Phishing URL Detector
Pricing
Pay per usage
Phishing URL Detector
Check URLs against multiple free threat intelligence sources: Google Safe Browsing, domain age, redirect chains, suspicious patterns, and heuristic scoring. Returns a risk score (0-100) + verdict. No API key required for basic checks. $0.005 per URL.
Pricing
Pay per usage
Rating
0.0
(0)
Developer
Hojun Lee
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
a day ago
Last modified
Categories
Share
Check any URL for phishing indicators and get a risk score (0-100) + verdict (SAFE / SUSPICIOUS / MALICIOUS). Analyzes heuristics, redirect chains, domain age (WHOIS), brand spoofing, and suspicious TLDs. No paid API key required. $0.005 per URL.
How it works
Phishing URLs share well-known patterns: IP-address hostnames, excessive subdomains, brand names embedded in subdomain-only positions, newly registered domains, and long suspicious redirect chains. This actor runs all signals in parallel and returns a combined risk score.
Detection signals:
- IP address used as hostname (not a domain name)
- Suspicious TLDs (
.tk,.ml,.xyz,.top, etc.) - Brand spoofing (PayPal, Apple, Google, MetaMask, etc. in subdomain)
- Newly registered domain via WHOIS (< 30 days = high risk)
- Excessive redirect chains (> 3 hops)
- Phishing keyword patterns (
secure-login,verify-account, etc.) @symbol in URL (credential smuggling)- Homograph / IDN domain attack indicators
- HTTP (not HTTPS)
What you get
{"_type": "phishing_check","url": "http://paypa1-secure-login.tk/verify","ok": true,"verdict": "MALICIOUS","risk_score": 85,"flags": ["Suspicious TLD: .tk","Brand 'paypal' in subdomain but not root domain — possible spoofing","Phishing keyword pattern: secure.*login","No HTTPS — unencrypted connection"],"final_url": "http://paypa1-secure-login.tk/verify","redirect_count": 0,"domain": "paypa1-secure-login.tk","domain_age_days": 3}
Input Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
urls | array | — | List of URLs to check (batch mode) |
url | string | — | Single URL to check (used when urls is empty) |
checkDomainAge | boolean | true | Look up domain registration date via WHOIS. Newly registered = high risk. Adds ~1-2s per domain. |
userAgent | string | — | Custom User-Agent for HTTP requests |
Verdict thresholds
| Verdict | Risk Score | Meaning |
|---|---|---|
| SAFE | 0-29 | No significant phishing signals found |
| SUSPICIOUS | 30-59 | Multiple risk signals — investigate before visiting |
| MALICIOUS | 60-100 | High confidence phishing indicators |
Use cases
- Email security — Scan URLs in suspicious emails before clicking
- Threat intelligence — Bulk-classify URL lists from feeds or reports
- Browser extension backend — Use as API for real-time link checking
- SOC automation — Integrate into SIEM / SOAR playbooks via Apify API
- Fraud prevention — Check URLs submitted by users in your platform
Quick start
Single URL
{ "url": "https://suspicious-site.com/login" }
Batch check
{"urls": ["https://paypal.com","http://paypa1-secure.tk/login","https://apple-id-verify.workers.dev"]}
Pricing
Pay-Per-Event: $0.005 per URL checked.
| Run | URLs | Cost |
|---|---|---|
| Single URL | 1 | $0.005 |
| 100 URLs from email scan | 100 | $0.50 |
| 1,000 URL threat feed | 1,000 | $5.00 |
Limitations
- Heuristic-based — Not a signature database. May miss zero-day phishing domains that don't match known patterns.
- WHOIS timeout — Some domains block WHOIS;
domain_age_dayswill be null in that case. - Not a replacement for Google Safe Browsing — For production security apps, combine with GSB API (requires free API key).
Related actors
- Website Security Headers Checker — Audit CSP, HSTS, X-Frame-Options
- Email & Domain OSINT — Full WHOIS + DNS + SSL + HIBP breach check
- Crypto Address Sanctions Checker — OFAC / EU sanctions screening