Documentation
V2 API
URL Threat Detection
Deep AI-powered analysis for investigating suspicious URLs with multi-agent threat detection and evidence-based reporting.
URL Threat Detection is our comprehensive, AI-powered security analysis service that performs deep investigation of suspicious URLs. This API scrapes page content, analyzes screenshots, and uses multi-agent AI to detect zero-day threats and sophisticated phishing attacks.
Billing & Transparency
Simple per-request pricing.
$0.02 Standard Deep AI-powered URL threat detection.
Async jobs are automatically refunded if they fail on our end.
1. Request Analysis
POSTSubmit a URL for threat detection. This will trigger a background job and return a job ID.
curl -X POST "https://api.urlert.com/v2/url-threat-detection" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/suspicious-page"}'2. Polling Results
GETPoll the status_url provided in Step 1 until the job is complete.
curl -X GET "https://api.urlert.com/v2/url-threat-detection/jobs/aa1b2c3d-4e5f-6a7b-8c9d-0e1f2a3b4c5d" \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
Typical response payload for a malicious URL.
{
"status": "complete",
"job_id": "aa1b2c3d-4e5f-6a7b-8c9d-0e1f2a3b4c5d",
"error": null,
"result": {
"url": "https://secure-banking-verify.com/login?ref=email",
"final_url": "https://secure-banking-verify.com/account/verify",
"final_assessment": "Malicious",
"threat_type": "Phishing / Credential Theft",
"confidence_score": 95,
"executive_summary": "This URL is Malicious. The domain 'secure-banking-verify.com' attempts to impersonate a major financial institution through visual branding and copycat design. The domain was registered 3 days ago and contains credential harvesting forms. Multiple high-severity indicators suggest this is an active phishing campaign.",
"recommended_action": "Block",
"findings": [
{
"finding_id": "DR-NET-001",
"severity": "High",
"source_agent": "Network Analysis Agent",
"description": "Domain was recently registered. Newly registered domains are often used in phishing, scams, and other malicious activities. The newer the domain, the higher the risk.",
"details": {
"registration_date": "2025-02-03T08:15:42Z"
},
"category": "Domain Registration"
},
{
"finding_id": "SC-VIS-003",
"severity": "Critical",
"source_agent": "Visual Analysis Agent",
"description": "Brand impersonation detected. The page mimics the visual identity of a known brand without authorization.",
"details": {
"detected_brand": "Major Bank Corp",
"similarity_score": 0.92
},
"category": "Visual Deception"
},
{
"finding_id": "SC-CON-002",
"severity": "Critical",
"source_agent": "Content Analysis Agent",
"description": "Credential harvesting form detected. The page contains input fields designed to capture sensitive authentication credentials.",
"details": {
"form_fields": ["username", "password", "account_number"],
"submission_endpoint": "https://data-collector.suspicious-domain.net/api/submit"
},
"category": "Suspicious Content"
},
{
"finding_id": "DR-NET-005",
"severity": "Medium",
"source_agent": "Network Analysis Agent",
"description": "No Mail (MX) records found for the domain. If you receive emails from this domain, it may be spoofed.",
"details": null,
"category": "DNS"
}
],
"site_context": {
"apparent_purpose": "Finance",
"description": "This page appears to be a customer login portal for a banking institution, requesting account credentials for verification purposes.",
"detected_brand": "Major Bank Corp",
"page_title": "Secure Login - Account Verification Required",
"website_category": "FINANCE"
},
"domain_registered_date": "2025-02-03T08:15:42+00:00"
}
}Response Schema
The threat detection object contains the final verdict, detailed findings, and supporting evidence.
Top-Level Fields
| Property | Description |
|---|
Rate Limits
All endpoints are rate limited per organization, per minute.
| Operation | Limit | Description |
|---|---|---|
| POST /v2/url-threat-detection | 10/minute | Trigger new threat analysis |
| GET /v2/url-threat-detection/jobs/{id} | 60/minute | Poll active jobs |