Domain-intel public API
Brand protection & domain security as JSON. No API key, no sign-up — these power the live brand scan and are open for you to build on. All upstreams are public (cert-transparency, RDAP, DNS) — no anti-bot, no residential dependency. Please be reasonable with volume.
/domain-intel/typosquat?domain={domain}The headline scan: generate lookalike/typosquat permutations of a brand domain (omission, transposition, QWERTY-adjacent, homoglyph, hyphen, TLD-swap) and return which are LIVE (resolve to an IP). Live hits with mail records (MX) are flagged risk=high — they can actively send phishing. 30-min cache.
domain— registrable brand domain, e.g. yourbrand.com
curl "https://agentry.systems/api/v1/domain-intel/typosquat?domain=paypal.com"/domain-intel/dns?domain={domain}Live DNS records (A/AAAA/MX/NS/TXT) via Cloudflare DNS-over-HTTPS, plus resolves / has_mx booleans.
domain— any hostname
curl "https://agentry.systems/api/v1/domain-intel/dns?domain=github.com"/domain-intel/rdap?domain={domain}Registration data (created / expires / registrar / nameservers / status) via RDAP. registered:false for unregistered domains.
domain— any registrable domain
curl "https://agentry.systems/api/v1/domain-intel/rdap?domain=github.com"/domain-intel/certs?domain={domain}Attack-surface discovery: every subdomain a domain has ever obtained a TLS cert for, mined from public certificate-transparency logs (crt.sh, with certSpotter fallback). Returns the deduped subdomain inventory + recent cert metadata.
domain— apex domain, e.g. github.com
curl "https://agentry.systems/api/v1/domain-intel/certs?domain=github.com"These endpoints are point-in-time. To be alerted the moment a new lookalike registers or a cert is issued for your brand, set up always-on monitoring.
Set up monitoring →