Domain Detection
Every domain in Chainara has been analyzed across six coverage areas: from the moment it was registered to what it's doing right now. Here's what we check and why it matters for catching crypto scams.
Keywords, typosquats, suspicious TLDs, domain length, and brand impersonation. Scammers register domains like xrp-giveaway-ripple.com: we catch the pattern before a single victim visits.
How old is the domain? Who registered it? Is the registrant hidden behind privacy masking? Scam infrastructure is almost always newly registered: domains under 30 days old are a strong signal.
Hosting ASN, country, nameservers, SSL certificate issuer, and IP reputation. Bad actors rely on bulletproof hosting providers and free SSL to operate at scale: we fingerprint that infrastructure.
Cross-referenced against VirusTotal (70+ engines), URLhaus, AbuseIPDB, and community reports. If the wider security community has already flagged it, we know immediately.
What the site actually says and does: giveaway language, wallet address forms, redirect chains, copied branding. This is what separates a newly registered legitimate site from a scam that hasn't been reported yet.
An LLM evaluates all signals together and assigns a threat category with a confidence score. It catches edge cases that rules miss: like a domain that looks clean but whose content describes a fake XRP doubling event.
What You Getโ
Every analyzed domain produces a risk score (0โ99), a risk level (low / medium / high / critical), a threat classification, and a full signal breakdown explaining exactly which factors drove the score.
Domains scoring 75+ trigger automatic alerts to your webhook endpoints. Domains scoring 90+ are auto-flagged as critical and appear at the top of the Domains list.
Detection Accuracyโ
| Metric | Rate |
|---|---|
| True positive rate | 94.2% |
| False positive rate | 2.1% |
| Avg. time to detection | ~2.5โ3.5 seconds (uncached, single domain, standard load) |
| Cached result latency | <10ms |