Deterministic, signals-only abuse indicators. No advice. No guarantees. No interpretation.
OpenAPI (fixed contract): openapi.yaml (download)
GET /abuse-signals
GET /usage| Name | Type | Required | Description |
|---|---|---|---|
email |
string | No | Email address to analyze (domain will be extracted) |
domain |
string | No | Domain name to analyze |
explain |
string | No | Optional: set to 1 or true to include explanations in the JSON response |
Exactly one of email or domain must be provided.
curl "https://abusesignalsapi.analyses-web.com/abuse-signals?domain=fake-buy-info-product-example.shop" \
-H "X-API-Key: YOUR_API_KEY"
{
"input": {
"email": null,
"domain": "fake-buy-info-product-example.shop"
},
"abuseScore": 75,
"abuseLevel": "high",
"signals": [
"disposable_domain_pattern",
"low_domain_age",
"many_hyphens_or_digits",
"lookup_failed_rdap"
],
"version": "v1",
"meta": {
"cached": true,
"processingMs": 0,
"requestId": "0HNIGUL0CKSAC:00000001",
"cacheHours": 24,
"scoringPolicy": "2026-01"
}
}
curl "https://abusesignalsapi.analyses-web.com/abuse-signals?domain=fake-buy-info-product-example.shop&explain=1" \
-H "X-API-Key: YOUR_API_KEY"
{
"input": {
"email": null,
"domain": "fake-buy-info-product-example.shop"
},
"abuseScore": 75,
"abuseLevel": "high",
"signals": [
"disposable_domain_pattern",
"low_domain_age",
"many_hyphens_or_digits",
"lookup_failed_rdap"
],
"version": "v1",
"meta": {
"cached": false,
"processingMs": 944,
"requestId": "0HNIGUL0CKSAB:00000001",
"cacheHours": 24,
"scoringPolicy": "2026-01"
},
"explanations": [
{
"signal": "disposable_domain_pattern",
"severity": "high",
"category": "risk",
"note": "The domain matches patterns commonly associated with disposable or temporary email services."
},
{
"signal": "low_domain_age",
"severity": "medium",
"category": "risk",
"note": "The domain appears recently registered or has limited historical stability (when determinable)."
},
{
"signal": "many_hyphens_or_digits",
"severity": "low",
"category": "risk",
"note": "The domain contains an unusually high number of hyphens or digits."
},
{
"signal": "lookup_failed_rdap",
"severity": "info",
"category": "warning",
"note": "RDAP/WHOIS lookup failed or timed out; registration-age related signals may be incomplete. (No score impact)"
}
]
}
The abuseScore is a numeric value between 0 and 100.
Higher values indicate a higher concentration of detected abuse-related signals.
The score is deterministic and reflects signal presence only.
It is not a probability, verdict, or recommendation.
The abuseLevel is a descriptive band derived from abuseScore.
It is deterministic and does not represent advice or a recommendation.
Bands: 0–19 low, 20–49 medium, 50–79 high, 80–100 critical.
| Signal | Description |
|---|---|
disposable_domain_pattern |
Domain matches patterns commonly used by disposable/temporary providers |
low_domain_age |
Recently registered or unstable domain (when determinable) |
shared_asn_with_abuse |
Infrastructure shared with ASN historically associated with abuse |
punycode_domain |
Domain uses IDN/punycode encoding (a label starts with xn--) |
many_hyphens_or_digits |
Domain contains an unusually high number of hyphens or digits |
lookup_failed_dns |
DNS lookup failed or timed out; some signals may be incomplete (no score impact) |
lookup_failed_asn |
ASN lookup failed or timed out; ASN-based signals may be incomplete (no score impact) |
lookup_failed_rdap |
RDAP/WHOIS lookup failed or timed out; registration-age related signals may be incomplete (no score impact) |
Signals are indicators, not verdicts.
If explain is set to 1 or true, the response includes an explanations array.
Each item includes a deterministic severity, a category (risk or warning), and a short note.
Warning signals (lookup failures) have no score impact.
The /usage endpoint returns the current monthly quota usage for the authenticated API key.
curl "https://abusesignalsapi.analyses-web.com/usage" \
-H "X-API-Key: YOUR_API_KEY"
{
"plan": "starter",
"monthlyQuota": 10000,
"used": 57,
"remaining": 9943,
"periodStartUtc": "2026-01-01T00:00:00.0000000Z",
"periodEndUtc": "2026-02-01T00:00:00.0000000Z",
"isEnabled": true
}
Each API key is limited to 60 requests per minute.
Requests exceeding this limit are temporarily rejected with HTTP 429.
Rate limit headers may be returned on responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.
Each API key has a monthly request quota.
Requests exceeding this quota are rejected with HTTP 429.
Quota headers may be returned on responses: X-Quota-Limit, X-Quota-Used, X-Quota-Remaining, X-Quota-Reset.
| HTTP | error | When |
|---|---|---|
400 |
missing_input |
Neither email nor domain was provided |
400 |
invalid_input |
Invalid query parameters or invalid email/domain format |
401 |
missing_api_key |
Missing or empty API key header |
403 |
invalid_api_key |
Unknown API key |
403 |
api_key_disabled |
API key exists but is disabled |
429 |
rate_limit_exceeded |
Too many requests per minute for the same API key (see rate limit headers) |
429 |
quota_exceeded |
Monthly request quota exceeded for the API key |
503 |
auth_unavailable |
Temporary authentication backend issue |
503 |
quota_check_failed |
Temporary quota backend issue (only if configured to fail closed) |
Error responses use the format: { "error": "...", "message": "..." }.
The message field provides additional details and may vary depending on the exact failure.
This API provides automated indicators based on infrastructure signals only. It does not provide legal, financial, or security advice. Accuracy is not guaranteed.