API Documentation
Get Scan
Fetch the details of a specific scan. If the scan status is PENDING or RUNNING, all attributes (except the scan metadata) will be empty. Accessing a scan in PENDING/RUNNING status will not consume your API daily quota. However, retrieving a scan in DONE/ERROR status will count towards your usage.
curl --request GET \
--url https://api.urldna.io/scan/{scan_id} \
--header 'Authorization: <api-key>'{
"certificate": {
"authority_info_access": "<string>",
"authority_key_identifier": "<string>",
"basic_constraints": "<string>",
"certificate_policies": "<string>",
"ct_precert_scts": "<string>",
"extended_key_usage": "<string>",
"issuer": "<string>",
"key_usage": "<string>",
"not_after": "<string>",
"not_before": "<string>",
"serial_number": "<string>",
"subject": "<string>",
"subject_key_identifier": "<string>",
"version": 123
},
"console_messages": [
{
"text": "<string>",
"type": "<string>"
}
],
"cookies": [
{
"domain": "<string>",
"expiry": "<string>",
"http_only": true,
"name": "<string>",
"path": "<string>",
"secure": true,
"value": "<string>"
}
],
"dom": "<string>",
"favicon": {
"blob_uri": "<string>",
"format": "<string>",
"height": 123,
"mimetype": "<string>",
"name": "<string>",
"phash": "<string>",
"url": "<string>",
"width": 123
},
"http_transactions": [
{
"content_type": "<string>",
"ip": "<string>",
"method": "<string>",
"mimetypes": "<string>",
"size": 123,
"status_code": 123,
"url": "<string>"
}
],
"ip_address": {
"asn": "<string>",
"city": "<string>",
"country": "<string>",
"country_code": "<string>",
"ip": "<string>",
"isp": "<string>",
"latitude": 123,
"longitude": 123,
"org": "<string>",
"region": "<string>",
"timezone_gmt": "<string>",
"type": "<string>"
},
"malicious": {
"malicious": true,
"threat": "SCAM"
},
"page": {
"headers": {},
"meta_tags": {},
"outgoing_links": [
"<string>"
],
"ssdeep": "<string>",
"text": "<string>",
"title": "<string>"
},
"scan": {
"id": "<string>",
"submitted_url": "<string>",
"domain": "<string>",
"target_url": "<string>",
"protocol": "<string>",
"device": "DESKTOP",
"user_agent": "<string>",
"nsfw": true,
"scanned_from": "DEFAULT",
"origin": "API",
"width": 123,
"height": 123,
"private_scan": true,
"status": "PENDING",
"submitted_date": "2023-11-07T05:31:56Z",
"submitter_tags": [
"<string>"
]
},
"scan_feedback": {
"malicious_count": 123,
"safe_count": 123
},
"scan_whois": {
"address": "<string>",
"country": "<string>",
"creation_date": "<string>",
"domain_name": "<string>",
"expiration_date": "<string>",
"name": "<string>",
"org": "<string>",
"registrant_postal_code": "<string>",
"registrar": "<string>",
"state": "<string>",
"updated_date": "<string>"
},
"screenshot": {
"blob_uri": "<string>",
"format": "<string>",
"height": 123,
"mimetype": "<string>",
"phash": "<string>",
"width": 123
},
"technologies": [
{
"category": "<string>",
"name": "<string>",
"version": "<string>"
}
]
}Authorizations
Path Parameters
Unique identifier of the scan.
Response
Represents the results of a scan performed on a URL, domain, or IP, including security, network, and content analysis.
SSL/TLS certificate details of the scanned domain.
Information about how to access the issuing Certificate Authority (CA), such as OCSP and CA issuer URLs.
A unique identifier for the issuing CA’s public key, ensuring proper certificate chaining.
Indicates whether the certificate belongs to a CA and the maximum path length for certificate chaining.
Defines policies related to certificate usage, often including URLs to policy documents.
Signed Certificate Timestamps (SCTs) from Certificate Transparency logs, used for verifying legitimate issuance.
Specifies the intended usage of the certificate, such as server authentication or code signing.
The entity that issued the certificate, usually a trusted Certificate Authority (CA).
Defines the cryptographic purposes of the certificate, such as digital signature, key encipherment, or key agreement.
The expiration date of the certificate, after which it is no longer valid.
The start date from which the certificate is considered valid.
A unique identifier assigned to the certificate by the issuing CA.
The entity (organization, domain, or individual) for which the certificate was issued.
A unique identifier for the certificate's public key, used to facilitate key management.
The version of the X.509 certificate standard, typically 1, 2, or 3.
JavaScript console messages captured during page load.
Represents a message logged in the browser's developer console during the scan.
List of cookies set by the scanned page.
Represents an HTTP cookie set by the scanned webpage.
The domain for which the cookie is valid.
The expiration date of the cookie in UTC format.
Indicates whether the cookie is accessible only through HTTP requests and not via JavaScript.
The name of the cookie.
The URL path within the domain where the cookie is valid.
Indicates whether the cookie is sent only over HTTPS connections.
The stored value of the cookie.
HTML content of the scanned webpage's Document Object Model (DOM).
Favicon metadata and hash for similarity detection.
A temporary URI reference to the favicon (TTL 30 minutes).
The detected format of the favicon, such as 'ico' or 'png'.
The height of the favicon in pixels.
The MIME type of the favicon, such as 'image/png'.
The filename of the favicon, if available.
A perceptual hash (pHash) value used for identifying visually similar favicons.
The URL of the favicon file.
The width of the favicon in pixels.
List of HTTP requests and responses observed during the scan.
Represents an HTTP request-response transaction captured during the scan.
The content type of the HTTP response, such as 'text/html' or 'application/json'.
The IP address of the server responding to the request.
The HTTP method used for the request, such as 'GET', 'POST', or 'HEAD'.
A list of MIME types associated with the response.
The size of the HTTP response body in bytes.
The HTTP status code returned by the server, such as 200 (OK) or 404 (Not Found).
The requested URL associated with this transaction.
IP address and geolocation details of the scanned domain.
Autonomous System Number (ASN) associated with the IP.
City where the IP address is located.
Country where the IP address is registered.
Two-letter country code (ISO 3166-1 alpha-2).
The IP address being analyzed.
Internet Service Provider (ISP) associated with the IP.
Approximate latitude coordinate of the IP location.
Approximate longitude coordinate of the IP location.
Organization that owns or manages the IP address.
Region or state where the IP address is located.
Time zone in GMT offset format.
Type of IP (e.g., residential, corporate, or cloud provider).
Metadata and extracted content from the scanned webpage.
HTTP response headers from the scanned page.
Meta tags extracted from the HTML head section.
List of URLs linked from the scanned page.
SSDEEP hash used for fuzzy matching and detecting page similarity.
Extracted textual content of the webpage.
Title of the scanned webpage.
Details about the scan, such as timestamps and scan parameters.
Unique, autogenerated identifier for the scan.
The URL provided by the user to be scanned.
The domain of the submitted URL.
The final URL after any redirection (if applicable).
The protocol of the URL, such as HTTP or HTTPS.
The type of device selected for the scan, either 'DESKTOP' or 'MOBILE'.
DESKTOP, MOBILE The user agent string associated with the device for simulating the browser environment.
Indicates whether the content of the page contains Not Safe For Work (NSFW) material, such as nudity or adult content.
The country from which the scan was initiated. Available only for PREMIUM users.
DEFAULT, AU, BE, CA, CH, DE, ES, FR, GB, GR, HU, ID, IT, JP, MX, NL, PT, ZA, TR, US Indicates whether the scan was submitted via the API or by a user.
API, USER The width of the viewport used during the scan in pixels.
The height of the viewport used during the scan in pixels.
If true, the scan results are only accessible by the user who submitted the scan.
The current status of the scan. 'PENDING' and 'RUNNING' are intermediate states, while 'DONE' and 'ERROR' are final states.
PENDING, RUNNING, DONE, ERROR The date and time when the scan was submitted.
A list of any tags associated with the scan, submitted by the user.
WHOIS registration information for the scanned domain.
Registrant's address from WHOIS data.
Country where the domain is registered.
Date when the domain was first registered.
The domain name being scanned.
Date when the domain registration expires.
Registrant's name from WHOIS data.
Organization that owns the domain.
Postal code associated with the registrant.
Registrar through which the domain was registered.
State or region where the domain is registered.
Date when the domain WHOIS record was last updated.
Screenshot of the scanned webpage for visual analysis.
Temporary URI for accessing the screenshot (TTL 30 minutes).
The file format of the screenshot, such as 'png' or 'jpeg'.
Height of the screenshot in pixels.
MIME type of the screenshot image.
Perceptual hash (pHash) value used for detecting image similarity.
Width of the screenshot in pixels.
List of detected technologies used by the scanned webpage.
Represents detected technologies used by the scanned webpage.
curl --request GET \
--url https://api.urldna.io/scan/{scan_id} \
--header 'Authorization: <api-key>'{
"certificate": {
"authority_info_access": "<string>",
"authority_key_identifier": "<string>",
"basic_constraints": "<string>",
"certificate_policies": "<string>",
"ct_precert_scts": "<string>",
"extended_key_usage": "<string>",
"issuer": "<string>",
"key_usage": "<string>",
"not_after": "<string>",
"not_before": "<string>",
"serial_number": "<string>",
"subject": "<string>",
"subject_key_identifier": "<string>",
"version": 123
},
"console_messages": [
{
"text": "<string>",
"type": "<string>"
}
],
"cookies": [
{
"domain": "<string>",
"expiry": "<string>",
"http_only": true,
"name": "<string>",
"path": "<string>",
"secure": true,
"value": "<string>"
}
],
"dom": "<string>",
"favicon": {
"blob_uri": "<string>",
"format": "<string>",
"height": 123,
"mimetype": "<string>",
"name": "<string>",
"phash": "<string>",
"url": "<string>",
"width": 123
},
"http_transactions": [
{
"content_type": "<string>",
"ip": "<string>",
"method": "<string>",
"mimetypes": "<string>",
"size": 123,
"status_code": 123,
"url": "<string>"
}
],
"ip_address": {
"asn": "<string>",
"city": "<string>",
"country": "<string>",
"country_code": "<string>",
"ip": "<string>",
"isp": "<string>",
"latitude": 123,
"longitude": 123,
"org": "<string>",
"region": "<string>",
"timezone_gmt": "<string>",
"type": "<string>"
},
"malicious": {
"malicious": true,
"threat": "SCAM"
},
"page": {
"headers": {},
"meta_tags": {},
"outgoing_links": [
"<string>"
],
"ssdeep": "<string>",
"text": "<string>",
"title": "<string>"
},
"scan": {
"id": "<string>",
"submitted_url": "<string>",
"domain": "<string>",
"target_url": "<string>",
"protocol": "<string>",
"device": "DESKTOP",
"user_agent": "<string>",
"nsfw": true,
"scanned_from": "DEFAULT",
"origin": "API",
"width": 123,
"height": 123,
"private_scan": true,
"status": "PENDING",
"submitted_date": "2023-11-07T05:31:56Z",
"submitter_tags": [
"<string>"
]
},
"scan_feedback": {
"malicious_count": 123,
"safe_count": 123
},
"scan_whois": {
"address": "<string>",
"country": "<string>",
"creation_date": "<string>",
"domain_name": "<string>",
"expiration_date": "<string>",
"name": "<string>",
"org": "<string>",
"registrant_postal_code": "<string>",
"registrar": "<string>",
"state": "<string>",
"updated_date": "<string>"
},
"screenshot": {
"blob_uri": "<string>",
"format": "<string>",
"height": 123,
"mimetype": "<string>",
"phash": "<string>",
"width": 123
},
"technologies": [
{
"category": "<string>",
"name": "<string>",
"version": "<string>"
}
]
}