urlscan.io
Overview
urlscan.io allows users to submit URLs for scanning or search for existing scans by attributes such as domains, IPs, hashes, and more.
D3 SOAR is providing REST operations to function with urlscan.io.
For example, you perform a reputation check on a list of URLs or search for and return details about existing scans from urlscan.io.
urlscan.io is available for use in:
Known Limitations
To view your rate limit usage, please log in to your account at https://urlscan.io/user/ and navigate to the Quotas & Rate-Limit section, where you can view the API usage and limits for your account tier. If you surpass a rate limit for a particular action, the API will return an HTTP 429 error code for subsequent requests related to that action. If you wish to upgrade your account, please refer to Pricing - urlscan.io for more information.
Connection
To connect to urlscan.io from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The server URL of the urlscan.io API. | https://urlscan.io |
API Key | The API key for authentication. | ***-***-***-***-*** |
API Version | The API version to use for the connection. The default value is v1. | v1 |
Configuring urlscan.io to Work with D3 SOAR
Log in to urlscan.io with your account credentials. Locate the user account icon in the top right corner of your screen and click on it.
Select Settings & API from the left side navigation menu. Under API Keys, click + Create New API Key.
Enter a description for the API Key, then click + Create API Key.
Your new API key will now be displayed in the API Keys section of the Settings and API page. Hover over the blurred key to reveal the key. Copy and store the key in a secure location, it will be required to establish the integration connection in D3 SOAR.
Configuring D3 SOAR to Work with urlscan.io
Log in to D3 SOAR.
Find the urlscan.io integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type urlscan.io in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to urlscan.io.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System Reputation Check: Checking the reputation check tick box will run the corresponding check reputation command(s) under this integration connection to enrich the corresponding artifacts with reputation details.
For example, we are configuring an integration connection named “ConnectionA” with the site “Sandbox”. All URL artifacts from the “Sandbox” site will go through a reputation check using the Check URL Reputation command from that integration. The return data output from running the command will then be used to update the risk level of the artifacts which may affect the risk level of incoming events.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input your domain level Server URL.
2. Input the saved API key.
3. Input the version of the API to use for the connection. The default value is v1.Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click Add to create and add the configured connection.
Commands
urlscan.io includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the urlscan.io API, please refer to the urlscan.io API reference.
Check URL Reputation
Performs a reputation check on the provided URLs.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Optional | The list of URLs to perform the reputation check. | ["https://urlscan.io"] |
Output
Raw Data
The primary response data from the API request.
D3 enriches the raw data from the original urlscan.io API response by adding the riskLevel field.
SAMPLE DATA
JSON
[
{
"url": "https://urlscan.io",
"raw": {
"data": {
"requests": [
{
"request": {
"requestId": "",
"loaderId": "",
"documentURL": "https://urlscan.io/",
"request": {
"url": "https://urlscan.io/",
"method": "GET",
"headers": {
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"mixedContentType": "none",
"initialPriority": "VeryHigh",
"referrerPolicy": "strict-origin-when-cross-origin"
},
"timestamp": 37069944.812183,
"wallTime": 1625855870.120524,
"initiator": {
"type": "other"
},
"type": "Document",
"frameId": "",
"hasUserGesture": false,
"primaryRequest": true
},
"response": {
"encodedDataLength": 9176,
"dataLength": 36627,
"requestId": "",
"type": "Document",
"response": {
"url": "https://urlscan.io/",
"status": 200,
"statusText": "",
"headers": {
"server": "nginx",
"date": "Fri, 09 Jul 2021 18:37:50 GMT",
"content-type": "text/html; charset=utf-8",
"cache-control": "public, max-age=60",
"etag": "W/\"8f13-/0+\"",
"content-security-policy": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;",
"referrer-policy": "unsafe-url",
"strict-transport-security": "max-age=63072000; includeSubdomains; preload",
"x-content-type-options": "nosniff",
"x-frame-options": "DENY",
"x-xss-protection": "1; mode=block",
"x-proxy-cache": "HIT",
"x-robots-tag": "all",
"content-encoding": "gzip"
},
"mimeType": "text/html",
"requestHeaders": {
":method": "GET",
":authority": "urlscan.io",
":scheme": "https",
":path": "/",
"pragma": "no-cache",
"cache-control": "no-cache",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"sec-fetch-site": "none",
"sec-fetch-mode": "navigate",
"sec-fetch-user": "?1",
"sec-fetch-dest": "document",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US"
},
"remoteIPAddress": "1.1.1.1",
"remotePort": 443,
"fromPrefetchCache": false,
"encodedDataLength": 618,
"timing": {
"requestTime": 37069944.813182,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": 0.501,
"dnsEnd": 1.408,
"connectStart": 1.408,
"connectEnd": 54.159,
"sslStart": 13.419,
"sslEnd": 54.154,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 54.247,
"sendEnd": 54.309,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 79.278
},
"responseTime": 1625855870200.728,
"protocol": "h2",
"securityState": "secure",
"securityDetails": {
"protocol": "TLS 1.2",
"keyExchange": "",
"keyExchangeGroup": "P-",
"cipher": "",
"certificateId": 0,
"subjectName": "urlscan.io",
"sanList": [
"*.urlscan.com",
"*.urlscan.io",
"*.urlscan.net",
"urlscan.com",
"urlscan.io"
],
"issuer": "R3",
"validFrom": 1622502326,
"validTo": 1630278326,
"signedCertificateTimestampList": [],
"certificateTransparencyCompliance": "unknown"
},
"securityHeaders": [
{
"name": "Content-Security-Policy",
"value": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;"
},
{
"name": "Strict-Transport-Security",
"value": "max-age=63072000; includeSubdomains; preload"
},
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-Frame-Options",
"value": "DENY"
},
{
"name": "X-Xss-Protection",
"value": "1; mode=block"
}
]
},
"hash": "",
"size": 36625,
"asn": {
"ip": "1.1.1.1",
"asn": "",
"country": "DE",
"registrar": "ripencc",
"date": "2002-06-03",
"description": "HETZNER-AS, DE",
"route": "1.1.1.1/16",
"name": "HETZNER-AS"
},
"geoip": {
"range": [
2499488768,
2499489791
],
"country": "DE",
"region": "",
"eu": "1",
"timezone": "Europe/Berlin",
"city": "",
"ll": [
51.2993,
9.491
],
"metro": 0,
"area": 200,
"country_name": "Germany"
},
"rdns": {
"ip": "1.1.1.1",
"ptr": "urlscan.io"
}
}
},
{
"request": {
"requestId": "",
"loaderId": "",
"documentURL": "https://urlscan.io/",
"request": {
"url": "https://urlscan.io/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
"method": "GET",
"headers": {
"Origin": "https://urlscan.io",
"Referer": "https://urlscan.io/",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"mixedContentType": "none",
"initialPriority": "High",
"referrerPolicy": "unsafe-url",
"isLinkPreload": true
},
"timestamp": 37069944.897877,
"wallTime": 1625855870.206207,
"initiator": {
"type": "parser",
"url": "https://urlscan.io/",
"lineNumber": 16,
"columnNumber": 112
},
"type": "Font",
"frameId": "",
"hasUserGesture": false
},
"response": {
"encodedDataLength": 18689,
"dataLength": 18028,
"requestId": "17317.2",
"type": "Font",
"response": {
"url": "https://urlscan.io/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
"status": 200,
"statusText": "",
"headers": {
"content-security-policy": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;",
"x-content-type-options": "nosniff",
"content-length": "18028",
"x-xss-protection": "1; mode=block",
"referrer-policy": "unsafe-url",
"last-modified": "Mon, 21 Jun 2021 07:36:32 GMT",
"server": "nginx",
"x-frame-options": "DENY",
"date": "Fri, 09 Jul 2021 18:37:50 GMT",
"strict-transport-security": "max-age=63072000; includeSubdomains; preload",
"content-type": "font/",
"cache-control": "public, max-age=3600",
"etag": "W/\"466c-\"",
"accept-ranges": "bytes",
"x-robots-tag": "all",
"x-proxy-cache": "HIT"
},
"mimeType": "font/",
"requestHeaders": {
":path": "/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
"pragma": "no-cache",
"origin": "https://urlscan.io",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US",
"user-agent": "/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
"sec-fetch-mode": "cors",
"accept": "*/*",
"cache-control": "no-cache",
"sec-fetch-dest": "font",
":authority": "urlscan.io",
"referer": "https://urlscan.io/",
":scheme": "https",
"sec-fetch-site": "same-origin",
":method": "GET"
},
"remoteIPAddress": "1.1.1.1",
"remotePort": 443,
"fromPrefetchCache": false,
"encodedDataLength": 634,
"timing": {
"requestTime": 37069944.898164,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 0.16,
"sendEnd": 0.251,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 30.619
},
"responseTime": 1625855870236.994,
"protocol": "h2",
"securityState": "secure",
"securityDetails": {
"protocol": "TLS 1.2",
"keyExchange": "",
"keyExchangeGroup": "P-",
"cipher": "",
"certificateId": 0,
"subjectName": "urlscan.io",
"sanList": [
"*.urlscan.com",
"*.urlscan.io",
"*.urlscan.net",
"urlscan.com",
"urlscan.io"
],
"issuer": "R3",
"validFrom": 1622502326,
"validTo": 1630278326,
"signedCertificateTimestampList": [],
"certificateTransparencyCompliance": "unknown"
},
"securityHeaders": [
{
"name": "Content-Security-Policy",
"value": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;"
},
{
"name": "Strict-Transport-Security",
"value": "max-age=63072000; includeSubdomains; preload"
},
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-Frame-Options",
"value": "DENY"
},
{
"name": "X-Xss-Protection",
"value": "1; mode=block"
}
]
},
"hash": "",
"size": 24040,
"asn": {
"ip": "1.1.1.1",
"asn": "",
"country": "DE",
"registrar": "ripencc",
"date": "2002-06-03",
"description": "-AS, DE",
"route": "148.251.0.0/16",
"name": "-AS"
},
"geoip": {
"range": [
2499488768,
2499489791
],
"country": "DE",
"region": "",
"eu": "1",
"timezone": "Europe/Berlin",
"city": "",
"ll": [
51.2993,
9.491
],
"metro": 0,
"area": 200,
"country_name": "Germany"
},
"rdns": {
"ip": "1.1.1.1",
"ptr": "urlscan.io"
}
},
"initiatorInfo": {
"url": "https://urlscan.io/",
"host": "urlscan.io",
"type": "parser"
}
},
{
"request": {
"requestId": "",
"loaderId": "",
"documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=****-***&k=****&cb=***",
"request": {
"url": "https://www.gstatic.com/recaptcha/api2/info_2x.png",
"method": "GET",
"headers": {
"Referer": "https://www.gstatic.com/recaptcha/releases/***-***/styles__ltr.css",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) ***/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"mixedContentType": "none",
"initialPriority": "Low",
"referrerPolicy": "strict-origin-when-cross-origin"
},
"timestamp": 37069945.574675,
"wallTime": 1625855870.883005,
"initiator": {
"type": "parser",
"url": "https://www.gstatic.com/recaptcha/releases/***-****/styles__ltr.css"
},
"type": "Image",
"frameId": "",
"hasUserGesture": false
},
"response": {
"encodedDataLength": 687,
"dataLength": 665,
"requestId": "",
"type": "Image",
"response": {
"url": "https://www.gstatic.com/recaptcha/api2/info_2x.png",
"status": 200,
"statusText": "",
"headers": {
"date": "Mon, 05 Jul 2021 22:47:38 GMT",
"x-content-type-options": "nosniff",
"last-modified": "Tue, 03 Mar 2020 20:15:00 GMT",
"server": "sffe",
"age": "330612",
"content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha",
"content-type": "image/png",
"cache-control": "public, max-age=604800",
"cross-origin-resource-policy": "cross-origin",
"accept-ranges": "bytes",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-length": "665",
"x-xss-protection": "0",
"expires": "Mon, 12 Jul 2021 22:47:38 GMT"
},
"mimeType": "image/png",
"remoteIPAddress": "[]",
"remotePort": 443,
"fromPrefetchCache": false,
"encodedDataLength": 22,
"timing": {
"requestTime": 37069945.57508,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 1.174,
"sendEnd": 1.237,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 8.509
},
"responseTime": 1625855870891.896,
"protocol": "h3-29",
"securityState": "secure",
"securityDetails": {
"protocol": "QUIC",
"keyExchange": "",
"keyExchangeGroup": "X25519",
"cipher": "AES_128_GCM",
"certificateId": 0,
"subjectName": "*.gstatic.com",
"sanList": [
"*.gstatic.com",
"gstatic.com",
"*.metric.gstatic.com",
"kn.dev",
"*.kn.dev"
],
"issuer": "GTS CA 1C3",
"validFrom": 1624375494,
"validTo": 1631633093,
"signedCertificateTimestampList": [],
"certificateTransparencyCompliance": "unknown"
},
"securityHeaders": [
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-Xss-Protection",
"value": "0"
}
]
},
"hash": "",
"size": 888,
"asn": {
"ip": "",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
"initiatorInfo": {
"url": "https://www.gstatic.com/recaptcha/releases/-**8**/styles__ltr.css",
"host": "www.gstatic.com",
"type": "parser"
}
},
{
"request": {
"requestId": "****",
"loaderId": "",
"documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-***&k=****&cb=***",
"request": {
"url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
"method": "GET",
"headers": {
"Origin": "https://www.google.com",
"Referer": "https://www.google.com/",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"mixedContentType": "none",
"initialPriority": "VeryHigh",
"referrerPolicy": "strict-origin-when-cross-origin"
},
"timestamp": 37069945.574966,
"wallTime": 1625855870.883296,
"initiator": {
"type": "parser",
"url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-**&k=**&cb=**"
},
"type": "Font",
"frameId": "***8*",
"hasUserGesture": false
},
"response": {
"encodedDataLength": 15369,
"dataLength": 15344,
"requestId": "17317.131",
"type": "Font",
"response": {
"url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
"status": 200,
"statusText": "",
"headers": {
"date": "Tue, 06 Jul 2021 00:42:56 GMT",
"x-content-type-options": "nosniff",
"age": "323694",
"content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes",
"cross-origin-resource-policy": "cross-origin",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-length": "15344",
"x-xss-protection": "0",
"last-modified": "Mon, 16 Oct 2017 17:32:55 GMT",
"server": "sffe",
"content-type": "font/woff2",
"access-control-allow-origin": "*",
"cache-control": "public, max-age=31536000",
"accept-ranges": "bytes",
"timing-allow-origin": "*",
"expires": "Wed, 06 Jul 2022 00:42:56 GMT"
},
"mimeType": "font/woff2",
"remoteIPAddress": "[*****]",
"remotePort": 443,
"fromPrefetchCache": false,
"encodedDataLength": 25,
"timing": {
"requestTime": 37069945.575274,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 0.869,
"sendEnd": 0.946,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 6.819
},
"responseTime": 1625855870890.367,
"protocol": "h3-29",
"securityState": "secure",
"securityDetails": {
"protocol": "QUIC",
"keyExchange": "",
"keyExchangeGroup": "X25519",
"cipher": "AES_128_GCM",
"certificateId": 0,
"subjectName": "*.gstatic.com",
"sanList": [
"*.gstatic.com",
"gstatic.com",
"*.metric.gstatic.com",
"kn.dev",
"*.kn.dev"
],
"issuer": "GTS CA 1C3",
"validFrom": 1624375494,
"validTo": 1631633093,
"signedCertificateTimestampList": [],
"certificateTransparencyCompliance": "unknown"
},
"securityHeaders": [
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-Xss-Protection",
"value": "0"
}
]
},
"hash": "3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc",
"size": 20460,
"asn": {
"ip": "*****",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
"initiatorInfo": {
"url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-***&k=***&cb=***",
"host": "www.google.com",
"type": "parser"
}
},
{
"request": {
"requestId": "17317.145",
"loaderId": "",
"documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=**8-**&k=***&cb=***",
"request": {
"url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
"method": "GET",
"headers": {
"Origin": "https://www.google.com",
"Referer": "https://www.google.com/",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"mixedContentType": "none",
"initialPriority": "VeryHigh",
"referrerPolicy": "strict-origin-when-cross-origin"
},
"timestamp": 37069945.575075,
"wallTime": 1625855870.883404,
"initiator": {
"type": "parser",
"url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****"
},
"type": "Font",
"frameId": "***8*",
"hasUserGesture": false
},
"response": {
"encodedDataLength": 15365,
"dataLength": 15340,
"requestId": "17317.145",
"type": "Font",
"response": {
"url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
"status": 200,
"statusText": "",
"headers": {
"date": "Tue, 06 Jul 2021 02:41:59 GMT",
"x-content-type-options": "nosniff",
"age": "316551",
"content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes",
"cross-origin-resource-policy": "cross-origin",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-length": "15340",
"x-xss-protection": "0",
"last-modified": "Mon, 16 Oct 2017 17:33:16 GMT",
"server": "sffe",
"content-type": "font/woff2",
"access-control-allow-origin": "*",
"cache-control": "public, max-age=31536000",
"accept-ranges": "bytes",
"timing-allow-origin": "*",
"expires": "Wed, 06 Jul 2022 02:41:59 GMT"
},
"mimeType": "font/woff2",
"remoteIPAddress": "[*****]",
"remotePort": 443,
"fromPrefetchCache": false,
"encodedDataLength": 25,
"timing": {
"requestTime": 37069945.575507,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 0.909,
"sendEnd": 0.983,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 9.03
},
"responseTime": 1625855870892.841,
"protocol": "h3-29",
"securityState": "secure",
"securityDetails": {
"protocol": "QUIC",
"keyExchange": "",
"keyExchangeGroup": "X25519",
"cipher": "AES_128_GCM",
"certificateId": 0,
"subjectName": "*.gstatic.com",
"sanList": [
"*.gstatic.com",
"gstatic.com",
"*.metric.gstatic.com",
"kn.dev",
"*.kn.dev"
],
"issuer": "GTS CA 1C3",
"validFrom": 1624375494,
"validTo": 1631633093,
"signedCertificateTimestampList": [],
"certificateTransparencyCompliance": "unknown"
},
"securityHeaders": [
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-Xss-Protection",
"value": "0"
}
]
},
"hash": "*****",
"size": 20456,
"asn": {
"ip": "*****",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
"initiatorInfo": {
"url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
"host": "www.google.com",
"type": "parser"
}
},
{
"request": {
"requestId": "****",
"loaderId": "",
"documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
"request": {
"url": "https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
"method": "GET",
"headers": {
"Origin": "https://www.google.com",
"Referer": "https://www.google.com/",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"mixedContentType": "none",
"initialPriority": "VeryHigh",
"referrerPolicy": "strict-origin-when-cross-origin"
},
"timestamp": 37069945.575238,
"wallTime": 1625855870.883568,
"initiator": {
"type": "parser",
"url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****"
},
"type": "Font",
"frameId": "***8*",
"hasUserGesture": false
},
"response": {
"encodedDataLength": 15577,
"dataLength": 15552,
"requestId": "****",
"type": "Font",
"response": {
"url": "https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
"status": 200,
"statusText": "",
"headers": {
"date": "Tue, 06 Jul 2021 00:30:52 GMT",
"x-content-type-options": "nosniff",
"age": "324418",
"content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes",
"cross-origin-resource-policy": "cross-origin",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-length": "15552",
"x-xss-protection": "0",
"last-modified": "Mon, 16 Oct 2017 17:33:02 GMT",
"server": "sffe",
"content-type": "font/woff2",
"access-control-allow-origin": "*",
"cache-control": "public, max-age=31536000",
"accept-ranges": "bytes",
"timing-allow-origin": "*",
"expires": "Wed, 06 Jul 2022 00:30:52 GMT"
},
"mimeType": "font/woff2",
"remoteIPAddress": "[*****]",
"remotePort": 443,
"fromPrefetchCache": false,
"encodedDataLength": 25,
"timing": {
"requestTime": 37069945.575871,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 0.642,
"sendEnd": 0.704,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 7.527
},
"responseTime": 1625855870891.704,
"protocol": "h3-29",
"securityState": "secure",
"securityDetails": {
"protocol": "QUIC",
"keyExchange": "",
"keyExchangeGroup": "X25519",
"cipher": "AES_128_GCM",
"certificateId": 0,
"subjectName": "*.gstatic.com",
"sanList": [
"*.gstatic.com",
"gstatic.com",
"*.metric.gstatic.com",
"kn.dev",
"*.kn.dev"
],
"issuer": "GTS CA 1C3",
"validFrom": 1624375494,
"validTo": 1631633093,
"signedCertificateTimestampList": [],
"certificateTransparencyCompliance": "unknown"
},
"securityHeaders": [
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-Xss-Protection",
"value": "0"
}
]
},
"hash": "*****",
"size": 20736,
"asn": {
"ip": "*****",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
"initiatorInfo": {
"url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
"host": "www.google.com",
"type": "parser"
}
},
{
"request": {
"requestId": "****",
"loaderId": "",
"documentURL": "https://urlscan.io/",
"request": {
"url": "https://urlscan.io/vendor/flag-icon-css/flags/4x3/br.svg",
"method": "GET",
"headers": {
"Referer": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"mixedContentType": "none",
"initialPriority": "Low",
"referrerPolicy": "unsafe-url"
},
"timestamp": 37069975.242742,
"wallTime": 1625855900.551072,
"initiator": {
"type": "parser",
"url": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css"
},
"type": "Image",
"frameId": "",
"hasUserGesture": false
},
"response": {
"encodedDataLength": 5771,
"dataLength": 12470,
"requestId": "****",
"type": "Image",
"response": {
"url": "https://urlscan.io/vendor/flag-icon-css/flags/4x3/br.svg",
"status": 200,
"statusText": "",
"headers": {
"date": "Fri, 09 Jul 2021 18:38:20 GMT",
"content-encoding": "gzip",
"referrer-policy": "unsafe-url",
"last-modified": "Mon, 21 Jun 2021 07:36:32 GMT",
"server": "nginx",
"etag": "W/\"30b6-17a2d7fdc00\"",
"x-frame-options": "DENY",
"content-type": "image/svg+xml",
"cache-control": "public, max-age=3600",
"x-content-type-options": "nosniff",
"content-security-policy": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;",
"strict-transport-security": "max-age=63072000; includeSubdomains; preload",
"x-robots-tag": "all",
"x-xss-protection": "1; mode=block",
"x-proxy-cache": "HIT"
},
"mimeType": "image/svg+xml",
"requestHeaders": {
":path": "/vendor/flag-icon-css/flags/4x3/br.svg",
"pragma": "no-cache",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
"sec-fetch-mode": "no-cors",
"accept": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8",
"cache-control": "no-cache",
"sec-fetch-dest": "image",
":authority": "urlscan.io",
"referer": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
":scheme": "https",
"sec-fetch-site": "same-origin",
":method": "GET"
},
"remoteIPAddress": "1.1.1.1",
"remotePort": 443,
"fromPrefetchCache": false,
"encodedDataLength": 631,
"timing": {
"requestTime": 37069975.242978,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 0.463,
"sendEnd": 0.72,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 38.909
},
"responseTime": 1625855900590.105,
"protocol": "h2",
"securityState": "secure",
"securityDetails": {
"protocol": "TLS 1.2",
"keyExchange": "ECDHE_ECDSA",
"keyExchangeGroup": "P-",
"cipher": "",
"certificateId": 0,
"subjectName": "urlscan.io",
"sanList": [
"*.urlscan.com",
"*.urlscan.io",
"*.urlscan.net",
"urlscan.com",
"urlscan.io"
],
"issuer": "R3",
"validFrom": 1622502326,
"validTo": 1630278326,
"signedCertificateTimestampList": [],
"certificateTransparencyCompliance": "unknown"
},
"securityHeaders": [
{
"name": "Content-Security-Policy",
"value": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;"
},
{
"name": "Strict-Transport-Security",
"value": "max-age=63072000; includeSubdomains; preload"
},
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-Frame-Options",
"value": "DENY"
},
{
"name": "X-Xss-Protection",
"value": "1; mode=block"
}
]
},
"hash": "*****",
"size": 16628,
"asn": {
"ip": "1.1.1.1",
"asn": "",
"country": "DE",
"registrar": "ripencc",
"date": "2002-06-03",
"description": "HETZNER-AS, DE",
"route": "148.251.0.0/16",
"name": "HETZNER-AS"
},
"geoip": {
"range": [
2499488768,
2499489791
],
"country": "DE",
"region": "",
"eu": "1",
"timezone": "Europe/Berlin",
"city": "",
"ll": [
51.2993,
9.491
],
"metro": 0,
"area": 200,
"country_name": "Germany"
},
"rdns": {
"ip": "1.1.1.1",
"ptr": "urlscan.io"
}
},
"initiatorInfo": {
"url": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
"host": "urlscan.io",
"type": "parser"
}
}
],
"cookies": [],
"console": [],
"links": [
{
"href": "https://securitytrails.com/urlscan?utm_source=urlscan&utm_medium=button&utm_campaign=header",
"text": "\n Sponsored by\n \n "
},
{
"href": "https://tines.io/blog/tines-urlscan-automation/?utm_source=urlscan&utm_medium=sponsorship&utm_campaign=urlscan",
"text": "\n \n "
},
{
"href": "https://www.joesecurity.org/?utm_source=urlscan&utm_medium=sponsorship&utm_campaign=urlscan",
"text": "\n \n "
},
{
"href": "https://tria.ge/?utm_source=urlscan&utm_medium=sponsor&utm_campaign=2020",
"text": "\n \n "
},
{
"href": "https://www.intezer.com/intezer-analyze/?utm_campaign=URLSCAN.IO&utm_source=URLSCAN",
"text": "\n \n "
},
{
"href": "https://www.ctm360.com/?utm_campaign=urlscan&utm_source=urlscan",
"text": "\n \n "
},
{
"href": "https://twitter.com/urlscanio",
"text": " Follow @urlscanio"
},
{
"href": "https://urlscan.us20.list-manage.com/subscribe?u=*****&id=*****",
"text": "Newsletter"
},
{
"href": "https://status.urlscan.io/",
"text": "Status Page"
}
],
"timing": {
"beginNavigation": "2021-07-09T18:37:50.119Z",
"frameStartedLoading": "2021-07-09T18:37:50.933Z",
"frameNavigated": "2021-07-09T18:37:50.933Z",
"domContentEventFired": "2021-07-09T18:37:50.482Z",
"frameStoppedLoading": "2021-07-09T18:37:50.933Z",
"loadEventFired": "2021-07-09T18:37:50.643Z"
},
"globals": [
{
"prop": "0",
"type": "object"
},
{
"prop": "1",
"type": "object"
},
{
"prop": "2",
"type": "object"
},
{
"prop": "onbeforexrselect",
"type": "object"
},
{
"prop": "ontransitionrun",
"type": "object"
},
{
"prop": "ontransitionstart",
"type": "object"
},
{
"prop": "ontransitioncancel",
"type": "object"
},
{
"prop": "cookieStore",
"type": "object"
},
{
"prop": "showDirectoryPicker",
"type": "function"
},
{
"prop": "showOpenFilePicker",
"type": "function"
},
{
"prop": "showSaveFilePicker",
"type": "function"
},
{
"prop": "originAgentCluster",
"type": "boolean"
},
{
"prop": "trustedTypes",
"type": "object"
},
{
"prop": "crossOriginIsolated",
"type": "boolean"
},
{
"prop": "___grecaptcha_cfg",
"type": "object"
},
{
"prop": "grecaptcha",
"type": "object"
},
{
"prop": "__recaptcha_api",
"type": "string"
},
{
"prop": "__google_recaptcha_client",
"type": "boolean"
},
{
"prop": "recaptcha",
"type": "object"
},
{
"prop": "webpackJsonp",
"type": "object"
},
{
"prop": "_",
"type": "function"
},
{
"prop": "onSubmit",
"type": "function"
},
{
"prop": "closure_lm_971463",
"type": "object"
}
]
},
"stats": {
"resourceStats": [
{
"count": 21,
"size": 104993,
"encodedSize": 88569,
"latency": 0,
"countries": [
"DE"
],
"ips": [
"1.1.1.1",
"[]",
"[*****:809::2004]"
],
"type": "Image",
"compression": "1.2",
"percentage": 37
},
{
"count": 9,
"size": 1429921,
"encodedSize": 536511,
"latency": 0,
"countries": [
"DE"
],
"ips": [
"[*****:808::2004]",
"1.1.1.1",
"[]"
],
"type": "Script",
"compression": "2.7",
"percentage": 16
},
{
"count": 9,
"size": 166076,
"encodedSize": 167174,
"latency": 0,
"countries": [
"DE"
],
"ips": [
"1.1.1.1",
"[*****:830::2003]",
"[*****]"
],
"type": "Font",
"compression": "1.0",
"percentage": 16
},
{
"count": 8,
"size": 122008,
"encodedSize": 40846,
"latency": 0,
"countries": [
"DE"
],
"ips": [
"1.1.1.1",
"[*****:809::2004]"
],
"type": "XHR",
"compression": "3.0",
"percentage": 14
},
{
"count": 5,
"size": 262720,
"encodedSize": 76435,
"latency": 0,
"countries": [
"DE"
],
"ips": [
"1.1.1.1",
"[*****:82f::200a]",
"[]"
],
"type": "Stylesheet",
"compression": "3.4",
"percentage": 8
},
{
"count": 3,
"size": 83716,
"encodedSize": 30798,
"latency": 0,
"countries": [
"DE"
],
"ips": [
"1.1.1.1",
"[*****:809::2004]"
],
"type": "Document",
"compression": "2.7",
"percentage": 5
},
{
"count": 1,
"size": 102,
"encodedSize": 132,
"latency": 0,
"countries": [
"DE"
],
"ips": [
"[*****:809::2004]"
],
"type": "Other",
"compression": "0.8",
"percentage": 1
}
],
"protocolStats": [
{
"count": 38,
"size": 1173496,
"encodedSize": 464285,
"ips": [
"1.1.1.1",
"[*****:808::2004]",
"[]",
"[*****:82f::200a]",
"[*****:830::2003]"
],
"countries": [
"DE"
],
"securityState": {},
"protocol": "h2"
},
{
"count": 18,
"size": 996040,
"encodedSize": 476180,
"ips": [
"[*****:809::2004]",
"[]",
"[*****]"
],
"countries": [
"DE"
],
"securityState": {},
"protocol": "h3-29"
}
],
"tlsStats": [
{
"count": 56,
"size": 2169536,
"encodedSize": 940465,
"ips": [
"1.1.1.1",
"[*****:808::2004]",
"[]",
"[*****:82f::200a]",
"[*****:830::2003]",
"[*****:809::2004]",
"[*****]"
],
"countries": [
"DE"
],
"protocols": {
"TLS 1.2 / ECDHE_ECDSA / ": 32,
"TLS 1.3 / / AES_128_GCM": 6,
"QUIC / / AES_128_GCM": 18
},
"securityState": "secure"
}
],
"serverStats": [
{
"count": 32,
"size": 750872,
"encodedSize": 255776,
"ips": [
"1.1.1.1"
],
"countries": [
"DE"
],
"server": "nginx"
},
{
"count": 17,
"size": 1303968,
"encodedSize": 612221,
"ips": [
"[]",
"[*****:830::2003]",
"[*****]"
],
"countries": [
"DE"
],
"server": "sffe"
},
{
"count": 6,
"size": 112559,
"encodedSize": 71933,
"ips": [
"[*****:808::2004]",
"[*****:809::2004]"
],
"countries": [
"DE"
],
"server": "GSE"
},
{
"count": 1,
"size": 2137,
"encodedSize": 535,
"ips": [
"[*****:82f::200a]"
],
"countries": [
"DE"
],
"server": "ESF"
}
],
"domainStats": [
{
"count": 32,
"ips": [
"1.1.1.1"
],
"domain": "urlscan.io",
"size": 750872,
"encodedSize": 255776,
"countries": [
"DE"
],
"index": 0,
"initiators": [
"urlscan.io"
],
"redirects": 0
},
{
"count": 9,
"ips": [
"",
"[]"
],
"domain": "www.gstatic.com",
"size": 1155920,
"encodedSize": 463736,
"countries": [
"DE"
],
"index": 19,
"initiators": [
"www.google.com",
"www.gstatic.com"
],
"redirects": 0
},
{
"count": 8,
"ips": [
"*****:830::2003",
"[*****:830::2003]",
"*****",
"[*****]"
],
"domain": "fonts.gstatic.com",
"size": 148048,
"encodedSize": 148485,
"countries": [
"DE"
],
"index": 21,
"initiators": [
"fonts.googleapis.com",
"www.google.com"
],
"redirects": 0
},
{
"count": 6,
"ips": [
"*****:808::2004",
"[*****:808::2004]",
"*****:809::2004",
"[*****:809::2004]"
],
"domain": "www.google.com",
"size": 112559,
"encodedSize": 71933,
"countries": [
"DE"
],
"index": 6,
"initiators": [
"urlscan.io",
"www.gstatic.com",
"www.google.com"
],
"redirects": 0
},
{
"count": 1,
"ips": [
"*****:82f::200a",
"[*****:82f::200a]"
],
"domain": "fonts.googleapis.com",
"size": 2137,
"encodedSize": 535,
"countries": [
"DE"
],
"index": 20,
"initiators": [
"urlscan.io"
],
"redirects": 0
}
],
"regDomainStats": [
{
"count": 32,
"ips": [
"1.1.1.1"
],
"regDomain": "urlscan.io",
"size": 750872,
"encodedSize": 255776,
"countries": [],
"index": 0,
"subDomains": [
{
"domain": "",
"country": "DE"
}
],
"redirects": 0
},
{
"count": 17,
"ips": [
"",
"[]",
"*****:830::2003",
"[*****:830::2003]",
"*****",
"[*****]"
],
"regDomain": "gstatic.com",
"size": 1303968,
"encodedSize": 612221,
"countries": [],
"index": 19,
"subDomains": [
{
"domain": "www",
"country": "DE"
},
{
"domain": "fonts",
"country": "DE"
}
],
"redirects": 0
},
{
"count": 6,
"ips": [
"*****:808::2004",
"[*****:808::2004]",
"*****:809::2004",
"[*****:809::2004]"
],
"regDomain": "google.com",
"size": 112559,
"encodedSize": 71933,
"countries": [],
"index": 6,
"subDomains": [
{
"domain": "www",
"country": "DE"
}
],
"redirects": 0
},
{
"count": 1,
"ips": [
"*****:82f::200a",
"[*****:82f::200a]"
],
"regDomain": "fonts.googleapis.com",
"size": 2137,
"encodedSize": 535,
"countries": [],
"index": 20,
"subDomains": [
{
"domain": "",
"country": "DE"
}
],
"redirects": 0
}
],
"secureRequests": 56,
"securePercentage": 100,
"IPv6Percentage": 86,
"uniqCountries": 1,
"totalLinks": 9,
"malicious": 0,
"adBlocked": 0,
"ipStats": [
{
"requests": 32,
"domains": [
"urlscan.io"
],
"ip": "1.1.1.1",
"asn": {
"ip": "1.1.1.1",
"asn": "",
"country": "DE",
"registrar": "ripencc",
"date": "2002-06-03",
"description": "HETZNER-AS, DE",
"route": "148.251.0.0/16",
"name": "HETZNER-AS"
},
"dns": {},
"geoip": {
"range": [
2499488768,
2499489791
],
"country": "DE",
"region": "",
"eu": "1",
"timezone": "Europe/Berlin",
"city": "",
"ll": [
51.2993,
9.491
],
"metro": 0,
"area": 200,
"country_name": "Germany"
},
"size": 750872,
"encodedSize": 255776,
"countries": [
"DE"
],
"index": 0,
"ipv6": false,
"redirects": 0,
"count": null,
"rdns": {
"ip": "1.1.1.1",
"ptr": "urlscan.io"
}
},
{
"requests": 1,
"domains": [
"www.google.com"
],
"ip": "*****:808::2004",
"asn": {
"ip": "*****:808::2004",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"dns": {},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
},
"size": 850,
"encodedSize": 649,
"countries": [
"DE"
],
"index": 6,
"ipv6": true,
"redirects": 0,
"count": null
},
{
"requests": 9,
"domains": [
"www.gstatic.com"
],
"ip": "",
"asn": {
"ip": "",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"dns": {},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
},
"size": 1155920,
"encodedSize": 463736,
"countries": [
"DE"
],
"index": 19,
"ipv6": true,
"redirects": 0,
"count": null
},
{
"requests": 1,
"domains": [
"fonts.googleapis.com"
],
"ip": "*****:82f::200a",
"asn": {
"ip": "*****:82f::200a",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"dns": {},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
},
"size": 2137,
"encodedSize": 535,
"countries": [
"DE"
],
"index": 20,
"ipv6": true,
"redirects": 0,
"count": null
},
{
"requests": 3,
"domains": [
"fonts.gstatic.com"
],
"ip": "*****:830::2003",
"asn": {
"ip": "*****:830::2003",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"dns": {},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
},
"size": 70916,
"encodedSize": 71228,
"countries": [
"DE"
],
"index": 21,
"ipv6": true,
"redirects": 0,
"count": null
},
{
"requests": 5,
"domains": [
"www.google.com"
],
"ip": "*****:809::2004",
"asn": {
"ip": "*****:809::2004",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"dns": {},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
},
"size": 111709,
"encodedSize": 71284,
"countries": [
"DE"
],
"index": 24,
"ipv6": true,
"redirects": 0,
"count": null
},
{
"requests": 5,
"domains": [
"fonts.gstatic.com"
],
"ip": "*****",
"asn": {
"ip": "*****",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
"dns": {},
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
},
"size": 77132,
"encodedSize": 77257,
"countries": [
"DE"
],
"index": 36,
"ipv6": true,
"redirects": 0,
"count": null
}
]
},
"meta": {
"processors": {
"geoip": {
"state": "done",
"data": [
{
"ip": "1.1.1.1",
"geoip": {
"range": [
2499488768,
2499489791
],
"country": "DE",
"region": "",
"eu": "1",
"timezone": "Europe/Berlin",
"city": "",
"ll": [
51.2993,
9.491
],
"metro": 0,
"area": 200,
"country_name": "Germany"
}
},
{
"ip": "*****:808::2004",
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
{
"ip": "",
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
{
"ip": "*****:82f::200a",
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
{
"ip": "*****:830::2003",
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
{
"ip": "*****:809::2004",
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
},
{
"ip": "*****",
"geoip": {
"range": "",
"country": "DE",
"region": "HE",
"city": "Frankfurt am Main",
"ll": [
50.1188,
8.6843
],
"metro": 0,
"area": 100,
"eu": "1",
"timezone": "Europe/Berlin",
"country_name": "Germany"
}
}
]
},
"rdns": {
"state": "done",
"data": [
{
"ip": "1.1.1.1",
"ptr": "urlscan.io"
},
{
"ip": "[*****:808::2004]",
"ptr": null
},
{
"ip": "[]",
"ptr": null
},
{
"ip": "[*****:82f::200a]",
"ptr": null
},
{
"ip": "[*****:830::2003]",
"ptr": null
},
{
"ip": "[*****:809::2004]",
"ptr": null
},
{
"ip": "[*****]",
"ptr": null
}
]
},
"asn": {
"state": "done",
"data": [
{
"ip": "1.1.1.1",
"asn": "",
"country": "DE",
"registrar": "ripencc",
"date": "2002-06-03",
"description": "HETZNER-AS, DE",
"route": "148.251.0.0/16",
"name": "HETZNER-AS"
},
{
"ip": "*****:808::2004",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
{
"ip": "",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
{
"ip": "*****:82f::200a",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
{
"ip": "*****:830::2003",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
{
"ip": "*****:809::2004",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
},
{
"ip": "*****",
"asn": "****",
"country": "US",
"registrar": "arin",
"date": "2000-03-30",
"description": "GOOGLE, US",
"route": "*****::/48",
"name": "GOOGLE"
}
]
},
"wappa": {
"state": "done",
"data": [
{
"app": "Bootstrap",
"confidence": [
{
"pattern": "html /]+?href=\"[^\"]*bootstrap(?:\\.min)?\\.css/i",
"confidence": 100
}
],
"confidenceTotal": 100,
"icon": "Bootstrap.png",
"website": "https://getbootstrap.com",
"categories": [
{
"name": "Web Frameworks",
"priority": 7
}
]
},
{
"app": "Nginx",
"confidence": [
{
"pattern": "headers server /nginx(?:\\/([\\d.]+))?/i",
"confidence": 100
}
],
"confidenceTotal": 100,
"icon": "Nginx.svg",
"website": "http://nginx.org/en",
"categories": [
{
"name": "Web Servers",
"priority": 8
},
{
"name": "Reverse Proxy",
"priority": 7
}
]
},
{
"app": "Google Font API",
"confidence": [
{
"pattern": "html /]* href=[^>]+fonts\\.(?:googleapis|google)\\.com/i",
"confidence": 100
}
],
"confidenceTotal": 100,
"icon": "Google Font API.png",
"website": "http://google.com/fonts",
"categories": [
{
"name": "Font Scripts",
"priority": 9
}
]
}
]
},
"done": {
"state": "done",
"data": {
"state": "done"
}
}
}
},
"task": {
"uuid": "***-***-***-***",
"time": "2021-07-09T18:37:49.979Z",
"url": "https://urlscan.io",
"visibility": "private",
"options": {
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
},
"method": "api",
"source": "*****",
"tags": [],
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
"reportURL": "https://urlscan.io/result/***-***-***-***/",
"screenshotURL": "https://urlscan.io/screenshots/***-***-***-***.png",
"domURL": "https://urlscan.io/dom/***-***-***-***/"
},
"page": {
"url": "https://urlscan.io/",
"domain": "urlscan.io",
"country": "DE",
"city": "",
"server": "nginx",
"ip": "1.1.1.1",
"ptr": "urlscan.io",
"asn": "AS",
"asnname": "HETZNER-AS, DE"
},
"lists": {
"ips": [
"*****",
"*****:809::2004",
"*****:830::2003",
"*****:82f::200a",
"",
"*****:808::2004",
"1.1.1.1"
],
"countries": [
"DE"
],
"asns": [
"****",
"****",
"****",
"****",
"****",
"****",
""
],
"domains": [
"urlscan.io",
"www.gstatic.com",
"fonts.gstatic.com",
"www.google.com",
"fonts.googleapis.com"
],
"servers": [
"nginx",
"sffe",
"GSE",
"ESF"
],
"urls": [
"https://urlscan.io/",
"https://urlscan.io/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
"https://urlscan.io/vendor/bootstrap/css/bootstrap.min.css",
"https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
"https://urlscan.io/img/urlscan_.png",
"https://urlscan.io/img/securitytrails.svg",
"https://www.google.com/recaptcha/api.js",
"https://urlscan.io/img/loading.svg",
"https://urlscan.io/img/securitytrails.png",
"https://urlscan.io/img/tines_logo.png",
"https://urlscan.io/img/joesecurity.svg",
"https://urlscan.io/img/hatching.svg",
"https://urlscan.io/img/intezer.png",
"https://urlscan.io/img/ctm360.png",
"https://urlscan.io/js/0.*****.js",
"https://urlscan.io/js/****.js",
"https://urlscan.io/js/index.*****.js",
"https://urlscan.io/js/app.*****.js",
"https://urlscan.io/js/vendor.****.js",
"https://www.gstatic.com/recaptcha/releases/***-****/recaptcha__en.js",
"https://fonts.googleapis.com/css?family=Lato:400,700,400italic&display=swap",
"https://fonts.gstatic.com/s/lato/v17/*****.woff2",
"https://fonts.gstatic.com/s/lato/v17/*****-q.woff2",
"https://fonts.gstatic.com/s/lato/v17/*****.woff2",
"https://www.google.com/recaptcha/api2/anchor?ar=1&k=*****&co=aHR0cHM6Ly91cmxzY2FuLmlvOjQ0Mw..&hl=en&v=***-****&size=invisible&cb=trmzpgrim9h5",
"https://urlscan.io/json/live/",
"https://urlscan.io/user/username/",
"https://urlscan.io/stats",
"https://www.gstatic.com/recaptcha/releases/***-****/styles__ltr.css",
"https://urlscan.io/vendor/flag-icon-css/flags/4x3/us.svg",
"https://urlscan.io/vendor/flag-icon-css/flags/4x3/nz.svg",
"https://urlscan.io/vendor/flag-icon-css/flags/4x3/de.svg",
"https://urlscan.io/vendor/flag-icon-css/flags/4x3/ca.svg",
"https://urlscan.io/vendor/flag-icon-css/flags/4x3/il.svg",
"https://www.gstatic.com/recaptcha/api2/logo_48.png",
"https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
"https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
"https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=***-****",
"https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
"https://www.google.com/recaptcha/api2/reload?k=*****",
"https://www.gstatic.com/recaptcha/api2/refresh_2x.png",
"https://www.gstatic.com/recaptcha/api2/audio_2x.png",
"https://www.gstatic.com/recaptcha/api2/info_2x.png",
"https://fonts.gstatic.com/s/roboto/v18/***.woff2",
"https://www.google.com/recaptcha/api2/payload?p=*****-****-****-*****&k=*****",
"https://urlscan.io/vendor/flag-icon-css/flags/4x3/se.svg",
"https://urlscan.io/vendor/flag-icon-css/flags/4x3/br.svg"
],
"linkDomains": [
"securitytrails.com",
"tines.io",
"www.joesecurity.org",
"tria.ge",
"www.intezer.com",
"www.ctm360.com",
"twitter.com",
"urlscan.us20.list-manage.com",
"status.urlscan.io"
],
"certificates": [
{
"subjectName": "urlscan.io",
"issuer": "R3",
"validFrom": 1622502326,
"validTo": 1630278326
},
{
"subjectName": "www.google.com",
"issuer": "GTS CA 1C3",
"validFrom": 1624377984,
"validTo": 1631635583
},
{
"subjectName": "*.gstatic.com",
"issuer": "GTS CA 1C3",
"validFrom": 1624375494,
"validTo": 1631633093
},
{
"subjectName": "upload.video.google.com",
"issuer": "GTS CA 1O1",
"validFrom": 1624375547,
"validTo": 1631633146
},
{
"subjectName": "*.google.com",
"issuer": "GTS CA 1C3",
"validFrom": 1624369029,
"validTo": 1631626628
}
],
"hashes": [
"",
"*****"
]
},
"verdicts": {
"overall": {
"score": 0,
"categories": [],
"brands": [],
"tags": [],
"malicious": false,
"hasVerdicts": 0
},
"urlscan": {
"score": 0,
"categories": [],
"brands": [],
"tags": [],
"detectionDetails": [],
"malicious": false
},
"engines": {
"score": 0,
"malicious": [],
"benign": [],
"maliciousTotal": 0,
"benignTotal": 0,
"verdicts": [],
"enginesTotal": 0
},
"community": {
"score": 0,
"votes": [],
"votesTotal": 0,
"votesMalicious": 0,
"votesBenign": 0,
"tags": [],
"categories": []
}
},
"submitter": {
"country": "CA"
}
}
}
]Context Data
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
Context Data stores information that can be derived for Return Data.
In check reputation commands, data within the Context Data are risk scores converted into D3-defined risk levels from the raw data. There are 5 possible values of a D3 risk level: High, Medium, Low, Default, or ZeroRisk.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
JSON
[
{
"url": "https://urlscan.io",
"riskLevel": "ZeroRisk"
}
]Key Fields
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
JSON
{
"url": [
"https://urlscan.io"
],
"riskLevel": [
"ZeroRisk"
]
}Return Data
In check reputation commands, Return Data converts the risk score from the raw data into D3-defined risk levels as a numerical value (1-5). This will be used to enrich artifacts with reputation information.
SAMPLE DATA
CODE
SuccessfulResult
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
CODE
No Sample DataD3-defined Risk Levels
The table below lists the possible output risk levels with the corresponding return context data:
Return Data | Context Data |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check URL Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the urlscan.io portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: This looks like a weird hostname. |
Error Sample Data Check URL Reputation failed. Status Code: 400. Message: This looks like a weird hostname. |
Search For Scans
Searches for existing scans by domains, IPs, Autonomous System (AS) numbers, file hashes, etc.
Input
Input Parameter | Required/Optional | Description | Example |
Query | Required | The query string to search for scans. The syntax is based on ElasticSearch's query string syntax. For more information, see Query string query | Elasticsearch Guide [8.6] | Elastic. An example of a query string is "domain:urlscan.io". For a complete list of searchable fields, see Search API Reference - urlscan.io. | domain:*****.com |
Limit | Optional | The maximum number of results (up to 10,000) to return. The default value is 100. | 5 |
Output
Raw Data
The primary response data from the API request.
SAMPLE DATA
JSON
[
{
"results": [
{
"indexedAt": "2021-07-19T17:18:31.447Z",
"task": {
"visibility": "public",
"method": "api",
"domain": "experience.*****.com",
"time": "2021-07-19T17:18:08.547Z",
"uuid": "***-***-***-***",
"url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
"tags": [
"falconsandbox"
]
},
"stats": {
"uniqIPs": 1,
"consoleMsgs": 0,
"uniqCountries": 1,
"dataLength": 23311,
"encodedDataLength": 25282,
"requests": 4
},
"page": {
"country": "DE",
"server": "envoy",
"city": "Frankfurt am Main",
"domain": "experience.*****.com",
"ip": "1.1.1.1",
"mimeType": "text/html",
"asnname": "*****-AS, US",
"asn": "*****",
"url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
"ptr": "a104-117-220-120.deploy.static.*****technologies.com",
"status": "200"
},
"_id": "***-***-***-***",
"sort": [
1626715088547,
"***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***.png"
},
{
"indexedAt": "2021-07-12T18:02:10.537Z",
"task": {
"visibility": "public",
"method": "api",
"domain": "gwl.*****.com",
"time": "2021-07-12T18:01:47.901Z",
"uuid": "***-***-***-***-***-***",
"url": "https://gwl.*****.com/sign-in"
},
"stats": {
"uniqIPs": 8,
"consoleMsgs": 0,
"uniqCountries": 5,
"dataLength": 2218746,
"encodedDataLength": 860998,
"requests": 28
},
"page": {
"country": "CA",
"city": "Montreal",
"domain": "gwl.*****.com",
"ip": "1.1.1.1",
"mimeType": "text/html",
"asnname": "*****-02, US",
"asn": "*****",
"url": "https://gwl.*****.com/sign-in",
"ptr": "dpl7-yhu.na196-yhu.inst.siteforce.com",
"status": "200"
},
"_id": "***-***-***-***-***-***",
"sort": [
1626112907901,
"***-***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***-***.png"
},
{
"indexedAt": "2021-06-07T22:44:54.369Z",
"task": {
"visibility": "public",
"method": "manual",
"domain": "insights.*****.com",
"time": "2021-06-07T22:44:30.902Z",
"uuid": "***-***-***-***-***",
"url": "https://insights.*****.com/jfe/form/SV_3mVkuKXDbq4H5cy?Q_DL=33rMkT3uovBr4FC_3mVkuKXDbq4H5cy_CGC_XoSoXQ95616Masw&Q_CHL=email"
},
"stats": {
"uniqIPs": 2,
"consoleMsgs": 1,
"uniqCountries": 1,
"dataLength": 2076945,
"encodedDataLength": 1222972,
"requests": 17
},
"page": {
"country": "DE",
"server": "nginx",
"city": "Frankfurt am Main",
"domain": "test.com",
"ip": "2.2.2.2",
"mimeType": "text/html",
"asnname": "*****-AS, US",
"asn": "*****",
"url": "https://insights.*****.com/jfe1/form/SV_3mVkuKXDbq4H5cy?Q_DL=33rMkT3uovBr4FC_3mVkuKXDbq4H5cy_CGC_XoSoXQ95616Masw&Q_CHL=email",
"status": "200"
},
"_id": "***-***-***-***-***",
"sort": [
1623105870902,
"***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
},
{
"indexedAt": "2021-06-04T17:45:22.437Z",
"task": {
"visibility": "public",
"method": "manual",
"domain": "www.*****.com",
"time": "2021-06-04T17:45:02.475Z",
"uuid": "***-***-***-***-***",
"url": "http://www.*****.com/"
},
"stats": {
"uniqIPs": 16,
"consoleMsgs": 0,
"uniqCountries": 5,
"dataLength": 2720471,
"encodedDataLength": 1079870,
"requests": 77
},
"page": {
"country": "US",
"city": "Kansas City",
"domain": "www.*****.com",
"ip": "1.1.1.1",
"mimeType": "text/html",
"asnname": "GOOGLE, US",
"asn": "AS****",
"url": "https://www.*****.com/",
"ptr": "201.134.107.34.bc.googleusercontent.com",
"status": "200"
},
"_id": "***-***-***-***-***",
"sort": [
1622828702475,
"***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
},
{
"indexedAt": "2021-05-20T19:19:19.735Z",
"task": {
"visibility": "public",
"method": "manual",
"domain": "www.*****.com",
"time": "2021-05-20T19:18:43.81Z",
"uuid": "***-***-***-***-***",
"url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf"
},
"stats": {
"uniqIPs": 1,
"consoleMsgs": 0,
"uniqCountries": 1,
"dataLength": 0,
"encodedDataLength": 0,
"requests": 1
},
"page": {
"country": "US",
"city": "Kansas City",
"domain": "www.*****.com",
"ip": "1.1.1.1",
"mimeType": "application/pdf",
"asnname": "GOOGLE, US",
"asn": "AS****",
"url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf",
"ptr": "201.134.107.34.bc.googleusercontent.com",
"status": "200"
},
"_id": "***-***-***-***-***",
"sort": [
1621538323810,
"***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
}
],
"total": 68,
"took": 32,
"has_more": false
}
]Context Data
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
D3 customizes the Context Data by extracting the data from path $.results in API returned JSON.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
JSON
[
{
"indexedAt": "2021-07-19T17:18:31.447Z",
"task": {
"visibility": "public",
"method": "api",
"domain": "experience.*****.com",
"time": "2021-07-19T17:18:08.547Z",
"uuid": "***-***-***-***",
"url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
"tags": [
"falconsandbox"
]
},
"stats": {
"uniqIPs": 1,
"consoleMsgs": 0,
"uniqCountries": 1,
"dataLength": 23311,
"encodedDataLength": 25282,
"requests": 4
},
"page": {
"country": "DE",
"server": "envoy",
"city": "Frankfurt am Main",
"domain": "experience.*****.com",
"ip": "1.1.1.1",
"mimeType": "text/html",
"asnname": "*****-AS, US",
"asn": "*****",
"url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
"ptr": "a104-117-220-120.deploy.static.*****technologies.com",
"status": "200"
},
"_id": "***-***-***-***",
"sort": [
1626715088547,
"***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***.png"
},
{
"indexedAt": "2021-07-12T18:02:10.537Z",
"task": {
"visibility": "public",
"method": "api",
"domain": "gwl.*****.com",
"time": "2021-07-12T18:01:47.901Z",
"uuid": "***-***-***-***-***-***",
"url": "https://gwl.*****.com/sign-in"
},
"stats": {
"uniqIPs": 8,
"consoleMsgs": 0,
"uniqCountries": 5,
"dataLength": 2218746,
"encodedDataLength": 860998,
"requests": 28
},
"page": {
"country": "CA",
"city": "Montreal",
"domain": "gwl.*****.com",
"ip": "1.1.1.1",
"mimeType": "text/html",
"asnname": "*****-02, US",
"asn": "*****",
"url": "https://gwl.*****.com/sign-in",
"ptr": "dpl7-yhu.na196-yhu.inst.siteforce.com",
"status": "200"
},
"_id": "***-***-***-***-***-***",
"sort": [
1626112907901,
"***-***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***-***.png"
},
{
"indexedAt": "2021-06-07T22:44:54.369Z",
"task": {
"visibility": "public",
"method": "manual",
"domain": "insights.*****.com",
"time": "2021-06-07T22:44:30.902Z",
"uuid": "***-***-***-***-***",
"url": "https://insights.*****.com/jfe/form/****?Q_DL=***&Q_CHL=email"
},
"stats": {
"uniqIPs": 2,
"consoleMsgs": 1,
"uniqCountries": 1,
"dataLength": 2076945,
"encodedDataLength": 1222972,
"requests": 17
},
"page": {
"country": "DE",
"server": "nginx",
"city": "Frankfurt am Main",
"domain": "insights.*****.com",
"ip": "1.1.1.1",
"mimeType": "text/html",
"asnname": "*****-AS, US",
"asn": "*****",
"url": "https://insights.*****.com/***/form/***?Q_DL=***&Q_CHL=email",
"status": "200"
},
"_id": "***-***-***-***-***",
"sort": [
1623105870902,
"***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
},
{
"indexedAt": "2021-06-04T17:45:22.437Z",
"task": {
"visibility": "public",
"method": "manual",
"domain": "www.*****.com",
"time": "2021-06-04T17:45:02.475Z",
"uuid": "***-***-***-***-***",
"url": "http://www.*****.com/"
},
"stats": {
"uniqIPs": 16,
"consoleMsgs": 0,
"uniqCountries": 5,
"dataLength": 2720471,
"encodedDataLength": 1079870,
"requests": 77
},
"page": {
"country": "US",
"city": "Kansas City",
"domain": "www.*****.com",
"ip": "1.1.1.1",
"mimeType": "text/html",
"asnname": "GOOGLE, US",
"asn": "AS****",
"url": "https://www.*****.com/",
"ptr": "201.134.107.34.bc.googleusercontent.com",
"status": "200"
},
"_id": "***-***-***-***-***",
"sort": [
1622828702475,
"***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
},
{
"indexedAt": "2021-05-20T19:19:19.735Z",
"task": {
"visibility": "public",
"method": "manual",
"domain": "www.*****.com",
"time": "2021-05-20T19:18:43.81Z",
"uuid": "***-***-***-***-***",
"url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf"
},
"stats": {
"uniqIPs": 1,
"consoleMsgs": 0,
"uniqCountries": 1,
"dataLength": 0,
"encodedDataLength": 0,
"requests": 1
},
"page": {
"country": "US",
"city": "Kansas City",
"domain": "www.*****.com",
"ip": "1.1.1.1",
"mimeType": "application/pdf",
"asnname": "GOOGLE, US",
"asn": "AS****",
"url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf",
"ptr": "201.134.107.34.bc.googleusercontent.com",
"status": "200"
},
"_id": "***-***-***-***-***",
"sort": [
1621538323810,
"***-***-***-***-***"
],
"result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
"screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
}
]Key Fields
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
JSON
{
"ScanTimes": [
"2021-07-19T17:18:31.447Z",
"2021-07-12T18:02:10.537Z",
"2021-06-07T22:44:54.369Z",
"2021-06-04T17:45:22.437Z",
"2021-05-20T19:19:19.735Z"
],
"UniqueIPs": [
1,
8,
2,
16,
1
],
"UniqueCountries": [
1,
5,
1,
5,
1
],
"Countries": [
"DE",
"CA",
"DE",
"US",
"US"
],
"Cities": [
"Frankfurt am Main",
"Montreal",
"Frankfurt am Main",
"Kansas City",
"Kansas City"
],
"Domains": [
"experience.*****.com",
"gwl.*****.com",
"insights.*****.com",
"www.*****.com",
"www.*****.com"
],
"IPs": [
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1"
],
"ASNs": [
"*****",
"*****",
"*****",
"AS****",
"AS****"
],
"URLs": [
"https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
"https://gwl.*****.com/sign-in",
"https://insights.*****.com/jfe1/form/SV_3mVkuKXDbq4H5cy?Q_DL=33rMkT3uovBr4FC_3mVkuKXDbq4H5cy_CGC_XoSoXQ95616Masw&Q_CHL=email",
"https://www.*****.com/",
"https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf"
],
"Statuses": [
"200",
"200",
"200",
"200",
"200"
],
"ResultURLs": [
"https://urlscan.io/api/v1/result/***-***-***-***/",
"https://urlscan.io/api/v1/result/***-***-***-***-***-***/",
"https://urlscan.io/api/v1/result/***-***-***-***-***/",
"https://urlscan.io/api/v1/result/***-***-***-***-***/",
"https://urlscan.io/api/v1/result/***-***-***-***-***/"
]
}Return Data
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
CODE
SuccessfulResult
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
CODE
No Sample DataError Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Search For Scans failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the urlscan.io portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The value for parameter (Limit) is invalid. |
Error Sample Data Search For Scans failed. Status Code: 400. Message: The value for parameter (Limit) is invalid. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Return Data
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
SAMPLE DATA
CODE
SuccessfulError Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the urlscan.io portal. Refer to the HTTP Status Code Registry for details. | Status Code: 443. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Failed to establish a new connection. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 443. Message: Failed to establish a new connection. |