← Use Cases

How do I protect my Slack channels from dangerous links?

The problem

Employees paste links into Slack all day. Most are fine (Google Docs, Notion, LinkedIn). But one phishing link to a fake login page can compromise credentials, expose sensitive data, or give an attacker access to internal systems. By the time someone reports it, the damage is done.

URL preview alone doesn't protect anyone. It shows the destination title, not whether the domain was registered yesterday or is impersonating your bank.

How Unphurl solves it

Build a Slack bot that sends every shared URL to Unphurl's API. Before the link preview even renders, your bot has a full domain intelligence report. Clean links display normally. Suspicious links get a warning posted to the channel.

Signals that matter for this use case

  • Brand impersonation catches paypa1.com, googIe.com, and homoglyph attacks against 150+ brands
  • Domain age <3 days flags the peak phishing window (registered and used within 72 hours)
  • Excessive redirects reveal redirect obfuscation hiding the real destination
  • URL contains IP catches direct-IP phishing that bypasses domain filtering
  • Encoded hostname detects percent-encoded characters used to obfuscate malicious URLs
  • High domain entropy identifies random-looking domain names typical of auto-generated phishing domains

Suggested scoring profile

{
  "name": "security-bot",
  "weights": {
    "brand_impersonation": 40,
    "domain_age_3": 40,
    "domain_age_7": 30,
    "redirects_5": 25,
    "url_contains_ip": 15,
    "encoded_hostname": 10,
    "subdomain_excessive": 10,
    "domain_entropy_high": 10,
    "ssl_invalid": 15,
    "phishing_floor": 80
  }
}

What a result looks like

An employee pastes https://paypa1-secure.xyz/login into a channel. Your bot sends it to Unphurl:

Score: 75/100
Brand impersonation: paypal.com (+40)
Domain age: 3 days (+35)
MX record: none
Redirects: 3 hops

Your bot posts the signals to the channel: "Score: 75/100. Impersonating paypal.com. Domain registered 3 days ago. No MX record." The team decides whether to click.

Cost

Most links employees share are known domains (Google Docs, Notion, LinkedIn, GitHub) that resolve instantly and for free. Only truly unknown URLs cost a pipeline check. A company where employees share 1,000 links per month might see 10-50 pipeline checks, the rest resolve from the Tranco Top 100K or cache.

The Starter package ($9 for 100 pipeline checks) would cover most teams for months.

Get started

# Check a URL from the CLI
npx unphurl https://paypa1-secure.xyz/login --profile security-bot

# Or via the API
curl -H "Authorization: Bearer uph_your_key" \
  "https://api.unphurl.com/v1/check?url=https://paypa1-secure.xyz/login&profile=security-bot"
Read the docs All use cases