Riferimento per sviluppatori
Indagine Phishing Documentazione API
Indagine Phishing Documentazione API: Indaghi sui domini sospetti di phishing con un pacchetto completo di prove. Raccoglie record DNS, dati WHOIS, certificati SSL e crea un rapporto con timestamp per le richieste di rimozione.
Indagine Phishing
Indaghi sui domini sospetti di phishing con un pacchetto completo di prove. Raccoglie record DNS, dati WHOIS, certificati SSL e crea un rapporto con timestamp per le richieste di rimozione.
GET
/v1/recipes/phishing-investigation
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| suspicious_domain | string | obbligatorio |
| legitimate_domain | string | facoltativo |
| collect_evidence | boolean | facoltativo |
Campi di risposta
| Campo | Tipo |
|---|---|
success |
boolean |
data |
object |
data.suspicious_domain |
string |
data.legitimate_domain |
string |
data.verdict |
string |
data.confidence |
number |
data.indicators |
object |
data.indicators.typosquatting |
object |
data.indicators.typosquatting.detected |
boolean |
data.indicators.typosquatting.technique |
string |
data.indicators.domain_age |
object |
data.indicators.domain_age.days |
number |
data.indicators.domain_age.risk |
string |
data.indicators.registration |
object |
data.indicators.registration.privacy_protected |
boolean |
data.indicators.registration.registrar |
string |
data.indicators.registration.created_date |
string |
data.indicators.infrastructure |
object |
data.indicators.infrastructure.ip |
string |
data.indicators.infrastructure.hosting |
string |
data.indicators.infrastructure.geolocation |
string |
data.indicators.ssl |
object |
data.indicators.ssl.valid |
boolean |
data.indicators.ssl.issuer |
string |
data.indicators.ssl.age_days |
number |
data.indicators.reputation |
object |
data.indicators.reputation.blocklisted |
boolean |
data.indicators.reputation.similar_reports |
number |
data.comparison_to_legitimate |
object |
data.comparison_to_legitimate.similarity_score |
number |
data.comparison_to_legitimate.visual_differences[] |
string[] |
data.evidence_package |
object |
data.evidence_package.dns_snapshot |
object |
data.evidence_package.dns_snapshot.A[] |
string[] |
data.evidence_package.whois_snapshot |
object |
data.evidence_package.whois_snapshot.registrar |
string |
data.evidence_package.timestamp |
string |
data.recommended_actions[] |
string[] |
meta |
object |
meta.recipe_name |
string |
meta.credits_used |
number |
meta.credits_saved |
number |
meta.duration_ms |
number |
meta.components_called[] |
string[] |
meta.cached_components[] |
array |
meta.timestamp |
string |
errors[] |
array |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/recipes/phishing-investigation?suspicious_domain=examp1e.com&legitimate_domain=example.com&collect_evidence=true"Risposta di esempio
{
"success": true,
"data": {
"suspicious_domain": "examp1e.com",
"legitimate_domain": "example.com",
"verdict": "confirmed_phishing",
"confidence": 0.93,
"indicators": {
"typosquatting": {
"detected": true,
"technique": "character_swap"
},
"domain_age": {
"days": 3,
"risk": "high"
},
"registration": {
"privacy_protected": true,
"registrar": "Example Registrar",
"created_date": "2026-04-12"
},
"infrastructure": {
"ip": "203.0.113.18",
"hosting": "Suspicious Hosting Ltd.",
"geolocation": "NL"
},
"ssl": {
"valid": true,
"issuer": "Let's Encrypt",
"age_days": 2
},
"reputation": {
"blocklisted": true,
"similar_reports": 4
}
},
"comparison_to_legitimate": {
"similarity_score": 0.97,
"visual_differences": [
"digit-substitution in second label character"
]
},
"evidence_package": {
"dns_snapshot": {
"A": [
"203.0.113.18"
]
},
"whois_snapshot": {
"registrar": "Example Registrar"
},
"timestamp": "2026-04-15T11:24:00Z"
},
"recommended_actions": [
"Report to registrar abuse contact",
"Submit URL to Safe Browsing and internal blocklists"
]
},
"meta": {
"recipe_name": "phishing-investigation",
"credits_used": 10,
"credits_saved": 12,
"duration_ms": 952,
"components_called": [
"whois",
"dns",
"ip",
"reputation",
"health",
"certificates"
],
"cached_components": [],
"timestamp": "2026-04-15T11:24:00Z"
},
"errors": []
}
