CheckPhish URL Scanner and Sandbox

the checkphish connector enables automated url scanning and threat detection, integrating with swimlane turbine to enhance cybersecurity operations checkphish is a cutting edge threat detection service that specializes in identifying and analyzing phishing urls in real time this connector enables swimlane turbine users to automate the process of scanning urls for phishing threats and retrieving detailed analysis results by integrating with checkphish url scanner and sandbox, security teams can quickly perform quick or full scans on urls and obtain scan results, including insights, directly within the swimlane platform this enhances the efficiency of threat detection workflows and accelerates response times to potential phishing attacks checkphish detects and monitors phishing and scam sites with checkphish, you can scan suspicious urls and monitor for typosquats and lookalikes variants of a domain it is a free real time url scanner providing deep threat intelligence, including screenshots, certificates, dom tree, and hosting details prerequisites to effectively utilize the checkphish url scanner and sandbox connector with swimlane turbine, ensure you have the following checkphish api authentication with these parameters url the endpoint for the checkphish api services api key your unique key to access the checkphish api capabilities the checkphish url scanner and sandbox connector provides the following capabilities quick scan full scan get scan results api documentation for more information on checkphish checkphish url scanner and sandbox api documentation https //bolster ai/kbarticles/scan apis for checkphish users configurations checkphish api authentication checkphish url scanner and sandbox api authentication configuration parameters parameter description type required url a url to the target host string required apikey checkphish api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get scan results retrieve the scan results for a specific jobid from checkphish url scanner and sandbox endpoint url /api/neo/scan/status method post input argument name type required description jobid string required unique identifier insights boolean optional parameter for get scan results output parameter type description status code number http status code of the response reason string response reason phrase job id string unique identifier status string status value url string url endpoint for the request url sha256 string url endpoint for the request disposition string output field disposition brand string output field brand insights string output field insights resolved boolean output field resolved screenshot path string output field screenshot path scan start ts number output field scan start ts scan end ts number output field scan end ts error boolean error message if any image objects array output field image objects categories array output field categories example \[ { "status code" 200, "response headers" { "date" "tue, 27 aug 2024 12 44 06 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "origin, accept encoding", "access control allow credentials" "true", "x xss protection" "1; mode=block", "x frame options" "sameorigin", "strict transport security" "max age=15552000; preload", "x download options" "noopen", "x content type options" "nosniff", "etag" "w/\\"278 vbdymiy461hlwkspcguqdhbh5su\\"", "cf cache status" "dynamic", "set cookie" " cf bm=ecyyiolwhp qszr9kkapajcl8dlx8a vs6 exexk9js 1724762646 1 0 1 1 d sbqtyjs ", "server" "cloudflare" }, "reason" "ok", "json body" { "job id" "371d2a29 0b67 4e28 a69d 57cc0b52e6b1", "status" "done", "url" "https //github com/", "url sha256" "09a8b930c8b79e7c313e5e741e1d59c39ae91bc1f10cdefa68b47bf77519be57", "disposition" "clean", "brand" "unknown", "insights" "https //checkphish ai/insights/url/1724061284037/09a8b930c8b79e7c313e5e741e1d59c ", "resolved" false, "screenshot path" "https //bst prod screenshots s3 us west 2 amazonaws com/20240819/09a8b930c8b79e7 ", "scan start ts" 1724061284026, "scan end ts" 1724061291801, "error" false, "image objects" \[], "categories" \[] } } ] quick and full scan perform either a quick or full scan on a specified url with checkphish, tailored to the scan type selected endpoint url /api/neo/scan method post input argument name type required description urlinfo object optional url endpoint for the request url string optional url endpoint for the request scantype string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase jobid string unique identifier timestamp number output field timestamp example \[ { "status code" 200, "response headers" { "date" "fri, 16 aug 2024 10 02 36 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "origin, accept encoding", "access control allow credentials" "true", "x xss protection" "1; mode=block", "x frame options" "sameorigin", "strict transport security" "max age=15552000; preload", "x download options" "noopen", "x content type options" "nosniff", "etag" "w/\\"4a efxignfs600kb7cmgra0tgg1ihk\\"", "cf cache status" "dynamic", "set cookie" " cf bm=fcvkurfdtbi nwrlr299pwoq wcuo0igwy c cvjna 1723802556 1 0 1 1 9k4larqp3 ", "server" "cloudflare" }, "reason" "ok", "json body" { "jobid" "8395ec8d c031 468f 92f6 f6da6dfcb602", "timestamp" 1723802556059 } } ] response headers header description example access control allow credentials http response header access control allow credentials true alt svc http response header alt svc h3=" 443 "; ma=86400 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8b9c26a66d0979e0 hyd connection http response header connection keep alive content encoding http response header content encoding gzip content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated fri, 16 aug 2024 10 02 36 gmt etag an identifier for a specific version of a resource w/"4a efxignfs600kb7cmgra0tgg1ihk" server information about the software used by the origin server cloudflare set cookie http response header set cookie cf bm=fcvkurfdtbi nwrlr299pwoq wcuo0igwy c cvjna 1723802556 1 0 1 1 9k4larqp3t0hmajgosa cy655u0xhzhbfr7tu5invq ih2zjlmw0fb83zyuqxsut2oy86xg pghr9ekcbk9ycq; path=/; expires=fri, 16 aug 24 10 32 36 gmt; domain= bolster ai; httponly; secure; samesite=none strict transport security http response header strict transport security max age=15552000; preload transfer encoding http response header transfer encoding chunked vary http response header vary origin, accept encoding x content type options http response header x content type options nosniff x download options http response header x download options noopen x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block