URL Protection
Check URLs for phishing, malware, scams, and other threats in real time. Includes batch checking and domain reputation lookup.
Check Single URL
Submit a URL for real-time threat analysis. OrbGuard evaluates the domain reputation, SSL certificate, page content, redirect chains, and known threat databases to determine if the URL is safe to visit.
POST
/api/v1/url/checkCheck a single URL for phishing, malware, and other threats
Authentication:Bearer Token
| Parameter | Type | Required | Description |
|---|---|---|---|
url | string | Required | The full URL to check (e.g., https://example.com/path) |
device_id | string | Optional | Unique identifier of the device making the request |
source | string | Optional | Where the URL was encountered. One of: browser, sms, email, app |
user_agent | string | Optional | The user agent string of the browser or app that encountered the URL |
curl -X POST https://guard.orbai.world/api/v1/url/check \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://secure-login-verify.example.com/account",
"device_id": "iphone-15-xyz789",
"source": "sms"
}'200URL check complete - malicious URL detected
{
"url": "https://secure-login-verify.example.com/account",
"domain": "secure-login-verify.example.com",
"is_safe": false,
"should_block": true,
"category": "phishing",
"threat_level": "critical",
"confidence": 0.97,
"description": "This URL leads to a credential-harvesting page designed to mimic a bank login portal. The domain was registered 2 days ago and uses a free SSL certificate.",
"warnings": [
"Domain registered within the last 7 days",
"SSL certificate issued by free CA (Let's Encrypt) -- not matching the impersonated organization",
"Page content matches known phishing kit template",
"URL received via SMS, a common phishing delivery method"
],
"block_reason": "Confirmed phishing page targeting banking credentials",
"cache_hit": false,
"checked_at": "2026-02-08T10:40:00Z"
}200URL check complete - safe URL
{
"url": "https://www.github.com/orbvpn/docs",
"domain": "www.github.com",
"is_safe": true,
"should_block": false,
"category": "safe",
"threat_level": "safe",
"confidence": 0.99,
"description": "This URL points to a legitimate and well-known development platform.",
"warnings": [],
"block_reason": null,
"cache_hit": true,
"checked_at": "2026-02-08T10:40:05Z"
}400Invalid URL format
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid URL format. Please provide a full URL including the protocol (e.g., https://example.com)."
}
}URL Categories
| Category | Description |
|---|---|
safe | No threats detected. URL appears legitimate. |
phishing | Credential harvesting or login impersonation |
malware | Hosts or distributes malicious software |
scam | Fraudulent content (fake stores, prize scams, etc.) |
spam | Unsolicited promotional content |
adult | Adult or explicit content |
cryptojacking | Unauthorized cryptocurrency mining scripts |
ransomware | Ransomware distribution or payment pages |
command_and_control | C2 server for malware communication |
botnet | Part of a botnet infrastructure |
exploit | Hosts browser or system exploits |
suspicious | Suspicious but not definitively malicious |
Batch URL Check
Check up to 100 URLs in a single request. Efficient for scanning email content, chat histories, or web page link audits.
POST
/api/v1/url/check/batchBatch check up to 100 URLs for threats
Authentication:Bearer Token
| Parameter | Type | Required | Description |
|---|---|---|---|
urls | array | Required | Array of URL strings to check. Maximum 100 URLs. |
device_id | string | Optional | Unique identifier of the device making the request |
source | string | Optional | Where the URLs were encountered. One of: browser, sms, email, app |
curl -X POST https://guard.orbai.world/api/v1/url/check/batch \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"urls": [
"https://secure-login-verify.example.com/account",
"https://www.github.com/orbvpn/docs",
"https://free-crypto-airdrop.example.net/claim",
"https://docs.google.com/document/d/abc123"
],
"device_id": "iphone-15-xyz789",
"source": "email"
}'200Batch URL check results
{
"results": [
{
"url": "https://secure-login-verify.example.com/account",
"domain": "secure-login-verify.example.com",
"is_safe": false,
"should_block": true,
"category": "phishing",
"threat_level": "critical",
"confidence": 0.97,
"description": "Credential-harvesting phishing page.",
"warnings": ["Domain registered 2 days ago", "Matches known phishing template"],
"block_reason": "Confirmed phishing",
"cache_hit": false,
"checked_at": "2026-02-08T10:42:00Z"
},
{
"url": "https://www.github.com/orbvpn/docs",
"domain": "www.github.com",
"is_safe": true,
"should_block": false,
"category": "safe",
"threat_level": "safe",
"confidence": 0.99,
"description": "Legitimate development platform.",
"warnings": [],
"block_reason": null,
"cache_hit": true,
"checked_at": "2026-02-08T10:42:00Z"
},
{
"url": "https://free-crypto-airdrop.example.net/claim",
"domain": "free-crypto-airdrop.example.net",
"is_safe": false,
"should_block": true,
"category": "scam",
"threat_level": "high",
"confidence": 0.92,
"description": "Fake cryptocurrency airdrop scam page.",
"warnings": ["Domain registered 5 days ago", "Known crypto scam pattern"],
"block_reason": "Cryptocurrency scam",
"cache_hit": false,
"checked_at": "2026-02-08T10:42:01Z"
},
{
"url": "https://docs.google.com/document/d/abc123",
"domain": "docs.google.com",
"is_safe": true,
"should_block": false,
"category": "safe",
"threat_level": "safe",
"confidence": 0.98,
"description": "Legitimate Google Docs document.",
"warnings": [],
"block_reason": null,
"cache_hit": true,
"checked_at": "2026-02-08T10:42:01Z"
}
],
"total_count": 4,
"safe_count": 2,
"block_count": 2,
"checked_at": "2026-02-08T10:42:01Z"
}Domain Reputation
Look up the reputation and metadata for a specific domain. Returns detailed information about the domain's history, registration, SSL certificate, hosting, and threat classification.
GET
/api/v1/url/reputation/{domain}Get the reputation and metadata for a specific domain
Authentication:Bearer Token
| Parameter | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain name to look up (path parameter, e.g., example.com) |
# Check domain reputation
curl -X GET "https://guard.orbai.world/api/v1/url/reputation/suspicious-site.example.com" \
-H "Authorization: Bearer YOUR_API_KEY"200Domain reputation data
{
"url": null,
"domain": "suspicious-site.example.com",
"category": "phishing",
"threat_level": "critical",
"is_malicious": true,
"sources": [
"orbguard-crawlers",
"google-safe-browsing",
"phishtank",
"community-feed"
],
"first_seen": "2026-02-05T08:00:00Z",
"last_seen": "2026-02-08T10:30:00Z",
"cert_valid": true,
"ip_address": "198.51.100.45",
"asn": "AS12345",
"country": "RU",
"registrar": "NameCheap, Inc.",
"is_shortened": false,
"is_new_domain": true,
"risk_score": 96
}200Clean domain
{
"url": null,
"domain": "github.com",
"category": "safe",
"threat_level": "safe",
"is_malicious": false,
"sources": [],
"first_seen": "2008-04-02T00:00:00Z",
"last_seen": "2026-02-08T10:45:00Z",
"cert_valid": true,
"ip_address": "140.82.121.4",
"asn": "AS36459",
"country": "US",
"registrar": "MarkMonitor, Inc.",
"is_shortened": false,
"is_new_domain": false,
"risk_score": 2
}404Domain not found in reputation database
{
"success": false,
"error": {
"code": "NOT_FOUND",
"message": "Domain not found in the reputation database. This may be a very new or rarely visited domain."
}
}URL Shorteners
When checking shortened URLs (bit.ly, t.co, etc.), OrbGuard automatically follows redirects and analyzes the final destination URL. The is_shortened field in the domain reputation response indicates if the domain is a known URL shortener service.