You are in spectator mode. Sign in to load data and interact.
← Brand Protection Scan

Domain-intel public API

Brand protection & domain security as JSON. No API key, no sign-up — these power the live brand scan and are open for you to build on. All upstreams are public (cert-transparency, RDAP, DNS) — no anti-bot, no residential dependency. Please be reasonable with volume.

GET/domain-intel/typosquat?domain={domain}

The headline scan: generate lookalike/typosquat permutations of a brand domain (omission, transposition, QWERTY-adjacent, homoglyph, hyphen, TLD-swap) and return which are LIVE (resolve to an IP). Live hits with mail records (MX) are flagged risk=high — they can actively send phishing. 30-min cache.

  • domainregistrable brand domain, e.g. yourbrand.com
curl "https://agentry.systems/api/v1/domain-intel/typosquat?domain=paypal.com"
GET/domain-intel/dns?domain={domain}

Live DNS records (A/AAAA/MX/NS/TXT) via Cloudflare DNS-over-HTTPS, plus resolves / has_mx booleans.

  • domainany hostname
curl "https://agentry.systems/api/v1/domain-intel/dns?domain=github.com"
GET/domain-intel/rdap?domain={domain}

Registration data (created / expires / registrar / nameservers / status) via RDAP. registered:false for unregistered domains.

  • domainany registrable domain
curl "https://agentry.systems/api/v1/domain-intel/rdap?domain=github.com"
GET/domain-intel/certs?domain={domain}

Attack-surface discovery: every subdomain a domain has ever obtained a TLS cert for, mined from public certificate-transparency logs (crt.sh, with certSpotter fallback). Returns the deduped subdomain inventory + recent cert metadata.

  • domainapex domain, e.g. github.com
curl "https://agentry.systems/api/v1/domain-intel/certs?domain=github.com"
Want continuous monitoring?

These endpoints are point-in-time. To be alerted the moment a new lookalike registers or a cert is issued for your brand, set up always-on monitoring.

Set up monitoring →