findings": [
      {
        "finding_id": "DR-DOM-002",
        "severity": "Critical",
        "source_agent": "StaticAnalysisAgent",
        "description": "Suspected typosquatting detected.",
        "details": "The domain 'paypa1.com' appears to be typosquatting 'paypal.com' (character substitution: 'l' → '1')."
      },
      {
        "finding_id": "DR-NET-001",
        "severity": "Critical",
        "source_agent": "NetworkAnalysisAgent",
        "description": "Domain is very newly registered.",
        "details": "The domain 'paypa1.com' was registered 3 days ago."
      },
      {
        "finding_id": "DR-DOM-003",
        "severity": "Low",
        "source_agent": "StaticAnalysisAgent",
        "description": "Suspicious keywords found in domain.",
        "details": "The subdomain 'secure-login' contains a 'credential' keyword: 'login'.",
        "category": "credential"
      },
      {
        "finding_id": "DR-NET-016",
        "severity": "Informational",
        "source_agent": "NetworkAnalysisAgent",
        "description": "Site uses a free Certificate Authority.",
        "details": "The SSL certificate was issued by 'Let's Encrypt', a free CA."
      }
    ]
  }
}

Rate Limits

Domain Risk Analysis endpoints are rate limited per organization, per minute.

Operation	Limit	Description
POST /v1/domain-risks	20/minute	Analyze domains for risk
GET /v1/domain-risks/:risk_id	20/minute	Retrieve analysis results

Best Practices

• Screen in Bulk: Use this API for high-volume, cost-sensitive screening (1000s/day).
• Validate in Real-Time: Integrate into signup flows or link validation for fast feedback (2-5s).
• Handle All Assessments: Your integration should handle Malicious, Suspicious, Benign, and Unknown results.
• Secure Your Token: Never expose your API token in client-side code or public repositories. Use environment variables.
• Handle Errors: Always check response status codes and handle errors appropriately (insufficient balance, rate limits, etc.).