Home
Get Started
API Usage Guides
Use Cases
Developer Tools
Integrations
Community
API ExplorerAPI Reference
Use Cases

Proactive Brand Protection

This guide demonstrates how to use the Whisper API to proactively protect your brand online. Instead of waiting for abuse reports, you can leverage comprehensive domain intelligence to detect phishing sites, typosquatting, and other infringements the moment they appear.

Goal: Detect, Don't Just React

Effective brand protection is about early detection. The sooner you know about a threat, the faster you can act to take it down. The Whisper API provides the data you need to build automated monitoring systems that flag suspicious domains impersonating your brand.

API Endpoints for Brand Protection

The cornerstone of brand protection is the Domain Intelligence endpoint.

  1. Domain Intelligence (GET /intelligence/v1/domain/{domain})This endpoint provides a 360-degree view of any domain. For brand protection, you can monitor suspicious domains (e.g., yourbrand-support.com) and check for red flags:
    • whois.registration.created: A very recent creation date is a strong indicator of a phishing or scam site.
    • summary.registrar: Some registrars are more commonly used for malicious registrations. Tracking this can reveal patterns.
    • dns.mx_records: The presence of MX records indicates the domain is configured to send or receive email, potentially for phishing campaigns.
    • certificates.active: Check for newly issued SSL certificates for domains similar to yours, as this is often a final step before launching a phishing site.
  2. Subdomain Discovery (GET /domainer/api/domains/subdomains/{baseDomain})This endpoint helps you discover subdomains of any domain. You can use it to monitor for brand abuse on legitimate platforms (e.g., yourbrand.blogspot.com) or to find subdomains created for malicious purposes.

Example Monitoring Workflow

Let's say your brand is "Acme Corporation" and you want to monitor for abuse.

  1. Identify a Suspicious Domain: Your monitoring system (e.g., watching Certificate Transparency logs) flags a newly registered domain: acme-payments.xyz.
  2. Analyze the Domain: You immediately query this domain with GET /intelligence/v1/domain/acme-payments.xyz. The API response shows it was registered 2 hours ago through a registrar known for lax policies.
  3. Check its Infrastructure: The infrastructure.ip_addresses field shows the domain points to a single IP address. You then use the IP Intelligence endpoint on that IP and find it has a high risk_score.
  4. Take Action: With this correlated data, you have strong evidence to initiate a takedown request with the domain registrar and hosting provider.

Python Code Example

This Python snippet shows how to retrieve the creation date and registrar for a domain, two key data points for brand protection analysis.

import noctis_frontgraph_sdk
from noctis_frontgraph_sdk.rest import ApiException
import os

# Configure authentication
configuration = noctis_frontgraph_sdk.Configuration(access_token = os.environ["BEARER_TOKEN"])

with noctis_frontgraph_sdk.ApiClient(configuration) as api_client:
    api_instance = noctis_frontgraph_sdk.IntelligenceServicesApi(api_client)
    domain_to_check = 'google.com' 

    try:
        # Get comprehensive domain intelligence
        api_response = api_instance.get_domain_intelligence(domain_to_check)
        
        # Print key brand protection indicators
        print(f"Domain: {api_response.summary.domain}")
        print(f"Registrar: {api_response.summary.registrar}")
        print(f"Creation Date: {api_response.summary.creation_date}")

    except ApiException as e:
        print("Exception when calling IntelligenceServicesApi->get_domain_intelligence: %s\n" % e)