urlscan.io Analysis

urlscan io is a web service that analyzes websites and provides detailed reports on their behavior urlscan io is a web security analysis platform that allows users to scan and analyze websites for potential threats and vulnerabilities the urlscan io analysis connector enables swimlane turbine users to automate the retrieval of detailed analysis results, dom snapshots, and screenshots of web submissions additionally, users can monitor their account's quota usage and execute advanced searches on urlscan io records this integration enhances security operations by providing comprehensive web analysis capabilities, allowing for efficient threat detection and response within the swimlane turbine platform prerequisites before you can use the urlscan io analysis connector for turbine, you'll need access to the urlscan io api this requires the following an api key authentication using the following parameters url the endpoint for accessing urlscan io services api key a unique key provided by urlscan io to authenticate requests connector setup obtaining an api token navigate to your user profile https //urlscan io/user/profile/ click settings & api click create an api key capabilities the urlscan io connector has the following capabilities submit urls get information about url search urls for full info search urls for minimal info get quota details notes quota information https //urlscan io/products/ documentation https //urlscan io/docs/api/ this connector was last tested against api version 1 configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get result retrieve the analysis results for a specific submission using its unique identifier (uuid) from urlscan io endpoint url api/v1/result/{{uuid}} method get input argument name type required description path parameters uuid string required parameters for the get result action input example {"path parameters" {"uuid" "942a4e6d 6c30 421a 892b 30a5813e0ab0"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data requests array response data data requests request object response data data requests request requestid string response data data requests request loaderid string response data data requests request documenturl string response data data requests request request object response data data requests request request url string response data data requests request request method string response data data requests request request headers object response data data requests request request mixedcontenttype string response data data requests request request initialpriority string response data data requests request request referrerpolicy string response data data requests request request issamesite boolean response data data requests request timestamp number response data data requests request walltime number response data data requests request initiator object response data data requests request initiator type string response data data requests request redirecthasextrainfo boolean response data data requests request type string response data data requests request frameid string response data data requests request hasusergesture boolean response data data requests requests array response data output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 17 17 38 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x rate limit scope" "user","x rate limit action" "retrieve","x rate limit window" "minute","x rate limit limit" "120","x rate limit remaining" "120","x rate limit reset" "2022 10 21t17 18 00 000z","x rate limit reset after" "21","cache control" "public, max age=60","etag" "w/\\"e0543 gwhtf0zjquwawu7 get result dom snapshot retrieve the document object model (dom) snapshot for a given submission in urlscan io using the unique identifier (uuid) endpoint url dom/{{uuid}} method get input argument name type required description path parameters uuid string required parameters for the get result dom snapshot action input example {"path parameters" {"uuid" "942a4e6d 6c30 421a 892b 30a5813e0ab0"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 20 50 50 gmt","transfer encoding" "chunked","connection" "keep alive","cache control" "max age=3600, public","etag" "\\"b562ca8316f97fa9c32eb5f914f12aef\\"","last modified" "fri, 21 oct 2022 17 11 41 gmt","expires" "fri, 21 oct 2022 21 50 50 gmt","content security policy" "default src 'self' data ; script src 'self' data developers google com www goo ","referrer policy" "unsafe url","strict transport security" "ma get result screenshot retrieve a screenshot from a specific urlscan io submission using the unique identifier (uuid) endpoint url screenshots/{{uuid}} png method get input argument name type required description path parameters uuid string required parameters for the get result screenshot action input example {"path parameters" {"uuid" "942a4e6d 6c30 421a 892b 30a5813e0ab0"}} output parameter type description file object result screenshot file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} quotas and rate limiting retrieve the current quota usage and rate limit information for your urlscan io account endpoint url user/quotas method get output parameter type description status code number http status code of the response reason string response reason phrase source string output field source limits object output field limits limits private object output field limits private limits private day object output field limits private day limits private day limit number output field limits private day limit limits private day used number output field limits private day used limits private day remaining number output field limits private day remaining limits private day percent number output field limits private day percent limits private hour object output field limits private hour limits private hour limit number output field limits private hour limit limits private hour used number output field limits private hour used limits private hour remaining number output field limits private hour remaining limits private hour percent number output field limits private hour percent limits private minute object output field limits private minute limits private minute limit number output field limits private minute limit limits private minute used number output field limits private minute used limits private minute remaining number output field limits private minute remaining limits private minute percent number output field limits private minute percent limits public object output field limits public limits public day object output field limits public day limits public day limit number output field limits public day limit limits public day used number output field limits public day used limits public day remaining number output field limits public day remaining output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 17 06 58 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept","etag" "w/\\"ae0 afycne0rns8+abik6yuucbab9lk\\"","content security policy" "default src 'self' data ; script src 'self' data developers google com www goo ","referrer policy" "unsafe url","strict transport security" "max age=63072000; includesubdomains; preload","x content type opt search execute an elasticsearch query on urlscan io records to retrieve relevant analysis data requires a query parameter 'q' endpoint url api/v1/search method get input argument name type required description parameters q string required parameters for the search action parameters size number optional parameters for the search action parameters search after string optional parameters for the search action input example {"parameters" {"q" " ","size" 100,"search after" "1666385691272,7b659f9d e509 4bb4 b07e eda8ff6b0bc8"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results task object result of the operation results task visibility string result of the operation results task method string http method to use results task domain string result of the operation results task apexdomain string result of the operation results task time string result of the operation results task uuid string unique identifier results task url string url endpoint for the request results stats object result of the operation results stats uniqips number result of the operation results stats uniqcountries number result of the operation results stats datalength number response data results stats encodeddatalength number response data results stats requests number result of the operation results page object result of the operation results page country string result of the operation results page redirected string result of the operation results page ip string result of the operation results page mimetype string type of the resource results page title string result of the operation results page url string url endpoint for the request results page tlsvaliddays number unique identifier output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 21 04 12 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x rate limit scope" "user","x rate limit action" "search","x rate limit window" "day","x rate limit limit" "1000","x rate limit remaining" "999","x rate limit reset" "2022 10 22t00 00 00 000z","x rate limit reset after" "10547","etag" "w/\\"243e9 rkqp/slcs/yu8hgkeocno5+gtdw\\"","content security poli submit submit a url to urlscan io for scanning and analysis, returning the scan's unique identifier requires 'url' and 'visibility' parameters endpoint url api/v1/scan method post input argument name type required description url string optional url endpoint for the request visibility string optional parameter for submit tags array optional parameter for submit customagent string optional parameter for submit referer string optional parameter for submit overridesafety string optional unique identifier country string optional parameter for submit input example {"json body" {"url" "swimlane com","visibility" "public","tags" \["tag1","tag2"],"customagent" "","referer" "","overridesafety" "","country" "us"}} output parameter type description status code number http status code of the response reason string response reason phrase message string response message uuid string unique identifier result string result of the operation api string output field api visibility string output field visibility options object output field options url string url endpoint for the request output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 17 11 33 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x rate limit scope" "user","x rate limit action" "public","x rate limit window" "minute","x rate limit limit" "60","x rate limit remaining" "60","x rate limit reset" "2022 10 21t17 12 00 000z","x rate limit reset after" "26","vary" "accept","etag" "w/\\"148 etytsyfmloayncetbym/arvpacq\\"","content se response headers header description example access control allow headers http response header access control allow headers dnt,x mx reqtoken,keep alive,user agent,x requested with,if modified since,cache control,content type access control allow methods http response header access control allow methods get, options access control allow origin http response header access control allow origin access control max age http response header access control max age 1728000 cache control directives for caching mechanisms public, max age=60 connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self' data ; script src 'self' data developers google com www google com http //www google com www gstatic com http //www gstatic com https //js hs scripts com https //js hs scripts com https //js hsleadflows net https //js hsleadflows net https //js hs banner com https //js hs banner com https //js hsadspixel net https //js hsadspixel net https //js hubspotfeedback com https //js hubspotfeedback com https //js usemessages com https //js usemessages com https //js hs analytics net https //js hs analytics net https //js hscollectedforms net https //js hscollectedforms net https //js hsforms net https //js hsforms net https //js na1 hs scripts com https //js na1 hs scripts com https //forms hsforms com https //forms hsforms com ; style src 'self' 'unsafe inline' fonts googleapis com www google com http //www google com ; img src data hubspot com cdn2 hubspot net forms hsforms com; font src 'self' fonts gstatic com; child src 'self' app hubspot com forms hsforms com js hsadspixel net js hscollectedforms net js usemessages com; frame src https //www google com/recaptcha/ https //www google com/recaptcha/ hubspot com forms hsforms com js hsadspixel net js hscollectedforms net js usemessages com; form action 'self' forms hsforms com forms hubspot com; connect src 'self' hubspot com api hubapi com js usemessages com js hsleadflows net js hs banner com js hubspotfeedback com js hsadspixel net js hs analytics net js hs scripts com forms hsforms com; upgrade insecure requests; frame ancestors 'none' content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt etag an identifier for a specific version of a resource w/"ae0 afycne0rns8+abik6yuucbab9lk" expires the date/time after which the response is considered stale fri, 21 oct 2022 21 50 50 gmt last modified the date and time at which the origin server believes the resource was last modified fri, 21 oct 2022 17 11 41 gmt referrer policy http response header referrer policy unsafe url server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=63072000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary accept x content type options http response header x content type options nosniff x frame options http response header x frame options deny x proxy cache http response header x proxy cache miss x rate limit action http response header x rate limit action retrieve x rate limit limit http response header x rate limit limit 60 x rate limit remaining http response header x rate limit remaining 60 x rate limit reset http response header x rate limit reset 2022 10 21t17 12 00 000z x rate limit reset after http response header x rate limit reset after 21 x rate limit scope http response header x rate limit scope user x rate limit window http response header x rate limit window day x robots tag http response header x robots tag all x xss protection http response header x xss protection 0