← Use Cases

How do I vet partner and vendor websites during due diligence?

The problem

During onboarding of new partners or vendors, you need to verify the domains they provide: company website, API endpoints, documentation links. A claimed "established business" with a 3-day-old domain, no SSL, and a parked website is a red flag. But checking each domain manually takes time, and the signals are easy to miss if you're just clicking links.

Without structured verification, bad partners slip through. You discover the problem later, when a vendor disappears, an API endpoint stops responding, or a "partner" turns out to be a shell company.

How Unphurl solves it

Collect all the domains a potential partner or vendor provides and batch check them through Unphurl. You get a structured report showing domain age, SSL status, parking detection, and infrastructure health for every URL. Established businesses with real infrastructure score clean. Freshly registered shells, parked placeholders, and broken endpoints stand out immediately.

Signals that matter for this use case

  • Domain age <3 days is a strong indicator the domain was just created, possibly for this specific engagement
  • Domain age <7 days flags newly registered infrastructure that deserves extra scrutiny
  • Domain age <30 days identifies recently staged domains worth investigating further
  • SSL invalid signals a poorly maintained or abandoned site
  • Parked domain means there's no real website, just a placeholder page
  • Expiring soon means the domain registration is about to lapse, raising questions about longevity
  • Bad domain status (pendingDelete, serverHold) means the domain is in trouble at the registrar level
  • No MX record means the domain can't receive email, unusual for a real business
  • HTTP only signals no SSL configured at all, a baseline expectation for any professional operation

Suggested scoring profile

{
  "name": "due-diligence",
  "weights": {
    "domain_age_3": 30,
    "domain_age_7": 25,
    "domain_age_30": 20,
    "ssl_invalid": 20,
    "parked": 20,
    "expiring_soon": 15,
    "domain_status_bad": 20,
    "no_mx_record": 10,
    "http_only": 15
  }
}

What a result looks like

You're evaluating a potential vendor who provided 5 domains. You batch check all of them:

5 vendor domains checked:
vendor-main.com: score 0 (clean)
vendor-support.com: score 0 (clean)
vendor-billing.com: score 0 (clean)
vendor-docs.io: score 40 (domain age 5 days +25, HTTP only +15)
vendor-api.xyz: score 20 (parked +20)

Three domains are clean. But the documentation site is only 5 days old, and the API domain is parked. You flag the fresh domain for deeper investigation before signing the agreement.

Cost

Small batches, typically 5-50 URLs per vendor. Most are quick pipeline checks. The Starter package handles dozens of vendor reviews before you need to top up.

Get started

For developers: Batch check vendor domains via CLI. 

# Create a file with vendor domains
echo "vendor-main.com
vendor-docs.io
vendor-api.xyz" > vendor-domains.csv

# Batch check with due diligence profile
unphurl --batch vendor-domains.csv --profile due-diligence

# Get flagged domains
unphurl --batch vendor-domains.csv --profile due-diligence --json | \
  jq -r '.results[] | select(.result.score >= 20) | "\(.url): score \(.result.score)"'

For non-coders (Claude Cowork, OpenClaw, or any AI agent): Paste the vendor's domains and ask: "Check these vendor domains. Flag anything with a young domain, parked site, or missing SSL."

Read the docs All use cases