EN English ES Español DE Deutsch FR Français PT Português JP 日本語 CN 中文 IT Italiano KR 한국어 NL Nederlands
Recipe10 credits

Phishing Investigation

Investigate suspected phishing domains with a comprehensive evidence package. Collects DNS records, WHOIS data, SSL certificates, and creates a timestamped report for takedown requests.

What's Included

Evidence Package Timestamped documentation
Registrant Info WHOIS/RDAP data collection
Infrastructure Hosting and DNS details
Threat Intel Reputation and risk data
RDAPDNS LookupSSL CheckReputationIP Lookup
Interactive intelligence tool

Run the check, then ship the workflow

Use the browser tool for a fast answer, then move the same logic into scripts, monitoring, or product flows when it becomes repeatable.

1
Start with the live form

Enter a domain, URL, IP, email, or record and get a focused result without setup.

2
Review decision-ready signals

Outputs highlight statuses, risks, records, and next actions instead of raw provider noise.

3
Automate the winning workflow

Use the request and response examples to turn a one-off check into an API call or recipe.

Used by people at amazing companies

VercelLLM PulseOLXCasa ModernaPipeCal.comBeehiivSnykTogglRemoteSprigDeel

What this tool helps you decide

Each page is shaped around a practical operational question, not just a raw lookup.

Signal

See the current DNS, registration, security, pricing, or reputation evidence.

Context

Compare the result with related checks so the next move is easier to trust.

Action

Copy examples, open linked tools, or move into API documentation when you need scale.

Trust signals before you integrate

Transparent docs, authenticated requests, and visible reliability details make it easier to evaluate DomScan before you ship.

Uptime API artifacts

OpenAPI, Swagger, Postman, CLI, SDK, and MCP links are one click away.

API keys Protected access

Authenticated endpoints use API keys with clear credit costs before you call them.

Free allowance Sign Up for Free

Start with 10,000 monthly credits and upgrade only when usage grows.

Active Example Request

Start from the curl and HTTP samples, then map the parameters into your application code.

Example Request

Example Request bash 
curl -s "https://domscan.net/v1/recipes/phishing-investigation?suspicious_domain=examp1e.com"   -H "X-API-Key: $DOMSCAN_API_KEY"

Example Response

Example Response json 
{
  "success": true,
  "data": {
    "risk_level": "high",
    "evidence": [
      "recent registration",
      "mismatched hosting",
      "suspicious typosquatting"
    ],
    "registrant": "privacy protected"
  },
  "meta": {
    "recipe_name": "phishing-investigation",
    "credits_used": 10,
    "credits_saved": 10,
    "duration_ms": 952
  },
  "errors": []
}

Built from the same API surface

The browser experience previews DomScan's structured endpoints, so teams can validate a use case before writing code.

Open API docs All Tools
Enter the suspected phishing domain

Results


          

        


        
        

          
 Frequently Asked Questions

          

            
      

        
Can I use this for takedown requests?

        
Yes, the report is designed to provide evidence for abuse reports to registrars, hosting providers, and brand protection services.

      

      

        
Is registrant info always available?

        
Due to GDPR, many registrations are now privacy-protected. We collect whatever public information is available through RDAP.

      

      

        
How quickly should I act?

        
Phishing sites are often short-lived. Run this investigation immediately upon discovery and submit takedown requests as soon as possible.

      

          

        


        
        

          

            
Need More Power?

            
Get API access for automation, higher limits, and custom integrations.

            

               Get API Key
               View API Docs