Back
OSINT Intel

Discover API

Trust and risk intelligence—where your workflows already run

OSINT Intel turns a public website or public IP address into a clear risk score, human-readable rationale, and structured supporting context. The same assessments that power our consumer tool, delivered as machine-readable JSON for queues, case systems, and automation.

How it works

  • 1. Your system sends a website URL or a public IP—the same inputs as our web analyzer.
  • 2. We produce an enriched assessment: risk level, points, explanation, and relevant public context for that input type.
  • 3. You receive structured JSON—ready to store, trigger rules, or hand to an analyst with the heavy lifting already done.

Pricing

  • €0.08 per successful analysis when we run a fresh assessment (URL or IP)—excluding VAT where it applies.
  • €0.035 per request when the response is served from cache (cached: true in the JSON)—same report payload, no full re-run. Cache entries are valid for 1 month from the last completed analysis.

Volume and annual arrangements are available if you need predictable spend at scale.

Request examples

Body is JSON. By default we return a cached completed report when it is less than 1 month old. Optional force: true bypasses the cache (same as "Refresh report" in the app).

# Website — POST https://osintintel.com/api/analyze
curl -sS -X POST "https://osintintel.com/api/analyze" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com"}'

# IP — POST https://osintintel.com/api/analyze-ip
curl -sS -X POST "https://osintintel.com/api/analyze-ip" \
  -H "Content-Type: application/json" \
  -d '{"ip":"198.51.100.77"}'

Response JSON (website)

Illustrative high-risk example. Field names match the live API; values are dummy data. Your integration should tolerate nulls and optional arrays.

{
  "success": true,
  "cached": false,
  "report": {
    "id": "clxample000website000report000id",
    "domain": "suspicious-shop.example",
    "url": "https://suspicious-shop.example/checkout",
    "status": "COMPLETE",
    "createdAt": "2026-04-12T14:32:00.000Z",
    "updatedAt": "2026-04-12T14:32:18.000Z",
    "domainAge": 9,
    "registrar": "NameCheap, Inc.",
    "registeredAt": "2026-04-03T10:00:00.000Z",
    "expiresAt": "2027-04-03T10:00:00.000Z",
    "waybackFirstSeenAt": null,
    "ipAddress": "198.51.100.77",
    "hostingProvider": "Obscure Host LLC",
    "hostingCountry": "RU",
    "hostingCity": "Moscow",
    "hostingOrg": "AS20473 Host",
    "asn": "AS20473",
    "sslValid": true,
    "sslIssuer": "Let's Encrypt",
    "sslSubject": "CN=suspicious-shop.example",
    "sslExpiresAt": "2026-07-01T12:00:00.000Z",
    "sslDaysRemaining": 79,
    "businessName": null,
    "kvkNumber": null,
    "registrationNumber": null,
    "registrationLabel": null,
    "vatNumber": null,
    "ibanNumber": null,
    "businessAddress": null,
    "businessPhone": null,
    "businessEmail": null,
    "businessInfoSource": null,
    "pageTitle": "Luxury Watches 90% Off — Buy Now",
    "pageDescription": "Authentic replica watches overnight shipping",
    "pageKeywords": "replica, luxury, discount, wire transfer",
    "pageLanguage": "en",
    "ecommercePlatform": "WooCommerce",
    "technologies": ["WordPress", "WooCommerce", "jQuery"],
    "internalLinks": ["/checkout", "/contact"],
    "externalLinks": ["https://payment.example/tx"],
    "internalLinkCount": 12,
    "externalLinkCount": 8,
    "redirectChain": [
      { "url": "https://suspicious-shop.example/", "status": 302 },
      { "url": "https://suspicious-shop.example/checkout", "status": 200 }
    ],
    "finalUrl": "https://suspicious-shop.example/checkout",
    "socialProfiles": [
      { "platform": "Instagram", "url": "https://instagram.com/suspicious", "handle": "suspicious" }
    ],
    "flaggedKeywords": [
      {
        "keyword": "replica",
        "category": "Counterfeit & Replica",
        "context": "...luxury replica watches overnight..."
      }
    ],
    "riskScore": "CRITICAL",
    "riskPoints": 142,
    "riskFactors": [
      {
        "factor": "Listed: Law enforcement fraud list",
        "points": 100,
        "description": "This domain appears on a law enforcement list of known fraudulent trading parties."
      },
      {
        "factor": "Domain on malicious-host blocklist",
        "points": 50,
        "description": "This hostname appears on a community-maintained list of known malicious domains."
      },
      {
        "factor": "Very New Domain",
        "points": 35,
        "description": "Domain is only 9 days old. Newly registered domains are a major fraud indicator."
      }
    ],
    "riskExplanation": "This domain is listed on a law enforcement database of known fraudulent businesses.",
    "policeListMatch": true,
    "domainBlocklistMatch": true,
    "trustpilotFound": true,
    "trustpilotRating": 1.2,
    "trustpilotReviews": 47,
    "trustpilotLabel": "Bad",
    "trustpilotUrl": "https://www.trustpilot.com/review/suspicious-shop.example",
    "trustpilotClaimed": false,
    "dropshipperScore": 72,
    "dropshipperLevel": "HIGH",
    "dropshipperSignals": ["Stock photos detected", "Generic supplier template"],
    "aiImagesDetected": true,
    "aiImageConfidence": "HIGH",
    "aiImageSignals": ["Inconsistent lighting on product shots"],
    "aiImageCount": 14,
    "errorMessage": null
  }
}

Response JSON (IP)

Illustrative high-risk example with all report fields populated.

{
  "success": true,
  "cached": false,
  "report": {
    "id": "clxample000ipreport000000000id",
    "ip": "198.51.100.77",
    "status": "COMPLETE",
    "createdAt": "2026-04-12T14:35:00.000Z",
    "updatedAt": "2026-04-12T14:35:12.000Z",
    "country": "Russia",
    "countryCode": "RU",
    "region": "MOW",
    "regionName": "Moscow",
    "city": "Moscow",
    "zip": "101000",
    "lat": 55.7558,
    "lon": 37.6173,
    "timezone": "Europe/Moscow",
    "isp": "Example Host LLC",
    "org": "Hosting Segment",
    "asn": "AS20473",
    "isMobile": false,
    "isProxy": true,
    "isHosting": true,
    "isVpnList": true,
    "isDcList": true,
    "isAbuseList": true,
    "openPorts": [22, 80, 443, 3389, 5900],
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
      "cpe:2.3:a:openssh:openssh:8.2:*:*:*:*:*:*:*"
    ],
    "vulns": ["CVE-2024-12345", "CVE-2023-99999"],
    "hostnames": ["srv-malicious.example.net"],
    "tags": ["malicious", "vpn", "cloud"],
    "riskScore": "HIGH",
    "riskPoints": 88,
    "riskFactors": [
      {
        "factor": "VPN / Anonymiser list",
        "points": 50,
        "description": "IP appears on VPN or anonymiser lists."
      },
      {
        "factor": "Abusive IP (blocklist)",
        "points": 45,
        "description": "This IPv4 appears on a community-maintained abusive-IP blocklist."
      },
      {
        "factor": "Open high-risk ports",
        "points": 15,
        "description": "Exposed services on common attack ports."
      }
    ],
    "riskExplanation": "This IP shows multiple high-risk infrastructure signals: VPN/proxy hints, datacenter hosting, abusive-IP listing, and known CVEs.",
    "errorMessage": null
  }
}

Fair use and abuse rules apply, same as the web app. Need higher limits, an SLA, or a tailored rollout? Use the contact below—we'll align on scope and expectations before you commit.

Talk to ussales@osintintel.com