Brand-abuse & phishing detection API
The problem. When you monitor newly registered lookalike domains for brand abuse, you need to see what each one is actually serving without opening it in a real browser, and capture evidence before the page is taken down.
How SiteIntel solves it
Call /v1/screenshot on each suspect URL to capture what it renders, and /v1/analyze to read its title, detected_tech, and emails. A clone of your brand often reuses your copy and Open Graph image while pointing payments and contact addresses elsewhere — that mismatch is the signal.
| Field | What you use it for |
|---|---|
screenshot (PNG) | capture what the page renders as dated evidence, server-side |
title & open_graph | spot copied branding and metadata lifted from the real site |
detected_tech | phishing kits often run a recognizable, different stack than the brand |
emails | attacker contact or exfiltration addresses published on the page |
server | hosting signal that frequently differs from the legitimate site |
Example
curl "https://siteintel.duckdns.org/v1/analyze?url=https://acme.com" \
-H "X-RapidAPI-Key: YOUR_KEY"
{
"title": "Acme Login — Verify Your Account",
"open_graph": { "image": "https://acme.com/og.png" },
"detected_tech": ["WordPress", "PHP"],
"emails": ["secure-acme@protonmail.com"],
"server": "LiteSpeed"
}
FAQ
How can I screenshot a suspicious URL without opening it myself?
Call GET /v1/screenshot?url=<suspect>. Rendering runs in headless Chromium server-side, so you get a PNG of what the page serves without loading it in your own browser, plus a dated capture for your records.
What signals help flag a lookalike or phishing page?
Compare the analyze response to your real site: copied title and Open Graph image alongside a different detected_tech stack, an unfamiliar server, or contact emails on a foreign domain are common mismatches that flag brand abuse.
Build it with SiteIntel
50 requests/month free. Pro from $9.99/mo — RapidAPI handles auth and billing.
Get API key Run the live demo