Frequently Asked
Questions

CheckThatURL is a real-time phishing detection platform built for African financial institutions. It uses machine learning, content analysis, behavioural simulation, and threat intelligence feeds to assess whether a URL is legitimate, suspicious, or a phishing site.

Primarily Nigerian, Kenyan, and South African banks and fintechs — though the core scanner works globally. Hunter and Radar modules are purpose-built for financial brand protection across Sub-Saharan Africa.

The core URL scanner is free. Hunter (autonomous threat hunting) and Radar (threat intelligence dashboard) are commercial modules available to institutional clients. We follow an open-core model — the scanner will be open-sourced for African financial institutions.

We extract over 50 features from the URL and page content: domain age, HTTPS status, entropy, TF-IDF text signals, form structure, link ratios, timer elements, and more. These feed a Random Forest model trained on real African phishing samples. We also run a behavioural replay engine and check for legal page presence.

Confidence reflects how far the model's probability estimate is from the decision boundary (50%). A score of 95% means the model is very certain; 55% means the result is close to the boundary and should be treated with more caution. It is not the same as the phishing probability.

Phishing — high-confidence malicious signals detected. Suspicious — some risk signals present but not conclusive; treat with caution. Legitimate — no significant risk signals detected. Note: no scanner is 100% accurate. Always verify independently for high-stakes decisions.

Yes. We fetch the page HTML to extract content features. For behavioural analysis, we optionally run a headless browser simulation. We never submit credentials or interact with payment systems. Scanning is read-only.

Hunter is an autonomous threat-hunting module that proactively scans phishing feeds and certificate transparency logs for domains impersonating your bank's brand. It runs on a daily schedule, scores each candidate URL, and stores confirmed threats for review.

Radar is a threat intelligence dashboard that aggregates signals across all monitored African banks. It computes a Brand Risk Index (BRI) per institution, tracks emerging phishing campaigns, detects cross-bank infrastructure reuse, and fires alerts when thresholds are breached.

Hunter runs automatically every day at 02:00 UTC. Radar runs at 03:00 UTC. Both modules are fully autonomous — no manual trigger is required. The next scheduled run time is shown in the status indicator on each module's dashboard.

We may log scan requests for system monitoring and model improvement purposes. We do not associate scans with your identity. See our Privacy Policy for full details.

When you rate a scan result (thumbs up/down) or report a false positive/negative, we record the URL, verdict, your rating, and an anonymised identifier derived from your User-Agent. No IP address is stored. Feedback is used solely to improve detection accuracy.

An API endpoint is available at POST /check with a JSON body of {"url": "..."}. Institutional API access with higher rate limits and priority scanning is available — contact us for access.