Try any of 1042 endpoints — live.
Pick an endpoint, load a working example, tweak the params, and send — no signup to try. Results render the way the data deserves; raw JSON, headers & code are one tab away.
Comprehensive fraud and security risk report for one domain: a 0-100 risk score, human-readable reasons, and a risk level (low / medium / elevated / high). Combines domain age, expiry status, parked/for-sale detection, TLS certificate presence, hostname structure, brand impersonation signals, and email/DNSSEC legitimacy into a single verdict. The primary action for phishing detection and brand protection.
A full domain to evaluate (e.g. example.com, secure-login.io). A bare host, full URL, leading www., or an IDN (münchen.de) are accepted and normalized to its registrable form.
If true (default), also fetch the domain's root page to detect a parked or for-sale landing page. A failed page probe never fails the overall risk assessment — only the parking signal is omitted.
If true, return the full RDAP registrant contact. Default false → personal data dropped (GDPR), organization kept.
curl -X POST https://api.reefapi.com/domain-risk/v1/assess \
-H "x-api-key: $REEF_KEY" \
-H "content-type: application/json" \
-d '{"domain":"google.com","check_parked":"false"}'Hit Send to run this endpoint live.