Certly Guard is our public web API for determining whether or not a link is malicious, primarily useful for blogs and forums.
Certly Guard scans millions of URLs every day to detect malicious links. We also strengthen our database by exchanging threat data with multiple vendors.
We are able to deliver a verdict in around 100ms. This is because Certly does not actively scan a URL when you request information about it. Instead, we try to learn about and scan URLs before they're submitted to your site.
Extremely high volume sites may benefit from searching a local copy of our database. Contact us to learn more.
If you request the status for a site we haven't checked, we'll queue a scan for it. In the future we may offer the ability to be programmatically notified when a scan is queued and what its result is. However, it's fairly likely that if we have not seen a site it is either not malicious or not likely to be flagged in the first place.
You can use the Support button in the bottom right or email firstname.lastname@example.org to submit a file or URL we missed or incorrectly flagged.
The Certly Guard API communicates over HTTPS on port 443. If you experience connection issues even with this port open, it is possible the code being used does not support ECDSA certificates or ciphers for TLS.
Security issues can be reported on our HackerOne page.
Not currently. While in the future we may develop detection of spam text, this is a lower priority because the primary purpose of spam is to get the visitor to visit another site. We are working on improving our URL pattern matching so that obfuscated links will still be scanned by plugins sending the raw comment text to Certly.