Pricing

Pay per usage

Domain Trust Monitor API | SSL + RDAP + DMARC + Headers

Monitor domain trust posture in one run: SSL expiry and issuer drift, registrar and expiry changes, DMARC/SPF/DKIM posture, security headers, and optional Google Web Risk alerts.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

太郎山田

Actor stats

Bookmarked

Total users

Monthly active users

2 hours ago

Last modified

Store Quickstart

Start with store-input.example.json for a reliable first dataset run across three stable domains.
If that matches your workflow, switch to store-input.templates.json and pick one of:
- Quickstart (Dataset) for first success
- Portfolio Watch for weekly domain sweeps
- Action-Needed Webhook for recurring alerts
- Domain Trust + Web Risk when you need optional reputation checks

The quickstart is tuned for low-maintenance recurring monitoring: direct network checks, no browser automation, no proxies, and no vendor lock-in for the core signals.

What this actor does

For each domain, the actor combines four operationally useful checks into one row:

SSL / TLS: expiry windows, issuer drift, fingerprint rotation, certificate trust issues
RDAP: registrar, nameserver, DNSSEC, domain expiry, and ownership-related changes
DNS / email security: MX, SPF, DKIM, and DMARC posture with a grade and fix-ready warnings
Security headers: HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and more

Optional Google Web Risk lookups can be enabled with your own Google Cloud API key when you want a commercially usable malware / social-engineering reputation signal.

Why this is a better product than separate utilities

Running four separate actors is operationally noisy. domain-trust-monitor is designed as the productized lane:

one recurring task
one schedule
one dataset or webhook payload
one trust score per domain
one ranked list of action-needed alerts

This is better for MSPs, agencies, portfolio operators, security teams, and SaaS teams who want to know which domains need attention first.

Input example

{
  "domains": ["google.com", "github.com", "cloudflare.com"],
  "expiryWarningDays": 30,
  "followRedirects": true,
  "checkDkim": true,
  "delivery": "dataset",
  "concurrency": 2
}

Output example

{
  "domain": "github.com",
  "status": "changed",
  "severity": "high",
  "alertCount": 1,
  "brief": "1 alert(s): TLS certificate expires in 12 days",
  "trustScore": {
    "total": 67,
    "grade": "C"
  },
  "recommendedActions": [
    "Schedule certificate renewal before the warning window closes."
  ]
}

A fuller payload is available in sample-output.example.json. The full actor output also includes flattened alerts[], per-component details, and an executiveSummary for webhook delivery.

Delivery modes

dataset: saves one domain row per result to the actor dataset
webhook: sends the full action-needed payload (meta, alerts, results) to your webhook URL

The dataset path is the safest first run. The webhook path is the best recurring upsell once the team trusts the signal.

Recommended recurring workflows

Workflow	Why
Weekly portfolio sweep	Catch SSL, DNS, and header drift across all client or product domains
Renewal watchlist	Surface domains or certificates that are close to expiry
Security hardening QA	Validate DMARC and browser-facing hardening before launch
MSP / agency reporting	Export one ranked list of domains that need work

Cost profile

The core actor uses built-in Node.js networking and public RDAP / DNS / HTTP endpoints. That keeps maintenance and vendor cost low.

Optional Google Web Risk lookups are only used when explicitly enabled and billed through your own Google Cloud account.

Commercial ops

Set up .env first:

$cp -n .env.example .env

Configure the Apify task and schedule:

$npm run apify:cloud:setup

Daily / weekly reliability checks:

npm run canary:check
npm run contract:test:live

ssl-certificate-monitor — standalone TLS checks if you only need certificates
rdap-domain-monitor — standalone RDAP ownership / expiry checks
dns-dmarc-security-checker — standalone email security grading
security-headers-checker — standalone browser security header grading

SSL Certificate Monitor API | Expiry + Issuer Changes

taroyamada/ssl-certificate-monitor

Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.

太郎山田

RDAP Domain Monitor API | Ownership + Expiry

taroyamada/rdap-domain-monitor

Monitor domain registration data via RDAP and track expiry, registrar, nameserver, and ownership changes in structured rows.

太郎山田

DNS / SPF / DKIM / DMARC Audit API

taroyamada/dns-dmarc-security-checker

Audit SPF, DKIM, DMARC, and MX in bulk with grades, fix-ready recommendations, and recurring email-security monitoring.

太郎山田

Security Headers Checker API | OWASP Audit

taroyamada/security-headers-checker

Audit OWASP security headers in bulk, grade each site, and monitor header drift across client or product portfolios.

太郎山田

Supernet Domain Health - Email Reputation Audit

superlativetech/supernet-domain-health

Email authentication and deliverability audit for any domain. Checks SPF, DKIM, DMARC, MX, blacklists, SSL, WHOIS, BIMI, MTA-STS — returns a 0-100 health score with actionable fixes. Sending or receiving mode. Batch thousands or query one via instant API.

Superlative

Domain Age Checker

automation-lab/domain-age-checker

This actor checks domain age using the RDAP (Registration Data Access Protocol) — the modern replacement for WHOIS. It retrieves registration date, expiration date, registrar, nameservers, and calculates domain age in days and years. Supports .com, .net, .org, .io, .dev, .app, and many...

Stas Persiianenko

SSL Certificate Checker

automation-lab/ssl-certificate-checker

SSL Certificate Checker connects to domains over TLS and inspects their SSL certificates. It returns structured data about certificate validity, expiry, issuer chain, TLS protocol version, cipher suite, and a security grade from A+ to F.

Stas Persiianenko

Domain WHOIS & DNS Lookup â€” Registration, DNS Records & Tech

sovereigntaylor/domain-whois-scraper

Look up WHOIS data, DNS records, SSL certificates, and tech stack for any domain. Bulk domain research for lead generation, SEO audits, domain investing, and competitive intelligence. Uses RDAP, DNS-over-HTTPS, Certificate Transparency, and web WHOIS providers.

Ricardo Akiyoshi

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

Free Domain Technology Stack Scanner

s-r/free-domain-technology-stack-scanner

Detect the complete technology stack of any website. Identifies ecommerce platforms (Shopify, WooCommerce, Magento), CMS (WordPress, Contentful), JS frameworks (React, Next.js, Vue), analytics (GA4, GTM), payment providers (Stripe, PayPal, Klarna), hosting/CDN, SSL certificates.