Referencia para Desarrolladores
Investigación de Phishing Documentación API
Investigación de Phishing Documentación API: Investiga dominios sospechosos de phishing con un paquete de evidencia completo. Recopila registros DNS, datos WHOIS, certificados SSL y crea un informe con marca de tiempo para solicitudes de eliminación.
Investigación de Phishing
Investiga dominios sospechosos de phishing con un paquete de evidencia completo. Recopila registros DNS, datos WHOIS, certificados SSL y crea un informe con marca de tiempo para solicitudes de eliminación.
GET
/v1/recipes/phishing-investigation
Parámetros de consulta
| Parámetro | Tipo | obligatorio |
|---|---|---|
| suspicious_domain | string | obligatorio |
| legitimate_domain | string | opcional |
| collect_evidence | boolean | opcional |
Campos de respuesta
| Campo | Tipo |
|---|---|
success |
boolean |
data |
object |
data.suspicious_domain |
string |
data.legitimate_domain |
string |
data.verdict |
string |
data.confidence |
number |
data.indicators |
object |
data.indicators.typosquatting |
object |
data.indicators.typosquatting.detected |
boolean |
data.indicators.typosquatting.technique |
string |
data.indicators.domain_age |
object |
data.indicators.domain_age.days |
number |
data.indicators.domain_age.risk |
string |
data.indicators.registration |
object |
data.indicators.registration.privacy_protected |
boolean |
data.indicators.registration.registrar |
string |
data.indicators.registration.created_date |
string |
data.indicators.infrastructure |
object |
data.indicators.infrastructure.ip |
string |
data.indicators.infrastructure.hosting |
string |
data.indicators.infrastructure.geolocation |
string |
data.indicators.ssl |
object |
data.indicators.ssl.valid |
boolean |
data.indicators.ssl.issuer |
string |
data.indicators.ssl.age_days |
number |
data.indicators.reputation |
object |
data.indicators.reputation.blocklisted |
boolean |
data.indicators.reputation.similar_reports |
number |
data.comparison_to_legitimate |
object |
data.comparison_to_legitimate.similarity_score |
number |
data.comparison_to_legitimate.visual_differences[] |
string[] |
data.evidence_package |
object |
data.evidence_package.dns_snapshot |
object |
data.evidence_package.dns_snapshot.A[] |
string[] |
data.evidence_package.whois_snapshot |
object |
data.evidence_package.whois_snapshot.registrar |
string |
data.evidence_package.timestamp |
string |
data.recommended_actions[] |
string[] |
meta |
object |
meta.recipe_name |
string |
meta.credits_used |
number |
meta.credits_saved |
number |
meta.duration_ms |
number |
meta.components_called[] |
string[] |
meta.cached_components[] |
array |
meta.timestamp |
string |
errors[] |
array |
Solicitud de ejemplo
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/recipes/phishing-investigation?suspicious_domain=examp1e.com&legitimate_domain=example.com&collect_evidence=true"Respuesta de ejemplo
{
"success": true,
"data": {
"suspicious_domain": "examp1e.com",
"legitimate_domain": "example.com",
"verdict": "confirmed_phishing",
"confidence": 0.93,
"indicators": {
"typosquatting": {
"detected": true,
"technique": "character_swap"
},
"domain_age": {
"days": 3,
"risk": "high"
},
"registration": {
"privacy_protected": true,
"registrar": "Example Registrar",
"created_date": "2026-04-12"
},
"infrastructure": {
"ip": "203.0.113.18",
"hosting": "Suspicious Hosting Ltd.",
"geolocation": "NL"
},
"ssl": {
"valid": true,
"issuer": "Let's Encrypt",
"age_days": 2
},
"reputation": {
"blocklisted": true,
"similar_reports": 4
}
},
"comparison_to_legitimate": {
"similarity_score": 0.97,
"visual_differences": [
"digit-substitution in second label character"
]
},
"evidence_package": {
"dns_snapshot": {
"A": [
"203.0.113.18"
]
},
"whois_snapshot": {
"registrar": "Example Registrar"
},
"timestamp": "2026-04-15T11:24:00Z"
},
"recommended_actions": [
"Report to registrar abuse contact",
"Submit URL to Safe Browsing and internal blocklists"
]
},
"meta": {
"recipe_name": "phishing-investigation",
"credits_used": 10,
"credits_saved": 12,
"duration_ms": 952,
"components_called": [
"whois",
"dns",
"ip",
"reputation",
"health",
"certificates"
],
"cached_components": [],
"timestamp": "2026-04-15T11:24:00Z"
},
"errors": []
}
