Online Website Malware Scanner
SaaS Web Malware Solution

Quttera Malware Scanner REST API is designed to scan a website/domain/URL as well as a web page for malicious content. The API supports JSON, XML and YAML formats. Note: JSON is used as a default format if no format is specified.

HTTP Status Codes

The Quttera API will return an appropriate HTTP status codes per request.

Code Text Description
200 OK Success!
400 Bad Request An invalid request, such as a request with invalid URL, invalid format or wrong parameter is considered invalid and you will get this response.
401 Unauthorized API key is incorrect or/and is not activated.
402 Payment Required Returned when user reached scan requests limit.
403 Forbidden API key is incorrect.
404 Not Found The URI requested is invalid or the resource requested, such as URL or Investigation Report does not exist.
429 Too Many Requests Returned when a scan request cannot be performed due to daily limit. Please contact us for API Plans and Pricing.
500 Internal Server Error Something is broken. Please contact our support team email the support

API request types

Resource Description
POST /api/v3/<api-key>/url/scan/<domain-name>[.json|.xml|.yaml]Scan a domain/website (new scan)
GET /api/v3/<api-key>/url/status/<domain-name>[.json|.xml|.yaml]Get current domain/website status
GET /api/v3/<api-key>/url/report/<domain-name>[.json|.xml|.yaml]Get domain/website detailed scan report

Top

POST /api/v3/<api-key>/url/scan/<domain-name>[.json| .xml| .yaml]

Scan a domain/website via HTTP POST request

  • Parameters:

    NameTypeValue
    apikeymandatoryAPI key provided during registration
    domain-namemandatoryurl to scan
    formatoptionalyaml, xml or JSON (JSON used by default)

  • Usage:

    POST http://scannerapi.quttera.com/api/v3/<api-key>/url/scan/<domain-name>[.json| .xml| .yaml]
    POST http://scannerapi.quttera.com/api/v3/<api-key>/url/scan/<domain-name>
    									

  • Example request:

    XML format
    $> curl -X POST "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/scan/quttera.com.xml"
    JSON format (default)
    $> curl -X POST "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/scan/quttera.com"
    									

  • Response:

    If an URL has already been investigated in last 15 minutes, the output will contain domain status (clean, potentially suspicious, suspicious or malicious).

    If a scan job is 'in progress', the output will contain 'current investigation status' (new, download, downloaded or scan).

    Returned Parameters:

    error Operation error code
    errorstr Literal presentation of the operation error code
    url Scanned URL
    status::blacklisted Provided URL is blacklisted
    status::scanner_result URL investigation result clean, potentially suspicious, suspicious, malicious or undef if URL still in progress
    status::state URL progress state NEW, DOWNLOAD, DOWNLOADED, SCAN or DONE
    status::time Scan start time in epoc format

  • Screenshot:
    • $> curl -X POST "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/scan/quttera.com.json"
      {
        "error": 200,
        "errorstr": "success",
        "status": {
          "blacklisted": "no",
          "scanner_result": "undef",
          "state": "DOWNLOAD",
          "time": 1460373398,
          "url": "quttera.com"
        }
      }
      											

      Scan domain request to Quttera's API

      The API scan output request example for quttera.com

Top

GET /api/v3/<api-key>/url/status/<domain-name>[.json| .xml| .yaml]

Retrieves current submitted scan investigation URL status.

  • Parameters:

    NameTypeValue
    apikey mandatory API key provided during registration
    domain-name mandatory url to get the status for
    format optional yaml, xml or JSON (JSON used by default)

  • Usage:

    GET http://scannerapi.quttera.com/api/v3/<api-key>/url/status/<domain-name>[.json| .xml| .yaml]
    GET http://scannerapi.quttera.com/api/v3/<api-key>/url/status/<domain-name>
    									

  • Example request:

    YAML format
    GET http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/status/quttera.com.yaml
      									

  • Response:

    If requested URL doesn't exist in database, the query returns not-found (404) error.

    If URL was found then its investigation status is being returned.

    Returned Parameters:

    error Operation error code
    errorstr Literal presentation of the operation error code
    url Scanned URL
    status::blacklisted Provided URL is blacklisted
    status::scanner_result URL investigation result clean, potentially suspicious, suspicious, malicious or undef if URL still in progress
    status::state URL progress state NEW, DOWNLOAD, DOWNLOADED, SCAN or DONE
    status::time Scan start time in epoc format

  • Screenshot:
    • $> curl -X GET "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/status/blog.quttera.com.yaml"
      error: 200
      errorstr: success
      status:
        blacklisted: 'no'
        scanner_result: potentially suspicious
        state: DONE
        time: 1460288238
        url: blog.quttera.com
        												

      Get scan status request to Quttera's API

      The API scan output request example for blog.quttera.com

Top

GET /api/v3/<api-key>/url/report/<domain-name>[.json| .xml| .yaml]

Retrieves detailed investigation report for previously scanned domain/website.

  • Parameters:

    NameTypeValue
    apikey mandatory API key provided during registration
    domain-name mandatory url to get the scan report for
    format optional yaml, xml or JSON (JSON used by default)

  • Usage:

    GET http://scannerapi.quttera.com/api/v3/<api-key>/url/report/<domain-name>[.json|.xml|.yaml]
    GET http://scannerapi.quttera.com/api/v3/<api-key>/url/report/<domain-name>
    							

  • Example request:

    YAML format
    GET http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/report/quttera.com.yaml
    							

  • Response:

    Returns detailed scan report for previously scanned domain/website.
    Returned Parameters:

    error Operation error code
    errorstr Literal presentation of the operation error code
    url Scanned URL
    report::blacklist_report::blacklist_status Scanned URL blacklisting status, NoThreat if URL is not blacklisted
    report::blacklist_report::providers List of blacklisting providers. Each report contains the following fields:
    • name - blacklisting provider name
    • status - blacklisting status
    • Reason - result generation time
    report::blacklisted_domains Blacklisted domain list detected during URL investigation
    report::blacklisted_domains_count Blacklisted domain count number detected during URL investigation
    report::blacklisted_iframes Blacklisted iframe list detected during URL investigation
    report::blacklisted_iframes_count Blacklisted iframe count number detected during URL investigation
    report::blacklisted_links Blacklisted link list detected during URL investigation
    report::blacklisted_links_count Blacklisted link count number detected during URL investigation
    report::domains Domain list detected during URL investigation
    report::domains_count Domain count detected during URL investigation
    report::files Malware scan report list per file downloaded from a domain/website. The following field are displayed per report:
    • MD5 - file/page MD5
    • details - more details about detected threats
    • dump - dump of detected threat
    • dumpMD5 - dump MD5
    • endtime - time when investigation of this page/file has been finished
    • filename - URI of this file/page
    • filesize - size of this page/file in bytes
    • filetype - type of this page/file in bytes
    • reason - reason why file/page was detected
    • scantime - scan time in seconds
    • threat - classification of detected threat
    report::iframes Detected iframe list during URL investigation
    report::iframes_count Detected iframe count during URL investigation
    report::links List of links detected during URL investigation
    report::links_count Links count detected during URL investigation
    report::malicious_files Malicious file detection count during URL investigation
    report::psuspicious_files Potentially suspicious files count detected during URL investigation
    report::suspicious_files Suspicious files count detected during URL investigation
    report::scanned_content Downloaded and investigated content size (bytes)
    report::scanned_files Scanned files count
    report::state URL/domain investigation state
    report::time Invetigation report generation time in epoc format
    report::timestr Invetigation report generation time in ascii format

  • Screenshot:
    • error: 200
      errorstr: success
      report:
        blacklist_report:
          blacklist_status: NoThreat
          providers:
          - name: Google Safebrowsing
            status: NoThreat
            time: '1460288238'
          - name: MalwareDomainList
            status: NoThreat
            time: '1446634120'
          - name: Phishtank
            status: NoThreat
            time: '1446634120'
          - name: Quttera Labs
            status: NoThreat
            time: '1446634120'
          - name: Yandex Safebrowsing
            status: NoThreat
            time: '1460288238'
        blacklisted_domains: {}
        blacklisted_domains_count: 0
        blacklisted_iframes: {}
        blacklisted_iframes_count: 0
        blacklisted_links: {}
        blacklisted_links_count: 0
        domains:
          2.bp.blogspot.com: NoThreat
          add.my.yahoo.com: NoThreat
          apis.google.com: NoThreat
          blog.quttera.com: NoThreat
          blogger.com: NoThreat
          helpdesk.quttera.com: NoThreat
          img1.blogblog.com: NoThreat
          quttera.blogspot.co.il: NoThreat
          quttera.blogspot.co.uk: NoThreat
          quttera.blogspot.com: NoThreat
          quttera.com: NoThreat
          search.yahoo.com: NoThreat
          wordpress.org: NoThreat
          www.blogger.com: NoThreat
          www.bluesnap.com: NoThreat
          www.netvibes.com: NoThreat
          youtube.com: NoThreat
        domains_count: 33
        files:
        - MD5: 13A77058E307411490672C9D1737DD9C
          details: Too low entropy detected in string [["..."]]
            of length 168 which may point to obfuscation or shellcode.
          dump: '[[ ... ]]'
          dumpMD5: CD4E058F528912C966F9DE35F29A4465
          endtime: Sun Apr 10 13:37:16 2016
          filename: www.blogger.com/static/v1/widgets/1976504288-widgets.js
          filesize: '102035'
          filetype: ASCII
          offset: '0'
          reason: Detected procedure that is commonly used in suspicious activity.
          result: '8'
          scantime: '5.700000'
          threat: Potentially Suspicious
        - MD5: 7DFD909FC235AF20392AB15C2B7500B3
          details: File is clean
          dumpMD5: '00000000000000000000000000000000'
          endtime: Sun Apr 10 13:37:02 2016
          filename: blog.quttera.com/index.html
          filesize: '115323'
          filetype: HTML
          offset: '0'
          reason: No significant issues detected.
          result: '1'
          scantime: '0.843000'
          threat: Clean
        iframes:
          <iframe allowfullscreen%3D"" frameborder%3D"0" src%3D"https://www.youtube.com/embed/zPhj16hzj8g">: NoThreat
        iframes_count: 2
        links:
          blog.quttera.com//b/csi.js?h%3Drf2qna3orel6eez56hjgxruq77qjyxbefnbscbe0iuq: NoThreat
          blog.quttera.com//js/cookiechoices.js: NoThreat
          blog.quttera.com//search/label/website-malware-scanning-products: NoThreat
          blog.quttera.com/javascript:history.go(-1)%3B: NoThreat
          blog.quttera.com/javascript:void(0): NoThreat
          blog.quttera.com/mailto:contactus@quttera.com: NoThreat
          http://2.bp.blogspot.com/-rzmm8l4tq5c/umzunv_uxui/aaaaaaaaa0i/m8pc8aawm9e/s1600/shlomo_hacked.png: NoThreat
          http://downloads.mailchimp.com/js/jquery.mailcheck.min.js: NoThreat
          https://www.youtube.com/embed/zphj16hzj8g: NoThreat
      	...
        links_count: 137
        malicious_files: 0
        psuspicious_files: 1
        scanned_content: 1431315
        scanned_files: 24
        state: clean
        suspicious_files: 0
        time: 1460288237.616
        timestr: Sun Apr 10 13:37:17 2016
        url: blog.quttera.com
      

      Get malware scan report request to Quttera's API

      Detail scan report example for quttera.com

Top

Scanning full URLs

In addition to a domain/website scan, Quttera REST API v3 provides interface to scan URLs. In order to scan an URL, the targeted URL should be encoded in base64 format and provided in API URL instead of domain name. Following is a list of API commands used to scan https://blog.quttera.com:443 URL

  • Example request:

    
    $> echo -n 'https://blog.quttera.com:443' | base64
    aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==
    
    $> curl -X POST "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/scan/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.json"
    $> curl -X POST "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/scan/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.xml"
    $> curl -X POST "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/scan/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.yaml"
    
    
    $> curl -X GET "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/status/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.json"
    $> curl -X GET "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/status/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.xml"
    $> curl -X GET "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/status/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.yaml"
    
    
    
    $> curl -X GET "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/report/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.json"
    $> curl -X GET "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/report/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.xml"
    $> curl -X GET "http://scannerapi.quttera.com/api/v3/ABABABABABABABABABABABABABABABAB/url/report/aHR0cHM6Ly9ibG9nLnF1dHRlcmEuY29tOjQ0Mw==.yaml"
    
    							

If you have any questions about the API you can chat with us at our Forum or send us an email (support@quttera.com).

Top


  • Connect With Us
  • Facebook
  • Twitter
  • YouTube

© 2016 Quttera Ltd. All rights reserved.