Entropy0
Pricing

Simple tiers for every workflow

The scanner is available on every tier. Developer and above unlock the API for programmatic workflows.

Public API tiers
Explorer
Current plan
$0

Top-of-funnel evaluation

  • +50 lookups per month
  • +UI access only
  • +Trust, Threat, and Deviation lenses
  • +No API access
Current plan
Developer
$49/mo

Early integration projects

  • +2,000 API lookups per month
  • +1 API key
  • +Batch scanning up to 50 domains
  • +CSV export
Team
Most popular
$199/mo

Small security teams

  • +15,000 API lookups per month
  • +5 API keys with scoped permissions
  • +Batch scanning up to 500 domains
  • +Webhook notifications for score changes
Platform
$799/mo

High-throughput trust pipelines

  • +100,000 API lookups per month
  • +20 API keys
  • +Batch scanning up to 5,000 domains
  • +Priority queue and overage billing
Enterprise
Custom pricing

Risk infrastructure at scale

  • +500K–5M+ lookups per month
  • +SLA and dedicated infrastructure options
  • +Custom scoring profiles
  • +Bulk ingest and governance support
Coming soon
Deterministic scoring is identical across plans. Pricing changes access volume, automation, and operational guarantees only. No binary verdicts are generated.
FAQ

Common questions

Do you store the domains I scan?

Scans are saved to your account history only. They are not shared, sold, or used to train models. You can export or delete your history at any time.

How long does a scan take?

A standard domain scan completes in 3–15 seconds depending on DNS propagation, WHOIS latency, and SSL handshake time. Batch jobs process domains sequentially; results are available incrementally as each completes.

What does the Confidence score mean?

Each scan reports Coverage and Confidence alongside the three lenses. When infrastructure is unreachable — a timed-out WHOIS or a blocked HTTP response — Entropy0 reports the gap explicitly rather than treating missing evidence as a clean pass.

Can I plug this into an automated pipeline?

Yes. The /v1/domain/score endpoint accepts POST requests with an API key. Developer tier and above include API access. The /v1/domain/score/batch endpoint handles asynchronous bulk jobs with polling.

What's the difference between Threat and Deviation?

Threat measures abuse likelihood from observable signals: TLD risk, domain age, phishing keywords, brand impersonation. Deviation measures how far a domain's infrastructure sits from typical peer configurations. High Deviation means unusual — not necessarily malicious.

Questions or custom procurement needs? Get in touch →View docs