ScanMalware REST API Documentation
Complete API reference for integrating website security scanning into your applications
Getting Started
The ScanMalware API provides programmatic access to URL security scanning capabilities. All endpoints return JSON responses and use standard HTTP status codes.
🌐 Base URL
https://scanmalware.com🚀 Quick Example
curl -X POST "https://scanmalware.com/api/v1/scan" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'📖 Full Documentation Details
Rate Limits
Currently, there are no enforced rate limits, but please use the API responsibly.
Pagination
All search and listing endpoints support pagination to prevent database overload and improve performance. Pagination is implemented using page and limit parameters.
Paginated endpoints include:
/api/v1/recent- Recent scans/api/v1/search- Text search/api/v1/search/asn/{asn_number}- ASN search/api/v1/search/favicon/{hash_value}- Favicon hash search/api/v1/search/screenshot/{hash_type}/{hash_value}- Screenshot hash search/api/v1/search/fuzzy/{hash_type}- Fuzzy hash search/api/v1/search/similar- Similar scans search
All paginated responses include a pagination object:
"pagination": {
"page": 1, // Current page number
"limit": 20, // Items per page
"total_items": 272, // Total number of items
"total_pages": 14, // Total number of pages
"has_next": true, // Whether there's a next page
"has_prev": false // Whether there's a previous page
}Error Handling
The API uses conventional HTTP response codes to indicate success or failure. Error responses include a JSON object with error details.
{
"error": "Invalid URL provided",
"code": 400,
"details": "The URL must be a valid HTTP or HTTPS URL"
}API Endpoints
POST
/api/v1/scanSubmit URL for Scanning
Submit a URL for security analysis
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
url | string | Required | The URL to scan |
scan_type | string | Optional | Type of scan: "public", "unlisted", or "private" (default: "public") |
Response
{
"scan_id": "string",
"status": "string",
"message": "string",
"scan_type": "string",
"submitted_at": "string"
}Example
Request
curl -X POST "https://scanmalware.com/api/v1/scan" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com", "scan_type": "public"}'Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"status": "queued",
"message": "Scan submitted successfully",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/result/{scan_id}Get Scan Results
Retrieve the results of a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"completed_at": "string",
"results": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/result/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"completed_at": "2025-08-20T16:30:15.000Z",
"results": {
"title": "Example Domain",
"screenshot_path": "screenshots/123e4567.png",
"technologies": [...],
"network_requests": [...],
"security_analysis": {...}
}
}GET
/api/v1/scan/{scan_id}/summaryGet Scan Summary
Get condensed scan information for integrations
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"status": "string",
"completed_at": "string",
"security_verdict": {
"overall_score": "integer",
"risk_level": "string"
},
"risk_score": "integer",
"technologies_count": "integer",
"tracker_count": "integer",
"redirect_count": "integer",
"certificate_valid": "boolean",
"load_time": "number"
}Example
Request
curl "https://scanmalware.com/api/v1/scan/123e4567-e89b-12d3-a456-426614174000/summary"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"final_url": "https://www.example.com",
"status": "completed",
"completed_at": "2025-08-20T16:30:15.000Z",
"security_verdict": {
"overall_score": 15,
"risk_level": "safe"
},
"risk_score": 85,
"technologies_count": 5,
"tracker_count": 2,
"redirect_count": 1,
"certificate_valid": true,
"load_time": 1.234
}GET
/api/v1/domains/{domain}/scansDomain History
Get all public scans for a specific domain (only public scans are available via API)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to search for (e.g., "example.com") |
status | string | Optional | Filter by scan status: "queued", "processing", "completed", or "failed" |
limit | integer | Optional | Number of results (1-100, default: 20) |
Response
{
"domain": "string",
"total_scans": "integer",
"scans": [
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"completed_at": "string",
"title": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/domains/example.com/scans?status=completed&limit=10"Response
{
"domain": "example.com",
"total_scans": 15,
"scans": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"completed_at": "2025-08-20T16:30:15.000Z",
"title": "Example Domain"
}
]
}GET
/api/v1/recentGet Recent Public Scans
Retrieve a list of recent public scans with pagination (only public scans are available via API)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"title": "string"
}
],
"pagination": {
"page": "integer",
"limit": "integer",
"total_items": "integer",
"total_pages": "integer",
"has_next": "boolean",
"has_prev": "boolean"
}
}Example
Request
curl "https://scanmalware.com/api/v1/recent?page=1&limit=10"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"title": "Example Domain"
}
],
"pagination": {
"page": 1,
"limit": 10,
"total_items": 272,
"total_pages": 28,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/searchSearch Scans
Search through public scan results only
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
q | string | Required | Search query (minimum 3 characters) |
type | string | Optional | Search type: "url", "domain", "title", "technology", or "all" (default: "all") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
[
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"title": "string"
}
]Example
Request
curl "https://scanmalware.com/api/v1/search?q=example.com&type=domain"Response
[
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"title": "Example Domain"
}
]GET
/api/v1/search/asn/{asn_number}Search by ASN
Search for public scans from a specific Autonomous System Number (ASN)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
asn_number | integer | Required | The AS number to search for without AS prefix (e.g., 13335 for Cloudflare, not AS13335) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 50, max: 500) |
Response
{
"asn": "integer",
"organization": "string",
"total_scans": "integer",
"unique_urls": "integer",
"first_seen": "string | null",
"last_seen": "string | null",
"results": [
{
"scan_id": "string",
"url": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"title": "string",
"primary_asn": "integer",
"asn_org": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/asn/13335"Response
{
"asn": 13335,
"organization": "CLOUDFLARENET",
"total_scans": 42,
"unique_urls": 35,
"first_seen": "2025-08-19T10:00:00.000Z",
"last_seen": "2025-08-20T16:30:00.000Z",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-08-20T16:30:00.000Z",
"title": "Example Domain",
"primary_asn": 13335,
"asn_org": "CLOUDFLARENET"
}
]
}GET
/api/v1/search/favicon/{hash_value}Search by Favicon Hash
Search for websites with the same favicon hash (supports both MMH3 and MD5 hashes)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_value | string | Required | The favicon hash value (MMH3 integer or MD5 hex string) |
hash_type | string | Optional | Hash type: "mmh3" or "md5" (default: "mmh3") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"hash_type": "string",
"hash_value": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"title": "string",
"submitted_at": "string",
"favicon_mmh3": "string",
"favicon_md5": "string"
}
],
"pagination": "object"
}Example
Request
# Search by MMH3 hash
curl "https://scanmalware.com/api/v1/search/favicon/2755474283?hash_type=mmh3"
# Search by MD5 hash
curl "https://scanmalware.com/api/v1/search/favicon/b2ccd167c908a44e1dd69df79382286a?hash_type=md5"Response
{
"hash_type": "mmh3",
"hash_value": "2755474283",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://www.linkedin.com/",
"final_url": "https://www.linkedin.com/",
"title": "LinkedIn: Log In or Sign Up",
"submitted_at": "2025-08-20T16:30:00.000Z",
"favicon_mmh3": "2755474283",
"favicon_md5": "b2ccd167c908a44e1dd69df79382286a"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 4,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/favicon/{scan_id}Get Favicon
Download the favicon image for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
"Binary image data (PNG/ICO format) or 404 if no favicon found"Example
Request
curl "https://scanmalware.com/api/v1/favicon/123e4567-e89b-12d3-a456-426614174000" --output favicon.pngResponse
Binary image dataGET
/api/v1/favicon/search/{mmh3_hash}Search by MMH3 Favicon Hash
Search for scans with a specific MMH3 favicon hash
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
mmh3_hash | string | Required | The MMH3 hash value |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"mmh3_hash": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"title": "string",
"submitted_at": "string",
"favicon_mmh3": "string",
"favicon_md5": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/favicon/search/2755474283"Response
{
"mmh3_hash": "2755474283",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://www.linkedin.com/",
"final_url": "https://www.linkedin.com/",
"title": "LinkedIn: Log In or Sign Up",
"submitted_at": "2025-08-20T16:30:00.000Z",
"favicon_mmh3": "2755474283",
"favicon_md5": "b2ccd167c908a44e1dd69df79382286a"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 4,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/favicon/statsFavicon Statistics
Get statistics about favicon detection and hashes
Response
{
"total_scans_with_favicons": "integer",
"unique_mmh3_hashes": "integer",
"unique_md5_hashes": "integer",
"top_favicons": [
{
"mmh3_hash": "string",
"md5_hash": "string",
"count": "integer",
"example_url": "string"
}
],
"detection_rate": "number",
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/favicon/stats"Response
{
"total_scans_with_favicons": 892,
"unique_mmh3_hashes": 234,
"unique_md5_hashes": 231,
"top_favicons": [
{
"mmh3_hash": "2755474283",
"md5_hash": "b2ccd167c908a44e1dd69df79382286a",
"count": 15,
"example_url": "https://www.linkedin.com/"
}
],
"detection_rate": 72.3,
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/search/screenshot/{hash_type}/{hash_value}Search by Screenshot Hash
Search for scans by screenshot hash (public scans only)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_type | string | Required | Hash type: "ahash", "phash", "dhash", "whash", "color_hash", or "crop_resistant" |
hash_value | string | Required | The hash value to search for |
similarity_threshold | integer | Optional | Hamming distance threshold for similarity search (0-64, perceptual hashes only) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"hash_type": "string",
"hash_value": "string",
"count": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/screenshot/phash/1a2b3c4d5e6f7890"Response
{
"hash_type": "phash",
"hash_value": "1a2b3c4d5e6f7890",
"count": 1,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z"
}
]
}POST
/api/v1/screenshot/searchScreenshot Hash Search
Search for similar screenshots using perceptual hash
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_value | integer | Required | The perceptual hash value as an integer |
hash_type | string | Optional | Hash type (phash, ahash, dhash, whash, crop_resistant). Default: phash |
max_distance | integer | Optional | Maximum hamming distance (1-10, default: 3) |
limit | integer | Optional | Maximum results (1-100, default: 20) |
Response
[
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string",
"similarity_score": "integer",
"ahash_distance": "integer",
"phash_distance": "integer",
"dhash_distance": "integer",
"whash_distance": "integer"
}
]Example
Request
curl -X POST "https://scanmalware.com/api/v1/screenshot/search" \
-H "Content-Type: application/json" \
-d '{"hash_value": 17918433939200614400, "hash_type": "ahash", "max_distance": 5}'Response
[
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z",
"similarity_score": 95,
"ahash_distance": 3,
"phash_distance": 2,
"dhash_distance": 4,
"whash_distance": 5
}
]GET
/api/v1/screenshot/duplicatesFind Duplicate Screenshots
Find groups of scans with identical or very similar screenshots
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
threshold | integer | Optional | Similarity threshold (0-64, default: 5) |
min_group_size | integer | Optional | Minimum group size to return (default: 2) |
limit | integer | Optional | Maximum number of groups (default: 20) |
Response
[
[
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string",
"ahash": "string",
"phash": "string",
"dhash": "string",
"whash": "string"
}
]
]Example
Request
curl "https://scanmalware.com/api/v1/screenshot/duplicates?threshold=5&min_group_size=2"Response
[
[
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://phishing-site1.com",
"title": "Microsoft Account",
"submitted_at": "2025-08-20T16:30:00.000Z",
"ahash": "1a2b3c4d5e6f7890",
"phash": "0987654321abcdef",
"dhash": "fedcba9876543210",
"whash": "1234567890abcdef"
},
{
"scan_id": "223e4567-e89b-12d3-a456-426614174001",
"url": "https://phishing-site2.com",
"title": "Microsoft Account",
"submitted_at": "2025-08-20T17:00:00.000Z",
"ahash": "1a2b3c4d5e6f7891",
"phash": "0987654321abcdef",
"dhash": "fedcba9876543211",
"whash": "1234567890abcdef"
}
]
]GET
/api/v1/screenshot/statsScreenshot Statistics
Get statistics about screenshot processing and hashing
Response
{
"total_screenshots": "integer",
"unique_ahash": "integer",
"unique_phash": "integer",
"unique_dhash": "integer",
"unique_whash": "integer",
"duplicate_groups": "integer",
"processing_stats": {
"average_size_kb": "number",
"average_processing_ms": "number"
},
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/screenshot/stats"Response
{
"total_screenshots": 1234,
"unique_ahash": 987,
"unique_phash": 976,
"unique_dhash": 982,
"unique_whash": 978,
"duplicate_groups": 45,
"processing_stats": {
"average_size_kb": 234.5,
"average_processing_ms": 125.3
},
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/search/jarm/{jarm_signature}JARM Signature Search
Search for scans by JARM TLS fingerprint. JARM fingerprints are 62-character hashes that identify TLS server configurations.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
jarm_signature | string | Required | 62-character hexadecimal JARM signature |
limit | integer | Optional | Maximum results (default: 20) |
Response
{
"jarm_signature": "string",
"total_results": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"jarm_host": "string",
"jarm_port": "integer",
"jarm_url": "string",
"is_final_url": "boolean",
"title": "string",
"scan_type": "string",
"status": "string",
"submitted_at": "string",
"completed_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/jarm/29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba"Response
{
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"total_results": 2,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://google.com/",
"final_url": "https://www.google.com/",
"jarm_host": "www.google.com",
"jarm_port": 443,
"jarm_url": "https://www.google.com/",
"is_final_url": true,
"title": "Google",
"scan_type": "public",
"status": "completed",
"submitted_at": "2025-08-26T07:14:30.516606",
"completed_at": null
}
]
}GET
/api/v1/jarm/scan/{scan_id}Get JARM Signatures for Scan
Get all JARM signatures associated with a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"signatures": [
{
"host": "string",
"port": "integer",
"jarm_signature": "string",
"url": "string",
"is_final_url": "boolean",
"created_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/jarm/scan/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"signatures": [
{
"host": "www.google.com",
"port": 443,
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"url": "https://www.google.com/",
"is_final_url": true,
"created_at": "2025-08-26T11:20:40.658178"
},
{
"host": "google.com",
"port": 443,
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"url": "https://google.com/",
"is_final_url": false,
"created_at": "2025-08-26T11:20:40.272924"
}
]
}GET
/api/v1/jarm/statsJARM Statistics
Get statistics about JARM signatures in the database
Response
{
"statistics": {
"unique_signatures": "integer",
"total_scans": "integer",
"total_entries": "integer",
"unique_hosts": "integer"
},
"common_signatures": [
{
"jarm_signature": "string",
"scan_count": "integer",
"host_count": "integer",
"sample_hosts": [
"string"
]
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/jarm/stats"Response
{
"statistics": {
"unique_signatures": 4,
"total_scans": 16,
"total_entries": 26,
"unique_hosts": 5
},
"common_signatures": [
{
"jarm_signature": "29d3fd00029d29d21c42d43d00041df48f145f65c66577d0b01ecea881c1ba",
"scan_count": 10,
"host_count": 2,
"sample_hosts": ["google.com", "www.google.com"]
}
]
}GET
/api/v1/search/similarSimilar Content Search
Find scans with similar content using fuzzy hashing
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Optional | Base scan ID to find similar content |
tlsh_hash | string | Optional | TLSH hash to search for |
ssdeep_hash | string | Optional | ssdeep hash to search for |
threshold | integer | Optional | Similarity threshold (0-100, default: 80) |
limit | integer | Optional | Maximum results (default: 20) |
Response
[
{
"scan_id": "string",
"url": "string",
"title": "string",
"similarity_score": "integer",
"tlsh_score": "integer | null",
"ssdeep_score": "integer | null",
"submitted_at": "string"
}
]Example
Request
curl "https://scanmalware.com/api/v1/search/similar?scan_id=123e4567-e89b-12d3-a456-426614174000&threshold=85"Response
[
{
"scan_id": "223e4567-e89b-12d3-a456-426614174001",
"url": "https://similar-site.com",
"title": "Similar Content Site",
"similarity_score": 92,
"tlsh_score": 15,
"ssdeep_score": 89,
"submitted_at": "2025-08-20T16:30:00.000Z"
}
]GET
/api/v1/search/fuzzy/{hash_type}Search by Fuzzy Hash
Search for scans by fuzzy hash - TLSH, ssdeep, or sdhash (public scans only)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
hash_type | string | Required | Fuzzy hash type: "tlsh", "ssdeep", or "sdhash" |
hash_value | string | Required | The fuzzy hash value to search for (query parameter) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"hash_type": "string",
"hash_value": "string",
"count": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/search/fuzzy/tlsh?hash_value=T1ABC123..."Response
{
"hash_type": "tlsh",
"hash_value": "T1ABC123...",
"count": 2,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z"
}
]
}GET
/api/v1/statsGet System Statistics
Retrieve system statistics and queue information
Response
{
"queue_length": "integer",
"running_scans": "integer",
"completed_24h": {
"public": "integer",
"unlisted": "integer",
"private": "integer"
}
}Example
Request
curl "https://scanmalware.com/api/v1/stats"Response
{
"queue_length": 5,
"running_scans": 2,
"completed_24h": {
"public": 150,
"unlisted": 25,
"private": 8
}
}GET
/api/v1/screenshot/{scan_id}Get Scan Screenshot
Retrieve the screenshot for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
"Binary image data (PNG format)"Example
Request
curl "https://scanmalware.com/api/v1/screenshot/123e4567-e89b-12d3-a456-426614174000" -o screenshot.pngResponse
[Binary PNG data]GET
/api/v1/healthHealth Check
Check system health and worker status
Response
{
"status": "string",
"timestamp": "string",
"workers": {
"active": "integer",
"total": "integer"
},
"queue_length": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/health"Response
{
"status": "healthy",
"timestamp": "2025-08-20T16:30:00.000Z",
"workers": {
"active": 3,
"total": 3
},
"queue_length": 0
}GET
/api/v1/ocr/{scan_id}Get OCR Text
Get OCR-extracted text from a scan's screenshot with language detection
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to retrieve OCR text for |
Response
{
"scan_id": "string",
"ocr_text": "string",
"ocr_language": "string",
"suspicious_regions": "array",
"metadata": {
"text_length": "integer",
"word_count": "integer",
"char_count": "integer",
"detected_language": "string",
"tesseract_language": "string"
},
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/ocr/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"ocr_text": "Example Domain\nThis domain is for use in illustrative examples...",
"ocr_language": "eng",
"suspicious_regions": [
{
"text": "Windows + R",
"pattern": "windows + r",
"bbox": {"x": 100, "y": 200, "width": 150, "height": 30},
"confidence": 95
}
],
"metadata": {
"text_length": 197,
"word_count": 28,
"char_count": 172,
"detected_language": "en",
"tesseract_language": "eng"
},
"source": "database"
}GET
/api/v1/search/ocrSearch OCR Text
Full-text search through OCR-extracted text from screenshots
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
q | string | Required | Search query (min 3 characters) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"ocr_text_preview": "string",
"relevance_score": "float",
"scan_timestamp": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/ocr?q=verify+human&page=1&limit=10"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://suspicious-site.com",
"ocr_text_preview": "Please verify you are human by pressing Windows+R and typing...",
"relevance_score": 0.95,
"scan_timestamp": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 10,
"total": 3,
"pages": 1
}
}GET
/api/v1/search/ocr/patternOCR Pattern Search
Search for specific patterns in OCR-extracted text
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
pattern | string | Required | Pattern to search for |
case_sensitive | boolean | Optional | Whether to perform case-sensitive search (default: false) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"ocr_text_preview": "string",
"match_count": "integer",
"scan_timestamp": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/ocr/pattern?pattern=Windows%2BR&case_sensitive=false"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://suspicious-site.com",
"ocr_text_preview": "Press Windows+R to open Run dialog...",
"match_count": 3,
"scan_timestamp": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 5,
"pages": 1
}
}GET
/api/v1/ocr/statsOCR Statistics
Get OCR processing statistics and language distribution
Response
{
"total_processed": "integer",
"total_with_text": "integer",
"average_text_length": "number",
"processing_time_avg_ms": "number",
"language_distribution": [
{
"language": "string",
"count": "integer",
"percentage": "number"
}
],
"suspicious_patterns": [
{
"pattern": "string",
"occurrences": "integer"
}
],
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/ocr/stats"Response
{
"total_processed": 1234,
"total_with_text": 890,
"average_text_length": 452.3,
"processing_time_avg_ms": 1250.5,
"language_distribution": [
{
"language": "eng",
"count": 650,
"percentage": 73.0
},
{
"language": "chi_sim",
"count": 120,
"percentage": 13.5
}
],
"suspicious_patterns": [
{
"pattern": "Windows+R",
"occurrences": 15
},
{
"pattern": "PowerShell",
"occurrences": 8
}
],
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/clipboard/statsClipboard Statistics
Get global clipboard monitoring and pastejacking detection statistics
Response
{
"clipboard_events": {
"scans_with_clipboard": "integer",
"total_events": "integer",
"copy_events": "integer",
"paste_events": "integer",
"suspicious_events": "integer"
},
"pastejacking_detections": {
"scans_with_pastejacking": "integer",
"total_detections": "integer",
"critical": "integer",
"high": "integer",
"medium": "integer",
"low": "integer"
},
"daily_activity": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/clipboard/stats"Response
{
"clipboard_events": {
"scans_with_clipboard": 142,
"total_events": 523,
"copy_events": 201,
"paste_events": 87,
"suspicious_events": 34
},
"pastejacking_detections": {
"scans_with_pastejacking": 28,
"total_detections": 45,
"critical": 5,
"high": 12,
"medium": 18,
"low": 10
},
"daily_activity": [
{
"date": "2025-08-20",
"scans_with_clipboard_activity": 15,
"total_events": 67,
"suspicious_events": 8,
"scans_with_pastejacking": 3
}
]
}GET
/api/v1/clipboard/{scan_id}Get Clipboard Events
Get clipboard events captured during a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to retrieve clipboard events for |
Response
{
"scan_id": "string",
"events": [
{
"event_type": "string",
"event_timestamp": "string",
"event_data": "object",
"page_url": "string",
"element_selector": "string",
"is_suspicious": "boolean",
"suspicious_reason": "string"
}
],
"statistics": "object",
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/clipboard/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"events": [
{
"event_type": "copy",
"event_timestamp": "2025-08-20T16:30:15.000Z",
"event_data": {
"clipboardData": "powershell -Command iex",
"selection": "Run this command"
},
"page_url": "https://suspicious-site.com/verify",
"element_selector": "div.verification-steps",
"is_suspicious": true,
"suspicious_reason": "Contains potentially malicious command patterns"
}
],
"statistics": {
"total_events": 3,
"copy_events": 2,
"paste_events": 1,
"suspicious_events": 1
},
"source": "database"
}GET
/api/v1/pastejacking/{scan_id}Get Pastejacking Detections
Get pastejacking attack detections for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to retrieve pastejacking detections for |
Response
{
"scan_id": "string",
"detections": [
{
"detection_type": "string",
"severity": "string",
"description": "string",
"technical_details": "object",
"affected_element": "string",
"mitigation_advice": "string",
"detected_at": "string"
}
],
"detection_count": "integer",
"max_severity": "string",
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/pastejacking/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"detections": [
{
"detection_type": "hidden_payload",
"severity": "critical",
"description": "Hidden malicious content detected in DIV element",
"technical_details": {
"content": "powershell -NoProfile -ExecutionPolicy Bypass",
"tag": "DIV",
"visibility": "hidden",
"opacity": "0"
},
"affected_element": "div.hidden-command",
"mitigation_advice": "Avoid copying text from this page as it may contain hidden malicious content",
"detected_at": "2025-08-20T16:30:00.000Z"
},
{
"detection_type": "fake_modal",
"severity": "high",
"description": "Suspicious modal detected with pattern: /windows?\\s*\\+\\s*r/i",
"technical_details": {
"text": "Press Windows+R to verify",
"zIndex": "9999",
"position": "fixed"
},
"mitigation_advice": "Be cautious of verification prompts asking you to copy/paste commands",
"detected_at": "2025-08-20T16:30:00.000Z"
}
],
"detection_count": 2,
"max_severity": "critical",
"source": "database"
}GET
/api/v1/search/clipboard/suspiciousSearch Suspicious Clipboard
Search for suspicious clipboard activity patterns across all scans
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
pattern | string | Optional | Pattern to search in suspicious clipboard events |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"event_count": "integer",
"suspicious_reason": "string",
"scan_timestamp": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/clipboard/suspicious?pattern=powershell&page=1"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://malicious-site.com",
"event_count": 5,
"suspicious_reason": "Contains potentially malicious command patterns",
"scan_timestamp": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 8,
"pages": 1
}
}GET
/api/v1/technologies/searchSearch Technologies
Search for technologies by name or category with full-text search support
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
q | string | Optional | Search term for technology name (supports partial matching) |
category | string | Optional | Filter by category (e.g., "CMS", "Web Framework", "JavaScript Library") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"name": "string",
"category": "string",
"occurrence_count": "integer",
"first_seen": "string",
"last_seen": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/search?q=wordpress&category=CMS"Response
{
"results": [
{
"name": "WordPress",
"category": "CMS",
"occurrence_count": 45,
"first_seen": "2025-08-01T10:00:00.000Z",
"last_seen": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 1,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/technologies/popularPopular Technologies
Get the most frequently detected technologies
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
time_period | string | Optional | Time period: "24h", "7d", "30d", or "all" (default: "all") |
category | string | Optional | Filter by category |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"time_period": "string",
"results": [
{
"name": "string",
"category": "string",
"occurrence_count": "integer",
"percentage_of_scans": "number",
"last_seen": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/popular?time_period=7d&limit=5"Response
{
"time_period": "7d",
"results": [
{
"name": "jQuery",
"category": "JavaScript Library",
"occurrence_count": 234,
"percentage_of_scans": 45.2,
"last_seen": "2025-08-20T16:30:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 5,
"total_items": 150,
"total_pages": 30,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/technologies/combinations/{tech_name}Technology Combinations
Find technologies commonly used together with a specific technology
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
tech_name | string | Required | The technology name to find combinations for |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"base_technology": "string",
"total_occurrences": "integer",
"combinations": [
{
"technology": "string",
"category": "string",
"co_occurrence_count": "integer",
"percentage": "number"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/combinations/WordPress"Response
{
"base_technology": "WordPress",
"total_occurrences": 45,
"combinations": [
{
"technology": "MySQL",
"category": "Database",
"co_occurrence_count": 42,
"percentage": 93.3
},
{
"technology": "PHP",
"category": "Programming Language",
"co_occurrence_count": 45,
"percentage": 100.0
}
],
"pagination": {
"page": 1,
"limit": 20,
"total_items": 25,
"total_pages": 2,
"has_next": true,
"has_prev": false
}
}GET
/api/v1/technologies/statsTechnology Statistics
Get aggregated statistics about detected technologies
Response
{
"total_unique_technologies": "integer",
"total_detections": "integer",
"scans_with_technologies": "integer",
"top_categories": [
{
"category": "string",
"count": "integer",
"percentage": "number"
}
],
"detection_trend_7d": "object",
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/stats"Response
{
"total_unique_technologies": 1250,
"total_detections": 45678,
"scans_with_technologies": 3456,
"top_categories": [
{
"category": "JavaScript Library",
"count": 12345,
"percentage": 27.0
},
{
"category": "Web Server",
"count": 8901,
"percentage": 19.5
}
],
"detection_trend_7d": {
"2025-08-14": 234,
"2025-08-15": 256,
"2025-08-16": 289,
"2025-08-17": 301,
"2025-08-18": 298,
"2025-08-19": 312,
"2025-08-20": 325
},
"last_updated": "2025-08-20T16:30:00.000Z"
}GET
/api/v1/technologies/by-scan/{scan_id}Technologies by Scan
Get all technologies detected in a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"technologies": [
{
"name": "string",
"category": "string",
"confidence": "integer",
"version": "string | null"
}
],
"total_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/technologies/by-scan/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"technologies": [
{
"name": "WordPress",
"category": "CMS",
"confidence": 100,
"version": "6.3.1"
},
{
"name": "MySQL",
"category": "Database",
"confidence": 50,
"version": null
}
],
"total_count": 2
}GET
/api/v1/search/ip/{ip_address}Search by IP Address
Search for scans by IP address or partial IP (public scans only)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip_address | string | Required | IP address or partial IP to search for |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 50, max: 500) |
Response
{
"ip_address": "string",
"total_count": "integer",
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"submitted_at": "string",
"ip_addresses": [
"string"
],
"primary_ip": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/search/ip/104.21.5.197"Response
{
"ip_address": "104.21.5.197",
"total_count": 3,
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain",
"submitted_at": "2025-08-20T16:30:00.000Z",
"ip_addresses": ["104.21.5.197", "172.67.182.169"],
"primary_ip": "104.21.5.197"
}
],
"pagination": {
"page": 1,
"limit": 50,
"total_items": 3,
"total_pages": 1,
"has_next": false,
"has_prev": false
}
}GET
/api/v1/search/semanticAI-Powered Visual Search
Search for visually similar websites using natural language queries and CLIP embeddings
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
query | string | Required | Natural language search query (e.g., "login page", "shopping cart", "news website") |
threshold | float | Optional | Similarity threshold (-1.0 to 1.0, default: -0.3). Lower values return more results |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"screenshot": "string",
"submitted_at": "string",
"scan_type": "string",
"similarity": "float",
"match_type": "string"
}
],
"total": "integer",
"page": "integer",
"limit": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/search/semantic?query=search+engine&threshold=-0.3&limit=5"Response
{
"results": [
{
"scan_id": "d0e3ae0a-e560-432a-af74-32777a6250f1",
"url": "https://google.com/",
"title": "Google",
"screenshot": "screenshots/d0e3ae0a-e560-432a-af74-32777a6250f1.png",
"submitted_at": "2025-08-31T10:30:00.000Z",
"scan_type": "public",
"similarity": -0.21,
"match_type": "visual"
},
{
"scan_id": "7d5a8b9c-1234-5678-90ab-cdef12345678",
"url": "https://www.baidu.com/",
"title": "百度一下,你就知道",
"screenshot": "screenshots/7d5a8b9c-1234-5678-90ab-cdef12345678.png",
"submitted_at": "2025-08-30T14:20:00.000Z",
"scan_type": "public",
"similarity": -0.22,
"match_type": "visual"
}
],
"total": 66,
"page": 1,
"limit": 5
}GET
/api/v1/cpe/search/{cpe_pattern}Search CPE Records
Search for Common Platform Enumeration (CPE) records by product, version, or vendor
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cpe_pattern | string | Required | CPE search pattern (e.g., "nginx", "apache:2.4", "gunicorn:19.9.0") |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"pattern": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"final_url": "string",
"title": "string",
"status": "string",
"scan_type": "string",
"submitted_at": "string",
"cpe": "string",
"source": "string",
"detected_at": "string"
}
],
"pagination": {
"page": "integer",
"limit": "integer",
"total": "integer",
"pages": "integer"
}
}Example
Request
curl "https://scanmalware.com/api/v1/cpe/search/nginx:1.24"Response
{
"pattern": "nginx:1.24",
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"final_url": "https://example.com",
"title": "Example Site",
"status": "completed",
"scan_type": "public",
"submitted_at": "2025-09-01T10:00:00.000000",
"cpe": "cpe:2.3:a:nginx:nginx:1.24.0:*:*:*:*:*:*:*",
"source": "server_header",
"detected_at": "2025-09-01T10:00:30.000000+00:00"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 5,
"pages": 1
}
}GET
/api/v1/cpe/statsCPE Statistics
Get global CPE detection statistics
Response
{
"total_cpes": "integer",
"unique_products": "integer",
"unique_vendors": "integer",
"most_common_cpes": [
{
"cpe": "string",
"vendor": "string",
"product": "string",
"version": "string",
"count": "integer"
}
],
"recent_detections": [
{
"cpe": "string",
"detected_at": "string",
"scan_id": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/cpe/stats"Response
{
"total_cpes": 1523,
"unique_products": 89,
"unique_vendors": 45,
"most_common_cpes": [
{
"cpe": "cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*",
"vendor": "nginx",
"product": "nginx",
"version": "*",
"count": 234
},
{
"cpe": "cpe:2.3:a:apache:http_server:2.4:*:*:*:*:*:*:*",
"vendor": "apache",
"product": "http_server",
"version": "2.4",
"count": 189
}
],
"recent_detections": [
{
"cpe": "cpe:2.3:a:wordpress:wordpress:6.7.3:*:*:*:*:*:*:*",
"detected_at": "2025-09-03T14:00:00.000000+00:00",
"scan_id": "abc123de-f456-7890-abcd-ef1234567890"
}
]
}GET
/api/v1/cpe/{scan_id}Get CPEs for Scan
Get all CPE records detected in a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to get CPEs for |
Response
{
"scan_id": "string",
"cpes": [
{
"cpe": "string",
"vendor": "string",
"product": "string",
"version": "string",
"source": "string",
"detected_at": "string"
}
],
"total_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/cpe/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"cpes": [
{
"cpe": "cpe:2.3:a:nginx:nginx:1.24.0:*:*:*:*:*:*:*",
"vendor": "nginx",
"product": "nginx",
"version": "1.24.0",
"source": "server_header",
"detected_at": "2025-09-01T10:00:30.000000+00:00"
},
{
"cpe": "cpe:2.3:a:openssl:openssl:3.0.2:*:*:*:*:*:*:*",
"vendor": "openssl",
"product": "openssl",
"version": "3.0.2",
"source": "server_header",
"detected_at": "2025-09-01T10:00:30.000000+00:00"
}
],
"total_count": 2
}GET
/api/v1/domain/stats/{domain}Domain Statistics
Get detailed statistics for a specific domain including scan history and threat analysis
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get statistics for (e.g., "example.com") |
Response
{
"domain": "string",
"total_scans": "integer",
"first_seen": "string",
"last_seen": "string",
"scan_types": {
"public": "integer",
"unlisted": "integer",
"private": "integer"
},
"status_breakdown": {
"completed": "integer",
"failed": "integer",
"processing": "integer"
},
"risk_levels": {
"safe": "integer",
"low": "integer",
"medium": "integer",
"high": "integer",
"malicious": "integer"
}
}Example
Request
curl "https://scanmalware.com/api/v1/domain/stats/example.com"Response
{
"domain": "example.com",
"total_scans": 45,
"first_seen": "2025-01-15T10:00:00.000Z",
"last_seen": "2025-09-08T16:30:00.000Z",
"scan_types": {
"public": 40,
"unlisted": 4,
"private": 1
},
"status_breakdown": {
"completed": 42,
"failed": 2,
"processing": 1
},
"risk_levels": {
"safe": 38,
"low": 3,
"medium": 1,
"high": 0,
"malicious": 0
}
}GET
/api/v1/domain/history/{domain}Domain Scan History
Get the complete scan history for a specific domain with detailed timeline
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get history for |
limit | integer | Optional | Number of results (default: 100) |
offset | integer | Optional | Offset for pagination (default: 0) |
Response
{
"domain": "string",
"history": [
{
"scan_id": "string",
"url": "string",
"submitted_at": "string",
"completed_at": "string",
"status": "string",
"scan_type": "string",
"risk_score": "integer",
"title": "string"
}
],
"total_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/domain/history/example.com?limit=10"Response
{
"domain": "example.com",
"history": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"submitted_at": "2025-09-08T16:30:00.000Z",
"completed_at": "2025-09-08T16:30:15.000Z",
"status": "completed",
"scan_type": "public",
"risk_score": 95,
"title": "Example Domain"
}
],
"total_count": 45
}GET
/api/v1/ai/{scan_id}AI Security Analysis
Get AI-powered security analysis results for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to get AI analysis for |
Response
{
"scan_id": "string",
"analysis": {
"classification": "string",
"confidence": "number",
"risk_level": "string",
"scam_type": "string | null",
"evidence": "array",
"recommendations": "array",
"risk_factors": "array",
"safety_factors": "array"
},
"created_at": "string",
"model_version": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"analysis": {
"classification": "legitimate",
"confidence": 0.95,
"risk_level": "low",
"scam_type": null,
"evidence": [
"Valid SSL certificate",
"Known legitimate domain",
"No suspicious patterns detected"
],
"recommendations": [
"Site appears safe for general use"
],
"risk_factors": [],
"safety_factors": [
"HTTPS enabled",
"Valid certificate chain",
"Established domain age"
]
},
"created_at": "2025-09-08T16:31:00.000Z",
"model_version": "gpt-oss-120b"
}GET
/api/v1/ai/statsAI Analysis Statistics
Get global statistics for AI-powered security analysis
Response
{
"total_analyses": "integer",
"classifications": {
"legitimate": "integer",
"suspicious": "integer",
"malicious": "integer",
"phishing": "integer",
"scam": "integer"
},
"average_confidence": "number",
"scam_types_detected": "object",
"model_performance": {
"average_processing_time_ms": "number",
"success_rate": "number"
}
}Example
Request
curl "https://scanmalware.com/api/v1/ai/stats"Response
{
"total_analyses": 1523,
"classifications": {
"legitimate": 1200,
"suspicious": 150,
"malicious": 73,
"phishing": 65,
"scam": 35
},
"average_confidence": 0.87,
"scam_types_detected": {
"tech_support": 15,
"fake_shopping": 10,
"crypto_scam": 8,
"romance_scam": 2
},
"model_performance": {
"average_processing_time_ms": 2500,
"success_rate": 0.98
}
}GET
/api/v1/ai/search/classificationSearch by AI Classification
Search for scans by AI classification type
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
classification | string | Required | Classification type: LEGITIMATE, LOW_RISK, MODERATE_RISK, HIGH_RISK, or CONFIRMED_SCAM |
limit | integer | Optional | Maximum results (1-1000, default: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"classification": "string",
"confidence": "number",
"risk_level": "string",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/search/classification?classification=HIGH_RISK&limit=10"Response
{
"results": [
{
"scan_id": "abc123de-f456-7890-abcd-ef1234567890",
"url": "https://suspicious-site.com",
"classification": "phishing",
"confidence": 0.92,
"risk_level": "high",
"submitted_at": "2025-09-08T14:00:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 65,
"pages": 4
}
}GET
/api/v1/ai/search/high-riskSearch High-Risk AI Detections
Find scans with high-risk AI security assessments
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
min_risk_score | integer | Optional | Minimum risk score (0-10, default: 7) |
min_confidence | integer | Optional | Minimum confidence level (0-100, default: 70) |
limit | integer | Optional | Maximum results (1-1000, default: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"risk_score": "integer",
"classification": "string",
"risk_factors": "array",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/search/high-risk?min_risk_score=7&min_confidence=70&limit=10"Response
{
"results": [
{
"scan_id": "xyz789ab-cdef-0123-4567-890abcdef123",
"url": "https://malicious-site.com",
"risk_score": 92,
"classification": "malicious",
"risk_factors": [
"Known malware distribution",
"Suspicious JavaScript patterns",
"Fake login form detected"
],
"submitted_at": "2025-09-08T15:00:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 73,
"pages": 4
}
}GET
/api/v1/ai/search/scam-typeSearch by Scam Type
Search for scans by specific scam type detected by AI
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scam_type | string | Required | Scam type to search for (e.g., "tech_support", "fake_shopping", "crypto_scam") |
limit | integer | Optional | Maximum results (1-1000, default: 100) |
Response
{
"scam_type": "string",
"results": [
{
"scan_id": "string",
"url": "string",
"scam_type": "string",
"confidence": "number",
"description": "string",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/ai/search/scam-type?scam_type=tech_support"Response
{
"scam_type": "tech_support",
"results": [
{
"scan_id": "def456gh-ijkl-7890-mnop-qrs123456789",
"url": "https://fake-microsoft-support.com",
"scam_type": "tech_support",
"confidence": 0.94,
"description": "Fake Microsoft tech support scam with phone number",
"submitted_at": "2025-09-08T12:00:00.000Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 15,
"pages": 1
}
}GET
/api/v1/safe-browsing/{scan_id}Google Safe Browsing Results
Get Google Safe Browsing threat detection results for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to get Safe Browsing results for |
Response
{
"scan_id": "string",
"threats": [
{
"threat_type": "string",
"platform_type": "string",
"threat_entry_type": "string",
"url": "string",
"cache_duration": "string"
}
],
"checked_at": "string",
"threat_count": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/safe-browsing/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"threats": [
{
"threat_type": "SOCIAL_ENGINEERING",
"platform_type": "ANY_PLATFORM",
"threat_entry_type": "URL",
"url": "https://phishing-site.com",
"cache_duration": "300s"
}
],
"checked_at": "2025-09-08T16:30:30.000Z",
"threat_count": 1
}GET
/api/v1/safe-browsing/statsSafe Browsing Statistics
Get global Google Safe Browsing detection statistics
Response
{
"total_checks": "integer",
"threats_detected": "integer",
"threat_types": {
"MALWARE": "integer",
"SOCIAL_ENGINEERING": "integer",
"UNWANTED_SOFTWARE": "integer",
"POTENTIALLY_HARMFUL_APPLICATION": "integer"
},
"detection_rate": "number",
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/safe-browsing/stats"Response
{
"total_checks": 5234,
"threats_detected": 423,
"threat_types": {
"MALWARE": 156,
"SOCIAL_ENGINEERING": 189,
"UNWANTED_SOFTWARE": 67,
"POTENTIALLY_HARMFUL_APPLICATION": 11
},
"detection_rate": 0.081,
"last_updated": "2025-09-08T16:30:00.000Z"
}GET
/api/v1/similar/visual/{scan_id}Visual Similarity Search
Find visually similar websites based on a specific scan using CLIP embeddings
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The scan ID to find similar sites for |
threshold | float | Optional | Similarity threshold (-1.0 to 1.0, default: -0.3) |
limit | integer | Optional | Maximum results (default: 20, max: 100) |
Response
{
"source_scan": {
"scan_id": "string",
"url": "string",
"title": "string"
},
"similar_sites": [
{
"scan_id": "string",
"url": "string",
"title": "string",
"similarity": "float",
"screenshot": "string",
"submitted_at": "string"
}
],
"total_found": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/similar/visual/123e4567-e89b-12d3-a456-426614174000?threshold=-0.25"Response
{
"source_scan": {
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"title": "Example Domain"
},
"similar_sites": [
{
"scan_id": "abc789de-f012-3456-7890-abcdef123456",
"url": "https://similar-example.com",
"title": "Similar Example Site",
"similarity": -0.18,
"screenshot": "screenshots/abc789de-f012-3456-7890-abcdef123456.png",
"submitted_at": "2025-09-07T10:00:00.000Z"
}
],
"total_found": 5
}GET
/api/v1/embeddings/statsEmbeddings Statistics
Get statistics about CLIP embeddings and visual search capabilities
Response
{
"total_embeddings": "integer",
"embedding_dimension": "integer",
"model_version": "string",
"processing_stats": {
"average_processing_time_ms": "number",
"success_rate": "number"
},
"coverage": {
"scans_with_embeddings": "integer",
"percentage": "number"
},
"last_updated": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/embeddings/stats"Response
{
"total_embeddings": 4532,
"embedding_dimension": 512,
"model_version": "openai/clip-vit-base-patch32",
"processing_stats": {
"average_processing_time_ms": 450,
"success_rate": 0.96
},
"coverage": {
"scans_with_embeddings": 4532,
"percentage": 92.3
},
"last_updated": "2025-09-08T16:30:00.000Z"
}GET
/api/v1/rdap/{scan_id}RDAP/WHOIS Information
Get domain registration information including domain age and registrar details
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"domain_age": {
"days": "integer",
"category": "string",
"risk_multiplier": "number",
"registration_date": "string"
},
"rdap_data": {
"domain": "string",
"registrar": "string",
"created_date": "string",
"expiry_date": "string",
"updated_date": "string",
"nameservers": "array"
}
}Example
Request
curl "https://scanmalware.com/api/v1/rdap/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"domain_age": {
"days": 8500,
"category": "WELL_ESTABLISHED",
"risk_multiplier": 1.0,
"registration_date": "2002-08-14"
},
"rdap_data": {
"domain": "example.com",
"registrar": "RESERVED-Internet Assigned Numbers Authority",
"created_date": "1995-08-14T04:00:00Z",
"expiry_date": "2025-08-13T04:00:00Z",
"updated_date": "2024-08-14T07:01:31Z",
"nameservers": ["a.iana-servers.net", "b.iana-servers.net"]
}
}GET
/api/v1/malware/{scan_id}Malware Detection Results
Get malware scan results including detected threats and infected resources
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"statistics": {
"total_resources": "integer",
"threats_detected": "integer",
"unique_threats": "integer",
"avg_scan_time": "number",
"total_bytes_scanned": "integer"
},
"resources": "array",
"threat_count": "integer",
"source": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/malware/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"statistics": {
"total_resources": 45,
"threats_detected": 2,
"unique_threats": 2,
"avg_scan_time": 0.125,
"total_bytes_scanned": 2456789
},
"resources": [
{
"url": "https://malicious-site.com/script.js",
"content_hash": "abc123...",
"content_type": "application/javascript",
"threat_detected": true,
"threat_name": "JS/Trojan.Agent",
"scan_time": 0.089
}
],
"threat_count": 2,
"source": "clamav"
}GET
/api/v1/malware/threats/recentRecent Malware Threats
Get recently detected malware threats across all public scans
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
limit | integer | Optional | Number of results (default: 20, max: 100) |
Response
{
"threats": [
{
"scan_id": "string",
"url": "string",
"threat_name": "string",
"content_type": "string",
"detected_at": "string",
"scan_url": "string"
}
],
"total_threats": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/malware/threats/recent?limit=5"Response
{
"threats": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://infected-site.com/malware.js",
"threat_name": "JS/Phishing.Gen",
"content_type": "application/javascript",
"detected_at": "2025-09-19T10:30:00Z",
"scan_url": "https://infected-site.com"
}
],
"total_threats": 152
}GET
/api/v1/malware/statsMalware Detection Statistics
Get overall malware scanning statistics across the platform
Response
{
"total_scans_with_malware": "integer",
"total_malware_detections": "integer",
"unique_threats": "integer",
"most_common_threats": "array",
"detection_rate": "number",
"last_detection": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/malware/stats"Response
{
"total_scans_with_malware": 342,
"total_malware_detections": 1526,
"unique_threats": 89,
"most_common_threats": [
{"name": "JS/Phishing.Gen", "count": 234},
{"name": "Trojan.Generic", "count": 156},
{"name": "PUA.CoinMiner", "count": 98}
],
"detection_rate": 0.0234,
"last_detection": "2025-09-19T10:30:00Z"
}GET
/api/v1/reports/{scan_id}Get Scan Reports
Retrieve user-submitted reports for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
report_type | string | Optional | Filter by report type (safe, phishing, malware, etc.) |
Response
{
"scan_id": "string",
"reports": [
{
"id": "integer",
"report_type": "string",
"report_details": "string",
"created_at": "string",
"status": "string"
}
],
"total_reports": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/reports/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"reports": [
{
"id": 1,
"report_type": "phishing",
"report_details": "Category: Phishing & Credential Theft, Type: credential_harvesting",
"created_at": "2025-09-19T10:30:00Z",
"status": "pending"
}
],
"total_reports": 1
}GET
/api/v1/analyzers/{scan_id}Get Analyzer Results
Get security analyzer results for a specific scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"risk_score": "integer",
"classification": "string",
"verdict": "string",
"risk_factors": "array",
"safety_factors": "array",
"confidence_percentage": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/analyzers/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"risk_score": 85,
"classification": "MALICIOUS",
"verdict": "High risk phishing site detected",
"risk_factors": [
"Suspicious login form",
"Recently registered domain",
"Known phishing kit detected"
],
"safety_factors": [],
"confidence_percentage": 92
}GET
/api/v1/analyzers/search/high-riskSearch High-Risk Scans
Search for scans with high security risk scores
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
min_risk_score | integer | Optional | Minimum risk score (0-100, default: 50) |
page | integer | Optional | Page number (default: 1) |
limit | integer | Optional | Items per page (default: 20, max: 100) |
Response
{
"results": [
{
"scan_id": "string",
"url": "string",
"risk_score": "integer",
"classification": "string",
"submitted_at": "string"
}
],
"pagination": "object"
}Example
Request
curl "https://scanmalware.com/api/v1/analyzers/search/high-risk?min_risk_score=75&limit=10"Response
{
"results": [
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://phishing-site.com",
"risk_score": 92,
"classification": "MALICIOUS",
"submitted_at": "2025-09-19T10:30:00Z"
}
],
"pagination": {
"page": 1,
"limit": 10,
"total_items": 47,
"total_pages": 5
}
}GET
/api/v1/analyzers/stats/overviewAnalyzer Statistics Overview
Get overall statistics from security analyzers
Response
{
"total_analyzed": "integer",
"classifications": {
"legitimate": "integer",
"suspicious": "integer",
"malicious": "integer"
},
"average_risk_score": "number",
"high_risk_count": "integer",
"last_analyzed": "string"
}Example
Request
curl "https://scanmalware.com/api/v1/analyzers/stats/overview"Response
{
"total_analyzed": 15234,
"classifications": {
"legitimate": 12456,
"suspicious": 1892,
"malicious": 886
},
"average_risk_score": 23.4,
"high_risk_count": 342,
"last_analyzed": "2025-09-19T10:45:00Z"
}GET
/api/v1/ioc/{scan_id}IoC Threat Intelligence
Get Indicators of Compromise (IoC) matches for IPs and domains in scan
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
scan_id | string | Required | The unique scan ID |
Response
{
"scan_id": "string",
"url": "string",
"scan_status": "string",
"submitted_at": "string",
"summary": {
"total_matches": "integer",
"unique_indicators": "integer",
"ip_matches": "integer",
"domain_matches": "integer",
"threat_types": "array",
"has_threats": "boolean"
},
"matches": "array"
}Example
Request
curl "https://scanmalware.com/api/v1/ioc/123e4567-e89b-12d3-a456-426614174000"Response
{
"scan_id": "123e4567-e89b-12d3-a456-426614174000",
"url": "https://example.com",
"scan_status": "completed",
"submitted_at": "2025-09-19T10:00:00Z",
"summary": {
"total_matches": 2,
"unique_indicators": 2,
"ip_matches": 1,
"domain_matches": 1,
"threat_types": ["phishing", "malware"],
"has_threats": true
},
"matches": [
{
"indicator": "192.168.1.100",
"indicator_type": "ip",
"threat_type": "malware",
"sources": ["abuse.ch", "blocklist.de"],
"context": {
"found_in": "network_request",
"location": "https://example.com/api/track"
}
}
]
}GET
/api/v1/ct/{domain}Certificate Transparency Logs
Get SSL/TLS certificates for a domain from Certificate Transparency logs
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to search (e.g., "example.com") |
Response
{
"domain": "string",
"certificates": [
{
"hash": "string",
"timestamp": "string",
"log": "string",
"issuer": "string",
"subject": "string",
"san": "array"
}
],
"total": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/ct/example.com"Response
{
"domain": "example.com",
"certificates": [
{
"hash": "abc123def456...",
"timestamp": "2025-09-19T10:00:00Z",
"log": "Google 'Argon2023' log",
"issuer": "DigiCert Inc",
"subject": "CN=*.example.com",
"san": ["*.example.com", "example.com"]
}
],
"total": 45
}GET
/api/v1/ct/similar/{domain}Similar Domain Certificates
Find certificates for similar or related domains (typosquatting detection)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The base domain to find similar domains for |
Response
{
"domain": "string",
"similar_domains": [
{
"domain": "string",
"similarity_score": "number",
"certificates_count": "integer",
"first_seen": "string",
"last_seen": "string"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/ct/similar/example.com"Response
{
"domain": "example.com",
"similar_domains": [
{
"domain": "examp1e.com",
"similarity_score": 0.92,
"certificates_count": 2,
"first_seen": "2025-08-15T10:00:00Z",
"last_seen": "2025-09-19T10:00:00Z"
},
{
"domain": "example-com.net",
"similarity_score": 0.85,
"certificates_count": 1,
"first_seen": "2025-09-01T10:00:00Z",
"last_seen": "2025-09-01T10:00:00Z"
}
]
}GET
/api/v1/ct/dns/{domain}DNS History from Certificates
Get DNS history and subdomains discovered via Certificate Transparency
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get DNS history for |
Response
{
"domain": "string",
"subdomains": "array",
"dns_history": [
{
"hostname": "string",
"first_seen": "string",
"last_seen": "string",
"certificate_count": "integer"
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/ct/dns/example.com"Response
{
"domain": "example.com",
"subdomains": [
"www.example.com",
"api.example.com",
"blog.example.com",
"mail.example.com"
],
"dns_history": [
{
"hostname": "www.example.com",
"first_seen": "2020-01-15T10:00:00Z",
"last_seen": "2025-09-19T10:00:00Z",
"certificate_count": 24
}
]
}GET
/api/v1/ct/ip/{ip}Certificates by IP Address
Find all certificates associated with an IP address
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip | string | Required | The IP address to search |
Response
{
"ip": "string",
"domains": [
{
"domain": "string",
"certificate_hash": "string",
"timestamp": "string",
"issuer": "string"
}
],
"total_certificates": "integer",
"unique_domains": "integer"
}Example
Request
curl "https://scanmalware.com/api/v1/ct/ip/93.184.216.34"Response
{
"ip": "93.184.216.34",
"domains": [
{
"domain": "example.com",
"certificate_hash": "abc123...",
"timestamp": "2025-09-19T10:00:00Z",
"issuer": "DigiCert Inc"
}
],
"total_certificates": 15,
"unique_domains": 3
}GET
/api/v1/ct/timeline/{domain}Certificate Timeline
Get chronological timeline of certificate issuance for a domain
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to get timeline for |
days | integer | Optional | Number of days to look back (default: 365) |
Response
{
"domain": "string",
"timeline": [
{
"date": "string",
"certificate_count": "integer",
"issuers": "array",
"events": [
{
"timestamp": "string",
"issuer": "string",
"certificate_hash": "string",
"san_count": "integer"
}
]
}
]
}Example
Request
curl "https://scanmalware.com/api/v1/ct/timeline/example.com?days=30"Response
{
"domain": "example.com",
"timeline": [
{
"date": "2025-09-19",
"certificate_count": 2,
"issuers": ["DigiCert Inc", "Let's Encrypt"],
"events": [
{
"timestamp": "2025-09-19T10:00:00Z",
"issuer": "DigiCert Inc",
"certificate_hash": "abc123...",
"san_count": 2
}
]
}
]
}