Phishing URL Detector avatar

Phishing URL Detector

Pricing

Pay per usage

Go to Apify Store
Phishing URL Detector

Phishing URL Detector

Check URLs against multiple free threat intelligence sources: Google Safe Browsing, domain age, redirect chains, suspicious patterns, and heuristic scoring. Returns a risk score (0-100) + verdict. No API key required for basic checks. $0.005 per URL.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Hojun Lee

Hojun Lee

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

a day ago

Last modified

Share

Check any URL for phishing indicators and get a risk score (0-100) + verdict (SAFE / SUSPICIOUS / MALICIOUS). Analyzes heuristics, redirect chains, domain age (WHOIS), brand spoofing, and suspicious TLDs. No paid API key required. $0.005 per URL.


How it works

Phishing URLs share well-known patterns: IP-address hostnames, excessive subdomains, brand names embedded in subdomain-only positions, newly registered domains, and long suspicious redirect chains. This actor runs all signals in parallel and returns a combined risk score.

Detection signals:

  • IP address used as hostname (not a domain name)
  • Suspicious TLDs (.tk, .ml, .xyz, .top, etc.)
  • Brand spoofing (PayPal, Apple, Google, MetaMask, etc. in subdomain)
  • Newly registered domain via WHOIS (< 30 days = high risk)
  • Excessive redirect chains (> 3 hops)
  • Phishing keyword patterns (secure-login, verify-account, etc.)
  • @ symbol in URL (credential smuggling)
  • Homograph / IDN domain attack indicators
  • HTTP (not HTTPS)

What you get

{
"_type": "phishing_check",
"url": "http://paypa1-secure-login.tk/verify",
"ok": true,
"verdict": "MALICIOUS",
"risk_score": 85,
"flags": [
"Suspicious TLD: .tk",
"Brand 'paypal' in subdomain but not root domain — possible spoofing",
"Phishing keyword pattern: secure.*login",
"No HTTPS — unencrypted connection"
],
"final_url": "http://paypa1-secure-login.tk/verify",
"redirect_count": 0,
"domain": "paypa1-secure-login.tk",
"domain_age_days": 3
}

Input Parameters

ParameterTypeDefaultDescription
urlsarrayList of URLs to check (batch mode)
urlstringSingle URL to check (used when urls is empty)
checkDomainAgebooleantrueLook up domain registration date via WHOIS. Newly registered = high risk. Adds ~1-2s per domain.
userAgentstringCustom User-Agent for HTTP requests

Verdict thresholds

VerdictRisk ScoreMeaning
SAFE0-29No significant phishing signals found
SUSPICIOUS30-59Multiple risk signals — investigate before visiting
MALICIOUS60-100High confidence phishing indicators

Use cases

  1. Email security — Scan URLs in suspicious emails before clicking
  2. Threat intelligence — Bulk-classify URL lists from feeds or reports
  3. Browser extension backend — Use as API for real-time link checking
  4. SOC automation — Integrate into SIEM / SOAR playbooks via Apify API
  5. Fraud prevention — Check URLs submitted by users in your platform

Quick start

Single URL

{ "url": "https://suspicious-site.com/login" }

Batch check

{
"urls": [
"https://paypal.com",
"http://paypa1-secure.tk/login",
"https://apple-id-verify.workers.dev"
]
}

Pricing

Pay-Per-Event: $0.005 per URL checked.

RunURLsCost
Single URL1$0.005
100 URLs from email scan100$0.50
1,000 URL threat feed1,000$5.00

Limitations

  • Heuristic-based — Not a signature database. May miss zero-day phishing domains that don't match known patterns.
  • WHOIS timeout — Some domains block WHOIS; domain_age_days will be null in that case.
  • Not a replacement for Google Safe Browsing — For production security apps, combine with GSB API (requires free API key).


Feedback

Leave a review on Apify Store