ScanMalware REST API Documentation
Complete API reference for integrating website security scanning into your applications
Getting Started
The ScanMalware API provides programmatic access to URL security scanning capabilities. All endpoints return JSON responses and use standard HTTP status codes.
🌐 Base URL
https://scanmalware.com🚀 Quick Example
curl -X POST "https://scanmalware.com/api/v1/scan" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'📖 Full Documentation Details
Rate Limits
Currently, there are no enforced rate limits, but please use the API responsibly.
Pagination
All search and listing endpoints support pagination to prevent database overload and improve performance. Pagination is implemented using page and limit parameters.
Paginated endpoints include:
/api/v1/recent- Recent scans/api/v1/search- Text search/api/v1/search/asn/{asn_number}- ASN search/api/v1/search/favicon/{hash_value}- Favicon hash search/api/v1/search/screenshot/{hash_type}/{hash_value}- Screenshot hash search/api/v1/search/fuzzy/{hash_type}- Fuzzy hash search/api/v1/search/similar- Similar scans search
All paginated responses include a pagination object:
"pagination": {
"page": 1, // Current page number
"limit": 20, // Items per page
"total_items": 272, // Total number of items
"total_pages": 14, // Total number of pages
"has_next": true, // Whether there's a next page
"has_prev": false // Whether there's a previous page
}Error Handling
The API uses conventional HTTP response codes to indicate success or failure. Error responses include a JSON object with error details.
{
"error": "Invalid URL provided",
"code": 400,
"details": "The URL must be a valid HTTP or HTTPS URL"
}API Endpoints
POST
/api/v1/scanSubmit URL for Scanning
Submit a URL for security analysis
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
url | string | Required | The URL to scan |
scan_type | string | Optional | Type of scan: "public", "unlisted", or "private" (default: "public") |
Response
{
"scan_id": "string",
"status": "string",
"message": "string",
"scan_type": "string",
"submitted_at": "string"
}Example
Request
curl -X POST "https://scanmalware.com/api/v1/scan" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com", "scan_type": "public"}'Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"status": "queued",
"message": "Scan submitted successfully",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/result/{scan_id}Get Scan Results
Retrieve the results of a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"completed_at": "string",
"results": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/result/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"completed_at": "2025-08-20T16:30:15.000Z",
"results": {
"title": "Example Domain",
"screenshot_path": "screenshots/123e4567.png",
"technologies": [...],
"network_requests": [...],
"security_analysis": {...}
}
}GET
/api/v1/scan/{scan_id}/summaryGet Scan Summary
Get condensed scan information for integrations
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"status": "string",
"completed_at": "string",
"security_verdict": {
"overall_score": "integer",
"risk_level": "string"
},
"risk_score": "integer",
"technologies_count": "integer",
"tracker_count": "integer",
"redirect_count": "integer",
"certificate_valid": "boolean",
"load_time": "number"
}Example
Request
curl "https://scanmalware.com/api/v1/scan/123e4567-e89b-12d3-a456-426614174000/summary"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"final_url": "https://www.example.com",
"status": "completed",
"completed_at": "2025-08-20T16:30:15.000Z",
"security_verdict": {
"overall_score": 15,
"risk_level": "safe"
},
"risk_score": 85,
"technologies_count": 5,
"tracker_count": 2,
"redirect_count": 1,
"certificate_valid": true,
"load_time": 1.234
}GET
/api/v1/domains/{domain}/scansDomain History
Get all public scans for a specific domain (only public scans are available via API)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to search for (e.g., "example.com") |
status | string | Optional | Filter by scan status: "queued", "processing", "completed", or "failed" |
limit | integer | Optional | Number of results (1-100, default: 20) |
Response
{
"domain": "string",
"total_scans": "integer",
"scans": [
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"completed_at": "string",
"title": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/domains/example.com/scans?status=completed&limit=10"Response
{
"domain": "example.com",
"total_scans": 15,
"scans": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"completed_at": "2025-08-20T16:30:15.000Z",
"title": "Example Domain"
}
]
}GET
/api/v1/recentGet Recent Public Scans
Retrieve a list of recent public scans with pagination (only public scans are available via API)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"title": "string"
}
],
"pagination": {
"page": "integer",
"limit": "integer",
"total_items": "integer",
"total_pages": "integer",
"has_next": "boolean",
"has_prev": "boolean"
}
}Example
Request
curl "https://scanmalware.com/api/v1/recent?page=1&limit=10"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"title": "Example Domain"
}
],
"pagination": {
"page": 1,
"limit": 10,
"total_items": 272,
"total_pages": 28,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/searchSearch Scans
Search through public scan results only
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
q | string | Required | Search query (minimum 3 characters) |
type | string | Optional | Search type: "url", "domain", "title", "technology", or "all" (default: "all") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
[
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"title": "string"
}
]Example
Request
curl "https://scanmalware.com/api/v1/search?q=example.com&type=domain"Response
[
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"title": "Example Domain"
}
]GET
/api/v1/search/asn/{asn_number}Search by ASN
Search for public scans from a specific Autonomous System Number (ASN)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
asn_number | integer | Required | The AS number to search for without AS prefix (e.g., 13335 for Cloudflare, not AS13335) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 50, max: 500) |
Response
{
"asn": "integer",
"organization": "string",
"total_scans": "integer",
"unique_urls": "integer",
"first_seen": "string | null",
"last_seen": "string | null",
"results": [
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"title": "string",
"primary_asn": "integer",
"asn_org": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/asn/13335"Response
{
"asn": 13335,
"organization": "CLOUDFLARENET",
"total_scans": 42,
"unique_urls": 35,
"first_seen": "2025-08-19T10:00:00.000Z",
"last_seen": "2025-08-20T16:30:00.000Z",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"title": "Example Domain",
"primary_asn": 13335,
"asn_org": "CLOUDFLARENET"
}
]
}GET
/api/v1/search/favicon/{hash_value}Search by Favicon Hash
Search for websites with the same favicon hash (supports both MMH3 and MD5 hashes)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_value | string | Required | The favicon hash value (MMH3 integer or MD5 hex string) |
hash_type | string | Optional | Hash type: "mmh3" or "md5" (default: "mmh3") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"hash_type": "string",
"hash_value": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"title": "string",
"submitted_at": "string",
"favicon_mmh3": "string",
"favicon_md5": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/favicon/2755474283?hash_type=mmh3"
# Search by MD5 hash
curl "https://scanmalware.com/api/v1/search/favicon/b2ccd167c908a44e1dd69df79382286a?hash_type=md5"Response
{
"hash_type": "mmh3",
"hash_value": "2755474283",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://www.linkedin.com/",
"final_url": "https://www.linkedin.com/",
"title": "LinkedIn: Log In or Sign Up",
"submitted_at": "2025-08-20T16:30:00.000Z",
"favicon_mmh3": "2755474283",
"favicon_md5": "b2ccd167c908a44e1dd69df79382286a"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 4,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/favicon/{scan_id}Get Favicon
Download the favicon image for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
"Binary image data (PNG/ICO format) or 404 if no favicon found"Example
Request
curl "https://scanmalware.com/api/v1/favicon/123e4567-e89b-12d3-a456-426614174000" --output favicon.pngResponse
Binary image dataGET
/api/v1/favicon/search/{mmh3_hash}Search by MMH3 Favicon Hash
Search for scans with a specific MMH3 favicon hash
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
mmh3_hash | string | Required | The MMH3 hash value |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"mmh3_hash": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"title": "string",
"submitted_at": "string",
"favicon_mmh3": "string",
"favicon_md5": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/favicon/search/2755474283"Response
{
"mmh3_hash": "2755474283",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://www.linkedin.com/",
"final_url": "https://www.linkedin.com/",
"title": "LinkedIn: Log In or Sign Up",
"submitted_at": "2025-08-20T16:30:00.000Z",
"favicon_mmh3": "2755474283",
"favicon_md5": "b2ccd167c908a44e1dd69df79382286a"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 4,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/favicon/statsFavicon Statistics
Get statistics about favicon detection and hashes
Response
{
"total_scans_with_favicons": "integer",
"unique_mmh3_hashes": "integer",
"unique_md5_hashes": "integer",
"top_favicons": [
{
"mmh3_hash": "string",
"md5_hash": "string",
"count": "integer",
"example_url": "string"
}
],
"detection_rate": "number",
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/favicon/stats"Response
{
"total_scans_with_favicons": 892,
"unique_mmh3_hashes": 234,
"unique_md5_hashes": 231,
"top_favicons": [
{
"mmh3_hash": "2755474283",
"md5_hash": "b2ccd167c908a44e1dd69df79382286a",
"count": 15,
"example_url": "https://www.linkedin.com/"
}
],
"detection_rate": 72.3,
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/search/screenshot/{hash_type}/{hash_value}Search by Screenshot Hash
Search for scans by screenshot hash (public scans only)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_type | string | Required | Hash type: "ahash", "phash", "dhash", "whash", "color_hash", or "crop_resistant" |
hash_value | string | Required | The hash value to search for |
similarity_threshold | integer | Optional | Hamming distance threshold for similarity search (0-64, perceptual hashes only) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"hash_type": "string",
"hash_value": "string",
"count": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/screenshot/phash/1a2b3c4d5e6f7890"Response
{
"hash_type": "phash",
"hash_value": "1a2b3c4d5e6f7890",
"count": 1,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z"
}
]
}POST
/api/v1/screenshot/searchScreenshot Hash Search
Search for similar screenshots using perceptual hash
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_value | integer | Required | The perceptual hash value as an integer |
hash_type | string | Optional | Hash type (phash, ahash, dhash, whash, crop_resistant). Default: phash |
max_distance | integer | Optional | Maximum hamming distance (1-10, default: 3) |
limit | integer | Optional | Maximum results (1-100, default: 20) |
Response
[
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string",
"similarity_score": "integer",
"ahash_distance": "integer",
"phash_distance": "integer",
"dhash_distance": "integer",
"whash_distance": "integer"
}
]Example
Request
curl -X POST "https://scanmalware.com/api/v1/screenshot/search" \
-H "Content-Type: application/json" \
-d '{"hash_value": 17918433939200614400, "hash_type": "ahash", "max_distance": 5}'Response
[
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z",
"similarity_score": 95,
"ahash_distance": 3,
"phash_distance": 2,
"dhash_distance": 4,
"whash_distance": 5
}
]GET
/api/v1/screenshot/duplicatesFind Duplicate Screenshots
Find groups of scans with identical or very similar screenshots
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
threshold | integer | Optional | Similarity threshold (0-64, default: 5) |
min_group_size | integer | Optional | Minimum group size to return (default: 2) |
limit | integer | Optional | Maximum number of groups (default: 20) |
Response
[
[
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string",
"ahash": "string",
"phash": "string",
"dhash": "string",
"whash": "string"
}
]
]Example
Request
curl "https://scanmalware.com/api/v1/screenshot/duplicates?threshold=5&min_group_size=2"Response
[
[
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://phishing-site1.com",
"title": "Microsoft Account",
"submitted_at": "2025-08-20T16:30:00.000Z",
"ahash": "1a2b3c4d5e6f7890",
"phash": "0987654321abcdef",
"dhash": "fedcba9876543210",
"whash": "1234567890abcdef"
},
{
"scan_id": "223e4567-e89b-12d3-a456-426614174001",
"url": "https://phishing-site2.com",
"title": "Microsoft Account",
"submitted_at": "2025-08-20T17:00:00.000Z",
"ahash": "1a2b3c4d5e6f7891",
"phash": "0987654321abcdef",
"dhash": "fedcba9876543211",
"whash": "1234567890abcdef"
}
]
]GET
/api/v1/screenshot/statsScreenshot Statistics
Get statistics about screenshot processing and hashing
Response
{
"total_screenshots": "integer",
"unique_ahash": "integer",
"unique_phash": "integer",
"unique_dhash": "integer",
"unique_whash": "integer",
"duplicate_groups": "integer",
"processing_stats": {
"average_size_kb": "number",
"average_processing_ms": "number"
},
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/screenshot/stats"Response
{
"total_screenshots": 1234,
"unique_ahash": 987,
"unique_phash": 976,
"unique_dhash": 982,
"unique_whash": 978,
"duplicate_groups": 45,
"processing_stats": {
"average_size_kb": 234.5,
"average_processing_ms": 125.3
},
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/search/jarm/{jarm_signature}JARM Signature Search
Search for scans by JARM TLS fingerprint. JARM fingerprints are 62-character hashes that identify TLS server configurations.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
jarm_signature | string | Required | 62-character hexadecimal JARM signature |
limit | integer | Optional | Maximum results (default: 20) |
Response
{
"jarm_signature": "string",
"total_results": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"jarm_host": "string",
"jarm_port": "integer",
"jarm_url": "string",
"is_final_url": "boolean",
"title": "string",
"scan_type": "string",
"status": "string",
"submitted_at": "string",
"completed_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/jarm/29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba"Response
{
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"total_results": 2,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://google.com/",
"final_url": "https://www.google.com/",
"jarm_host": "www.google.com",
"jarm_port": 443,
"jarm_url": "https://www.google.com/",
"is_final_url": true,
"title": "Google",
"scan_type": "public",
"status": "completed",
"submitted_at": "2025-08-26T07:14:30.516606",
"completed_at": null
}
]
}GET
/api/v1/jarm/scan/{scan_id}Get JARM Signatures for Scan
Get all JARM signatures associated with a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"signatures": [
{
"host": "string",
"port": "integer",
"jarm_signature": "string",
"url": "string",
"is_final_url": "boolean",
"created_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/jarm/scan/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"signatures": [
{
"host": "www.google.com",
"port": 443,
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"url": "https://www.google.com/",
"is_final_url": true,
"created_at": "2025-08-26T11:20:40.658178"
},
{
"host": "google.com",
"port": 443,
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"url": "https://google.com/",
"is_final_url": false,
"created_at": "2025-08-26T11:20:40.272924"
}
]
}GET
/api/v1/jarm/statsJARM Statistics
Get statistics about JARM signatures in the database
Response
{
"statistics": {
"unique_signatures": "integer",
"total_scans": "integer",
"total_entries": "integer",
"unique_hosts": "integer"
},
"common_signatures": [
{
"jarm_signature": "string",
"scan_count": "integer",
"host_count": "integer",
"sample_hosts": [
"string"
]
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/jarm/stats"Response
{
"statistics": {
"unique_signatures": 4,
"total_scans": 16,
"total_entries": 26,
"unique_hosts": 5
},
"common_signatures": [
{
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"scan_count": 10,
"host_count": 2,
"sample_hosts": ["google.com", "www.google.com"]
}
]
}GET
/api/v1/search/similarSimilar Content Search
Find scans with similar content using fuzzy hashing
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Optional | Base scan ID to find similar content |
tlsh_hash | string | Optional | TLSH hash to search for |
ssdeep_hash | string | Optional | ssdeep hash to search for |
threshold | integer | Optional | Similarity threshold (0-100, default: 80) |
limit | integer | Optional | Maximum results (default: 20) |
Response
[
{
"scan_id": "string",
"url": "string",
"title": "string",
"similarity_score": "integer",
"tlsh_score": "integer | null",
"ssdeep_score": "integer | null",
"submitted_at": "string"
}
]Example
Request
curl "https://scanmalware.com/api/v1/search/similar?scan_id=123e4567-e89b-12d3-a456-426614174000&threshold=85"Response
[
{
"scan_id": "223e4567-e89b-12d3-a456-426614174001",
"url": "https://similar-site.com",
"title": "Similar Content Site",
"similarity_score": 92,
"tlsh_score": 15,
"ssdeep_score": 89,
"submitted_at": "2025-08-20T16:30:00.000Z"
}
]GET
/api/v1/search/fuzzy/{hash_type}Search by Fuzzy Hash
Search for scans by fuzzy hash - TLSH, ssdeep, or sdhash (public scans only)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_type | string | Required | Fuzzy hash type: "tlsh", "ssdeep", or "sdhash" |
hash_value | string | Required | The fuzzy hash value to search for (query parameter) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"hash_type": "string",
"hash_value": "string",
"count": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/fuzzy/tlsh?hash_value=T1ABC123..."Response
{
"hash_type": "tlsh",
"hash_value": "T1ABC123...",
"count": 2,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z"
}
]
}GET
/api/v1/statsGet System Statistics
Retrieve system statistics and queue information
Response
{
"queue_length": "integer",
"running_scans": "integer",
"completed_24h": {
"public": "integer",
"unlisted": "integer",
"private": "integer"
}
}Example
Request
curl "https://scanmalware.com/api/v1/stats"Response
{
"queue_length": 5,
"running_scans": 2,
"completed_24h": {
"public": 150,
"unlisted": 25,
"private": 8
}
}GET
/api/v1/screenshot/{scan_id}.pngGet Scan Screenshot
Retrieve the screenshot for a specific scan. Note: The .png extension must be included in the URL.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID (must include .png extension) |
Response
"Binary image data (PNG format)"Example
Request
curl "https://scanmalware.com/api/v1/screenshot/123e4567-e89b-12d3-a456-426614174000.png" -o screenshot.pngResponse
[Binary PNG data]GET
/api/v1/healthHealth Check
Check system health and worker status
Response
{
"status": "string",
"timestamp": "string",
"workers": {
"active": "integer",
"total": "integer"
},
"queue_length": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/health"Response
{
"status": "healthy",
"timestamp": "2025-08-20T16:30:00.000Z",
"workers": {
"active": 3,
"total": 3
},
"queue_length": 0
}GET
/api/v1/ocr/{scan_id}Get OCR Text
Get OCR-extracted text from a scan's screenshot with language detection
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to retrieve OCR text for |
Response
{
"scan_id": "string",
"ocr_text": "string",
"ocr_language": "string",
"suspicious_regions": "array",
"metadata": {
"text_length": "integer",
"word_count": "integer",
"char_count": "integer",
"detected_language": "string",
"tesseract_language": "string"
},
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/ocr/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"ocr_text": "Example Domain\nThis domain is for use in illustrative examples...",
"ocr_language": "eng",
"suspicious_regions": [
{
"text": "Windows + R",
"pattern": "windows + r",
"bbox": {"x": 100, "y": 200, "width": 150, "height": 30},
"confidence": 95
}
],
"metadata": {
"text_length": 197,
"word_count": 28,
"char_count": 172,
"detected_language": "en",
"tesseract_language": "eng"
},
"source": "database"
}GET
/api/v1/search/ocrSearch OCR Text
Full-text search through OCR-extracted text from screenshots
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
q | string | Required | Search query (min 3 characters) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"ocr_text_preview": "string",
"relevance_score": "float",
"scan_timestamp": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/ocr?q=verify+human&page=1&limit=10"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://suspicious-site.com",
"ocr_text_preview": "Please verify you are human by pressing Windows+R and typing...",
"relevance_score": 0.95,
"scan_timestamp": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 10,
"total": 3,
"pages": 1
}
}GET
/api/v1/search/ocr/patternOCR Pattern Search
Search for specific patterns in OCR-extracted text
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
pattern | string | Required | Pattern to search for |
case_sensitive | boolean | Optional | Whether to perform case-sensitive search (default: false) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"ocr_text_preview": "string",
"match_count": "integer",
"scan_timestamp": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/ocr/pattern?pattern=Windows%2BR&case_sensitive=false"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://suspicious-site.com",
"ocr_text_preview": "Press Windows+R to open Run dialog...",
"match_count": 3,
"scan_timestamp": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 5,
"pages": 1
}
}GET
/api/v1/ocr/statsOCR Statistics
Get OCR processing statistics and language distribution
Response
{
"total_processed": "integer",
"total_with_text": "integer",
"average_text_length": "number",
"processing_time_avg_ms": "number",
"language_distribution": [
{
"language": "string",
"count": "integer",
"percentage": "number"
}
],
"suspicious_patterns": [
{
"pattern": "string",
"occurrences": "integer"
}
],
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/ocr/stats"Response
{
"total_processed": 1234,
"total_with_text": 890,
"average_text_length": 452.3,
"processing_time_avg_ms": 1250.5,
"language_distribution": [
{
"language": "eng",
"count": 650,
"percentage": 73.0
},
{
"language": "chi_sim",
"count": 120,
"percentage": 13.5
}
],
"suspicious_patterns": [
{
"pattern": "Windows+R",
"occurrences": 15
},
{
"pattern": "PowerShell",
"occurrences": 8
}
],
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/clipboard/statsClipboard Statistics
Get global clipboard monitoring and pastejacking detection statistics
Response
{
"clipboard_events": {
"scans_with_clipboard": "integer",
"total_events": "integer",
"copy_events": "integer",
"paste_events": "integer",
"suspicious_events": "integer"
},
"pastejacking_detections": {
"scans_with_pastejacking": "integer",
"total_detections": "integer",
"critical": "integer",
"high": "integer",
"medium": "integer",
"low": "integer"
},
"daily_activity": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/clipboard/stats"Response
{
"clipboard_events": {
"scans_with_clipboard": 142,
"total_events": 523,
"copy_events": 201,
"paste_events": 87,
"suspicious_events": 34
},
"pastejacking_detections": {
"scans_with_pastejacking": 28,
"total_detections": 45,
"critical": 5,
"high": 12,
"medium": 18,
"low": 10
},
"daily_activity": [
{
"date": "2025-08-20",
"scans_with_clipboard_activity": 15,
"total_events": 67,
"suspicious_events": 8,
"scans_with_pastejacking": 3
}
]
}GET
/api/v1/clipboard/{scan_id}Get Clipboard Events
Get clipboard events captured during a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to retrieve clipboard events for |
Response
{
"scan_id": "string",
"events": [
{
"event_type": "string",
"event_timestamp": "string",
"event_data": "object",
"page_url": "string",
"element_selector": "string",
"is_suspicious": "boolean",
"suspicious_reason": "string"
}
],
"statistics": "object",
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/clipboard/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"events": [
{
"event_type": "copy",
"event_timestamp": "2025-08-20T16:30:15.000Z",
"event_data": {
"clipboardData": "powershell -Command iex",
"selection": "Run this command"
},
"page_url": "https://suspicious-site.com/verify",
"element_selector": "div.verification-steps",
"is_suspicious": true,
"suspicious_reason": "Contains potentially malicious command patterns"
}
],
"statistics": {
"total_events": 3,
"copy_events": 2,
"paste_events": 1,
"suspicious_events": 1
},
"source": "database"
}GET
/api/v1/pastejacking/{scan_id}Get Pastejacking Detections
Get pastejacking attack detections for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to retrieve pastejacking detections for |
Response
{
"scan_id": "string",
"detections": [
{
"detection_type": "string",
"severity": "string",
"description": "string",
"technical_details": "object",
"affected_element": "string",
"mitigation_advice": "string",
"detected_at": "string"
}
],
"detection_count": "integer",
"max_severity": "string",
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/pastejacking/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"detections": [
{
"detection_type": "hidden_payload",
"severity": "critical",
"description": "Hidden malicious content detected in DIV element",
"technical_details": {
"content": "powershell -NoProfile -ExecutionPolicy Bypass",
"tag": "DIV",
"visibility": "hidden",
"opacity": "0"
},
"affected_element": "div.hidden-command",
"mitigation_advice": "Avoid copying text from this page as it may contain hidden malicious content",
"detected_at": "2025-08-20T16:30:00.000Z"
},
{
"detection_type": "fake_modal",
"severity": "high",
"description": "Suspicious modal detected with pattern: /windows?\\s*\\+\\s*r/i",
"technical_details": {
"text": "Press Windows+R to verify",
"zIndex": "9999",
"position": "fixed"
},
"mitigation_advice": "Be cautious of verification prompts asking you to copy/paste commands",
"detected_at": "2025-08-20T16:30:00.000Z"
}
],
"detection_count": 2,
"max_severity": "critical",
"source": "database"
}GET
/api/v1/search/clipboard/suspiciousSearch Suspicious Clipboard
Search for suspicious clipboard activity patterns across all scans
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
pattern | string | Optional | Pattern to search in suspicious clipboard events |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"event_count": "integer",
"suspicious_reason": "string",
"scan_timestamp": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/clipboard/suspicious?pattern=powershell&page=1"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://malicious-site.com",
"event_count": 5,
"suspicious_reason": "Contains potentially malicious command patterns",
"scan_timestamp": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 8,
"pages": 1
}
}GET
/api/v1/technologies/searchSearch Technologies
Search for technologies by name or category with full-text search support
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
q | string | Optional | Search term for technology name (supports partial matching) |
category | string | Optional | Filter by category (e.g., "CMS", "Web Framework", "JavaScript Library") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"name": "string",
"category": "string",
"occurrence_count": "integer",
"first_seen": "string",
"last_seen": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/search?q=wordpress&category=CMS"Response
{
"results": [
{
"name": "WordPress",
"category": "CMS",
"occurrence_count": 45,
"first_seen": "2025-08-01T10:00:00.000Z",
"last_seen": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 1,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/technologies/popularPopular Technologies
Get the most frequently detected technologies
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
time_period | string | Optional | Time period: "24h", "7d", "30d", or "all" (default: "all") |
category | string | Optional | Filter by category |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"time_period": "string",
"results": [
{
"name": "string",
"category": "string",
"occurrence_count": "integer",
"percentage_of_scans": "number",
"last_seen": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/popular?time_period=7d&limit=5"Response
{
"time_period": "7d",
"results": [
{
"name": "jQuery",
"category": "JavaScript Library",
"occurrence_count": 234,
"percentage_of_scans": 45.2,
"last_seen": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 5,
"total_items": 150,
"total_pages": 30,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/technologies/combinations/{tech_name}Technology Combinations
Find technologies commonly used together with a specific technology
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
tech_name | string | Required | The technology name to find combinations for |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"base_technology": "string",
"total_occurrences": "integer",
"combinations": [
{
"technology": "string",
"category": "string",
"co_occurrence_count": "integer",
"percentage": "number"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/combinations/WordPress"Response
{
"base_technology": "WordPress",
"total_occurrences": 45,
"combinations": [
{
"technology": "MySQL",
"category": "Database",
"co_occurrence_count": 42,
"percentage": 93.3
},
{
"technology": "PHP",
"category": "Programming Language",
"co_occurrence_count": 45,
"percentage": 100.0
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 25,
"total_pages": 2,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/technologies/statsTechnology Statistics
Get aggregated statistics about detected technologies
Response
{
"total_unique_technologies": "integer",
"total_detections": "integer",
"scans_with_technologies": "integer",
"top_categories": [
{
"category": "string",
"count": "integer",
"percentage": "number"
}
],
"detection_trend_7d": "object",
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/stats"Response
{
"total_unique_technologies": 1250,
"total_detections": 45678,
"scans_with_technologies": 3456,
"top_categories": [
{
"category": "JavaScript Library",
"count": 12345,
"percentage": 27.0
},
{
"category": "Web Server",
"count": 8901,
"percentage": 19.5
}
],
"detection_trend_7d": {
"2025-08-14": 234,
"2025-08-15": 256,
"2025-08-16": 289,
"2025-08-17": 301,
"2025-08-18": 298,
"2025-08-19": 312,
"2025-08-20": 325
},
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/technologies/by-scan/{scan_id}Technologies by Scan
Get all technologies detected in a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"technologies": [
{
"name": "string",
"category": "string",
"confidence": "integer",
"version": "string | null"
}
],
"total_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/by-scan/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"technologies": [
{
"name": "WordPress",
"category": "CMS",
"confidence": 100,
"version": "6.3.1"
},
{
"name": "MySQL",
"category": "Database",
"confidence": 50,
"version": null
}
],
"total_count": 2
}GET
/api/v1/search/ip/{ip_address}Search by IP Address
Search for scans by IP address or partial IP (public scans only)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip_address | string | Required | IP address or partial IP to search for |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 50, max: 500) |
Response
{
"ip_address": "string",
"total_count": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string",
"ip_addresses": [
"string"
],
"primary_ip": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/ip/104.21.5.197"Response
{
"ip_address": "104.21.5.197",
"total_count": 3,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z",
"ip_addresses": ["104.21.5.197", "172.67.182.169"],
"primary_ip": "104.21.5.197"
}
],
"pagination": {
"page": 1,
"limit": 50,
"total_items": 3,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/search/semanticAI-Powered Visual Search
Search for visually similar websites using natural language queries and CLIP embeddings
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
query | string | Required | Natural language search query (e.g., "login page", "shopping cart", "news website") |
threshold | float | Optional | Similarity threshold (-1.0 to 1.0, default: -0.3). Lower values return more results |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"screenshot": "string",
"submitted_at": "string",
"scan_type": "string",
"similarity": "float",
"match_type": "string"
}
],
"total": "integer",
"page": "integer",
"limit": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/search/semantic?query=search+engine&threshold=-0.3&limit=5"Response
{
"results": [
{
"scan_id": "d0e3ae0a-e560-432a-af74-32777a6250f1",
"url": "https://google.com/",
"title": "Google",
"screenshot": "screenshots/d0e3ae0a-e560-432a-af74-32777a6250f1.png",
"submitted_at": "2025-08-31T10:30:00.000Z",
"scan_type": "public",
"similarity": -0.21,
"match_type": "visual"
},
{
"scan_id": "7d5a8b9c-1234-5678-90ab-cdef12345678",
"url": "https://www.baidu.com/",
"title": "百度一下,你就知道",
"screenshot": "screenshots/7d5a8b9c-1234-5678-90ab-cdef12345678.png",
"submitted_at": "2025-08-30T14:20:00.000Z",
"scan_type": "public",
"similarity": -0.22,
"match_type": "visual"
}
],
"total": 66,
"page": 1,
"limit": 5
}GET
/api/v1/cpe/search/{cpe_pattern}Search CPE Records
Search for Common Platform Enumeration (CPE) records by product, version, or vendor
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cpe_pattern | string | Required | CPE search pattern (e.g., "nginx", "apache:2.4", "gunicorn:19.9.0") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"pattern": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"title": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"cpe": "string",
"source": "string",
"detected_at": "string"
}
],
"pagination": {
"page": "integer",
"limit": "integer",
"total": "integer",
"pages": "integer"
}
}Example
Request
curl "https://scanmalware.com/api/v1/cpe/search/nginx:1.24"Response
{
"pattern": "nginx:1.24",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"final_url": "https://example.com",
"title": "Example Site",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-09-01T10:00:00.000000",
"cpe": "cpe:2.3:a:nginx:nginx:1.24.0:*:*:*:*:*:*:*",
"source": "server_header",
"detected_at": "2025-09-01T10:00:30.000000+00:00"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 5,
"pages": 1
}
}GET
/api/v1/cpe/statsCPE Statistics
Get global CPE detection statistics
Response
{
"total_cpes": "integer",
"unique_products": "integer",
"unique_vendors": "integer",
"most_common_cpes": [
{
"cpe": "string",
"vendor": "string",
"product": "string",
"version": "string",
"count": "integer"
}
],
"recent_detections": [
{
"cpe": "string",
"detected_at": "string",
"scan_id": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/cpe/stats"Response
{
"total_cpes": 1523,
"unique_products": 89,
"unique_vendors": 45,
"most_common_cpes": [
{
"cpe": "cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*",
"vendor": "nginx",
"product": "nginx",
"version": "*",
"count": 234
},
{
"cpe": "cpe:2.3:a:apache:http_server:2.4:*:*:*:*:*:*:*",
"vendor": "apache",
"product": "http_server",
"version": "2.4",
"count": 189
}
],
"recent_detections": [
{
"cpe": "cpe:2.3:a:wordpress:wordpress:6.7.3:*:*:*:*:*:*:*",
"detected_at": "2025-09-03T14:00:00.000000+00:00",
"scan_id": "abc123de-f456-7890-abcd-ef1234567890"
}
]
}GET
/api/v1/cpe/{scan_id}Get CPEs for Scan
Get all CPE records detected in a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to get CPEs for |
Response
{
"scan_id": "string",
"cpes": [
{
"cpe": "string",
"vendor": "string",
"product": "string",
"version": "string",
"source": "string",
"detected_at": "string"
}
],
"total_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/cpe/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"cpes": [
{
"cpe": "cpe:2.3:a:nginx:nginx:1.24.0:*:*:*:*:*:*:*",
"vendor": "nginx",
"product": "nginx",
"version": "1.24.0",
"source": "server_header",
"detected_at": "2025-09-01T10:00:30.000000+00:00"
},
{
"cpe": "cpe:2.3:a:openssl:openssl:3.0.2:*:*:*:*:*:*:*",
"vendor": "openssl",
"product": "openssl",
"version": "3.0.2",
"source": "server_header",
"detected_at": "2025-09-01T10:00:30.000000+00:00"
}
],
"total_count": 2
}GET
/api/v1/domain/stats/{domain}Domain Statistics
Get detailed statistics for a specific domain including scan history and threat analysis
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get statistics for (e.g., "example.com") |
Response
{
"domain": "string",
"total_scans": "integer",
"first_seen": "string",
"last_seen": "string",
"scan_types": {
"public": "integer",
"unlisted": "integer",
"private": "integer"
},
"status_breakdown": {
"completed": "integer",
"failed": "integer",
"processing": "integer"
},
"risk_levels": {
"safe": "integer",
"low": "integer",
"medium": "integer",
"high": "integer",
"malicious": "integer"
}
}Example
Request
curl "https://scanmalware.com/api/v1/domain/stats/example.com"Response
{
"domain": "example.com",
"total_scans": 45,
"first_seen": "2025-01-15T10:00:00.000Z",
"last_seen": "2025-09-08T16:30:00.000Z",
"scan_types": {
"public": 40,
"unlisted": 4,
"private": 1
},
"status_breakdown": {
"completed": 42,
"failed": 2,
"processing": 1
},
"risk_levels": {
"safe": 38,
"low": 3,
"medium": 1,
"high": 0,
"malicious": 0
}
}GET
/api/v1/domain/history/{domain}Domain Scan History
Get the complete scan history for a specific domain with detailed timeline
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get history for |
limit | integer | Optional | Number of results (default: 100) |
offset | integer | Optional | Offset for pagination (default: 0) |
Response
{
"domain": "string",
"history": [
{
"scan_id": "string",
"url": "string",
"submitted_at": "string",
"completed_at": "string",
"status": "string",
"scan_type": "string",
"risk_score": "integer",
"title": "string"
}
],
"total_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/domain/history/example.com?limit=10"Response
{
"domain": "example.com",
"history": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"submitted_at": "2025-09-08T16:30:00.000Z",
"completed_at": "2025-09-08T16:30:15.000Z",
"status": "completed",
"scan_type": "public",
"risk_score": 95,
"title": "Example Domain"
}
],
"total_count": 45
}GET
/api/v1/ai/{scan_id}AI Security Analysis
Get AI-powered security analysis results for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to get AI analysis for |
Response
{
"scan_id": "string",
"analysis": {
"classification": "string",
"confidence": "number",
"risk_level": "string",
"scam_type": "string | null",
"evidence": "array",
"recommendations": "array",
"risk_factors": "array",
"safety_factors": "array"
},
"created_at": "string",
"model_version": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"analysis": {
"classification": "legitimate",
"confidence": 0.95,
"risk_level": "low",
"scam_type": null,
"evidence": [
"Valid SSL certificate",
"Known legitimate domain",
"No suspicious patterns detected"
],
"recommendations": [
"Site appears safe for general use"
],
"risk_factors": [],
"safety_factors": [
"HTTPS enabled",
"Valid certificate chain",
"Established domain age"
]
},
"created_at": "2025-09-08T16:31:00.000Z",
"model_version": "gpt-oss-120b"
}GET
/api/v1/ai/statsAI Analysis Statistics
Get global statistics for AI-powered security analysis
Response
{
"total_analyses": "integer",
"classifications": {
"legitimate": "integer",
"suspicious": "integer",
"malicious": "integer",
"phishing": "integer",
"scam": "integer"
},
"average_confidence": "number",
"scam_types_detected": "object",
"model_performance": {
"average_processing_time_ms": "number",
"success_rate": "number"
}
}Example
Request
curl "https://scanmalware.com/api/v1/ai/stats"Response
{
"total_analyses": 1523,
"classifications": {
"legitimate": 1200,
"suspicious": 150,
"malicious": 73,
"phishing": 65,
"scam": 35
},
"average_confidence": 0.87,
"scam_types_detected": {
"tech_support": 15,
"fake_shopping": 10,
"crypto_scam": 8,
"romance_scam": 2
},
"model_performance": {
"average_processing_time_ms": 2500,
"success_rate": 0.98
}
}GET
/api/v1/ai/search/classificationSearch by AI Classification
Search for scans by AI classification type
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
classification | string | Required | Classification type: LEGITIMATE, LOW_RISK, MODERATE_RISK, HIGH_RISK, or CONFIRMED_SCAM |
limit | integer | Optional | Maximum results (1-1000, default: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"classification": "string",
"confidence": "number",
"risk_level": "string",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/search/classification?classification=HIGH_RISK&limit=10"Response
{
"results": [
{
"scan_id": "abc123de-f456-7890-abcd-ef1234567890",
"url": "https://suspicious-site.com",
"classification": "phishing",
"confidence": 0.92,
"risk_level": "high",
"submitted_at": "2025-09-08T14:00:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 65,
"pages": 4
}
}GET
/api/v1/ai/search/high-riskSearch High-Risk AI Detections
Find scans with high-risk AI security assessments
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
min_risk_score | integer | Optional | Minimum risk score (0-10, default: 7) |
min_confidence | integer | Optional | Minimum confidence level (0-100, default: 70) |
limit | integer | Optional | Maximum results (1-1000, default: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"risk_score": "integer",
"classification": "string",
"risk_factors": "array",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/search/high-risk?min_risk_score=7&min_confidence=70&limit=10"Response
{
"results": [
{
"scan_id": "xyz789ab-cdef-0123-4567-890abcdef123",
"url": "https://malicious-site.com",
"risk_score": 92,
"classification": "malicious",
"risk_factors": [
"Known malware distribution",
"Suspicious JavaScript patterns",
"Fake login form detected"
],
"submitted_at": "2025-09-08T15:00:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 73,
"pages": 4
}
}GET
/api/v1/ai/search/scam-typeSearch by Scam Type
Search for scans by specific scam type detected by AI
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scam_type | string | Required | Scam type to search for (e.g., "tech_support", "fake_shopping", "crypto_scam") |
limit | integer | Optional | Maximum results (1-1000, default: 100) |
Response
{
"scam_type": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"scam_type": "string",
"confidence": "number",
"description": "string",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/search/scam-type?scam_type=tech_support"Response
{
"scam_type": "tech_support",
"results": [
{
"scan_id": "def456gh-ijkl-7890-mnop-qrs123456789",
"url": "https://fake-microsoft-support.com",
"scam_type": "tech_support",
"confidence": 0.94,
"description": "Fake Microsoft tech support scam with phone number",
"submitted_at": "2025-09-08T12:00:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 15,
"pages": 1
}
}GET
/api/v1/safe-browsing/{scan_id}Google Safe Browsing Results
Get Google Safe Browsing threat detection results for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to get Safe Browsing results for |
Response
{
"scan_id": "string",
"threats": [
{
"threat_type": "string",
"platform_type": "string",
"threat_entry_type": "string",
"url": "string",
"cache_duration": "string"
}
],
"checked_at": "string",
"threat_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/safe-browsing/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"threats": [
{
"threat_type": "SOCIAL_ENGINEERING",
"platform_type": "ANY_PLATFORM",
"threat_entry_type": "URL",
"url": "https://phishing-site.com",
"cache_duration": "300s"
}
],
"checked_at": "2025-09-08T16:30:30.000Z",
"threat_count": 1
}GET
/api/v1/safe-browsing/statsSafe Browsing Statistics
Get global Google Safe Browsing detection statistics
Response
{
"total_checks": "integer",
"threats_detected": "integer",
"threat_types": {
"MALWARE": "integer",
"SOCIAL_ENGINEERING": "integer",
"UNWANTED_SOFTWARE": "integer",
"POTENTIALLY_HARMFUL_APPLICATION": "integer"
},
"detection_rate": "number",
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/safe-browsing/stats"Response
{
"total_checks": 5234,
"threats_detected": 423,
"threat_types": {
"MALWARE": 156,
"SOCIAL_ENGINEERING": 189,
"UNWANTED_SOFTWARE": 67,
"POTENTIALLY_HARMFUL_APPLICATION": 11
},
"detection_rate": 0.081,
"last_updated": "2025-09-08T16:30:00.000Z"
}GET
/api/v1/similar/visual/{scan_id}Visual Similarity Search
Find visually similar websites based on a specific scan using CLIP embeddings
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to find similar sites for |
threshold | float | Optional | Similarity threshold (-1.0 to 1.0, default: -0.3) |
limit | integer | Optional | Maximum results (default: 20, max: 100) |
Response
{
"source_scan": {
"scan_id": "string",
"url": "string",
"title": "string"
},
"similar_sites": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"similarity": "float",
"screenshot": "string",
"submitted_at": "string"
}
],
"total_found": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/similar/visual/123e4567-e89b-12d3-a456-426614174000?threshold=-0.25"Response
{
"source_scan": {
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain"
},
"similar_sites": [
{
"scan_id": "abc789de-f012-3456-7890-abcdef123456",
"url": "https://similar-example.com",
"title": "Similar Example Site",
"similarity": -0.18,
"screenshot": "screenshots/abc789de-f012-3456-7890-abcdef123456.png",
"submitted_at": "2025-09-07T10:00:00.000Z"
}
],
"total_found": 5
}GET
/api/v1/embeddings/statsEmbeddings Statistics
Get statistics about CLIP embeddings and visual search capabilities
Response
{
"total_embeddings": "integer",
"embedding_dimension": "integer",
"model_version": "string",
"processing_stats": {
"average_processing_time_ms": "number",
"success_rate": "number"
},
"coverage": {
"scans_with_embeddings": "integer",
"percentage": "number"
},
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/embeddings/stats"Response
{
"total_embeddings": 4532,
"embedding_dimension": 512,
"model_version": "openai/clip-vit-base-patch32",
"processing_stats": {
"average_processing_time_ms": 450,
"success_rate": 0.96
},
"coverage": {
"scans_with_embeddings": 4532,
"percentage": 92.3
},
"last_updated": "2025-09-08T16:30:00.000Z"
}GET
/api/v1/rdap/{scan_id}RDAP/WHOIS Information
Get domain registration information including domain age and registrar details
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"domain_age": {
"days": "integer",
"category": "string",
"risk_multiplier": "number",
"registration_date": "string"
},
"rdap_data": {
"domain": "string",
"registrar": "string",
"created_date": "string",
"expiry_date": "string",
"updated_date": "string",
"nameservers": "array"
}
}Example
Request
curl "https://scanmalware.com/api/v1/rdap/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"domain_age": {
"days": 8500,
"category": "WELL_ESTABLISHED",
"risk_multiplier": 1.0,
"registration_date": "2002-08-14"
},
"rdap_data": {
"domain": "example.com",
"registrar": "RESERVED-Internet Assigned Numbers Authority",
"created_date": "1995-08-14T04:00:00Z",
"expiry_date": "2025-08-13T04:00:00Z",
"updated_date": "2024-08-14T07:01:31Z",
"nameservers": ["a.iana-servers.net", "b.iana-servers.net"]
}
}GET
/api/v1/tls/{scan_id}TLS Certificate Analysis
Get comprehensive TLS/SSL certificate analysis including validity, security analysis, Certificate Transparency data, and CAA validation
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"subject_common_name": "string",
"subject_organization": "string",
"issuer_common_name": "string",
"issuer_organization": "string",
"not_before": "string",
"not_after": "string",
"is_valid": "boolean",
"is_expired": "boolean",
"days_until_expiry": "integer",
"validity_period_days": "integer",
"key_algorithm": "string",
"key_size": "integer",
"fingerprint_sha256": "string",
"is_self_signed": "boolean",
"is_wildcard": "boolean",
"is_lets_encrypt": "boolean",
"sans": {
"dns_names": "array",
"wildcards": "array",
"risk_score": "integer"
},
"security_analysis": {
"findings": "array",
"warnings": "array"
},
"risk_score": "integer",
"is_in_ct_logs": "boolean",
"ct_certificate_count": "integer",
"has_caa_records": "boolean",
"caa_compliant": "boolean",
"processing_time_ms": "integer",
"created_at": "string (ISO 8601 timestamp)"
}Example
Request
curl "https://scanmalware.com/api/v1/tls/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"subject_common_name": "secure.example.com",
"subject_organization": "Example Corp",
"issuer_common_name": "GeoTrust RSA CA 2018",
"issuer_organization": "DigiCert Inc",
"not_before": "2025-01-01T00:00:00+00:00",
"not_after": "2026-01-01T23:59:59+00:00",
"is_valid": true,
"is_expired": false,
"days_until_expiry": 245,
"validity_period_days": 365,
"key_algorithm": "RSA",
"key_size": 2048,
"fingerprint_sha256": "e070c3e6c13e9519d5501ee53129d3cdc5d5f305...",
"is_self_signed": false,
"is_wildcard": false,
"is_lets_encrypt": false,
"sans": {
"dns_names": ["secure.example.com", "www.example.com"],
"wildcards": [],
"risk_score": 0
},
"security_analysis": {
"findings": ["Certificate is valid", "Strong key size (2048 bits)"],
"warnings": []
},
"risk_score": 5,
"is_in_ct_logs": true,
"ct_certificate_count": 42,
"has_caa_records": true,
"caa_compliant": true,
"processing_time_ms": 1234,
"created_at": "2025-11-03T10:30:00.000000"
}GET
/api/v1/tls/{scan_id}/asn1TLS Certificate ASN.1 Structure
Get the raw ASN.1 (Abstract Syntax Notation One) structure of the TLS/SSL certificate. Returns detailed parsed structure and human-readable dump of all certificate fields, extensions, and encoded values.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"asn1_structure": {
"version": "string",
"serial_number": "string",
"signature_algorithm": {
"algorithm": "string (OID)",
"parameters": "string | null"
},
"issuer": "object",
"validity": {
"not_before": "string (ISO 8601)",
"not_after": "string (ISO 8601)"
},
"subject": "object",
"subject_public_key_info": {
"algorithm": "string (OID)",
"parameters": "string | null",
"public_key_size": "integer"
},
"extensions": "array of objects",
"signature_value_size": "integer"
},
"raw_asn1_dump": "string (formatted text)"
}Example
Request
curl "https://scanmalware.com/api/v1/tls/123e4567-e89b-12d3-a456-426614174000/asn1"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"asn1_structure": {
"version": "v3",
"serial_number": "227830333772454795620750445496253172213",
"signature_algorithm": {
"algorithm": "1.2.840.10045.4.3.2",
"parameters": null
},
"issuer": {
"country": "GB",
"organization": "Sectigo Limited",
"common_name": "Sectigo ECC Domain Validation Secure Server CA"
},
"validity": {
"not_before": "2025-02-05T00:00:00+00:00",
"not_after": "2026-02-05T23:59:59+00:00"
},
"subject": {
"common_name": "example.com"
},
"subject_public_key_info": {
"algorithm": "1.2.840.10045.2.1",
"parameters": null,
"public_key_size": 520
},
"extensions": [
{
"extn_id": "2.5.29.17",
"extn_name": "2.5.29.17",
"critical": false,
"extn_value": ["example.com", "www.example.com"]
}
],
"signature_value_size": 560
},
"raw_asn1_dump": "Certificate:\n Version: v3\n Serial Number: 227830333772454795620750445496253172213\n ..."
}GET
/api/v1/malware/{scan_id}Malware Detection Results
Get malware scan results including detected threats and infected resources
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"statistics": {
"total_resources": "integer",
"threats_detected": "integer",
"unique_threats": "integer",
"avg_scan_time": "number",
"total_bytes_scanned": "integer"
},
"resources": "array",
"threat_count": "integer",
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/malware/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"statistics": {
"total_resources": 45,
"threats_detected": 2,
"unique_threats": 2,
"avg_scan_time": 0.125,
"total_bytes_scanned": 2456789
},
"resources": [
{
"url": "https://malicious-site.com/script.js",
"content_hash": "abc123...",
"content_type": "application/javascript",
"threat_detected": true,
"threat_name": "JS/Trojan.Agent",
"scan_time": 0.089
}
],
"threat_count": 2,
"source": "clamav"
}GET
/api/v1/malware/threats/recentRecent Malware Threats
Get recently detected malware threats across all public scans
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
limit | integer | Optional | Number of results (default: 20, max: 100) |
Response
{
"threats": [
{
"scan_id": "string",
"url": "string",
"threat_name": "string",
"content_type": "string",
"detected_at": "string",
"scan_url": "string"
}
],
"total_threats": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/malware/threats/recent?limit=5"Response
{
"threats": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://infected-site.com/malware.js",
"threat_name": "JS/Phishing.Gen",
"content_type": "application/javascript",
"detected_at": "2025-09-19T10:30:00Z",
"scan_url": "https://infected-site.com"
}
],
"total_threats": 152
}GET
/api/v1/malware/statsMalware Detection Statistics
Get overall malware scanning statistics across the platform
Response
{
"total_scans_with_malware": "integer",
"total_malware_detections": "integer",
"unique_threats": "integer",
"most_common_threats": "array",
"detection_rate": "number",
"last_detection": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/malware/stats"Response
{
"total_scans_with_malware": 342,
"total_malware_detections": 1526,
"unique_threats": 89,
"most_common_threats": [
{"name": "JS/Phishing.Gen", "count": 234},
{"name": "Trojan.Generic", "count": 156},
{"name": "PUA.CoinMiner", "count": 98}
],
"detection_rate": 0.0234,
"last_detection": "2025-09-19T10:30:00Z"
}GET
/api/v1/reports/{scan_id}Get Scan Reports
Retrieve user-submitted reports for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
report_type | string | Optional | Filter by report type (safe, phishing, malware, etc.) |
Response
{
"scan_id": "string",
"reports": [
{
"id": "integer",
"report_type": "string",
"report_details": "string",
"created_at": "string",
"status": "string"
}
],
"total_reports": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/reports/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"reports": [
{
"id": 1,
"report_type": "phishing",
"report_details": "Category: Phishing & Credential Theft, Type: credential_harvesting",
"created_at": "2025-09-19T10:30:00Z",
"status": "pending"
}
],
"total_reports": 1
}GET
/api/v1/analyzers/{scan_id}Get Analyzer Results
Get security analyzer results for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"risk_score": "integer",
"classification": "string",
"verdict": "string",
"risk_factors": "array",
"safety_factors": "array",
"confidence_percentage": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/analyzers/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"risk_score": 85,
"classification": "MALICIOUS",
"verdict": "High risk phishing site detected",
"risk_factors": [
"Suspicious login form",
"Recently registered domain",
"Known phishing kit detected"
],
"safety_factors": [],
"confidence_percentage": 92
}GET
/api/v1/analyzers/search/high-riskSearch High-Risk Scans
Search for scans with high security risk scores
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
min_risk_score | integer | Optional | Minimum risk score (0-100, default: 50) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"risk_score": "integer",
"classification": "string",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/analyzers/search/high-risk?min_risk_score=75&limit=10"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://phishing-site.com",
"risk_score": 92,
"classification": "MALICIOUS",
"submitted_at": "2025-09-19T10:30:00Z"
}
],
"pagination": {
"page": 1,
"limit": 10,
"total_items": 47,
"total_pages": 5
}
}GET
/api/v1/analyzers/stats/overviewAnalyzer Statistics Overview
Get overall statistics from security analyzers
Response
{
"total_analyzed": "integer",
"classifications": {
"legitimate": "integer",
"suspicious": "integer",
"malicious": "integer"
},
"average_risk_score": "number",
"high_risk_count": "integer",
"last_analyzed": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/analyzers/stats/overview"Response
{
"total_analyzed": 15234,
"classifications": {
"legitimate": 12456,
"suspicious": 1892,
"malicious": 886
},
"average_risk_score": 23.4,
"high_risk_count": 342,
"last_analyzed": "2025-09-19T10:45:00Z"
}GET
/api/v1/ioc/{scan_id}IoC Threat Intelligence
Get Indicators of Compromise (IoC) matches for IPs and domains in scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"scan_status": "string",
"submitted_at": "string",
"summary": {
"total_matches": "integer",
"unique_indicators": "integer",
"ip_matches": "integer",
"domain_matches": "integer",
"threat_types": "array",
"has_threats": "boolean"
},
"matches": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/ioc/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"scan_status": "completed",
"submitted_at": "2025-09-19T10:00:00Z",
"summary": {
"total_matches": 2,
"unique_indicators": 2,
"ip_matches": 1,
"domain_matches": 1,
"threat_types": ["phishing", "malware"],
"has_threats": true
},
"matches": [
{
"indicator": "192.168.1.100",
"indicator_type": "ip",
"threat_type": "malware",
"sources": ["abuse.ch", "blocklist.de"],
"context": {
"found_in": "network_request",
"location": "https://example.com/api/track"
}
}
]
}GET
/api/v1/ct/{domain}Certificate Transparency Logs
Get SSL/TLS certificates for a domain from Certificate Transparency logs
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to search (e.g., "example.com") |
Response
{
"domain": "string",
"certificates": [
{
"hash": "string",
"timestamp": "string",
"log": "string",
"issuer": "string",
"subject": "string",
"san": "array"
}
],
"total": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/ct/example.com"Response
{
"domain": "example.com",
"certificates": [
{
"hash": "abc123def456...",
"timestamp": "2025-09-19T10:00:00Z",
"log": "Google 'Argon2023' log",
"issuer": "DigiCert Inc",
"subject": "CN=*.example.com",
"san": ["*.example.com", "example.com"]
}
],
"total": 45
}GET
/api/v1/ct/similar/{domain}Similar Domain Certificates
Find certificates for similar or related domains (typosquatting detection)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The base domain to find similar domains for |
Response
{
"domain": "string",
"similar_domains": [
{
"domain": "string",
"similarity_score": "number",
"certificates_count": "integer",
"first_seen": "string",
"last_seen": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/ct/similar/example.com"Response
{
"domain": "example.com",
"similar_domains": [
{
"domain": "examp1e.com",
"similarity_score": 0.92,
"certificates_count": 2,
"first_seen": "2025-08-15T10:00:00Z",
"last_seen": "2025-09-19T10:00:00Z"
},
{
"domain": "example-com.net",
"similarity_score": 0.85,
"certificates_count": 1,
"first_seen": "2025-09-01T10:00:00Z",
"last_seen": "2025-09-01T10:00:00Z"
}
]
}GET
/api/v1/ct/dns/{domain}DNS History from Certificates
Get DNS history and subdomains discovered via Certificate Transparency
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get DNS history for |
Response
{
"domain": "string",
"subdomains": "array",
"dns_history": [
{
"hostname": "string",
"first_seen": "string",
"last_seen": "string",
"certificate_count": "integer"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/ct/dns/example.com"Response
{
"domain": "example.com",
"subdomains": [
"www.example.com",
"api.example.com",
"blog.example.com",
"mail.example.com"
],
"dns_history": [
{
"hostname": "www.example.com",
"first_seen": "2020-01-15T10:00:00Z",
"last_seen": "2025-09-19T10:00:00Z",
"certificate_count": 24
}
]
}GET
/api/v1/ct/ip/{ip}Certificates by IP Address
Find all certificates associated with an IP address
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip | string | Required | The IP address to search |
Response
{
"ip": "string",
"domains": [
{
"domain": "string",
"certificate_hash": "string",
"timestamp": "string",
"issuer": "string"
}
],
"total_certificates": "integer",
"unique_domains": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/ct/ip/93.184.216.34"Response
{
"ip": "93.184.216.34",
"domains": [
{
"domain": "example.com",
"certificate_hash": "abc123...",
"timestamp": "2025-09-19T10:00:00Z",
"issuer": "DigiCert Inc"
}
],
"total_certificates": 15,
"unique_domains": 3
}GET
/api/v1/ct/timeline/{domain}Certificate Timeline
Get chronological timeline of certificate issuance for a domain
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get timeline for |
days | integer | Optional | Number of days to look back (default: 365) |
Response
{
"domain": "string",
"timeline": [
{
"date": "string",
"certificate_count": "integer",
"issuers": "array",
"events": [
{
"timestamp": "string",
"issuer": "string",
"certificate_hash": "string",
"san_count": "integer"
}
]
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/ct/timeline/example.com?days=30"Response
{
"domain": "example.com",
"timeline": [
{
"date": "2025-09-19",
"certificate_count": 2,
"issuers": ["DigiCert Inc", "Let's Encrypt"],
"events": [
{
"timestamp": "2025-09-19T10:00:00Z",
"issuer": "DigiCert Inc",
"certificate_hash": "abc123...",
"san_count": 2
}
]
}
]
}GET
/api/v1/jsfingerprints/search/sha256/{hash}SHA-256 Hash Search
Find JavaScript files by exact SHA-256 content hash across all public scans. Returns scan metadata, script URLs, library info, and bundler detection.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash | string | Required | SHA-256 hash (64 hex characters) |
limit | number | Optional | Results per page (default: 50, max: 100) |
offset | number | Optional | Results offset for pagination (default: 0) |
Response
{
"results": "array",
"total": "number",
"page": "number",
"limit": "number",
"search_type": "string",
"search_value": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/sha256/e53fe6c4418eb46bbcd746c2005a5da9eedadaf300140b785fb4439e7b6c2265"Response
{
"results": [
{
"scan_id": "36997043-335a-41d0-a05b-278a79ce1711",
"url": "https://replay.dropbox.com/share/fGmMDLwyzDTGxPY8",
"scanned_at": "2025-11-05T02:27:14.999Z",
"script_url": "https://cfl.dropboxstatic.com/static/metaserver/static/pithos/privacy_consent.bundle-vfllUpJjP.js",
"library_name": "react",
"library_version": null,
"bundler_type": "unknown",
"content_sha256": "e53fe6c4418eb46bbcd746c2005a5da9eedadaf300140b785fb4439e7b6c2265"
}
],
"total": 1,
"page": 1,
"limit": 50,
"search_type": "sha256",
"search_value": "e53fe6c4418eb46bbcd746c2005a5da9eedadaf300140b785fb4439e7b6c2265"
}GET
/api/v1/jsfingerprints/search/normalized/{hash}Normalized Hash Search
Search by normalized content hash (whitespace-independent). Finds functionally identical code with different formatting across all public scans.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash | string | Required | Normalized SHA-256 hash (64 hex characters) |
limit | number | Optional | Results per page (default: 50, max: 100) |
offset | number | Optional | Results offset for pagination (default: 0) |
Response
{
"results": "array",
"total": "number",
"page": "number",
"limit": "number",
"search_type": "string",
"search_value": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/normalized/bd6ebc7a6b5a920a34ff16367d8dcf2ee0a83e625486f282d4ca76de03275fe7"Response
{
"results": [
{
"scan_id": "264b4023-0bdf-4be4-96a3-ca8f49d6cca2",
"url": "https://example.com/page",
"scanned_at": "2025-11-05T02:19:33.760Z",
"script_url": "https://example.com/bundle.js",
"library_name": "vue",
"library_version": "3.2.0",
"bundler_type": "webpack",
"content_sha256": "abc123..."
}
],
"total": 370,
"page": 1,
"limit": 50,
"search_type": "normalized",
"search_value": "bd6ebc7a6b5a920a34ff16367d8dcf2ee0a83e625486f282d4ca76de03275fe7"
}GET
/api/v1/jsfingerprints/search/fuzzy/{fuzzy_hash}Fuzzy Hash Search
Search JavaScript files by SSDEEP fuzzy hash across all public scans. Fuzzy hashing allows finding similar code even with modifications, making it ideal for detecting malware variants and modified scripts.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
fuzzy_hash | string | Required | SSDEEP fuzzy hash (e.g., "96:aBcDeFgHiJkLmNoPqRs") |
limit | number | Optional | Results per page (default: 50, max: 100) |
offset | number | Optional | Results offset for pagination (default: 0) |
Response
{
"results": "array",
"total": "number",
"page": "number",
"limit": "number",
"search_type": "string",
"search_value": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/fuzzy/96:aBcDeFgHiJkLmNoPqRsTuVwXyZ"Response
{
"results": [
{
"scan_id": "550e8400-e29b-41d4-a716-446655440002",
"url": "https://suspicious-site.com/",
"scanned_at": "2025-09-17T08:30:00.000Z",
"script_url": "https://suspicious-site.com/variant1.js",
"library_name": null,
"library_version": null,
"bundler_type": "webpack",
"content_sha256": "abc123..."
}
],
"total": 2,
"page": 1,
"limit": 50,
"search_type": "fuzzy",
"search_value": "96:aBcDeFgHiJkLmNoPqRsTuVwXyZ"
}GET
/api/v1/jsfingerprints/search/library/{library}Library Search
Search JavaScript files by detected library name across all public scans. Returns all versions and occurrences of the specified library.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
library | string | Required | Library name (e.g., react, jquery, vue) |
limit | number | Optional | Results per page (default: 50, max: 100) |
offset | number | Optional | Results offset for pagination (default: 0) |
Response
{
"results": "array",
"total": "number",
"page": "number",
"limit": "number",
"search_type": "string",
"search_value": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/library/react?limit=5"Response
{
"results": [
{
"scan_id": "36997043-335a-41d0-a05b-278a79ce1711",
"url": "https://example.com/app",
"scanned_at": "2025-11-05T02:27:14.999Z",
"script_url": "https://cdn.example.com/react.js",
"library_name": "react",
"library_version": "18.2.0",
"bundler_type": "webpack",
"content_sha256": "abc123..."
}
],
"total": 5039,
"page": 1,
"limit": 5,
"search_type": "library",
"search_value": "react"
}GET
/api/v1/jsfingerprints/search/library/{library}/version/{version}Library Version Search
Find specific library version usage across all public scans. Essential for tracking vulnerable library versions and CVE impact assessment.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
library | string | Required | Library name (e.g., jquery, react) |
version | string | Required | Library version (e.g., 3.0.0, 16.13.1) |
limit | number | Optional | Results per page (default: 50, max: 100) |
offset | number | Optional | Results offset for pagination (default: 0) |
Response
{
"results": "array",
"total": "number",
"page": "number",
"limit": "number",
"search_type": "string",
"search_value": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/library/jquery/version/3.0.0"Response
{
"results": [
{
"scan_id": "550e8400-e29b-41d4-a716-446655440004",
"url": "https://legacy-app.com/",
"scanned_at": "2025-09-19T09:15:00.000Z",
"script_url": "https://legacy-app.com/static/jquery.js",
"library_name": "jquery",
"library_version": "3.0.0",
"bundler_type": null,
"content_sha256": "def456..."
}
],
"total": 172,
"page": 1,
"limit": 50,
"search_type": "library_version",
"search_value": "jquery 3.0.0"
}GET
/api/v1/jsfingerprint/library-inventoryLibrary Version Inventory
Get comprehensive catalog of all detected JavaScript library versions with usage statistics and prevalence data. Useful for dependency tracking, version auditing, and understanding library adoption across scanned sites.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
library | string | Optional | Filter to specific library (e.g., "jquery", "react") |
min_count | number | Optional | Minimum fingerprint count (default: 10) |
Response
{
"library_filter": "string | null",
"min_count": "number",
"total_library_versions": "number",
"library_versions": "array",
"note": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprint/library-inventory?library=jquery&min_count=100"Response
{
"library_filter": "jquery",
"min_count": 100,
"total_library_versions": 12,
"library_versions": [
{
"library_name": "jquery",
"version": "3.7.1",
"fingerprint_count": 1200,
"unique_scans": 1191,
"first_seen": "2025-10-11T19:11:50.534385Z",
"last_seen": "2025-11-05T10:28:25.392293Z"
},
{
"library_name": "jquery",
"version": "1.12.0",
"fingerprint_count": 585,
"unique_scans": 584,
"first_seen": "2025-10-09T14:13:17.983428Z",
"last_seen": "2025-11-04T06:23:14.504652Z"
}
],
"note": "This endpoint returns version inventory only. For vulnerability detection, integrate with CVE databases (NVD, Snyk, etc.)."
}GET
/api/v1/jsfingerprint/cdn/{cdn_type}CDN Search
Analyze JavaScript files delivered via specific CDNs. Includes cache status breakdown, top domains, and unpinned script detection.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cdn_type | string | Required | CDN type (cloudflare, jsdelivr, unpkg, cdnjs, etc.) |
unpinned_only | boolean | Optional | Only show unpinned scripts (default: false) |
limit | number | Optional | Number of results (default: 20, max: 100) |
Response
{
"cdn_type": "string",
"total_scripts": "number",
"unique_scans": "number",
"cache_status_breakdown": "object",
"top_domains": "array",
"unpinned_scripts_count": "number",
"scripts": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprint/cdn/cloudflare?limit=5"Response
{
"cdn_type": "cloudflare",
"total_scripts": 595,
"unique_scans": 487,
"cache_status_breakdown": {
"HIT": 423,
"MISS": 89,
"DYNAMIC": 83
},
"top_domains": [
{"domain": "cdn.example.com", "count": 142},
{"domain": "static.site.com", "count": 89}
],
"unpinned_scripts_count": 234,
"scripts": [
{
"fingerprint_id": 12350,
"scan_id": "550e8400-e29b-41d4-a716-446655440005",
"script_url": "https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js",
"cache_status": "HIT",
"created_at": "2025-09-21T10:00:00.000Z"
}
]
}GET
/api/v1/jsfingerprint/server/{server_type}Server Type Search
Find JavaScript files served by specific server types. Includes HTTP header analysis for server fingerprinting.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
server_type | string | Required | Server type (nginx, apache, cloudflare, etc.) |
limit | number | Optional | Number of results (default: 20, max: 100) |
Response
{
"server_type": "string",
"total_scripts": "number",
"unique_scans": "number",
"scripts": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprint/server/nginx?limit=5"Response
{
"server_type": "nginx",
"total_scripts": 14804,
"unique_scans": 9872,
"scripts": [
{
"fingerprint_id": 12351,
"scan_id": "550e8400-e29b-41d4-a716-446655440006",
"script_url": "https://nginx-site.com/js/app.js",
"http_headers": {
"server": "nginx/1.21.0",
"content-type": "application/javascript"
},
"created_at": "2025-09-22T11:30:00.000Z"
}
]
}GET
/api/v1/jsfingerprint/obfuscatedObfuscation Search
Hunt for obfuscated JavaScript. Essential for malware detection. Supports score filtering, classification, and library exclusion.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
min_score | number | Optional | Minimum obfuscation score (0.0-1.0) |
max_score | number | Optional | Maximum obfuscation score (0.0-1.0) |
classification | string | Optional | Obfuscation type (packed, minified, encrypted) |
exclude_libraries | boolean | Optional | Exclude known libraries (default: false) |
per_page | number | Optional | Results per page (default: 20, max: 100) |
Response
{
"total_matches": "number",
"filters_applied": "object",
"scripts": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprint/obfuscated?min_score=0.7&per_page=5"Response
{
"total_matches": 1,
"filters_applied": {
"min_score": 0.7,
"exclude_libraries": false
},
"scripts": [
{
"fingerprint_id": 12352,
"scan_id": "550e8400-e29b-41d4-a716-446655440007",
"script_url": "https://suspicious.com/obfuscated.js",
"obfuscation_score": 0.87,
"obfuscation_classification": "packed",
"library_detected": null,
"created_at": "2025-09-23T13:45:00.000Z"
}
]
}GET
/api/v1/jsfingerprint/patternsPattern-Based Search
Advanced pattern detection for security research. Finds scripts without library detection, CDN mismatches, and high entropy content.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
no_library | boolean | Optional | Only show scripts with no library detected |
cdn_mismatch | boolean | Optional | CDN URL but no library detected |
high_entropy | boolean | Optional | High entropy scripts (entropy > 7.0) |
limit | number | Optional | Number of results (default: 20, max: 100) |
Response
{
"total_matches": "number",
"patterns_detected": "object",
"scripts": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprint/patterns?no_library=true&limit=5"Response
{
"total_matches": 3,
"patterns_detected": {
"no_library": true,
"cdn_mismatch": false,
"high_entropy": false
},
"scripts": [
{
"fingerprint_id": 12353,
"scan_id": "550e8400-e29b-41d4-a716-446655440008",
"script_url": "https://unknown-origin.com/script.js",
"library_detected": null,
"entropy": 7.2,
"obfuscation_score": 0.65,
"created_at": "2025-09-24T15:00:00.000Z"
}
]
}GET
/api/v1/jsfingerprints/search/bundler/{bundler}Bundler Search
Search JavaScript files by bundler type (webpack, rollup, vite, etc.) across all public scans. Useful for build tool analysis and dependency tracking.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
bundler | string | Required | Bundler type (webpack, rollup, parcel, vite, esbuild, etc.) |
limit | number | Optional | Results per page (default: 50, max: 100) |
offset | number | Optional | Results offset for pagination (default: 0) |
Response
{
"results": "array",
"total": "number",
"page": "number",
"limit": "number",
"search_type": "string",
"search_value": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/bundler/webpack?limit=5"Response
{
"results": [
{
"scan_id": "a62690d5-5596-4ea6-839c-a3875a7b676d",
"url": "https://app.example.com/",
"scanned_at": "2025-11-04T11:20:48.000Z",
"script_url": "https://app.example.com/dist/main.bundle.js",
"library_name": "react",
"library_version": "18.2.0",
"bundler_type": "webpack",
"content_sha256": "ghi789..."
}
],
"total": 3116,
"page": 1,
"limit": 5,
"search_type": "bundler",
"search_value": "webpack"
}POST
/api/v1/jsfingerprint/similar-by-hashML Similarity Search
Find similar JavaScript using machine learning for semantic code similarity. Useful for finding malware variants and related scripts.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
content_sha256 | string | Required | SHA-256 hash of target script |
threshold | number | Optional | Similarity threshold 0.0-1.0 (default: 0.8) |
limit | number | Optional | Maximum results (default: 10, max: 100) |
exclude_exact_matches | boolean | Optional | Exclude identical hashes (default: false) |
Response
{
"query_hash": "string",
"query_fingerprint_id": "number",
"threshold": "number",
"results_count": "number",
"similar_fingerprints": "array",
"similarity_interpretation": "object"
}Example
Request
curl -X POST "https://scanmalware.com/api/v1/jsfingerprint/similar-by-hash" \
-H "Content-Type: application/json" \
-d '{
"content_sha256": "817ab96b9d8ea9bfed8fe579563f06c1b3f84acf951b272cc7508e15a3e4cf10",
"threshold": 0.7,
"limit": 5
}'Response
{
"query_hash": "817ab96b9d8ea9bfed8fe579563f06c1b3f84acf951b272cc7508e15a3e4cf10",
"query_fingerprint_id": 12345,
"threshold": 0.7,
"results_count": 5,
"similar_fingerprints": [
{
"fingerprint_id": 12355,
"similarity": 0.94,
"scan_id": "550e8400-e29b-41d4-a716-446655440010",
"script_url": "https://variant.com/modified.js",
"content_sha256": "different_hash",
"library_detected": "custom",
"obfuscation_score": 0.45,
"created_at": "2025-09-26T17:30:00.000Z"
}
],
"similarity_interpretation": {
"0.95-1.0": "Near-identical code",
"0.85-0.95": "Strong similarity",
"0.7-0.85": "Moderate similarity",
"below_0.7": "Low similarity"
}
}GET
/api/v1/scans/{scan_id}/jsfingerprintsList JavaScript Fingerprints for Scan
Get all JavaScript fingerprints for a specific scan with comprehensive analysis data including hashes, metrics, library detection, bundle analysis, obfuscation detection, and more. Returns 91 fields of fingerprinting data across multiple categories.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
include_functions | boolean | Optional | Include full function list (default: false) |
include_http_headers | boolean | Optional | Include HTTP header data (default: true) |
include_vectors_info | boolean | Optional | Include ML vector availability (default: true) |
Response
{
"scan_id": "string",
"total_scripts": "integer",
"fingerprints_count": "integer",
"fingerprints": "array of fingerprint objects with hashes, metrics, ml_vectors, library_detection, copyright, functions, module_info, cdn_info, bundle_analysis, http_headers, obfuscation"
}Example
Request
curl "https://scanmalware.com/api/v1/scans/550e8400-e29b-41d4-a716-446655440000/jsfingerprints"Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"total_scripts": 5,
"fingerprints_count": 5,
"fingerprints": [
{
"id": 12345,
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"script_url": "https://example.com/app.js",
"hashes": {
"sha256": "817ab96b9d8ea9bfed8fe579563f06c1b3f84acf951b272cc7508e15a3e4cf10",
"normalized": "bd6ebc7a6b5a920a34ff16367d8dcf2ee0a83e625486f282d4ca76de03275fe7"
},
"metrics": {
"code_length": 45678,
"function_count": 234,
"complexity_score": 156
},
"library_detection": {
"detected": true,
"primary_library": "react",
"version": "18.2.0"
}
}
]
}GET
/api/v1/jsfingerprints/{fingerprint_id}Get Single JavaScript Fingerprint
Retrieve comprehensive analysis of a single JavaScript fingerprint by ID. Returns all 91 fields including 9 hash types, 12 code metrics, ML vector dimensions, library detection, copyright info, function analysis, module detection, CDN fingerprinting, bundle analysis, HTTP headers, and obfuscation metrics.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
fingerprint_id | integer | Required | Fingerprint ID |
include_functions | boolean | Optional | Include full function list (default: false) |
include_http_headers | boolean | Optional | Include HTTP header data (default: true) |
Response
{
"id": "integer",
"scan_id": "string",
"script_url": "string",
"hashes": "object with sha256, normalized, function_composite, fuzzy, string_set, call_graph, import_hash, export_hash, dependency",
"metrics": "object with code_length, function_count, complexity_score, ast metrics",
"ml_vectors": "object with availability flags and dimensions for semantic model A (768), semantic model B (768), AST (128), handcrafted (64), composite (1728)",
"library_detection": "object with detected, primary_library, version, confidence",
"copyright": "object with licenses, authors, version_from_header",
"functions": "object with function analysis",
"module_info": "object with module pattern, detected_modules",
"cdn_info": "object with cdn_type, is_cdn, cache data",
"bundle_analysis": "object with is_bundled, bundler_type, bundle_format",
"http_headers": "object with server, content_encoding, cache_control, CDN headers, CORS",
"obfuscation": "object with score, metrics, is_obfuscated, complexity"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/12345"Response
{
"id": 12345,
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"script_url": "https://example.com/app.js",
"hashes": {
"sha256": "817ab96b...",
"normalized": "bd6ebc7a...",
"fuzzy": "96:aBcD..."
},
"ml_vectors": {
"available": true,
"composite_vector_available": true,
"dimensions": {
"semantic_a": 768,
"semantic_b": 768,
"composite": 1728
}
}
}GET
/api/v1/jsfingerprints/{fingerprint_id}/similarFind Similar JavaScript Using ML
Find JavaScript files semantically similar to the given fingerprint using ML-powered vector similarity. Uses advanced semantic analysis with 1728-dimensional composite vectors combining multiple ML models, AST features, and code metrics. Perfect for malware variant detection and code reuse analysis.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
fingerprint_id | integer | Required | Fingerprint ID |
threshold | float | Optional | Minimum similarity score (0.0-1.0, default: 0.70) |
limit | integer | Optional | Maximum results (1-100, default: 10) |
exclude_same_scan | boolean | Optional | Exclude results from same scan (default: false) |
Response
{
"query_fingerprint_id": "integer",
"query_script_url": "string",
"threshold": "float",
"results_count": "integer",
"similar_fingerprints": "array of objects with fingerprint_id, script_url, similarity, scan_id, library_detected, code_length, function_count"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/12345/similar?threshold=0.80&limit=20"Response
{
"query_fingerprint_id": 12345,
"threshold": 0.80,
"results_count": 15,
"similar_fingerprints": [
{
"fingerprint_id": 12355,
"similarity": 0.94,
"script_url": "https://variant.com/modified.js",
"scan_id": "550e8400-e29b-41d4-a716-446655440010",
"library_detected": "custom",
"code_length": 45890
}
]
}GET
/api/v1/jsfingerprints/search/sha256/{hash_value}Search by SHA-256 (Detailed Results)
Search JavaScript fingerprints by exact SHA-256 hash. Alternative endpoint to /jsfingerprint/search/sha256 with detailed fingerprint metadata.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_value | string | Required | SHA-256 hash value |
limit | integer | Optional | Results per page (1-100, default: 50) |
offset | integer | Optional | Results offset (default: 0) |
Response
{
"results": "array of objects with scan_id, url, scanned_at, script_url, library_name, library_version, bundler_type, content_sha256",
"total": "integer",
"page": "integer",
"search_type": "string",
"search_value": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/sha256/817ab96b9d8ea9bfed8fe579563f06c1b3f84acf951b272cc7508e15a3e4cf10"Response
{
"results": [
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://example.com",
"scanned_at": "2025-11-23T10:30:00.000Z",
"script_url": "https://example.com/app.js",
"library_name": "react",
"library_version": "18.2.0"
}
],
"total": 42,
"search_type": "sha256"
}GET
/api/v1/jsfingerprints/search/normalized/{hash_value}Search by Normalized Hash (Detailed Results)
Search by normalized SHA-256 hash (whitespace-independent). Finds functionally identical code with different formatting.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_value | string | Required | Normalized SHA-256 hash value |
limit | integer | Optional | Results per page (1-100, default: 50) |
offset | integer | Optional | Results offset (default: 0) |
Response
{
"results": "array",
"total": "integer",
"search_type": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/normalized/bd6ebc7a6b5a920a34ff16367d8dcf2ee0a83e625486f282d4ca76de03275fe7"Response
{
"results": [...],
"total": 87,
"search_type": "normalized"
}GET
/api/v1/jsfingerprints/search/library/{library}Search by Library Name (Detailed Results)
Search JavaScript by detected library name. Returns all versions and occurrences.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
library | string | Required | Library name (e.g., jquery, react, vue) |
limit | integer | Optional | Results per page (1-100, default: 50) |
offset | integer | Optional | Results offset (default: 0) |
Response
{
"results": "array",
"total": "integer",
"search_type": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/library/jquery"Response
{
"results": [...],
"total": 1234,
"search_type": "library"
}GET
/api/v1/jsfingerprints/search/library/{library}/version/{version}Search by Library + Version (Detailed Results)
Find specific library version usage. Essential for tracking vulnerable versions and CVE impact.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
library | string | Required | Library name |
version | string | Required | Library version |
limit | integer | Optional | Results per page (1-100, default: 50) |
offset | integer | Optional | Results offset (default: 0) |
Response
{
"results": "array",
"total": "integer",
"search_type": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/library/jquery/version/3.6.0"Response
{
"results": [...],
"total": 567,
"search_type": "library_version"
}GET
/api/v1/jsfingerprints/search/bundler/{bundler}Search by Bundler Type (Detailed Results)
Search by bundler type (webpack, rollup, vite, parcel). Useful for build tool analysis.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
bundler | string | Required | Bundler type |
limit | integer | Optional | Results per page (1-100, default: 50) |
offset | integer | Optional | Results offset (default: 0) |
Response
{
"results": "array",
"total": "integer",
"search_type": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/bundler/webpack"Response
{
"results": [...],
"total": 3456,
"search_type": "bundler"
}GET
/api/v1/jsfingerprints/search/fuzzy/{fuzzy_hash}Search by Fuzzy Hash (Detailed Results)
Search by SSDEEP fuzzy hash for finding code variants and modified scripts.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
fuzzy_hash | string | Required | SSDEEP fuzzy hash |
limit | integer | Optional | Results per page (1-100, default: 50) |
offset | integer | Optional | Results offset (default: 0) |
Response
{
"results": "array",
"total": "integer",
"search_type": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/search/fuzzy/96:aBcDeFg..."Response
{
"results": [...],
"total": 23,
"search_type": "fuzzy"
}GET
/api/v1/jsfingerprints/statistics/bundlesGet Bundle Statistics
Get comprehensive statistics about bundled JavaScript usage including bundling rate, bundler type breakdown (webpack, rollup, etc.), bundle format distribution, and average sizes.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
from_date | string | Optional | Start date (ISO 8601) |
to_date | string | Optional | End date (ISO 8601) |
Response
{
"total_fingerprints": "integer",
"bundled_count": "integer",
"bundled_percentage": "float",
"bundler_breakdown": "object mapping bundler type to count, percentage, average_size",
"format_breakdown": "object mapping bundle format to count, percentage"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/statistics/bundles"Response
{
"total_fingerprints": 10000,
"bundled_count": 7500,
"bundled_percentage": 75.0,
"bundler_breakdown": {
"webpack": {
"count": 5000,
"percentage": 66.7,
"average_size": 234567
}
}
}GET
/api/v1/jsfingerprints/statistics/librariesGet Library Statistics
Get comprehensive statistics about JavaScript library usage including detection rates, top libraries with version breakdowns, license information, and copyright statistics.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
from_date | string | Optional | Start date (ISO 8601) |
to_date | string | Optional | End date (ISO 8601) |
min_count | integer | Optional | Minimum occurrences to include (default: 5) |
Response
{
"total_fingerprints": "integer",
"detection_rate": "float",
"top_libraries": "array of objects with name, count, percentage, versions breakdown",
"copyright_statistics": "object",
"license_breakdown": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/statistics/libraries?min_count=10"Response
{
"total_fingerprints": 10000,
"detection_rate": 65.5,
"top_libraries": [
{
"name": "jquery",
"count": 2500,
"percentage": 25.0,
"versions": {
"3.6.0": 1200,
"3.7.1": 800
}
}
]
}GET
/api/v1/jsfingerprints/hash-prevalence/{scan_id}Get Hash Prevalence for Scan
Get prevalence counts for all script hashes in a scan. Shows how many other scans contain matching content (exact SHA-256), normalized hash, and fuzzy hash availability. Helps identify commonly used libraries vs unique scripts.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan ID |
Response
{
"scan_id": "string",
"fingerprint_count": "integer",
"prevalence": "array of objects with fingerprint_id, script_url, exact_matches, normalized_matches, has_fuzzy_hash, interpretation"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/hash-prevalence/550e8400-e29b-41d4-a716-446655440000"Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"fingerprint_count": 5,
"prevalence": [
{
"fingerprint_id": 123,
"script_url": "https://cdn.example.com/jquery.js",
"prevalence": {
"exact_matches": 2340,
"normalized_matches": 2345,
"interpretation": "very_common"
}
}
]
}GET
/api/v1/jsfingerprints/{fingerprint_id}/similarity-countsGet ML Similarity Counts by Algorithm
Get count of similar scripts for EACH ML algorithm separately (Semantic Model A, Semantic Model B, AST Features, Handcrafted Features, Composite Vector). Useful for understanding which ML model finds the most similar code.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
fingerprint_id | integer | Required | Fingerprint ID |
threshold | float | Optional | Minimum similarity score (0.0-1.0, default: 0.70) |
Response
{
"fingerprint_id": "integer",
"threshold": "float",
"similarity_counts": "object with counts for semantic_a, semantic_b, ast_features, handcrafted_features, composite"
}Example
Request
curl "https://scanmalware.com/api/v1/jsfingerprints/12345/similarity-counts?threshold=0.85"Response
{
"fingerprint_id": 12345,
"threshold": 0.85,
"similarity_counts": {
"semantic_a": {"count": 45, "dimension": 768},
"semantic_b": {"count": 38, "dimension": 768},
"composite": {"count": 12, "dimension": 1728}
}
}GET
/api/v1/js-fingerprinter2/search/similar/{scan_id}Search Similar Behavioral Fingerprints
Find scans with similar behavioral fingerprints using weighted component comparison. Enables malware variant detection, code reuse identification, and obfuscated code matching using Call Pattern (35%), Characteristics (25%), Signature (15%), API Sequence (15%), Timing (5%), and Sequence Graph (5%).
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan ID to find similar fingerprints |
min_similarity | float | Optional | Minimum similarity threshold (0.0-1.0, default: 0.90) |
limit | integer | Optional | Maximum number of results (1-500, default: 50) |
include_self | boolean | Optional | Include the query scan in results (default: false) |
Response
{
"query_scan_id": "string",
"query_fingerprint": "object with behavioral fingerprint data",
"threshold": "float",
"matches_found": "integer",
"matches": "array of objects with scan_id, target_url, overall_risk, similarity, breakdown (component scores)",
"execution_time_ms": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/js-fingerprinter2/search/similar/550e8400-e29b-41d4-a716-446655440000?min_similarity=0.95&limit=20"Response
{
"query_scan_id": "550e8400-e29b-41d4-a716-446655440000",
"threshold": 0.95,
"matches_found": 8,
"matches": [
{
"scan_id": "650e8400-e29b-41d4-a716-446655440001",
"target_url": "https://similar.com",
"overall_risk": "high",
"similarity": 0.97,
"breakdown": {
"call_pattern": 0.98,
"characteristics": 0.96
}
}
],
"execution_time_ms": 156
}GET
/api/v1/js-fingerprinter2/search/composite-hash/{composite_hash}Search by Composite Hash
Find all scans with exact composite hash match. The composite hash is a SHA-256 hash of all behavioral data. Use for finding exact behavioral matches (same code, possibly obfuscated).
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
composite_hash | string | Required | SHA-256 composite hash from behavioral fingerprint |
limit | integer | Optional | Maximum number of results (1-1000, default: 100) |
Response
{
"composite_hash": "string",
"matches_found": "integer",
"matches": "array of objects with scan_id, target_url, overall_risk, created_at"
}Example
Request
curl "https://scanmalware.com/api/v1/js-fingerprinter2/search/composite-hash/abc123def456..."Response
{
"composite_hash": "abc123def456...",
"matches_found": 3,
"matches": [...]
}GET
/api/v1/js-fingerprinter2/search/code-hash/{code_hash}Search by Code Hash
Find all scans containing scripts with exact code hash match. Allows finding identical scripts across different scans, even if served from different URLs. Useful for tracking script prevalence and identifying reused malicious code.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
code_hash | string | Required | SHA-256 hash of individual script code |
limit | integer | Optional | Maximum number of results (1-1000, default: 100) |
Response
{
"code_hash": "string",
"matches_found": "integer",
"matches": "array of objects with scan_id, target_url, script_url, overall_risk, risk_score, created_at"
}Example
Request
curl "https://scanmalware.com/api/v1/js-fingerprinter2/search/code-hash/def456ghi789..."Response
{
"code_hash": "def456ghi789...",
"matches_found": 15,
"matches": [...]
}GET
/api/v1/js-fingerprinter2/search/signature/{signature}Search by Behavior Signature
Find scans with matching behavior signature. Signature format: eval:X|Function:Y|api:count|complexity. Example: eval:15|Function:3|setTimeout:45|medium. Use for quick search of scans with similar API usage patterns.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
signature | string | Required | Human-readable behavior signature |
limit | integer | Optional | Maximum number of results (1-1000, default: 100) |
Response
{
"signature": "string",
"matches_found": "integer",
"matches": "array of objects with scan_id, target_url, overall_risk, signature, characteristics, created_at"
}Example
Request
curl "https://scanmalware.com/api/v1/js-fingerprinter2/search/signature/eval:10|Function:2|medium"Response
{
"signature": "eval:10|Function:2|medium",
"matches_found": 7,
"matches": [...]
}GET
/api/v1/js-fingerprinter2/search/malware-familiesDetect Malware Families
Detect malware families by clustering scans with similar behavioral fingerprints. Uses composite hash + signature matching to group related scans. Use cases: malware family detection, campaign tracking, threat actor attribution, supply chain compromise detection.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
min_cluster_size | integer | Optional | Minimum scans per family (2-100, default: 2) |
similarity_threshold | float | Optional | Similarity threshold for clustering (0.0-1.0, default: 0.95) |
limit | integer | Optional | Maximum number of families to return (1-500, default: 50) |
Response
{
"families_found": "integer",
"total_scans_clustered": "integer",
"families": "array of objects with cluster_id, representative_scan_id, member_count, avg_similarity, composite_hash, signature, members array"
}Example
Request
curl "https://scanmalware.com/api/v1/js-fingerprinter2/search/malware-families?min_cluster_size=3"Response
{
"families_found": 12,
"total_scans_clustered": 456,
"families": [...]
}GET
/api/v1/js-fingerprinter2/search/fingerprint-coverageGet Fingerprint Coverage Statistics
Get statistics on behavioral fingerprint coverage. Shows how many scans have fingerprints enabled vs disabled, unique composite hashes, and unique signatures over the past 30 days.
Response
{
"total_scans": "integer",
"with_fingerprints": "integer",
"coverage_percentage": "float",
"unique_composite_hashes": "integer",
"unique_signatures": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/js-fingerprinter2/search/fingerprint-coverage"Response
{
"total_scans": 5000,
"with_fingerprints": 4500,
"coverage_percentage": 90.0,
"unique_composite_hashes": 1234
}GET
/api/v1/js-fingerprinter2/search/healthJS-Fingerprinter2 Health Check
Health check for JS-Fingerprinter2 search API
Response
{
"status": "string",
"service": "string",
"version": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/js-fingerprinter2/search/health"Response
{
"status": "healthy",
"service": "js-fingerprinter2-search-api",
"version": "1.0.0"
}GET
/api/v1/js-segments/scan/{scan_id}Get Code Segments by Scan ID
Get all code segments for a scan. Returns detailed information about all extracted functions, classes, and code blocks including segment type, function name, location, code snippet, hashes, risk score, library matches, and suspicious flags.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
limit | integer | Optional | Maximum segments to return (1-1000, default: 100) |
offset | integer | Optional | Pagination offset (default: 0) |
Response
{
"total_count": "integer",
"segments": "array of segment objects with type, function_name, location, code, hashes, risk_score, is_known_library",
"query_params": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/js-segments/scan/550e8400-e29b-41d4-a716-446655440000?limit=50"Response
{
"total_count": 234,
"segments": [...],
"query_params": {"scan_id": "...", "limit": 50}
}GET
/api/v1/js-segments/search/hash/{code_hash}Search Segments by Code Hash
Find all segments with matching exact code hash (SHA-256). Useful for finding identical code segments across different scans.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
code_hash | string | Required | SHA-256 code hash |
limit | integer | Optional | Maximum segments (1-1000, default: 100) |
offset | integer | Optional | Pagination offset (default: 0) |
Response
{
"total_count": "integer",
"segments": "array of segment objects ordered by created_at DESC"
}Example
Request
curl "https://scanmalware.com/api/v1/js-segments/search/hash/abc123..."Response
{
"total_count": 15,
"segments": [...]
}GET
/api/v1/js-segments/search/normalized/{normalized_hash}Search Segments by Normalized Hash
Find all segments with matching normalized code hash. Normalized hashes remove whitespace and comments, enabling fuzzy matching of functionally identical code with different formatting.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
normalized_hash | string | Required | Normalized code hash (whitespace removed) |
limit | integer | Optional | Maximum segments (1-1000, default: 100) |
offset | integer | Optional | Pagination offset (default: 0) |
Response
{
"total_count": "integer",
"segments": "array of segment objects ordered by created_at DESC"
}Example
Request
curl "https://scanmalware.com/api/v1/js-segments/search/normalized/def456..."Response
{
"total_count": 8,
"segments": [...]
}GET
/api/v1/js-segments/search/tlsh/{tlsh_hash}Search Segments by TLSH Similarity
Find code segments similar to a given TLSH hash using fuzzy matching. TLSH (Trend Micro Locality Sensitive Hash) enables finding code variants even when minified, variable-renamed, or slightly modified. Useful for detecting malware variants and code reuse across different sites.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
tlsh_hash | string | Required | TLSH hash to search (must start with "T1", min 70 chars) |
max_distance | integer | Optional | Maximum TLSH distance (0=identical, <50=similar, <100=related, default: 50) |
limit | integer | Optional | Maximum results (1-500, default: 100) |
include_known_libraries | boolean | Optional | Include segments from known libraries (default: false) |
Response
{
"query_hash": "string - The TLSH hash that was searched",
"max_distance": "integer - The distance threshold used",
"total_candidates_scanned": "integer - Number of segments with TLSH hashes checked",
"matches_found": "integer - Number of similar segments found",
"matches": "array of similar segment objects with tlsh_distance and similarity_score",
"tlsh_available": "boolean - Whether TLSH library is available"
}Example
Request
curl "https://scanmalware.com/api/v1/js-segments/search/tlsh/T100D0A7CD7C917404351732BEC06B002B726A0F87144F0420E16804543E75638E727808?max_distance=50&limit=10"Response
{
"query_hash": "T100D0A7CD7C917404351732BEC06B002B726A0F87144F0420E16804543E75638E727808",
"max_distance": 50,
"total_candidates_scanned": 1161,
"matches_found": 1,
"matches": [
{
"segment_id": 312116,
"scan_id": "8105704a-ad40-4ee2-a466-8d9d4ebccd38",
"script_url": "https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js",
"function_name": "j",
"code_length": 215,
"code_snippet": "function j(e,n,r){return m(n)?E.grep(e,function...",
"tlsh_hash": "T100D0A7CD7C917404351732BEC06B002B726A0F87144F0420E16804543E75638E727808",
"tlsh_distance": 0,
"similarity_score": 1.0,
"risk_score": 25,
"is_known_library": false
}
],
"tlsh_available": true
}GET
/api/v1/js-segments/{scan_id}/unknownGet Unknown Code Segments
Identify segments not matching known libraries. Returns code segments that are not recognized as part of known JavaScript libraries. These are candidates for further malware analysis. Results ordered by risk score and code length.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
min_code_length | integer | Optional | Minimum code length to include (default: 50) |
limit | integer | Optional | Maximum segments (1-1000, default: 100) |
offset | integer | Optional | Pagination offset (default: 0) |
Response
{
"total_count": "integer",
"segments": "array of unknown segment objects ordered by risk_score DESC, code_length DESC"
}Example
Request
curl "https://scanmalware.com/api/v1/js-segments/550e8400-e29b-41d4-a716-446655440000/unknown?min_code_length=100"Response
{
"total_count": 42,
"segments": [...]
}GET
/api/v1/js-segments/{scan_id}/suspiciousGet Suspicious Code Segments
Get high-risk segments that are not known libraries. Returns segments with elevated risk scores (indicating potential malicious code like eval usage, base64 encoding, high entropy, etc.). Results ordered by risk score.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
min_risk_score | integer | Optional | Minimum risk score (0-100, default: 60) |
limit | integer | Optional | Maximum segments (1-1000, default: 100) |
offset | integer | Optional | Pagination offset (default: 0) |
Response
{
"total_count": "integer",
"segments": "array of suspicious segment objects ordered by risk_score DESC"
}Example
Request
curl "https://scanmalware.com/api/v1/js-segments/550e8400-e29b-41d4-a716-446655440000/suspicious?min_risk_score=70"Response
{
"total_count": 5,
"segments": [...]
}POST
/api/v1/js-segments/differentialPerform Differential Analysis
Compare bundle segments against known library database. Analyzes all segments in a scan and identifies: 1) Which segments match known libraries (jQuery, React, etc.), 2) Which segments are unknown (potential malware), 3) Which unknown segments have high risk scores (suspicious). Returns a breakdown of library composition and unknown code.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID (in request body) |
min_confidence | float | Optional | Minimum library match confidence (0.0-1.0, default: 0.8, in request body) |
include_known_libraries | boolean | Optional | Include known libraries in analysis (default: false, in request body) |
Response
{
"scan_id": "string",
"total_segments": "integer",
"matched_segments": "integer",
"unknown_segments": "integer",
"suspicious_segments": "integer",
"library_breakdown": "object mapping library name to segment count",
"unknown_segment_details": "array of unknown segments (max 50)",
"suspicious_segment_details": "array of suspicious segments (max 50)"
}Example
Request
curl -X POST "https://scanmalware.com/api/v1/js-segments/differential" \
-H "Content-Type: application/json" \
-d '{"scan_id": "550e8400-e29b-41d4-a716-446655440000", "min_confidence": 0.85}'Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"total_segments": 234,
"matched_segments": 180,
"unknown_segments": 54,
"suspicious_segments": 8,
"library_breakdown": {
"jquery": 45,
"react": 89
},
"unknown_segment_details": [...],
"suspicious_segment_details": [...]
}GET
/api/v1/pcap/{scan_id}Download Packet Capture
Download the decrypted packet capture file for a scan. Returns a gzip-compressed PCAP file containing all HTTP/HTTPS traffic captured during the scan with TLS decrypted.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
Response
{
"content": "Binary gzip-compressed PCAP file",
"headers": "Content-Disposition with filename, X-Scan-Id, X-PCAP-Type"
}Example
Request
curl "https://scanmalware.com/api/v1/pcap/550e8400-e29b-41d4-a716-446655440000" -o scan.pcap.gzResponse
# Binary PCAP file downloaded
# Decompress with: gunzip scan.pcap.gz
# Analyze with: tcpdump -r scan.pcap or wireshark scan.pcapGET
/api/v1/pcap/{scan_id}/metadataGet Packet Capture Metadata
Get metadata about a packet capture file without downloading it. Useful for checking availability and file size before downloading.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
Response
{
"scan_id": "string",
"url": "string - The scanned URL",
"status": "string - \"completed\" when available",
"minio_path": "string - Storage path",
"file_size_bytes": "integer - Compressed file size",
"compressed": "boolean - Always true (gzip)",
"available": "boolean - Whether PCAP is available for download"
}Example
Request
curl "https://scanmalware.com/api/v1/pcap/550e8400-e29b-41d4-a716-446655440000/metadata"Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://example.com",
"status": "completed",
"minio_path": "55/0e/550e8400-e29b-41d4-a716-446655440000.pcap.gz",
"file_size_bytes": 245892,
"compressed": true,
"available": true
}GET
/api/v1/ids/alerts/{scan_id}Get IDS Alerts
Get network intrusion detection alerts for a scan. Returns Suricata IDS alerts triggered during the scan, including signature matches, severity levels, and network flow information.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
Response
{
"scan_id": "string",
"alert_count": "integer - Total number of alerts",
"alerts": "array of alert objects with severity, signature, category, protocol, IPs, ports"
}Example
Request
curl "https://scanmalware.com/api/v1/ids/alerts/550e8400-e29b-41d4-a716-446655440000"Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"alert_count": 3,
"alerts": [
{
"severity": 1,
"signature_name": "ET MALWARE Possible Malicious Script Download",
"category": "A Network Trojan was detected",
"protocol": "TCP",
"src_ip": "192.168.1.1",
"src_port": 52431,
"dest_ip": "93.184.216.34",
"dest_port": 443,
"timestamp": "2025-12-02T10:30:00Z"
}
]
}GET
/api/v1/yara/statsYARA Malware Detection Statistics
Get overall YARA malware detection statistics including total detections, severity distribution, top threats, and detection trends. YARA scanner uses 3633 community rules from 15 repositories.
Response
{
"overall": {
"total_matches": "integer",
"scans_with_matches": "integer",
"unique_patterns": "integer",
"unique_threats": "integer",
"avg_confidence": "number"
},
"recent_24h": {
"matches_24h": "integer",
"scans_24h": "integer",
"patterns_24h": "integer"
},
"severity_distribution": "array",
"category_distribution": "array",
"top_threats": "array",
"timestamp": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/yara/stats"Response
{
"overall": {
"total_matches": 1543,
"scans_with_matches": 892,
"unique_patterns": 287,
"unique_threats": 145,
"avg_confidence": 0.87
},
"recent_24h": {
"matches_24h": 45,
"scans_24h": 28,
"patterns_24h": 12
},
"severity_distribution": [
{"severity": "critical", "count": 156},
{"severity": "high", "count": 432},
{"severity": "medium", "count": 687},
{"severity": "low", "count": 268}
],
"category_distribution": [
{"pattern_category": "cryptominer", "count": 234, "scan_count": 156},
{"pattern_category": "webskimmer", "count": 198, "scan_count": 132}
],
"top_threats": [
{
"pattern_name": "CoinHive Miner",
"severity": "high",
"category": "cryptominer",
"detection_count": 89,
"scan_count": 67,
"last_detected": "2025-01-07T14:23:00Z"
}
],
"timestamp": "2025-01-07T15:30:00.000Z"
}GET
/api/v1/yara/threats/recentRecent YARA Threat Detections
Get recently detected YARA threats across all scans, sorted by detection time. Useful for real-time threat monitoring and security intelligence.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hours | integer | Optional | Hours to look back (1-168, default: 24) |
limit | integer | Optional | Maximum results (1-1000, default: 100) |
Response
{
"threats": "array of threat objects",
"count": "integer",
"hours": "integer",
"timestamp": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/yara/threats/recent?hours=48&limit=50"Response
{
"threats": [
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://example.com",
"rule_name": "webskimmer_magecart",
"pattern_name": "Magecart Payment Skimmer",
"category": "webskimmer",
"severity": "critical",
"threat_names": ["Magecart", "FormGrabber"],
"confidence": 0.95,
"detected_at": "2025-01-07T14:23:00Z"
}
],
"count": 23,
"hours": 48,
"timestamp": "2025-01-07T15:30:00.000Z"
}GET
/api/v1/yara/scan/{scan_id}YARA Matches for Scan
Get all YARA malware pattern matches for a specific scan. Returns matched rules with severity, threat names, CVE IDs, MITRE techniques, and matched strings.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
Response
{
"scan_id": "string",
"matches": "array of match objects",
"summary": {
"total_matches": "integer",
"critical": "integer",
"high": "integer",
"medium": "integer",
"low": "integer",
"categories": "object"
},
"timestamp": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/yara/scan/550e8400-e29b-41d4-a716-446655440000"Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"matches": [
{
"match_id": 12345,
"rule_name": "cryptominer_coinhive",
"pattern_name": "CoinHive Cryptominer",
"category": "cryptominer",
"severity": "high",
"confidence": 1.0,
"description": "Detects CoinHive cryptocurrency mining code",
"threat_names": ["CoinHive", "Cryptominer"],
"cve_ids": [],
"mitre_techniques": ["T1496"],
"intel_references": ["https://..."],
"matched_strings": ["CoinHive.Anonymous", "cryptonight"],
"match_count": 3,
"tags": ["cryptominer", "browser-mining"],
"detected_at": "2025-01-07T14:23:00Z"
}
],
"summary": {
"total_matches": 2,
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"categories": {
"cryptominer": 1,
"webskimmer": 1
}
},
"timestamp": "2025-01-07T15:30:00.000Z"
}GET
/api/v1/yara/{scan_id}YARA Matches (Legacy Endpoint)
Legacy alias for /api/v1/yara/scan/{scan_id}. Returns the same YARA malware pattern matches. Use the /scan/{scan_id} endpoint instead.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
Response
{
"scan_id": "string",
"matches": "array of match objects",
"summary": "object with counts by severity",
"timestamp": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/yara/550e8400-e29b-41d4-a716-446655440000"Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"matches": [...],
"summary": {...},
"timestamp": "2025-01-07T15:30:00.000Z"
}GET
/api/v1/registrar/search/{registrar_name}Search Scans by Registrar
Find all scans from domains registered with a specific registrar. Uses fuzzy ILIKE matching for flexible searches. Results include domain, registrar, and scan metadata.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
registrar_name | string | Required | Registrar name (partial match supported) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Results per page (1-100, default: 20) |
Response
{
"registrar_query": "string",
"total": "integer",
"page": "integer",
"limit": "integer",
"results": "array of scan objects",
"pagination": {
"total": "integer",
"page": "integer",
"limit": "integer",
"total_pages": "integer",
"has_next": "boolean",
"has_prev": "boolean"
}
}Example
Request
curl "https://scanmalware.com/api/v1/registrar/search/GoDaddy?page=1&limit=20"Response
{
"registrar_query": "GoDaddy",
"total": 234,
"page": 1,
"limit": 20,
"results": [
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://example.com",
"domain": "example.com",
"title": "Example Domain",
"status": "completed",
"asn": "AS13335",
"submitted_at": "2025-01-07T14:23:00Z",
"screenshot_thumbnail": "https://..."
}
],
"pagination": {
"total": 234,
"page": 1,
"limit": 20,
"total_pages": 12,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/tracking-keys/stats/topTop Tracking Keys Statistics
Get the most commonly used tracking keys by usage count. Includes Google Analytics, Facebook Pixel, and other privacy trackers. Optional filtering by tracker type.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
tracker_type | string | Optional | Filter by tracker type (e.g., "google_analytics", "facebook_pixel") |
limit | integer | Optional | Number of results (1-100, default: 20) |
Response
{
"tracker_type_filter": "string or null",
"limit": "integer",
"total_results": "integer",
"results": "array of tracking key objects with usage statistics"
}Example
Request
curl "https://scanmalware.com/api/v1/tracking-keys/stats/top?tracker_type=google_analytics&limit=10"Response
{
"tracker_type_filter": "google_analytics",
"limit": 10,
"total_results": 10,
"results": [
{
"tracker_type": "google_analytics",
"tracking_key": "UA-12345678-1",
"tracker_name": "Google Analytics (UA)",
"category": "analytics",
"site_count": 1234,
"first_seen": "2023-05-12T08:30:00Z",
"last_seen": "2025-01-07T14:23:00Z"
}
]
}GET
/api/v1/tracking-keys/by-scan/{scan_id}Tracking Keys for Scan
Get all tracking keys detected in a specific scan with usage statistics. Groups results by category and risk level.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
Response
{
"scan_id": "string",
"total_keys": "integer",
"total_unique_trackers": "integer",
"tracking_keys": "array of tracking key objects",
"by_category": "object with counts per category",
"has_high_risk": "boolean",
"has_medium_risk": "boolean"
}Example
Request
curl "https://scanmalware.com/api/v1/tracking-keys/by-scan/550e8400-e29b-41d4-a716-446655440000"Response
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"total_keys": 5,
"total_unique_trackers": 3,
"tracking_keys": [
{
"tracker_type": "google_analytics",
"tracker_name": "Google Analytics (UA)",
"tracking_key": "UA-12345678-1",
"category": "analytics",
"risk_level": "medium",
"detected_url": "https://www.google-analytics.com/analytics.js",
"site_count": 1234,
"first_seen": "2023-05-12T08:30:00Z",
"last_seen": "2025-01-07T14:23:00Z"
}
],
"by_category": {
"analytics": 2,
"advertising": 2,
"social": 1
},
"has_high_risk": false,
"has_medium_risk": true
}GET
/api/v1/tracking-keys/{tracker_type}/{key}Search Scans by Tracking Key
Find all public scans using a specific tracking key. Useful for tracking the spread of specific analytics IDs, pixels, or other identifiers across websites.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
tracker_type | string | Required | Tracker type (e.g., "google_analytics", "facebook_pixel") |
key | string | Required | The tracking key/ID to search for |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Results per page (1-100, default: 20) |
sort | string | Optional | Sort order: "latest" or "oldest" (default: "latest") |
Response
{
"tracker_type": "string",
"tracker_key": "string",
"metadata": "object with tracker info",
"results": "array of scan objects",
"pagination": "object with pagination info"
}Example
Request
curl "https://scanmalware.com/api/v1/tracking-keys/google_analytics/UA-12345678-1?page=1&limit=20"Response
{
"tracker_type": "google_analytics",
"tracker_key": "UA-12345678-1",
"metadata": {
"tracker_name": "Google Analytics (UA)",
"category": "analytics",
"risk_level": "medium",
"site_count": 1234,
"first_seen": "2023-05-12T08:30:00Z",
"last_seen": "2025-01-07T14:23:00Z"
},
"results": [
{
"scan_id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://example.com",
"final_url": "https://example.com/",
"title": "Example Site",
"submitted_at": "2025-01-07T14:23:00Z",
"detected_url": "https://www.google-analytics.com/analytics.js"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 1234,
"total_pages": 62,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/netlog/{scan_id}Chrome Network Debug Log
Download Chrome net-log for detailed network-level debugging. Provides raw Chrome network log JSON with DNS lookups, socket connections, HTTP transactions, SSL handshakes, and more.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | Scan UUID |
Response
{
"content": "Raw JSON network log (application/json)",
"headers": {
"Content-Disposition": "attachment; filename=netlog_{scan_id}.json"
}
}Example
Request
curl "https://scanmalware.com/api/v1/netlog/550e8400-e29b-41d4-a716-446655440000" -o netlog.jsonResponse
{
"constants": {
"logFormatVersion": 1,
"clientInfo": {
"numericVersion": "12800256",
"command_line": "..."
}
},
"events": [
{
"params": {
"source_dependency": {"id": 123, "type": "URL_REQUEST"}
},
"phase": 0,
"source": {"id": 456, "type": "HTTP_STREAM_JOB"},
"time": "123456789",
"type": "HTTP_TRANSACTION_SEND_REQUEST"
}
]
}GET
/api/v1/ns/{nameserver}Nameserver Domain Lookup
Find all domains using a specific nameserver. Queries DNS zone data from Elasticsearch to identify infrastructure relationships and hosting patterns.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
nameserver | string | Required | Nameserver hostname (e.g., "ns1.example.com") |
limit | integer | Optional | Maximum results (default: 100) |
offset | integer | Optional | Pagination offset (default: 0) |
Response
{
"nameserver": "string",
"total": "integer",
"domains": "array of domain strings",
"limit": "integer",
"offset": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/ns/ns1.cloudflare.com?limit=50"Response
{
"nameserver": "ns1.cloudflare.com",
"total": 15234,
"domains": [
"example.com",
"example.org",
"example.net"
],
"limit": 50,
"offset": 0
}