In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Total Tests:

Dark Web Exposure and Phishing Detection Test

Free online security tool to test your security
  • Dark Web Exposure Monitoring
  • Phishing Detection and Monitoring
  • Domain Squatting Monitoring
  • Trademark Infringement Monitoring

Free online tool to test domain security

40,033,412 domain names analyzed

0 tests running
  tests today

Latest Tested Domains

ImmuniWeb Discovery

For continuous monitoring purposes, we suggest you exploring our award-winning ImmuniWeb® Discovery offering tailored for continuous monitoring with flexible 24/7 notifications.

Commercial API

ImmuniWeb provides a commercial access to the Dark Web Exposure Test API with extended limits to the number daily tests. Please get in touch with us to get a personalized quote. Prices start at 1,000 USD per month.

Non-profit, research and academic institutions may request commercial API for free. Please send your API usage requirements to for additional information.

Free API

ImmuniWeb provides you with a free API to test your domain for signs of cybersquatting, typo-squatting and phishing domains that may misuse your trademark, and spoof your brand. To assure high speed of service and availability for everyone, the free API allows 1 request in 3 minutes, 10 requests in total per 24 hours, from one IP address.

In addition, there are different tiers of user, with each providing a different level of usage with the API. If the daily test limit is exceeded the results will be only be available after upgrading to a paid subscription.

License notice: The API is provided for free both for private and commercial purposes. When using the free API, a clearly-visible credit to ImmuniWeb® Community when displaying results is mandatory. Failure to properly do so may trigger a ban and legal consequences.

API Documentation and How-To

Full API Documentation

API Specifications

Field Name Value
Request Type POST
URL[ustamp].html - where "ustamp" is an arbitrary UNIX time-stamp (must be an integer). Such construction is done to prevent caching on client side.

POST Data Specification

Field Name Value
api_key secret token which you submit alongside with the request
domain the domain name to be tested.
limit limit the amount of results shown.
offset offset if results are limited
no_limit 0 or 1
dnsr "on" means that test results will be hidden, "off" means that test results will be displayed in statistics.
recheck "false" will use results from cache if the server has been tested within the past 24 hours, "true" will perform a new test without looking at the cache.

Example of Transaction Using CURL

# New test (not cached) $ curl -XPOST -d '' ''

{"debug":true,"job_id":"2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc","status":"test_started","status_id":1,"message":"Test has started"}

# You need to keep calling this until test is finished $ curl -XPOST -d 'job_id=2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc' ''

{"job_id":"2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc","status":"in_progress","status_id":2,"eta":2,"message":"Your test is in progress"}

# New test (cached) $ curl -XPOST -d '' ''

{"test_id":"c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004","status":"test_cached","status_id":3,"message":"Test is cached"}

$ curl -XPOST -d 'id=c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004' ''

# Example with error $ curl -XPOST -d 'domain=' ''

{"error":"The domain name does not exist","error_id":9}

Example of Server Response


About the Service

Dark Web Exposure Test is a free product available online, provided and operated by ImmuniWeb.

Dark Web Exposure Test performs the following tests:

  • Dark Web Exposure Monitoring

  • Hacking forums
    Underground market places
    Pastebin and other paste websites
    Social media
    Telegram chats
    IRC channels
  • Potential Cybersquatting

  • Domains registered in different TLDs and owned by a third party
    Domains imitating domain names or business identity and owned by a third party
  • Potential Typosquatting

  • Domains with typos in body and owned by a third party
    Domains with typos in body and TLD and owned by a third party
  • Potential Phishing

  • Domains that try to visually impersonate your domain or brand and owned by a third party
    Domains that contain phishing content targeting your domain or brand users
    Domains that contain malicious content targeting your domain or brand users
  • Social Media

  • Testing Twitter
    Testing Facebook
    Testing BitBucket
    Testing Github
    Testing YouTube

Phishing Data Sources

For phishing websites detection we use the following data sources:
Our proprietary network of web honeypots
Our proprietary network of email honeypots
Google Safe Browsing

We are not showing among the results domains owned by the same company or person, or hosted on the same IP or subnetwork than the original domain.
Interactive Live World Map
Date/Time ()
Server location
Dark Web
Social Media
Click to view full test results
View in fullscreen
Current time:
Latest update:

Newly Registered Domains:

Latest Phishing Alerts:

Trademark Infringement and Misuse: Most Targeted Brands

# Brand Dark Web Phishing Typosquatted Cybersquatted Social Media Total

Frequently Asked Questions

  • Q
    What is the Dark Web?

    Dark Web was originally referred to the TOR network and resources located there being accessible only with special client-side software. Modern notion of Dark Web is, however, much broader and includes various underground marketplaces and hacking forums accessible with a standard web browser. Dark Web definition may also encompass IRC and Telegram channels known for offering or trading stolen credentials and data.

    Some companies may also refer to various paste websites, like Pastebin, social media or even code repositories, like GitHub, when talking about monitoring of stolen credentials within the context of Dark Web surveillance. Borders of the modern Dark Web constantly fluctuate, some illicit resources emerge, while others disappear.

  • Q
    What is Dark Web monitoring?

    Dark Web monitoring is a service, usually provided by cybersecurity companies or law enforcement agencies, for organizations and individuals to notify them about any sensitive, confidential or offending information available on the Dark Web. Timely notification enables swift reaction to the incident, accelerates investigation, and usually reduces the negative economic and reputational consequences of a data breach, leak or intrusion. Organizations may check the scale and risks of their Dark Web exposure for free via ImmuniWeb Community Edition.

  • Q
    Is it possible to monitor the Dark Web?

    It depends on the specific segments of the Dark Web ecosystem and ultimate goals of such monitoring. Many resources in the Dark Web, such as underground marketplaces or hacking forums, are purposely made publicly accessible to ensure unhindered and free trade of stolen or illicit goods. Such resources can be monitored by different services offered by cybersecurity companies.

    Contrariwise, some of the resources falling under the definition of Dark Web, are invitation-only and are maintained in the highest secrecy. Usually, experienced cybercriminals and nation-state hackers create dedicated servers, oftentimes hosted in legitimate AWS or Google Cloud, to ensure privacy of their negotiations and illicit transactions. All such communications are strongly encrypted, and even a breach or takeover of the server will unlikely provide any actionable information to the investigators.

    Four such cases, unless you have requisite resources and capacity to infiltrate into the cyber gang, you will unlikely be able to monitor this shadow segment of the Dark Web. Most of the findings, however, are accessible in those areas of the Dark Web that can be successfully monitored to timely react on data leaks and security breaches.

  • Q
    What is phishing?

    Phishing is a well-known computer attack targeting individual and corporate users with key purpose to steal their data or compromise their systems. Phishing is often dependent on social engineering that exploits human inattentiveness, emotions or fatigue. Usually, attackers use email pretending to come from an authority, colleague or an acquaintance, and asking to open a web link or run an attachment to the email.

    Frequently, the web page or attach will contain malware, such as spyware or ransomware, aimed to backdoor victim’s device or computer. Alternatively, a website may usurp one’s identity, for instance, pretending to be a bank website, and asking to login with victim’s credentials. Upon login, the victim is redirected to the legitimate website, while login and password are stolen by the attackers.

    Phishing attacks targeting mobile users is also prevalent, where variants will attempt to use channels such as SMS or messenger apps, or voicemail in order to perform similar attacks as above or vocally deceiving a victim.

  • Q
    How phishing works?

    To run phishing campaigns, attackers usually deliver a specially created content to their victims by email, or other channels of communications including SMS or WhatsApp. Once a victim clicks on the malicious link or download attachment from the malicious email, its computer or mobile device will likely be infected with a Trojan horse or ransomware. Occasionally, a website or email may just lure victim into providing sensitive information such as logins or passwords from e-banking to later disembowel victims’ accounts.

  • Q
    How phishing links work?

    Usually, phishing link opens a fraudulent website imitating and pretending to be a governmental authority, banking institution or a well-known enterprise. Once victim opens the phishing website, his or her computer (or mobile device) will likely be hacked and backdoored to steal valuable data or use the compromised device in DDoS attacks or large-scale spam campaigns. In other cases, phishing website may be harmless and merely requests victims’ credentials (e.g. login and password from e-banking) to be entered under a pretext of security verification by the bank. Once victim provides the credentials, attackers will gain access to victim’s account.

  • Q
    Are phishing sites illegal?

    Most of the phishing websites aim to steal someone’s credentials, spread malware or commit other criminally punishable actions, and are thus illegal by the very purpose of their existence and nature of operation. The phishing website per se, however, is not necessarily illegal, for instance, it may be used by security teams or cybersecurity service providers to train employees on the dangers of phishing and raise security awareness. However, any usage of phishing website against innocent victims and/or with the purpose to defraud, will likely constitute a serious computer crime offense in all civilized countries.

  • Q
    How phishing can be prevented?

    Phishing almost always implicates human carelessness, inattentiveness or lack of security training. Therefore, continuous security awareness and training are essential to educate your employees about the dangers of phishing and interrelated cyber threats. Security training shall be rewarding and involve gamification to ensure highest participation and best outcomes.

    Secondly, a set of internal security mechanisms is to be installed, including spam filtering systems with AI and heuristic capacities to reliably detect and remove phishing emails. Importantly, fighting phishing shall be an ongoing and continuously improved process, not a one-shot exercise conducted annually.

  • Q
    What is cybersquatting?

    Cybersquatting is unethical, and often illegal, practice to register domain names that included registered trademarks or brand names belonging to third parties without their permission. Cybersquatting may be comparatively innocent, for example, when a car dealer creates a domain name, containing a well-known car brand that it lawfully sells, to attract more customers.

    More reprehensible variation of cybersquatting may include multiple domain names registration for all known car brands even those that it does not sell or repair. Finally, cybercriminals may leverage cybersquatting tactics to impersonate banks, healthcare providers or governmental authorities and lure inattentive website visitors into sharing their confidential information.

    Differently from typosquatting, that exploits mistakes and typos our fingers accidentally make while typing a URL, cybersquatting primarily exploits visual deception to attract visitors to their websites.

  • Q
    How cybersquatting works?

    Typically, users received a web link pointing to a cybersquatted domain by email, SMS or WhatsApp. They may also find the website in Google search results when looking for a specific company or branded service. The cybersquatted website has a URL with express mention of a known brand or trademark, aiming to falsely create an association with the brand or even impersonate it. Inattentive victims usually don’t see the difference, especially if the website design is aptly copy-pasted from the original one. In many countries, cybersquatting is unlawful and may even be punishable by the enacted criminal law.

  • Q
    When cybersquatting is illegal?

    It largely depends on the integrity of circumstances, but most of the cybersquatting cases likely violate some of the intellectual property laws or even fall within the purview of criminal law. Cybersecurity is, however, not always illegal. For instance, if a car dealer promotes a couple of domain names containing variations of the car brand within the country of its authorized territory of sales, such a case will unlikely trigger serious legal ramifications. Contrariwise, if a competitor purposefully and with intent to harm creates domain names, exploiting your brand, to deceive and steal your leads or clients, such acts may be even criminally punishable under certain circumstances.

  • Q
    How to prevent cybersquatting?

    Continuous monitoring of the existing and newly created domain names is essential to keep an eye on unlawful cybersquatting activity. Once a cybersquatting domain is spotted, and you believe that it violates your intellectual property rights or is prohibited by the applicable unfair competition laws, you or your attorney should contact the domain name registrar and request to unregister the domain name. Separately, and after receiving a competent legal advice from a licensed law firm, you may also file a legal action against the wrongdoer asking for damages.

Try Other ImmuniWeb® Free Products

AI Products Ask a Question