Smart phishing detection, made simple

Is this link
safe?

Send a URL or email. PhishMind opens it in a sandboxed browser, watches everything, and returns an AI-powered verdict with a human-readable explanation.

Replaces 15-20 min of manual analysis. 20x cheaper than a human analyst.

Get Started Free View API Docs

Send a suspicious URL

POST/api/v1/analyze

{

"url": "https://microsoft-secure.xyz/login",

"reflow": true

}

→202 Accepted·id: a7f3…

<10s

Average analysis time

~$0.01

Cost per analysis

20x

Cheaper than a human analyst

Competitors with Reflow

How it works

Three steps. One API call.

Send a URL or email

POST a URL to the API, upload an .eml file, or forward suspicious emails directly.

Browser detonation

A sandboxed Chrome browser visits the URL. Captures screenshots, DOM, network traffic, redirect chains, and form fields.

AI verdict + Reflow

AI analyzes all artifacts. Returns a structured verdict with confidence scores. Reflow generates a plain-language explanation.

Platform

Everything you need to detect phishing

Browser detonation, AI verdicts, human explanations, email analysis, attachment scanning — all in one API.

Real Browser Scan

Full Chrome browser visits the URL in a hardened sandbox. Captures screenshots, DOM, HAR, redirect chains, and form fields. Steel.dev anti-fingerprinting built in.

AI-Powered Verdict

Vision AI analyzes screenshots and page content. Returns structured verdicts with confidence scores, categories, and weighted indicators.

Reflow Explanations

Human-readable explanations of why a link is dangerous. Multi-language (EN/DE/FR). Customizable for non-technical users or SOC analysts.

Nobody else does this

Full Email Analysis

Upload .eml files. Extracts all URLs and attachments. Checks SPF/DKIM/DMARC and sender spoofing. Returns a single aggregated verdict.

Attachment Detonation

Opens Office docs, PDFs, and archives in a sandboxed container. Detects VBA macros, auto-execute triggers, file drops. YARA rule scanning.

Flow Trace

Visual replay timeline of the browser session. Every redirect, form field, and suspicious behavior — structured JSON for incident reports.

Webhooks

Push results to your endpoint on completion. HMAC-SHA256 signed. Exponential backoff retries. Perfect for SOAR playbooks.

Dashboard

Self-serve signup, API key management, analysis history, usage charts. Admin panel for system health and customer management.

Hardened Infrastructure

Non-root containers. Resource limits (CPU, memory, PIDs). gVisor runtime available. Ephemeral cleanup after every analysis.

Comparison

How PhishMind compares

We combine capabilities that nobody else puts together — at a price point nobody else offers.

Capability	PhishMind $99-499/mo	VirusTotal $10K+/yr	urlscan.io $500+/mo	ANY.RUN $109+/mo	Proofpoint $87K+/yr
Simple REST API	✓	✓	✓	—	—
Real browser detonation	✓	—	✓	✓	✓
AI-powered reasoning	✓	—	—	—	—
Human-facing explanations	✓	—	—	—	—
Full email analysis (.eml)	✓	—	—	—	✓
Attachment detonation (YARA)	✓	—	—	✓	✓
Self-serve dashboard	✓	✓	✓	✓	—
Developer pricing ($99-499/mo)	✓	—	—	—	—

Use Cases

Built for security teams

SOC Teams

Plug PhishMind into your existing SOAR playbook. Employees report phishing → your playbook calls the API → verdict auto-blocks or escalates → Reflow explains to the reporter what happened.

Splunk SOARXSOAROpenSOARTines

MSSPs

Manage phishing analysis for multiple clients from one dashboard. Each client gets their own API keys, usage tracking, and analysis history. White-label Reflow explanations.

Multi-tenantPer-client billingAPI keys

SaaS Platforms

Protect your users from phishing links in user-generated content. Scan URLs submitted to your platform before they reach your users. Sub-10s verdicts.

Content moderationUser safetyReal-time

Security Training

Turn every real phishing attempt into a training moment. When an employee reports a suspicious email, send back a Reflow explanation they can learn from.

AwarenessEducationReflow

Integration

One API call

Works with any language, any SOAR platform, any workflow.

Request Python

import httpx

client = httpx.Client(
    base_url="https://api.phishmind.com",
    headers={"X-API-Key": "pm_..."}
)

# Submit URL for analysis
resp = client.post("/api/v1/analyze", json={
    "url": "https://suspicious-link.xyz",
    "reflow": True
})

# Get verdict
result = client.get(f"/api/v1/results/{resp.json()['id']}")
print(result.json()["verdict"])

Response JSON

{
  "verdict": "malicious",
  "confidence": 0.94,
  "category": "credential_harvesting",
  "brand_impersonated": "Microsoft 365",
  "indicators": [
    {"type": "brand_impersonation",
     "detail": "Fake Microsoft login",
     "weight": "critical"},
    {"type": "domain_age",
     "detail": "Registered 2 days ago",
     "weight": "high"}
  ],
  "reasoning": "This page impersonates
    Microsoft 365 on a domain
    registered 2 days ago..."
}

Start analyzing for free

50 free analyses per month. Self-serve dashboard. No credit card required.

Create Free Account Swagger UI

Works with OpenSOAR, Splunk SOAR, XSOAR, Tines, Shuffle, n8n, or any HTTP client.

Is this linksafe?