开发者参考
钓鱼调查 API 文档
钓鱼调查 API 文档: 通过全面的证据包调查疑似钓鱼域名。收集 DNS 记录、WHOIS 数据、SSL 证书,并创建带时间戳的报告以用于删除请求。
钓鱼调查
通过全面的证据包调查疑似钓鱼域名。收集 DNS 记录、WHOIS 数据、SSL 证书,并创建带时间戳的报告以用于删除请求。
GET
/v1/recipes/phishing-investigation
查询参数
| 参数 | 类型 | 必需 |
|---|---|---|
| suspicious_domain | string | 必需 |
| legitimate_domain | string | 可选 |
| collect_evidence | boolean | 可选 |
响应字段
| 字段 | 类型 |
|---|---|
success |
boolean |
data |
object |
data.suspicious_domain |
string |
data.legitimate_domain |
string |
data.verdict |
string |
data.confidence |
number |
data.indicators |
object |
data.indicators.typosquatting |
object |
data.indicators.typosquatting.detected |
boolean |
data.indicators.typosquatting.technique |
string |
data.indicators.domain_age |
object |
data.indicators.domain_age.days |
number |
data.indicators.domain_age.risk |
string |
data.indicators.registration |
object |
data.indicators.registration.privacy_protected |
boolean |
data.indicators.registration.registrar |
string |
data.indicators.registration.created_date |
string |
data.indicators.infrastructure |
object |
data.indicators.infrastructure.ip |
string |
data.indicators.infrastructure.hosting |
string |
data.indicators.infrastructure.geolocation |
string |
data.indicators.ssl |
object |
data.indicators.ssl.valid |
boolean |
data.indicators.ssl.issuer |
string |
data.indicators.ssl.age_days |
number |
data.indicators.reputation |
object |
data.indicators.reputation.blocklisted |
boolean |
data.indicators.reputation.similar_reports |
number |
data.comparison_to_legitimate |
object |
data.comparison_to_legitimate.similarity_score |
number |
data.comparison_to_legitimate.visual_differences[] |
string[] |
data.evidence_package |
object |
data.evidence_package.dns_snapshot |
object |
data.evidence_package.dns_snapshot.A[] |
string[] |
data.evidence_package.whois_snapshot |
object |
data.evidence_package.whois_snapshot.registrar |
string |
data.evidence_package.timestamp |
string |
data.recommended_actions[] |
string[] |
meta |
object |
meta.recipe_name |
string |
meta.credits_used |
number |
meta.credits_saved |
number |
meta.duration_ms |
number |
meta.components_called[] |
string[] |
meta.cached_components[] |
array |
meta.timestamp |
string |
errors[] |
array |
请求示例
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/recipes/phishing-investigation?suspicious_domain=examp1e.com&legitimate_domain=example.com&collect_evidence=true"响应示例
{
"success": true,
"data": {
"suspicious_domain": "examp1e.com",
"legitimate_domain": "example.com",
"verdict": "confirmed_phishing",
"confidence": 0.93,
"indicators": {
"typosquatting": {
"detected": true,
"technique": "character_swap"
},
"domain_age": {
"days": 3,
"risk": "high"
},
"registration": {
"privacy_protected": true,
"registrar": "Example Registrar",
"created_date": "2026-04-12"
},
"infrastructure": {
"ip": "203.0.113.18",
"hosting": "Suspicious Hosting Ltd.",
"geolocation": "NL"
},
"ssl": {
"valid": true,
"issuer": "Let's Encrypt",
"age_days": 2
},
"reputation": {
"blocklisted": true,
"similar_reports": 4
}
},
"comparison_to_legitimate": {
"similarity_score": 0.97,
"visual_differences": [
"digit-substitution in second label character"
]
},
"evidence_package": {
"dns_snapshot": {
"A": [
"203.0.113.18"
]
},
"whois_snapshot": {
"registrar": "Example Registrar"
},
"timestamp": "2026-04-15T11:24:00Z"
},
"recommended_actions": [
"Report to registrar abuse contact",
"Submit URL to Safe Browsing and internal blocklists"
]
},
"meta": {
"recipe_name": "phishing-investigation",
"credits_used": 10,
"credits_saved": 12,
"duration_ms": 952,
"components_called": [
"whois",
"dns",
"ip",
"reputation",
"health",
"certificates"
],
"cached_components": [],
"timestamp": "2026-04-15T11:24:00Z"
},
"errors": []
}
