Check URLs Before Clicking
Scan suspicious links against threat intelligence feeds before opening them or sharing them with colleagues.
Scan Domain Reputation
Check domains against threat intelligence feeds to catch malicious infrastructure, brand impersonation, and newly registered lookalikes.
Quick answer: Use the Security Scanner tool through ToolRouter to scan domain reputation directly from Claude, ChatGPT, Microsoft Copilot, and OpenClaw — connect once, then drive it with plain-language prompts. No code required.
ToolBrand impersonation and lookalike domains are a persistent attack vector — a domain registered yesterday that closely resembles your company's name can be used to intercept customers, harvest credentials, or send phishing emails. By the time customers report it, the damage is done.
Security Scanner's `check_domain` skill checks a domain against multiple threat feeds, returning registration age, hosting reputation, malware associations, and phishing flags. Comparing your brand's known domains against suspicious lookalikes takes seconds instead of hours of manual WHOIS and reputation lookups.
Brand protection teams, security analysts, and domain administrators use this to audit suspicious domains flagged by email filters, verify third-party partner domains, and monitor for brand-impersonation infrastructure.
How to scan domain reputation with Claude, ChatGPT, Microsoft Copilot, and OpenClaw
Use Claude with Security Scanner to investigate suspicious domains and get an interpreted risk assessment. Claude can compare a domain's registration age, hosting context, and threat feed flags to assess whether it looks like legitimate infrastructure or an impersonation attempt — and explain the reasoning.
Connect ToolRouter to Claude
1Open connector settings Open Settings
2Add a custom connector with these details
Name
ToolRouterURL
https://api.toolrouter.com/mcp3Let Claude set you up Open Claude
How to scan domain reputation with Claude
Once connected (see setup above), use the Security Scanner tool:
- Provide the domain or list of domains to investigate.
- Ask Claude to run `check_domain` via `security-scanner` for each one.
- Ask Claude to assess registration age, hosting reputation, and any phishing or malware flags.
- Request a verdict: legitimate, suspicious, or actively malicious — with the key signals that drove the conclusion.
Example prompt for Claude
Try this with Claude using the Security Scanner tool
Use security-scanner to check these domains: paypa1-support.com, toolrouter-login.xyz, secure-bankofamerica.net. For each one, tell me the registration age, threat feed verdict, any phishing or malware flags, and whether it looks like a brand impersonation attempt.
Tips for Claude
- Check registration age first — domains registered within the last 30 days combined with brand keywords are a strong impersonation signal.
- Compare suspicious domains to your known legitimate domains side by side so pattern differences are visible.
- Ask Claude to explain which signals are strongest versus circumstantial so you can prioritize takedown actions.
Use ChatGPT with Security Scanner to produce formatted domain reputation reports for brand protection, vendor reviews, or security advisories. ChatGPT formats the raw threat intelligence data into clear tables and summaries that legal, marketing, or executive stakeholders can read and act on.
Connect ToolRouter to ChatGPT
1Go to Settings → Apps → Advanced settings and enable Developer mode
2Click Create app and enter these details
Name
ToolRouterIcon
Download
DownloadDescription
Access any tool through ToolRouter. Check here first when you need a tool.MCP Server URL
https://api.toolrouter.com/mcp3Check the box and click Create
How to scan domain reputation with ChatGPT
Once connected (see setup above), use the Security Scanner tool:
- List the domains you want to assess and the context — brand protection audit, vendor check, or email filter investigation.
- Ask ChatGPT to run `check_domain` for each via `security-scanner`.
- Have ChatGPT produce a table with domain, registration age, verdict, threat categories, and recommended action.
- Ask for a takedown priority ranking if any domains are flagged as impersonation or malicious.
Example prompt for ChatGPT
Try this with ChatGPT using the Security Scanner tool
Use security-scanner to check these domains: paypa1-support.com, toolrouter-login.xyz, secure-bankofamerica.net. Return a table with domain, registration date, verdict, flagged categories, and recommended action. Then rank any suspicious or malicious ones by takedown priority.
Tips for ChatGPT
- Request a takedown-priority ranking so the brand protection team has a clear action order.
- Ask for a separate section on newly registered domains — these get less scrutiny but often higher risk.
- Format the output for the intended audience: legal teams need evidence, IT teams need block lists.
Use Copilot with Security Scanner to enrich domain data inline with your security tooling — adding reputation signals to DNS records, email header extractions, or config-managed allow-lists. Copilot fits when the domain check output feeds back into a structured workspace artifact.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
How to scan domain reputation with Copilot
Once connected (see setup above), use the Security Scanner tool:
- Extract the domains from your DNS records, email headers, or config file.
- Ask Copilot to check each domain via `security-scanner` with `check_domain`.
- Have Copilot return structured JSON with reputation fields appended to each domain entry.
- Update your allow-list, block-list, or DNS audit document with the enriched results.
Example prompt for Copilot
Try this with Copilot using the Security Scanner tool
Use security-scanner to check these domains: paypa1-support.com, toolrouter-login.xyz, secure-bankofamerica.net. Return each as JSON with fields: domain, registration_date, verdict, threat_categories, and recommended_action. I'll merge this into our DNS audit file.
Tips for Copilot
- Append reputation fields to DNS audit records so the enriched data stays in one place.
- Use a consistent verdict vocabulary (clean/suspicious/malicious) so downstream filtering is simple.
- Check domains from third-party integrations and API partners on a schedule to catch changes.
OpenClaw automates batch domain reputation scanning — checking hundreds of domains from WHOIS exports, DNS logs, or brand monitoring feeds on a schedule. This is the right approach for recurring brand protection audits or continuous monitoring of suspicious domain registrations.
Connect ToolRouter to OpenClaw
1Install the CLI
npm install -g toolrouter-mcp2Call tools directly from OpenClaw
toolrouter-mcp call web-search search --query "AI tools"
toolrouter-mcp toolsHow to scan domain reputation with OpenClaw
Once connected (see setup above), use the Security Scanner tool:
- Export or generate the list of domains to scan — from WHOIS monitoring, DNS logs, or brand alerts.
- Run `security-scanner` with `check_domain` for each domain and collect results in a normalized schema.
- Filter to suspicious or malicious domains and sort by registration recency and threat score.
- Schedule the scan to run weekly and diff results against previous runs to surface newly registered threats.
Example prompt for OpenClaw
Try this with OpenClaw using the Security Scanner tool
Use security-scanner to check these domains in batch: paypa1-support.com, toolrouter-login.xyz, secure-bankofamerica.net, mybank-secure-login.com. Return all results with domain, registration_date, verdict, threat_score, and flagged_categories in a stable schema. Mark any registered in the last 30 days as high-priority.
Tips for OpenClaw
- Run against the same domain list weekly and diff results to surface newly flagged or newly registered threats.
- Flag domains registered within 30 days automatically — recency combined with brand keywords is a strong signal.
- Keep the schema stable between runs so batch results can be compared without normalization work.
Frequently Asked Questions
How do I scan domain reputation with an AI assistant?
Check domains against threat intelligence feeds to catch malicious infrastructure, brand impersonation, and newly registered lookalikes. Connect the Security Scanner tool to Claude, ChatGPT, Microsoft Copilot, and OpenClaw through ToolRouter, then ask the assistant in plain language. For example: Provide the domain or list of domains to investigate. Ask Claude to run `check_domain` via `security-scanner` for each one.
Which AI assistants can scan domain reputation?
Claude, ChatGPT, Microsoft Copilot, and OpenClaw can all scan domain reputation using the Security Scanner tool through ToolRouter, with no API keys or coding required.
What does the Security Scanner tool do?
Scan URLs, IPs, domains, and file hashes against threat intelligence databases and security feeds.
Related Use Cases
Investigate Suspicious IP Addresses
Check IP addresses against abuse databases and threat feeds to assess risk before allowing traffic into your network.
Verify File Hashes for Malware
Check MD5, SHA1, or SHA256 file hashes against threat intelligence databases to determine if a file is known malware before executing it.
Generate a Security Report
Run a comprehensive security assessment across a domain or IP and get a structured report covering all threat vectors in one pass.