Back to Documentation
API (TIP)

URL-API

URL-API

Description

The URL Information API provides detailed insights about a given URL, including registration details, SSL certificate information, DNS records, user analytics, threat intelligence, sandbox analysis, and rankings.

Endpoint

1GET https://api.cybercheck360.com/v1/search/url

Query Parameters

ParameterTypeRequiredDescription
urlstringYesThe URL to retrieve details for (e.g., https://www.cybercheck360.com).
user_analyticsbooleanNoSet to True to include user analytics data in the response. Defaults to False.
sand_boxbooleanNoSet to True to include sandbox analysis results. Defaults to False.
Note : this can take longer to respond as it visits the webpage in realtime for analysis
cybercheck360booleanNoSet to True to include Cybercheck360's verdict. Defaults to False.

Authentication

This API requires an API key to be passed in the request header.

Header NameTypeRequiredDescription
X-API-KEYstringYesapi key token

Sample Request

1GET https://api.cybercheck360.com/v1/search/url/?user_analytics=true&sand_box=true&cybercheck360=true&url=https://x.com

Response

The API response includes multiple sections depending on the parameters enabled.

Default Response (Without optional Parameters)

1{
2    "url": "https://x.com",
3    "domain": "x.com",
4    "parent_domain": "X.COM",
5    "registration_date": "1993-04-02 05:00:00",
6    "last_update_date": "2024-12-03 21:03:37",
7    "expiration_date": "2034-10-20 19:56:17",
8    "organization": null,
9    "registrar": "GoDaddy.com, LLC",
10    "name_servers": [
11        "A.R10.TWTRDNS.NET",
12        "A.U10.TWTRDNS.NET",
13        "B.R10.TWTRDNS.NET",
14        "B.U10.TWTRDNS.NET",
15        "C.R10.TWTRDNS.NET",
16        "C.U10.TWTRDNS.NET",
17        "D.R10.TWTRDNS.NET",
18        "D.U10.TWTRDNS.NET"
19    ],
20    "abuse_emails": [
21        "abuse@godaddy.com"
22    ],
23    "dns": {
24        "A": [
25            "162.159.140.229",
26            "172.66.0.227"
27        ],
28        "AAAA": null,
29        "MX": [
30            "alt2.aspmx.l.google.com",
31            "alt3.aspmx.l.google.com",
32            "aspmx.l.google.com",
33            "alt1.aspmx.l.google.com",
34            "alt4.aspmx.l.google.com"
35        ],
36        "NS": [
37            "a.u10.twtrdns.net",
38            "d.r10.twtrdns.net",
39            "b.r10.twtrdns.net",
40            "a.r10.twtrdns.net",
41            "d.u10.twtrdns.net",
42            "c.u10.twtrdns.net",
43            "b.u10.twtrdns.net",
44            "c.r10.twtrdns.net"
45        ],
46        "TXT": [
47            "<ares_query_txt_result> text=shopify-verification-code=cUZazKrqCWgcshrcGvgfFR1lieuhRF, ttl=-1",
48            "<ares_query_txt_result> text=atlassian-domain-verification=j6u0o1PTkobCXC84uEF/sWpIPtaZURBVYqKzmTvT8wugLcHT1vvrzzA63iP1qSLN, ttl=-1",
49            "<ares_query_txt_result> text=apple-domain-verification=sEij6tJOW11fVNrG, ttl=-1",
50            "<ares_query_txt_result> text=_w548xs1kfxtlqk3jyx19bzwk34c473i, ttl=-1",
51            "<ares_query_txt_result> text=google-site-verification=F6u9mGL--d2lbLljvH3b1UUgXtevQPdcamKr9c8914A, ttl=-1",
52            "<ares_query_txt_result> text=v=spf1 ip4:199.16.156.0/22 ip4:199.59.148.0/22 include:_spf.google.com include:_spf.salesforce.com include:_oerp.x.com include:phx1.rp.oracleemaildelivery.com include:iad1.rp.oracleemaildelivery.com -all, ttl=-1",
53            "<ares_query_txt_result> text=3089463, ttl=-1",
54            "<ares_query_txt_result> text=kkdl3qb3tcrmdhfsm803p67r0my0svs8, ttl=-1",
55            "<ares_query_txt_result> text=figma-domain-verification=ee8420edd01965ba297f3438c907cfc6fbbaa1ee90a07b28f28bcfca8e6017bb-1729630998, ttl=-1",
56            "<ares_query_txt_result> text=google-site-verification=8yQmoVhQedzlt36RPeQP41ytrEFk9aHEnde_xm0626g, ttl=-1",
57            "<ares_query_txt_result> text=google-site-verification=lEZNYWieV7-UbDJafAm0u_RvNFb7GGqIYWAP4JmG5qs, ttl=-1",
58            "<ares_query_txt_result> text=atlassian-sending-domain-verification=bd424180-8645-4de5-bd6a-285479c7577a, ttl=-1",
59            "<ares_query_txt_result> text=google-site-verification=rbRGYlOADDbtUYJTGd8GEDm0PwPZExviDSaSH4JLR8Q, ttl=-1",
60            "<ares_query_txt_result> text=slack-domain-verification=Csk4bjCPFnJaDLLaKFUwCTFuUpCVvnYlAm2Tba0i, ttl=-1",
61            "<ares_query_txt_result> text=stripe-verification=46F7B88485621DC18923B43D12E90E6CDBCE232F2FEBCF084E6EFA91F6BA707D, ttl=-1",
62            "<ares_query_txt_result> text=adobe-idp-site-verification=ab4d9ce3473a73e81f46238da34ea4967fd5ac80e5c43fbfa8dff46d06a5321c, ttl=-1",
63            "<ares_query_txt_result> text=google-site-verification=reUF-TgZq93ZGtzImw42sfYglI2hY0QiGRmfc4jeKbs, ttl=-1",
64            "<ares_query_txt_result> text=adobe-sign-verification=c693a744ee2d282a36a43e6e724c5ea, ttl=-1"
65        ],
66        "spf_status": "Hard-Fail",
67        "SOA": [
68            "Error: 'ares_query_soa_result' object is not iterable"
69        ],
70        "CNAME": null,
71        "PTR": null,
72        "SRV": null,
73        "CAA": null
74    },
75    "threat_intel": {
76        "listings": {
77            "summary": {},
78            "tags": [],
79            "listed_feeds": []
80        },
81        "overall_feeds": {
82            "Malware": 2,
83            "Spam": 1,
84            "Exploit": 1
85        }
86    }
87}

Individual Responses by Parameter

User Analytics (If user_analytics=True)

1{
2  "user_analytics": {
3        "url_analytics": {
4            "search_count": 1,
5            "fp_reports_count": 0,
6            "malicious_reports_count": 0,
7            "user_blacklist_count": 0,
8            "user_whitelist_count": 0
9        },
10        "domain_analytics": {
11            "search_count": 1,
12            "fp_reports_count": 0,
13            "malicious_reports_count": 0,
14            "user_blacklist_count": 0,
15            "user_whitelist_count": 0
16        }
17    }
18}

Sandbox Analysis (If sand_box=True)

When enabled, the sandbox analysis captures

Using this feature may delay the response as it has to perform live interaction with the given url to capture all details.

FeatureDescription
Website BehaviorTracks cookies, scripts, and file downloads.
Indicators of Compromise (IOCs)Extracts malicious URLs, domains, IPs, and file hashes.
Network ConnectionsLogs all outgoing requests made by the webpage.
Website ScreenshotCaptures a visual representation of the page.
SSL Certificate DetailsProvides certificate issuer and validity information.
RedirectsLists HTTP redirections encountered while loading the page.
Unique Domains & IPs ContactedIdentifies all external servers the page communicates with.
1{
2	"sand_box": {
3        "site_screenshot": "https://urlscreen.s3.eu-west-1.amazonaws.com6005cd8de188a6a2d4fbe6e4776fde41-20250722T070242.webp",
4        "ssl_details": {
5            "owner_org": null,
6            "owner_country": null,
7            "issuer_org": "Let's Encrypt",
8            "issuer_country": "US",
9            "serial_number": "0x5a79fecd4919c51dd1c72fa98ba9d1f4c19",
10            "version": "v3",
11            "valid_from": "2025-06-25T17:57:10",
12            "valid_to": "2025-09-23T17:57:09",
13            "fingerprint_sha256": "31744e15d01741c52f58dfaa17ac68a3dfd2e2905c995ddb3b0df90b145ff5bf"
14        },
15        "redirects": [
16            {
17                "name": "x.com",
18                "url": "https://x.com/",
19                "type": "document",
20                "status": 200,
21                "statusText": "",
22                "size": "267 kB",
23                "ip": "172.66.0.227",
24                "port": 443
25            }
26        ],
27        "ip_address": "172.66.0.227",
28        "behavior": {
29            "cookies": [
30                {...},
31                {...},
32                {...},
33            ],
34            "fileDownloads": [...],
35            "scriptExecutions": [...]
36        },
37        "extracted_indicators": {
38            "Url": 122,
39            "IPv4": 0,
40            "IPv4withPort": 0,
41            "Domain": 13,
42            "e-mail": 0,
43            "IPv6": 0,
44            "FileHash-MD5": 0,
45            "FileHash-Sha1": 0,
46            "FileHash-Sha256": 0,
47            "ParsedIndicators": {
48                "Url": [...],
49                "IPv4": [],
50                "IPv4withPort": [],
51                "Domain": [...],
52                "e-mail": [],
53                "IPv6": [],
54                "FileHash-MD5": [],
55                "FileHash-Sha1": [],
56                "FileHash-Sha256": []
57            }
58        },
59        "unique_domains_with_ips": [
60            {
61                "domain": "x.com",
62                "ip": "172.66.0.227",
63                "port": 443
64            },
65            {...},
66            {...},
67          	{...},
68        ]
69    }
70}

CyberCheck360 Verdict (If cybercheck360=True)

At CyberCheck360, we provide robust threat intelligence by aggregating data from open-source feeds and multiple commercial providers. What sets us apart is the added layer of manual verification from our team of dedicated experts. This comprehensive intelligence is presently accessible via all API requests, but will soon become an exclusive feature of our commercial plans.

Field Descriptions

FieldDescription
cybercheck360.confidenceThe level of certainty CyberCheck360 has in its verdict. Possible values include high, medium, low and unknown .
cybercheck360.verdictThe determination of the nature of the analyzed entity (e.g., IP address, URL, domain) as assessed by CyberCheck360. Possible values include malicious, suspicious, benign, or unknown
1{
2  "cybercheck360": {
3        "confidence": "unknown",
4        "verdict": "unknown"
5    }
6}

Error Responses

Status CodeDescription
400Bad request. Ensure required parameters are correctly formatted.
401Unauthorized. Invalid or missing API key.
403Forbidden. Access to the requested resource is denied.
404URL not found. The requested URL does not exist.
500Internal Server Error. An unexpected error occurred on the server.