Skip to main content
Skip table of contents

urlscan.io

LAST UPDATED: 05/30/2024

Overview

urlscan.io allows users to submit URLs for scanning or search for existing scans by attributes such as domains, IPs, hashes, and more.

D3 SOAR is providing REST operations to function with urlscan.io.

For example, you perform a reputation check on a list of URLs or search for and return details about existing scans from urlscan.io.

urlscan.io is available for use in:

D3 SOAR

V12.7.83.0+

Category

Threat Intelligence

Deployment Options

Option II, Option IV

Known Limitations

To view your rate limit usage, please log in to your account at https://urlscan.io/user/ and navigate to the Quotas & Rate-Limit section, where you can view the API usage and limits for your account tier. If you surpass a rate limit for a particular action, the API will return an HTTP 429 error code for subsequent requests related to that action. If you wish to upgrade your account, please refer to Pricing - urlscan.io for more information.

Connection

To connect to urlscan.io from D3 SOAR, please follow this part to collect the required information below:

Parameter

Description

Example

Server URL

The server URL of the urlscan.io API.

https://urlscan.io

API Key

The API key for authentication.

***-***-***-***-***

API Version

The API version to use for the connection. The default value is v1.

v1

Configuring urlscan.io to Work with D3 SOAR

  1. Log in to urlscan.io with your account credentials. Locate the user account icon in the top right corner of your screen and click on it.

  2. Select Settings & API from the left side navigation menu. Under API Keys, click + Create New API Key.

  3. Enter a description for the API Key, then click + Create API Key.

  4. Your new API key will now be displayed in the API Keys section of the Settings and API page. Hover over the blurred key to reveal the key. Copy and store the key in a secure location, it will be required to establish the integration connection in D3 SOAR.

Configuring D3 SOAR to Work with urlscan.io

  1. Log in to D3 SOAR.

  2. Find the urlscan.io integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type urlscan.io in the search box to find the integration, then click it to select it.

    4. Click + Connection, on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to urlscan.io.

    1. Connection Name: The desired name for the connection.

    2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.

    4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add your desired description for the connection.

    6. Configure User Permissions: Defines which users have access to the connection.

    7. Active: Check the tick box to ensure the connection is available for use.

    8. System Reputation Check: Checking the reputation check tick box will run the corresponding check reputation command(s) under this integration connection to enrich the corresponding artifacts with reputation details. 
      For example, we are configuring an integration connection named “ConnectionA” with the site “Sandbox”. All URL artifacts from the “Sandbox” site will go through a reputation check using the Check URL Reputation command from that integration. The return data output from running the command will then be used to update the risk level of the artifacts which may affect the risk level of incoming events.

    9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
      1. Input your domain level Server URL.
      2. Input the saved API key.
      3. Input the version of the API to use for the connection. The default value is v1.

    10. Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
      To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.

    11. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.

  4. Test the connection.

    1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.

    2. Click OK to close the alert window.

    3. Click Add to create and add the configured connection.

Commands

urlscan.io includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the urlscan.io API, please refer to the urlscan.io API reference.

Check URL Reputation

Performs a reputation check on the provided URLs.

Input

Input Parameter

Required/Optional

Description

Example

URLs

Optional

The list of URLs to perform the reputation check.

["https://urlscan.io"]

Output

Raw Data

The primary response data from the API request.

D3 enriches the raw data from the original urlscan.io API response by adding the riskLevel field.

SAMPLE DATA

JSON
[
    {
        "url": "https://urlscan.io",
        "raw": {
            "data": {
                "requests": [
                    {
                        "request": {
                            "requestId": "",
                            "loaderId": "",
                            "documentURL": "https://urlscan.io/",
                            "request": {
                                "url": "https://urlscan.io/",
                                "method": "GET",
                                "headers": {
                                    "Upgrade-Insecure-Requests": "1",
                                    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                                },
                                "mixedContentType": "none",
                                "initialPriority": "VeryHigh",
                                "referrerPolicy": "strict-origin-when-cross-origin"
                            },
                            "timestamp": 37069944.812183,
                            "wallTime": 1625855870.120524,
                            "initiator": {
                                "type": "other"
                            },
                            "type": "Document",
                            "frameId": "",
                            "hasUserGesture": false,
                            "primaryRequest": true
                        },
                        "response": {
                            "encodedDataLength": 9176,
                            "dataLength": 36627,
                            "requestId": "",
                            "type": "Document",
                            "response": {
                                "url": "https://urlscan.io/",
                                "status": 200,
                                "statusText": "",
                                "headers": {
                                    "server": "nginx",
                                    "date": "Fri, 09 Jul 2021 18:37:50 GMT",
                                    "content-type": "text/html; charset=utf-8",
                                    "cache-control": "public, max-age=60",
                                    "etag": "W/\"8f13-/0+\"",
                                    "content-security-policy": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;",
                                    "referrer-policy": "unsafe-url",
                                    "strict-transport-security": "max-age=63072000; includeSubdomains; preload",
                                    "x-content-type-options": "nosniff",
                                    "x-frame-options": "DENY",
                                    "x-xss-protection": "1; mode=block",
                                    "x-proxy-cache": "HIT",
                                    "x-robots-tag": "all",
                                    "content-encoding": "gzip"
                                },
                                "mimeType": "text/html",
                                "requestHeaders": {
                                    ":method": "GET",
                                    ":authority": "urlscan.io",
                                    ":scheme": "https",
                                    ":path": "/",
                                    "pragma": "no-cache",
                                    "cache-control": "no-cache",
                                    "upgrade-insecure-requests": "1",
                                    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
                                    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                                    "sec-fetch-site": "none",
                                    "sec-fetch-mode": "navigate",
                                    "sec-fetch-user": "?1",
                                    "sec-fetch-dest": "document",
                                    "accept-encoding": "gzip, deflate, br",
                                    "accept-language": "en-US"
                                },
                                "remoteIPAddress": "1.1.1.1",
                                "remotePort": 443,
                                "fromPrefetchCache": false,
                                "encodedDataLength": 618,
                                "timing": {
                                    "requestTime": 37069944.813182,
                                    "proxyStart": -1,
                                    "proxyEnd": -1,
                                    "dnsStart": 0.501,
                                    "dnsEnd": 1.408,
                                    "connectStart": 1.408,
                                    "connectEnd": 54.159,
                                    "sslStart": 13.419,
                                    "sslEnd": 54.154,
                                    "workerStart": -1,
                                    "workerReady": -1,
                                    "workerFetchStart": -1,
                                    "workerRespondWithSettled": -1,
                                    "sendStart": 54.247,
                                    "sendEnd": 54.309,
                                    "pushStart": 0,
                                    "pushEnd": 0,
                                    "receiveHeadersEnd": 79.278
                                },
                                "responseTime": 1625855870200.728,
                                "protocol": "h2",
                                "securityState": "secure",
                                "securityDetails": {
                                    "protocol": "TLS 1.2",
                                    "keyExchange": "",
                                    "keyExchangeGroup": "P-",
                                    "cipher": "",
                                    "certificateId": 0,
                                    "subjectName": "urlscan.io",
                                    "sanList": [
                                        "*.urlscan.com",
                                        "*.urlscan.io",
                                        "*.urlscan.net",
                                        "urlscan.com",
                                        "urlscan.io"
                                    ],
                                    "issuer": "R3",
                                    "validFrom": 1622502326,
                                    "validTo": 1630278326,
                                    "signedCertificateTimestampList": [],
                                    "certificateTransparencyCompliance": "unknown"
                                },
                                "securityHeaders": [
                                    {
                                        "name": "Content-Security-Policy",
                                        "value": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;"
                                    },
                                    {
                                        "name": "Strict-Transport-Security",
                                        "value": "max-age=63072000; includeSubdomains; preload"
                                    },
                                    {
                                        "name": "X-Content-Type-Options",
                                        "value": "nosniff"
                                    },
                                    {
                                        "name": "X-Frame-Options",
                                        "value": "DENY"
                                    },
                                    {
                                        "name": "X-Xss-Protection",
                                        "value": "1; mode=block"
                                    }
                                ]
                            },
                            "hash": "",
                            "size": 36625,
                            "asn": {
                                "ip": "1.1.1.1",
                                "asn": "",
                                "country": "DE",
                                "registrar": "ripencc",
                                "date": "2002-06-03",
                                "description": "HETZNER-AS, DE",
                                "route": "1.1.1.1/16",
                                "name": "HETZNER-AS"
                            },
                            "geoip": {
                                "range": [
                                    2499488768,
                                    2499489791
                                ],
                                "country": "DE",
                                "region": "",
                                "eu": "1",
                                "timezone": "Europe/Berlin",
                                "city": "",
                                "ll": [
                                    51.2993,
                                    9.491
                                ],
                                "metro": 0,
                                "area": 200,
                                "country_name": "Germany"
                            },
                            "rdns": {
                                "ip": "1.1.1.1",
                                "ptr": "urlscan.io"
                            }
                        }
                    },
                    {
                        "request": {
                            "requestId": "",
                            "loaderId": "",
                            "documentURL": "https://urlscan.io/",
                            "request": {
                                "url": "https://urlscan.io/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
                                "method": "GET",
                                "headers": {
                                    "Origin": "https://urlscan.io",
                                    "Referer": "https://urlscan.io/",
                                    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                                },
                                "mixedContentType": "none",
                                "initialPriority": "High",
                                "referrerPolicy": "unsafe-url",
                                "isLinkPreload": true
                            },
                            "timestamp": 37069944.897877,
                            "wallTime": 1625855870.206207,
                            "initiator": {
                                "type": "parser",
                                "url": "https://urlscan.io/",
                                "lineNumber": 16,
                                "columnNumber": 112
                            },
                            "type": "Font",
                            "frameId": "",
                            "hasUserGesture": false
                        },
                        "response": {
                            "encodedDataLength": 18689,
                            "dataLength": 18028,
                            "requestId": "17317.2",
                            "type": "Font",
                            "response": {
                                "url": "https://urlscan.io/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
                                "status": 200,
                                "statusText": "",
                                "headers": {
                                    "content-security-policy": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;",
                                    "x-content-type-options": "nosniff",
                                    "content-length": "18028",
                                    "x-xss-protection": "1; mode=block",
                                    "referrer-policy": "unsafe-url",
                                    "last-modified": "Mon, 21 Jun 2021 07:36:32 GMT",
                                    "server": "nginx",
                                    "x-frame-options": "DENY",
                                    "date": "Fri, 09 Jul 2021 18:37:50 GMT",
                                    "strict-transport-security": "max-age=63072000; includeSubdomains; preload",
                                    "content-type": "font/",
                                    "cache-control": "public, max-age=3600",
                                    "etag": "W/\"466c-\"",
                                    "accept-ranges": "bytes",
                                    "x-robots-tag": "all",
                                    "x-proxy-cache": "HIT"
                                },
                                "mimeType": "font/",
                                "requestHeaders": {
                                    ":path": "/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
                                    "pragma": "no-cache",
                                    "origin": "https://urlscan.io",
                                    "accept-encoding": "gzip, deflate, br",
                                    "accept-language": "en-US",
                                    "user-agent": "/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
                                    "sec-fetch-mode": "cors",
                                    "accept": "*/*",
                                    "cache-control": "no-cache",
                                    "sec-fetch-dest": "font",
                                    ":authority": "urlscan.io",
                                    "referer": "https://urlscan.io/",
                                    ":scheme": "https",
                                    "sec-fetch-site": "same-origin",
                                    ":method": "GET"
                                },
                                "remoteIPAddress": "1.1.1.1",
                                "remotePort": 443,
                                "fromPrefetchCache": false,
                                "encodedDataLength": 634,
                                "timing": {
                                    "requestTime": 37069944.898164,
                                    "proxyStart": -1,
                                    "proxyEnd": -1,
                                    "dnsStart": -1,
                                    "dnsEnd": -1,
                                    "connectStart": -1,
                                    "connectEnd": -1,
                                    "sslStart": -1,
                                    "sslEnd": -1,
                                    "workerStart": -1,
                                    "workerReady": -1,
                                    "workerFetchStart": -1,
                                    "workerRespondWithSettled": -1,
                                    "sendStart": 0.16,
                                    "sendEnd": 0.251,
                                    "pushStart": 0,
                                    "pushEnd": 0,
                                    "receiveHeadersEnd": 30.619
                                },
                                "responseTime": 1625855870236.994,
                                "protocol": "h2",
                                "securityState": "secure",
                                "securityDetails": {
                                    "protocol": "TLS 1.2",
                                    "keyExchange": "",
                                    "keyExchangeGroup": "P-",
                                    "cipher": "",
                                    "certificateId": 0,
                                    "subjectName": "urlscan.io",
                                    "sanList": [
                                        "*.urlscan.com",
                                        "*.urlscan.io",
                                        "*.urlscan.net",
                                        "urlscan.com",
                                        "urlscan.io"
                                    ],
                                    "issuer": "R3",
                                    "validFrom": 1622502326,
                                    "validTo": 1630278326,
                                    "signedCertificateTimestampList": [],
                                    "certificateTransparencyCompliance": "unknown"
                                },
                                "securityHeaders": [
                                    {
                                        "name": "Content-Security-Policy",
                                        "value": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;"
                                    },
                                    {
                                        "name": "Strict-Transport-Security",
                                        "value": "max-age=63072000; includeSubdomains; preload"
                                    },
                                    {
                                        "name": "X-Content-Type-Options",
                                        "value": "nosniff"
                                    },
                                    {
                                        "name": "X-Frame-Options",
                                        "value": "DENY"
                                    },
                                    {
                                        "name": "X-Xss-Protection",
                                        "value": "1; mode=block"
                                    }
                                ]
                            },
                            "hash": "",
                            "size": 24040,
                            "asn": {
                                "ip": "1.1.1.1",
                                "asn": "",
                                "country": "DE",
                                "registrar": "ripencc",
                                "date": "2002-06-03",
                                "description": "-AS, DE",
                                "route": "148.251.0.0/16",
                                "name": "-AS"
                            },
                            "geoip": {
                                "range": [
                                    2499488768,
                                    2499489791
                                ],
                                "country": "DE",
                                "region": "",
                                "eu": "1",
                                "timezone": "Europe/Berlin",
                                "city": "",
                                "ll": [
                                    51.2993,
                                    9.491
                                ],
                                "metro": 0,
                                "area": 200,
                                "country_name": "Germany"
                            },
                            "rdns": {
                                "ip": "1.1.1.1",
                                "ptr": "urlscan.io"
                            }
                        },
                        "initiatorInfo": {
                            "url": "https://urlscan.io/",
                            "host": "urlscan.io",
                            "type": "parser"
                        }
                    },
                    {
                        "request": {
                            "requestId": "",
                            "loaderId": "",
                            "documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=****-***&k=****&cb=***",
                            "request": {
                                "url": "https://www.gstatic.com/recaptcha/api2/info_2x.png",
                                "method": "GET",
                                "headers": {
                                    "Referer": "https://www.gstatic.com/recaptcha/releases/***-***/styles__ltr.css",
                                    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) ***/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                                },
                                "mixedContentType": "none",
                                "initialPriority": "Low",
                                "referrerPolicy": "strict-origin-when-cross-origin"
                            },
                            "timestamp": 37069945.574675,
                            "wallTime": 1625855870.883005,
                            "initiator": {
                                "type": "parser",
                                "url": "https://www.gstatic.com/recaptcha/releases/***-****/styles__ltr.css"
                            },
                            "type": "Image",
                            "frameId": "",
                            "hasUserGesture": false
                        },
                        "response": {
                            "encodedDataLength": 687,
                            "dataLength": 665,
                            "requestId": "",
                            "type": "Image",
                            "response": {
                                "url": "https://www.gstatic.com/recaptcha/api2/info_2x.png",
                                "status": 200,
                                "statusText": "",
                                "headers": {
                                    "date": "Mon, 05 Jul 2021 22:47:38 GMT",
                                    "x-content-type-options": "nosniff",
                                    "last-modified": "Tue, 03 Mar 2020 20:15:00 GMT",
                                    "server": "sffe",
                                    "age": "330612",
                                    "content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha",
                                    "content-type": "image/png",
                                    "cache-control": "public, max-age=604800",
                                    "cross-origin-resource-policy": "cross-origin",
                                    "accept-ranges": "bytes",
                                    "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
                                    "content-length": "665",
                                    "x-xss-protection": "0",
                                    "expires": "Mon, 12 Jul 2021 22:47:38 GMT"
                                },
                                "mimeType": "image/png",
                                "remoteIPAddress": "[]",
                                "remotePort": 443,
                                "fromPrefetchCache": false,
                                "encodedDataLength": 22,
                                "timing": {
                                    "requestTime": 37069945.57508,
                                    "proxyStart": -1,
                                    "proxyEnd": -1,
                                    "dnsStart": -1,
                                    "dnsEnd": -1,
                                    "connectStart": -1,
                                    "connectEnd": -1,
                                    "sslStart": -1,
                                    "sslEnd": -1,
                                    "workerStart": -1,
                                    "workerReady": -1,
                                    "workerFetchStart": -1,
                                    "workerRespondWithSettled": -1,
                                    "sendStart": 1.174,
                                    "sendEnd": 1.237,
                                    "pushStart": 0,
                                    "pushEnd": 0,
                                    "receiveHeadersEnd": 8.509
                                },
                                "responseTime": 1625855870891.896,
                                "protocol": "h3-29",
                                "securityState": "secure",
                                "securityDetails": {
                                    "protocol": "QUIC",
                                    "keyExchange": "",
                                    "keyExchangeGroup": "X25519",
                                    "cipher": "AES_128_GCM",
                                    "certificateId": 0,
                                    "subjectName": "*.gstatic.com",
                                    "sanList": [
                                        "*.gstatic.com",
                                        "gstatic.com",
                                        "*.metric.gstatic.com",
                                        "kn.dev",
                                        "*.kn.dev"
                                    ],
                                    "issuer": "GTS CA 1C3",
                                    "validFrom": 1624375494,
                                    "validTo": 1631633093,
                                    "signedCertificateTimestampList": [],
                                    "certificateTransparencyCompliance": "unknown"
                                },
                                "securityHeaders": [
                                    {
                                        "name": "X-Content-Type-Options",
                                        "value": "nosniff"
                                    },
                                    {
                                        "name": "X-Xss-Protection",
                                        "value": "0"
                                    }
                                ]
                            },
                            "hash": "",
                            "size": 888,
                            "asn": {
                                "ip": "",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            "geoip": {
                                "range": "",
                                "country": "DE",
                                "region": "HE",
                                "city": "Frankfurt am Main",
                                "ll": [
                                    50.1188,
                                    8.6843
                                ],
                                "metro": 0,
                                "area": 100,
                                "eu": "1",
                                "timezone": "Europe/Berlin",
                                "country_name": "Germany"
                            }
                        },
                        "initiatorInfo": {
                            "url": "https://www.gstatic.com/recaptcha/releases/-**8**/styles__ltr.css",
                            "host": "www.gstatic.com",
                            "type": "parser"
                        }
                    },
                    {
                        "request": {
                            "requestId": "****",
                            "loaderId": "",
                            "documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-***&k=****&cb=***",
                            "request": {
                                "url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
                                "method": "GET",
                                "headers": {
                                    "Origin": "https://www.google.com",
                                    "Referer": "https://www.google.com/",
                                    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                                },
                                "mixedContentType": "none",
                                "initialPriority": "VeryHigh",
                                "referrerPolicy": "strict-origin-when-cross-origin"
                            },
                            "timestamp": 37069945.574966,
                            "wallTime": 1625855870.883296,
                            "initiator": {
                                "type": "parser",
                                "url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-**&k=**&cb=**"
                            },
                            "type": "Font",
                            "frameId": "***8*",
                            "hasUserGesture": false
                        },
                        "response": {
                            "encodedDataLength": 15369,
                            "dataLength": 15344,
                            "requestId": "17317.131",
                            "type": "Font",
                            "response": {
                                "url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
                                "status": 200,
                                "statusText": "",
                                "headers": {
                                    "date": "Tue, 06 Jul 2021 00:42:56 GMT",
                                    "x-content-type-options": "nosniff",
                                    "age": "323694",
                                    "content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes",
                                    "cross-origin-resource-policy": "cross-origin",
                                    "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
                                    "content-length": "15344",
                                    "x-xss-protection": "0",
                                    "last-modified": "Mon, 16 Oct 2017 17:32:55 GMT",
                                    "server": "sffe",
                                    "content-type": "font/woff2",
                                    "access-control-allow-origin": "*",
                                    "cache-control": "public, max-age=31536000",
                                    "accept-ranges": "bytes",
                                    "timing-allow-origin": "*",
                                    "expires": "Wed, 06 Jul 2022 00:42:56 GMT"
                                },
                                "mimeType": "font/woff2",
                                "remoteIPAddress": "[*****]",
                                "remotePort": 443,
                                "fromPrefetchCache": false,
                                "encodedDataLength": 25,
                                "timing": {
                                    "requestTime": 37069945.575274,
                                    "proxyStart": -1,
                                    "proxyEnd": -1,
                                    "dnsStart": -1,
                                    "dnsEnd": -1,
                                    "connectStart": -1,
                                    "connectEnd": -1,
                                    "sslStart": -1,
                                    "sslEnd": -1,
                                    "workerStart": -1,
                                    "workerReady": -1,
                                    "workerFetchStart": -1,
                                    "workerRespondWithSettled": -1,
                                    "sendStart": 0.869,
                                    "sendEnd": 0.946,
                                    "pushStart": 0,
                                    "pushEnd": 0,
                                    "receiveHeadersEnd": 6.819
                                },
                                "responseTime": 1625855870890.367,
                                "protocol": "h3-29",
                                "securityState": "secure",
                                "securityDetails": {
                                    "protocol": "QUIC",
                                    "keyExchange": "",
                                    "keyExchangeGroup": "X25519",
                                    "cipher": "AES_128_GCM",
                                    "certificateId": 0,
                                    "subjectName": "*.gstatic.com",
                                    "sanList": [
                                        "*.gstatic.com",
                                        "gstatic.com",
                                        "*.metric.gstatic.com",
                                        "kn.dev",
                                        "*.kn.dev"
                                    ],
                                    "issuer": "GTS CA 1C3",
                                    "validFrom": 1624375494,
                                    "validTo": 1631633093,
                                    "signedCertificateTimestampList": [],
                                    "certificateTransparencyCompliance": "unknown"
                                },
                                "securityHeaders": [
                                    {
                                        "name": "X-Content-Type-Options",
                                        "value": "nosniff"
                                    },
                                    {
                                        "name": "X-Xss-Protection",
                                        "value": "0"
                                    }
                                ]
                            },
                            "hash": "3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc",
                            "size": 20460,
                            "asn": {
                                "ip": "*****",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            "geoip": {
                                "range": "",
                                "country": "DE",
                                "region": "HE",
                                "city": "Frankfurt am Main",
                                "ll": [
                                    50.1188,
                                    8.6843
                                ],
                                "metro": 0,
                                "area": 100,
                                "eu": "1",
                                "timezone": "Europe/Berlin",
                                "country_name": "Germany"
                            }
                        },
                        "initiatorInfo": {
                            "url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-***&k=***&cb=***",
                            "host": "www.google.com",
                            "type": "parser"
                        }
                    },
                    {
                        "request": {
                            "requestId": "17317.145",
                            "loaderId": "",
                            "documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=**8-**&k=***&cb=***",
                            "request": {
                                "url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
                                "method": "GET",
                                "headers": {
                                    "Origin": "https://www.google.com",
                                    "Referer": "https://www.google.com/",
                                    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                                },
                                "mixedContentType": "none",
                                "initialPriority": "VeryHigh",
                                "referrerPolicy": "strict-origin-when-cross-origin"
                            },
                            "timestamp": 37069945.575075,
                            "wallTime": 1625855870.883404,
                            "initiator": {
                                "type": "parser",
                                "url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****"
                            },
                            "type": "Font",
                            "frameId": "***8*",
                            "hasUserGesture": false
                        },
                        "response": {
                            "encodedDataLength": 15365,
                            "dataLength": 15340,
                            "requestId": "17317.145",
                            "type": "Font",
                            "response": {
                                "url": "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
                                "status": 200,
                                "statusText": "",
                                "headers": {
                                    "date": "Tue, 06 Jul 2021 02:41:59 GMT",
                                    "x-content-type-options": "nosniff",
                                    "age": "316551",
                                    "content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes",
                                    "cross-origin-resource-policy": "cross-origin",
                                    "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
                                    "content-length": "15340",
                                    "x-xss-protection": "0",
                                    "last-modified": "Mon, 16 Oct 2017 17:33:16 GMT",
                                    "server": "sffe",
                                    "content-type": "font/woff2",
                                    "access-control-allow-origin": "*",
                                    "cache-control": "public, max-age=31536000",
                                    "accept-ranges": "bytes",
                                    "timing-allow-origin": "*",
                                    "expires": "Wed, 06 Jul 2022 02:41:59 GMT"
                                },
                                "mimeType": "font/woff2",
                                "remoteIPAddress": "[*****]",
                                "remotePort": 443,
                                "fromPrefetchCache": false,
                                "encodedDataLength": 25,
                                "timing": {
                                    "requestTime": 37069945.575507,
                                    "proxyStart": -1,
                                    "proxyEnd": -1,
                                    "dnsStart": -1,
                                    "dnsEnd": -1,
                                    "connectStart": -1,
                                    "connectEnd": -1,
                                    "sslStart": -1,
                                    "sslEnd": -1,
                                    "workerStart": -1,
                                    "workerReady": -1,
                                    "workerFetchStart": -1,
                                    "workerRespondWithSettled": -1,
                                    "sendStart": 0.909,
                                    "sendEnd": 0.983,
                                    "pushStart": 0,
                                    "pushEnd": 0,
                                    "receiveHeadersEnd": 9.03
                                },
                                "responseTime": 1625855870892.841,
                                "protocol": "h3-29",
                                "securityState": "secure",
                                "securityDetails": {
                                    "protocol": "QUIC",
                                    "keyExchange": "",
                                    "keyExchangeGroup": "X25519",
                                    "cipher": "AES_128_GCM",
                                    "certificateId": 0,
                                    "subjectName": "*.gstatic.com",
                                    "sanList": [
                                        "*.gstatic.com",
                                        "gstatic.com",
                                        "*.metric.gstatic.com",
                                        "kn.dev",
                                        "*.kn.dev"
                                    ],
                                    "issuer": "GTS CA 1C3",
                                    "validFrom": 1624375494,
                                    "validTo": 1631633093,
                                    "signedCertificateTimestampList": [],
                                    "certificateTransparencyCompliance": "unknown"
                                },
                                "securityHeaders": [
                                    {
                                        "name": "X-Content-Type-Options",
                                        "value": "nosniff"
                                    },
                                    {
                                        "name": "X-Xss-Protection",
                                        "value": "0"
                                    }
                                ]
                            },
                            "hash": "*****",
                            "size": 20456,
                            "asn": {
                                "ip": "*****",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            "geoip": {
                                "range": "",
                                "country": "DE",
                                "region": "HE",
                                "city": "Frankfurt am Main",
                                "ll": [
                                    50.1188,
                                    8.6843
                                ],
                                "metro": 0,
                                "area": 100,
                                "eu": "1",
                                "timezone": "Europe/Berlin",
                                "country_name": "Germany"
                            }
                        },
                        "initiatorInfo": {
                            "url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
                            "host": "www.google.com",
                            "type": "parser"
                        }
                    },
                    {
                        "request": {
                            "requestId": "****",
                            "loaderId": "",
                            "documentURL": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
                            "request": {
                                "url": "https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
                                "method": "GET",
                                "headers": {
                                    "Origin": "https://www.google.com",
                                    "Referer": "https://www.google.com/",
                                    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                                },
                                "mixedContentType": "none",
                                "initialPriority": "VeryHigh",
                                "referrerPolicy": "strict-origin-when-cross-origin"
                            },
                            "timestamp": 37069945.575238,
                            "wallTime": 1625855870.883568,
                            "initiator": {
                                "type": "parser",
                                "url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****"
                            },
                            "type": "Font",
                            "frameId": "***8*",
                            "hasUserGesture": false
                        },
                        "response": {
                            "encodedDataLength": 15577,
                            "dataLength": 15552,
                            "requestId": "****",
                            "type": "Font",
                            "response": {
                                "url": "https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
                                "status": 200,
                                "statusText": "",
                                "headers": {
                                    "date": "Tue, 06 Jul 2021 00:30:52 GMT",
                                    "x-content-type-options": "nosniff",
                                    "age": "324418",
                                    "content-security-policy-report-only": "require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes",
                                    "cross-origin-resource-policy": "cross-origin",
                                    "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
                                    "content-length": "15552",
                                    "x-xss-protection": "0",
                                    "last-modified": "Mon, 16 Oct 2017 17:33:02 GMT",
                                    "server": "sffe",
                                    "content-type": "font/woff2",
                                    "access-control-allow-origin": "*",
                                    "cache-control": "public, max-age=31536000",
                                    "accept-ranges": "bytes",
                                    "timing-allow-origin": "*",
                                    "expires": "Wed, 06 Jul 2022 00:30:52 GMT"
                                },
                                "mimeType": "font/woff2",
                                "remoteIPAddress": "[*****]",
                                "remotePort": 443,
                                "fromPrefetchCache": false,
                                "encodedDataLength": 25,
                                "timing": {
                                    "requestTime": 37069945.575871,
                                    "proxyStart": -1,
                                    "proxyEnd": -1,
                                    "dnsStart": -1,
                                    "dnsEnd": -1,
                                    "connectStart": -1,
                                    "connectEnd": -1,
                                    "sslStart": -1,
                                    "sslEnd": -1,
                                    "workerStart": -1,
                                    "workerReady": -1,
                                    "workerFetchStart": -1,
                                    "workerRespondWithSettled": -1,
                                    "sendStart": 0.642,
                                    "sendEnd": 0.704,
                                    "pushStart": 0,
                                    "pushEnd": 0,
                                    "receiveHeadersEnd": 7.527
                                },
                                "responseTime": 1625855870891.704,
                                "protocol": "h3-29",
                                "securityState": "secure",
                                "securityDetails": {
                                    "protocol": "QUIC",
                                    "keyExchange": "",
                                    "keyExchangeGroup": "X25519",
                                    "cipher": "AES_128_GCM",
                                    "certificateId": 0,
                                    "subjectName": "*.gstatic.com",
                                    "sanList": [
                                        "*.gstatic.com",
                                        "gstatic.com",
                                        "*.metric.gstatic.com",
                                        "kn.dev",
                                        "*.kn.dev"
                                    ],
                                    "issuer": "GTS CA 1C3",
                                    "validFrom": 1624375494,
                                    "validTo": 1631633093,
                                    "signedCertificateTimestampList": [],
                                    "certificateTransparencyCompliance": "unknown"
                                },
                                "securityHeaders": [
                                    {
                                        "name": "X-Content-Type-Options",
                                        "value": "nosniff"
                                    },
                                    {
                                        "name": "X-Xss-Protection",
                                        "value": "0"
                                    }
                                ]
                            },
                            "hash": "*****",
                            "size": 20736,
                            "asn": {
                                "ip": "*****",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            "geoip": {
                                "range": "",
                                "country": "DE",
                                "region": "HE",
                                "city": "Frankfurt am Main",
                                "ll": [
                                    50.1188,
                                    8.6843
                                ],
                                "metro": 0,
                                "area": 100,
                                "eu": "1",
                                "timezone": "Europe/Berlin",
                                "country_name": "Germany"
                            }
                        },
                        "initiatorInfo": {
                            "url": "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
                            "host": "www.google.com",
                            "type": "parser"
                        }
                    },
                    {
                        "request": {
                            "requestId": "****",
                            "loaderId": "",
                            "documentURL": "https://urlscan.io/",
                            "request": {
                                "url": "https://urlscan.io/vendor/flag-icon-css/flags/4x3/br.svg",
                                "method": "GET",
                                "headers": {
                                    "Referer": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
                                    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                                },
                                "mixedContentType": "none",
                                "initialPriority": "Low",
                                "referrerPolicy": "unsafe-url"
                            },
                            "timestamp": 37069975.242742,
                            "wallTime": 1625855900.551072,
                            "initiator": {
                                "type": "parser",
                                "url": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css"
                            },
                            "type": "Image",
                            "frameId": "",
                            "hasUserGesture": false
                        },
                        "response": {
                            "encodedDataLength": 5771,
                            "dataLength": 12470,
                            "requestId": "****",
                            "type": "Image",
                            "response": {
                                "url": "https://urlscan.io/vendor/flag-icon-css/flags/4x3/br.svg",
                                "status": 200,
                                "statusText": "",
                                "headers": {
                                    "date": "Fri, 09 Jul 2021 18:38:20 GMT",
                                    "content-encoding": "gzip",
                                    "referrer-policy": "unsafe-url",
                                    "last-modified": "Mon, 21 Jun 2021 07:36:32 GMT",
                                    "server": "nginx",
                                    "etag": "W/\"30b6-17a2d7fdc00\"",
                                    "x-frame-options": "DENY",
                                    "content-type": "image/svg+xml",
                                    "cache-control": "public, max-age=3600",
                                    "x-content-type-options": "nosniff",
                                    "content-security-policy": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;",
                                    "strict-transport-security": "max-age=63072000; includeSubdomains; preload",
                                    "x-robots-tag": "all",
                                    "x-xss-protection": "1; mode=block",
                                    "x-proxy-cache": "HIT"
                                },
                                "mimeType": "image/svg+xml",
                                "requestHeaders": {
                                    ":path": "/vendor/flag-icon-css/flags/4x3/br.svg",
                                    "pragma": "no-cache",
                                    "accept-encoding": "gzip, deflate, br",
                                    "accept-language": "en-US",
                                    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
                                    "sec-fetch-mode": "no-cors",
                                    "accept": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8",
                                    "cache-control": "no-cache",
                                    "sec-fetch-dest": "image",
                                    ":authority": "urlscan.io",
                                    "referer": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
                                    ":scheme": "https",
                                    "sec-fetch-site": "same-origin",
                                    ":method": "GET"
                                },
                                "remoteIPAddress": "1.1.1.1",
                                "remotePort": 443,
                                "fromPrefetchCache": false,
                                "encodedDataLength": 631,
                                "timing": {
                                    "requestTime": 37069975.242978,
                                    "proxyStart": -1,
                                    "proxyEnd": -1,
                                    "dnsStart": -1,
                                    "dnsEnd": -1,
                                    "connectStart": -1,
                                    "connectEnd": -1,
                                    "sslStart": -1,
                                    "sslEnd": -1,
                                    "workerStart": -1,
                                    "workerReady": -1,
                                    "workerFetchStart": -1,
                                    "workerRespondWithSettled": -1,
                                    "sendStart": 0.463,
                                    "sendEnd": 0.72,
                                    "pushStart": 0,
                                    "pushEnd": 0,
                                    "receiveHeadersEnd": 38.909
                                },
                                "responseTime": 1625855900590.105,
                                "protocol": "h2",
                                "securityState": "secure",
                                "securityDetails": {
                                    "protocol": "TLS 1.2",
                                    "keyExchange": "ECDHE_ECDSA",
                                    "keyExchangeGroup": "P-",
                                    "cipher": "",
                                    "certificateId": 0,
                                    "subjectName": "urlscan.io",
                                    "sanList": [
                                        "*.urlscan.com",
                                        "*.urlscan.io",
                                        "*.urlscan.net",
                                        "urlscan.com",
                                        "urlscan.io"
                                    ],
                                    "issuer": "R3",
                                    "validFrom": 1622502326,
                                    "validTo": 1630278326,
                                    "signedCertificateTimestampList": [],
                                    "certificateTransparencyCompliance": "unknown"
                                },
                                "securityHeaders": [
                                    {
                                        "name": "Content-Security-Policy",
                                        "value": "default-src 'self' data: ; script-src 'self' data: developers.google.com www.google.com www.gstatic.com secure.wufoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com; img-src *; font-src 'self' fonts.gstatic.com; child-src 'self'; frame-src https://www.google.com/recaptcha/ secure.wufoo.com securitytrails.wufoo.com; form-action 'self'; upgrade-insecure-requests;"
                                    },
                                    {
                                        "name": "Strict-Transport-Security",
                                        "value": "max-age=63072000; includeSubdomains; preload"
                                    },
                                    {
                                        "name": "X-Content-Type-Options",
                                        "value": "nosniff"
                                    },
                                    {
                                        "name": "X-Frame-Options",
                                        "value": "DENY"
                                    },
                                    {
                                        "name": "X-Xss-Protection",
                                        "value": "1; mode=block"
                                    }
                                ]
                            },
                            "hash": "*****",
                            "size": 16628,
                            "asn": {
                                "ip": "1.1.1.1",
                                "asn": "",
                                "country": "DE",
                                "registrar": "ripencc",
                                "date": "2002-06-03",
                                "description": "HETZNER-AS, DE",
                                "route": "148.251.0.0/16",
                                "name": "HETZNER-AS"
                            },
                            "geoip": {
                                "range": [
                                    2499488768,
                                    2499489791
                                ],
                                "country": "DE",
                                "region": "",
                                "eu": "1",
                                "timezone": "Europe/Berlin",
                                "city": "",
                                "ll": [
                                    51.2993,
                                    9.491
                                ],
                                "metro": 0,
                                "area": 200,
                                "country_name": "Germany"
                            },
                            "rdns": {
                                "ip": "1.1.1.1",
                                "ptr": "urlscan.io"
                            }
                        },
                        "initiatorInfo": {
                            "url": "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
                            "host": "urlscan.io",
                            "type": "parser"
                        }
                    }
                ],
                "cookies": [],
                "console": [],
                "links": [
                    {
                        "href": "https://securitytrails.com/urlscan?utm_source=urlscan&utm_medium=button&utm_campaign=header",
                        "text": "\n            Sponsored by\n            \n          "
                    },
                    {
                        "href": "https://tines.io/blog/tines-urlscan-automation/?utm_source=urlscan&utm_medium=sponsorship&utm_campaign=urlscan",
                        "text": "\n    \n  "
                    },
                    {
                        "href": "https://www.joesecurity.org/?utm_source=urlscan&utm_medium=sponsorship&utm_campaign=urlscan",
                        "text": "\n    \n  "
                    },
                    {
                        "href": "https://tria.ge/?utm_source=urlscan&utm_medium=sponsor&utm_campaign=2020",
                        "text": "\n    \n  "
                    },
                    {
                        "href": "https://www.intezer.com/intezer-analyze/?utm_campaign=URLSCAN.IO&utm_source=URLSCAN",
                        "text": "\n    \n  "
                    },
                    {
                        "href": "https://www.ctm360.com/?utm_campaign=urlscan&utm_source=urlscan",
                        "text": "\n    \n  "
                    },
                    {
                        "href": "https://twitter.com/urlscanio",
                        "text": " Follow @urlscanio"
                    },
                    {
                        "href": "https://urlscan.us20.list-manage.com/subscribe?u=*****&id=*****",
                        "text": "Newsletter"
                    },
                    {
                        "href": "https://status.urlscan.io/",
                        "text": "Status Page"
                    }
                ],
                "timing": {
                    "beginNavigation": "2021-07-09T18:37:50.119Z",
                    "frameStartedLoading": "2021-07-09T18:37:50.933Z",
                    "frameNavigated": "2021-07-09T18:37:50.933Z",
                    "domContentEventFired": "2021-07-09T18:37:50.482Z",
                    "frameStoppedLoading": "2021-07-09T18:37:50.933Z",
                    "loadEventFired": "2021-07-09T18:37:50.643Z"
                },
                "globals": [
                    {
                        "prop": "0",
                        "type": "object"
                    },
                    {
                        "prop": "1",
                        "type": "object"
                    },
                    {
                        "prop": "2",
                        "type": "object"
                    },
                    {
                        "prop": "onbeforexrselect",
                        "type": "object"
                    },
                    {
                        "prop": "ontransitionrun",
                        "type": "object"
                    },
                    {
                        "prop": "ontransitionstart",
                        "type": "object"
                    },
                    {
                        "prop": "ontransitioncancel",
                        "type": "object"
                    },
                    {
                        "prop": "cookieStore",
                        "type": "object"
                    },
                    {
                        "prop": "showDirectoryPicker",
                        "type": "function"
                    },
                    {
                        "prop": "showOpenFilePicker",
                        "type": "function"
                    },
                    {
                        "prop": "showSaveFilePicker",
                        "type": "function"
                    },
                    {
                        "prop": "originAgentCluster",
                        "type": "boolean"
                    },
                    {
                        "prop": "trustedTypes",
                        "type": "object"
                    },
                    {
                        "prop": "crossOriginIsolated",
                        "type": "boolean"
                    },
                    {
                        "prop": "___grecaptcha_cfg",
                        "type": "object"
                    },
                    {
                        "prop": "grecaptcha",
                        "type": "object"
                    },
                    {
                        "prop": "__recaptcha_api",
                        "type": "string"
                    },
                    {
                        "prop": "__google_recaptcha_client",
                        "type": "boolean"
                    },
                    {
                        "prop": "recaptcha",
                        "type": "object"
                    },
                    {
                        "prop": "webpackJsonp",
                        "type": "object"
                    },
                    {
                        "prop": "_",
                        "type": "function"
                    },
                    {
                        "prop": "onSubmit",
                        "type": "function"
                    },
                    {
                        "prop": "closure_lm_971463",
                        "type": "object"
                    }
                ]
            },
            "stats": {
                "resourceStats": [
                    {
                        "count": 21,
                        "size": 104993,
                        "encodedSize": 88569,
                        "latency": 0,
                        "countries": [
                            "DE"
                        ],
                        "ips": [
                            "1.1.1.1",
                            "[]",
                            "[*****:809::2004]"
                        ],
                        "type": "Image",
                        "compression": "1.2",
                        "percentage": 37
                    },
                    {
                        "count": 9,
                        "size": 1429921,
                        "encodedSize": 536511,
                        "latency": 0,
                        "countries": [
                            "DE"
                        ],
                        "ips": [
                            "[*****:808::2004]",
                            "1.1.1.1",
                            "[]"
                        ],
                        "type": "Script",
                        "compression": "2.7",
                        "percentage": 16
                    },
                    {
                        "count": 9,
                        "size": 166076,
                        "encodedSize": 167174,
                        "latency": 0,
                        "countries": [
                            "DE"
                        ],
                        "ips": [
                            "1.1.1.1",
                            "[*****:830::2003]",
                            "[*****]"
                        ],
                        "type": "Font",
                        "compression": "1.0",
                        "percentage": 16
                    },
                    {
                        "count": 8,
                        "size": 122008,
                        "encodedSize": 40846,
                        "latency": 0,
                        "countries": [
                            "DE"
                        ],
                        "ips": [
                            "1.1.1.1",
                            "[*****:809::2004]"
                        ],
                        "type": "XHR",
                        "compression": "3.0",
                        "percentage": 14
                    },
                    {
                        "count": 5,
                        "size": 262720,
                        "encodedSize": 76435,
                        "latency": 0,
                        "countries": [
                            "DE"
                        ],
                        "ips": [
                            "1.1.1.1",
                            "[*****:82f::200a]",
                            "[]"
                        ],
                        "type": "Stylesheet",
                        "compression": "3.4",
                        "percentage": 8
                    },
                    {
                        "count": 3,
                        "size": 83716,
                        "encodedSize": 30798,
                        "latency": 0,
                        "countries": [
                            "DE"
                        ],
                        "ips": [
                            "1.1.1.1",
                            "[*****:809::2004]"
                        ],
                        "type": "Document",
                        "compression": "2.7",
                        "percentage": 5
                    },
                    {
                        "count": 1,
                        "size": 102,
                        "encodedSize": 132,
                        "latency": 0,
                        "countries": [
                            "DE"
                        ],
                        "ips": [
                            "[*****:809::2004]"
                        ],
                        "type": "Other",
                        "compression": "0.8",
                        "percentage": 1
                    }
                ],
                "protocolStats": [
                    {
                        "count": 38,
                        "size": 1173496,
                        "encodedSize": 464285,
                        "ips": [
                            "1.1.1.1",
                            "[*****:808::2004]",
                            "[]",
                            "[*****:82f::200a]",
                            "[*****:830::2003]"
                        ],
                        "countries": [
                            "DE"
                        ],
                        "securityState": {},
                        "protocol": "h2"
                    },
                    {
                        "count": 18,
                        "size": 996040,
                        "encodedSize": 476180,
                        "ips": [
                            "[*****:809::2004]",
                            "[]",
                            "[*****]"
                        ],
                        "countries": [
                            "DE"
                        ],
                        "securityState": {},
                        "protocol": "h3-29"
                    }
                ],
                "tlsStats": [
                    {
                        "count": 56,
                        "size": 2169536,
                        "encodedSize": 940465,
                        "ips": [
                            "1.1.1.1",
                            "[*****:808::2004]",
                            "[]",
                            "[*****:82f::200a]",
                            "[*****:830::2003]",
                            "[*****:809::2004]",
                            "[*****]"
                        ],
                        "countries": [
                            "DE"
                        ],
                        "protocols": {
                            "TLS 1.2 / ECDHE_ECDSA / ": 32,
                            "TLS 1.3 /  / AES_128_GCM": 6,
                            "QUIC /  / AES_128_GCM": 18
                        },
                        "securityState": "secure"
                    }
                ],
                "serverStats": [
                    {
                        "count": 32,
                        "size": 750872,
                        "encodedSize": 255776,
                        "ips": [
                            "1.1.1.1"
                        ],
                        "countries": [
                            "DE"
                        ],
                        "server": "nginx"
                    },
                    {
                        "count": 17,
                        "size": 1303968,
                        "encodedSize": 612221,
                        "ips": [
                            "[]",
                            "[*****:830::2003]",
                            "[*****]"
                        ],
                        "countries": [
                            "DE"
                        ],
                        "server": "sffe"
                    },
                    {
                        "count": 6,
                        "size": 112559,
                        "encodedSize": 71933,
                        "ips": [
                            "[*****:808::2004]",
                            "[*****:809::2004]"
                        ],
                        "countries": [
                            "DE"
                        ],
                        "server": "GSE"
                    },
                    {
                        "count": 1,
                        "size": 2137,
                        "encodedSize": 535,
                        "ips": [
                            "[*****:82f::200a]"
                        ],
                        "countries": [
                            "DE"
                        ],
                        "server": "ESF"
                    }
                ],
                "domainStats": [
                    {
                        "count": 32,
                        "ips": [
                            "1.1.1.1"
                        ],
                        "domain": "urlscan.io",
                        "size": 750872,
                        "encodedSize": 255776,
                        "countries": [
                            "DE"
                        ],
                        "index": 0,
                        "initiators": [
                            "urlscan.io"
                        ],
                        "redirects": 0
                    },
                    {
                        "count": 9,
                        "ips": [
                            "",
                            "[]"
                        ],
                        "domain": "www.gstatic.com",
                        "size": 1155920,
                        "encodedSize": 463736,
                        "countries": [
                            "DE"
                        ],
                        "index": 19,
                        "initiators": [
                            "www.google.com",
                            "www.gstatic.com"
                        ],
                        "redirects": 0
                    },
                    {
                        "count": 8,
                        "ips": [
                            "*****:830::2003",
                            "[*****:830::2003]",
                            "*****",
                            "[*****]"
                        ],
                        "domain": "fonts.gstatic.com",
                        "size": 148048,
                        "encodedSize": 148485,
                        "countries": [
                            "DE"
                        ],
                        "index": 21,
                        "initiators": [
                            "fonts.googleapis.com",
                            "www.google.com"
                        ],
                        "redirects": 0
                    },
                    {
                        "count": 6,
                        "ips": [
                            "*****:808::2004",
                            "[*****:808::2004]",
                            "*****:809::2004",
                            "[*****:809::2004]"
                        ],
                        "domain": "www.google.com",
                        "size": 112559,
                        "encodedSize": 71933,
                        "countries": [
                            "DE"
                        ],
                        "index": 6,
                        "initiators": [
                            "urlscan.io",
                            "www.gstatic.com",
                            "www.google.com"
                        ],
                        "redirects": 0
                    },
                    {
                        "count": 1,
                        "ips": [
                            "*****:82f::200a",
                            "[*****:82f::200a]"
                        ],
                        "domain": "fonts.googleapis.com",
                        "size": 2137,
                        "encodedSize": 535,
                        "countries": [
                            "DE"
                        ],
                        "index": 20,
                        "initiators": [
                            "urlscan.io"
                        ],
                        "redirects": 0
                    }
                ],
                "regDomainStats": [
                    {
                        "count": 32,
                        "ips": [
                            "1.1.1.1"
                        ],
                        "regDomain": "urlscan.io",
                        "size": 750872,
                        "encodedSize": 255776,
                        "countries": [],
                        "index": 0,
                        "subDomains": [
                            {
                                "domain": "",
                                "country": "DE"
                            }
                        ],
                        "redirects": 0
                    },
                    {
                        "count": 17,
                        "ips": [
                            "",
                            "[]",
                            "*****:830::2003",
                            "[*****:830::2003]",
                            "*****",
                            "[*****]"
                        ],
                        "regDomain": "gstatic.com",
                        "size": 1303968,
                        "encodedSize": 612221,
                        "countries": [],
                        "index": 19,
                        "subDomains": [
                            {
                                "domain": "www",
                                "country": "DE"
                            },
                            {
                                "domain": "fonts",
                                "country": "DE"
                            }
                        ],
                        "redirects": 0
                    },
                    {
                        "count": 6,
                        "ips": [
                            "*****:808::2004",
                            "[*****:808::2004]",
                            "*****:809::2004",
                            "[*****:809::2004]"
                        ],
                        "regDomain": "google.com",
                        "size": 112559,
                        "encodedSize": 71933,
                        "countries": [],
                        "index": 6,
                        "subDomains": [
                            {
                                "domain": "www",
                                "country": "DE"
                            }
                        ],
                        "redirects": 0
                    },
                    {
                        "count": 1,
                        "ips": [
                            "*****:82f::200a",
                            "[*****:82f::200a]"
                        ],
                        "regDomain": "fonts.googleapis.com",
                        "size": 2137,
                        "encodedSize": 535,
                        "countries": [],
                        "index": 20,
                        "subDomains": [
                            {
                                "domain": "",
                                "country": "DE"
                            }
                        ],
                        "redirects": 0
                    }
                ],
                "secureRequests": 56,
                "securePercentage": 100,
                "IPv6Percentage": 86,
                "uniqCountries": 1,
                "totalLinks": 9,
                "malicious": 0,
                "adBlocked": 0,
                "ipStats": [
                    {
                        "requests": 32,
                        "domains": [
                            "urlscan.io"
                        ],
                        "ip": "1.1.1.1",
                        "asn": {
                            "ip": "1.1.1.1",
                            "asn": "",
                            "country": "DE",
                            "registrar": "ripencc",
                            "date": "2002-06-03",
                            "description": "HETZNER-AS, DE",
                            "route": "148.251.0.0/16",
                            "name": "HETZNER-AS"
                        },
                        "dns": {},
                        "geoip": {
                            "range": [
                                2499488768,
                                2499489791
                            ],
                            "country": "DE",
                            "region": "",
                            "eu": "1",
                            "timezone": "Europe/Berlin",
                            "city": "",
                            "ll": [
                                51.2993,
                                9.491
                            ],
                            "metro": 0,
                            "area": 200,
                            "country_name": "Germany"
                        },
                        "size": 750872,
                        "encodedSize": 255776,
                        "countries": [
                            "DE"
                        ],
                        "index": 0,
                        "ipv6": false,
                        "redirects": 0,
                        "count": null,
                        "rdns": {
                            "ip": "1.1.1.1",
                            "ptr": "urlscan.io"
                        }
                    },
                    {
                        "requests": 1,
                        "domains": [
                            "www.google.com"
                        ],
                        "ip": "*****:808::2004",
                        "asn": {
                            "ip": "*****:808::2004",
                            "asn": "****",
                            "country": "US",
                            "registrar": "arin",
                            "date": "2000-03-30",
                            "description": "GOOGLE, US",
                            "route": "*****::/48",
                            "name": "GOOGLE"
                        },
                        "dns": {},
                        "geoip": {
                            "range": "",
                            "country": "DE",
                            "region": "HE",
                            "city": "Frankfurt am Main",
                            "ll": [
                                50.1188,
                                8.6843
                            ],
                            "metro": 0,
                            "area": 100,
                            "eu": "1",
                            "timezone": "Europe/Berlin",
                            "country_name": "Germany"
                        },
                        "size": 850,
                        "encodedSize": 649,
                        "countries": [
                            "DE"
                        ],
                        "index": 6,
                        "ipv6": true,
                        "redirects": 0,
                        "count": null
                    },
                    {
                        "requests": 9,
                        "domains": [
                            "www.gstatic.com"
                        ],
                        "ip": "",
                        "asn": {
                            "ip": "",
                            "asn": "****",
                            "country": "US",
                            "registrar": "arin",
                            "date": "2000-03-30",
                            "description": "GOOGLE, US",
                            "route": "*****::/48",
                            "name": "GOOGLE"
                        },
                        "dns": {},
                        "geoip": {
                            "range": "",
                            "country": "DE",
                            "region": "HE",
                            "city": "Frankfurt am Main",
                            "ll": [
                                50.1188,
                                8.6843
                            ],
                            "metro": 0,
                            "area": 100,
                            "eu": "1",
                            "timezone": "Europe/Berlin",
                            "country_name": "Germany"
                        },
                        "size": 1155920,
                        "encodedSize": 463736,
                        "countries": [
                            "DE"
                        ],
                        "index": 19,
                        "ipv6": true,
                        "redirects": 0,
                        "count": null
                    },
                    {
                        "requests": 1,
                        "domains": [
                            "fonts.googleapis.com"
                        ],
                        "ip": "*****:82f::200a",
                        "asn": {
                            "ip": "*****:82f::200a",
                            "asn": "****",
                            "country": "US",
                            "registrar": "arin",
                            "date": "2000-03-30",
                            "description": "GOOGLE, US",
                            "route": "*****::/48",
                            "name": "GOOGLE"
                        },
                        "dns": {},
                        "geoip": {
                            "range": "",
                            "country": "DE",
                            "region": "HE",
                            "city": "Frankfurt am Main",
                            "ll": [
                                50.1188,
                                8.6843
                            ],
                            "metro": 0,
                            "area": 100,
                            "eu": "1",
                            "timezone": "Europe/Berlin",
                            "country_name": "Germany"
                        },
                        "size": 2137,
                        "encodedSize": 535,
                        "countries": [
                            "DE"
                        ],
                        "index": 20,
                        "ipv6": true,
                        "redirects": 0,
                        "count": null
                    },
                    {
                        "requests": 3,
                        "domains": [
                            "fonts.gstatic.com"
                        ],
                        "ip": "*****:830::2003",
                        "asn": {
                            "ip": "*****:830::2003",
                            "asn": "****",
                            "country": "US",
                            "registrar": "arin",
                            "date": "2000-03-30",
                            "description": "GOOGLE, US",
                            "route": "*****::/48",
                            "name": "GOOGLE"
                        },
                        "dns": {},
                        "geoip": {
                            "range": "",
                            "country": "DE",
                            "region": "HE",
                            "city": "Frankfurt am Main",
                            "ll": [
                                50.1188,
                                8.6843
                            ],
                            "metro": 0,
                            "area": 100,
                            "eu": "1",
                            "timezone": "Europe/Berlin",
                            "country_name": "Germany"
                        },
                        "size": 70916,
                        "encodedSize": 71228,
                        "countries": [
                            "DE"
                        ],
                        "index": 21,
                        "ipv6": true,
                        "redirects": 0,
                        "count": null
                    },
                    {
                        "requests": 5,
                        "domains": [
                            "www.google.com"
                        ],
                        "ip": "*****:809::2004",
                        "asn": {
                            "ip": "*****:809::2004",
                            "asn": "****",
                            "country": "US",
                            "registrar": "arin",
                            "date": "2000-03-30",
                            "description": "GOOGLE, US",
                            "route": "*****::/48",
                            "name": "GOOGLE"
                        },
                        "dns": {},
                        "geoip": {
                            "range": "",
                            "country": "DE",
                            "region": "HE",
                            "city": "Frankfurt am Main",
                            "ll": [
                                50.1188,
                                8.6843
                            ],
                            "metro": 0,
                            "area": 100,
                            "eu": "1",
                            "timezone": "Europe/Berlin",
                            "country_name": "Germany"
                        },
                        "size": 111709,
                        "encodedSize": 71284,
                        "countries": [
                            "DE"
                        ],
                        "index": 24,
                        "ipv6": true,
                        "redirects": 0,
                        "count": null
                    },
                    {
                        "requests": 5,
                        "domains": [
                            "fonts.gstatic.com"
                        ],
                        "ip": "*****",
                        "asn": {
                            "ip": "*****",
                            "asn": "****",
                            "country": "US",
                            "registrar": "arin",
                            "date": "2000-03-30",
                            "description": "GOOGLE, US",
                            "route": "*****::/48",
                            "name": "GOOGLE"
                        },
                        "dns": {},
                        "geoip": {
                            "range": "",
                            "country": "DE",
                            "region": "HE",
                            "city": "Frankfurt am Main",
                            "ll": [
                                50.1188,
                                8.6843
                            ],
                            "metro": 0,
                            "area": 100,
                            "eu": "1",
                            "timezone": "Europe/Berlin",
                            "country_name": "Germany"
                        },
                        "size": 77132,
                        "encodedSize": 77257,
                        "countries": [
                            "DE"
                        ],
                        "index": 36,
                        "ipv6": true,
                        "redirects": 0,
                        "count": null
                    }
                ]
            },
            "meta": {
                "processors": {
                    "geoip": {
                        "state": "done",
                        "data": [
                            {
                                "ip": "1.1.1.1",
                                "geoip": {
                                    "range": [
                                        2499488768,
                                        2499489791
                                    ],
                                    "country": "DE",
                                    "region": "",
                                    "eu": "1",
                                    "timezone": "Europe/Berlin",
                                    "city": "",
                                    "ll": [
                                        51.2993,
                                        9.491
                                    ],
                                    "metro": 0,
                                    "area": 200,
                                    "country_name": "Germany"
                                }
                            },
                            {
                                "ip": "*****:808::2004",
                                "geoip": {
                                    "range": "",
                                    "country": "DE",
                                    "region": "HE",
                                    "city": "Frankfurt am Main",
                                    "ll": [
                                        50.1188,
                                        8.6843
                                    ],
                                    "metro": 0,
                                    "area": 100,
                                    "eu": "1",
                                    "timezone": "Europe/Berlin",
                                    "country_name": "Germany"
                                }
                            },
                            {
                                "ip": "",
                                "geoip": {
                                    "range": "",
                                    "country": "DE",
                                    "region": "HE",
                                    "city": "Frankfurt am Main",
                                    "ll": [
                                        50.1188,
                                        8.6843
                                    ],
                                    "metro": 0,
                                    "area": 100,
                                    "eu": "1",
                                    "timezone": "Europe/Berlin",
                                    "country_name": "Germany"
                                }
                            },
                            {
                                "ip": "*****:82f::200a",
                                "geoip": {
                                    "range": "",
                                    "country": "DE",
                                    "region": "HE",
                                    "city": "Frankfurt am Main",
                                    "ll": [
                                        50.1188,
                                        8.6843
                                    ],
                                    "metro": 0,
                                    "area": 100,
                                    "eu": "1",
                                    "timezone": "Europe/Berlin",
                                    "country_name": "Germany"
                                }
                            },
                            {
                                "ip": "*****:830::2003",
                                "geoip": {
                                    "range": "",
                                    "country": "DE",
                                    "region": "HE",
                                    "city": "Frankfurt am Main",
                                    "ll": [
                                        50.1188,
                                        8.6843
                                    ],
                                    "metro": 0,
                                    "area": 100,
                                    "eu": "1",
                                    "timezone": "Europe/Berlin",
                                    "country_name": "Germany"
                                }
                            },
                            {
                                "ip": "*****:809::2004",
                                "geoip": {
                                    "range": "",
                                    "country": "DE",
                                    "region": "HE",
                                    "city": "Frankfurt am Main",
                                    "ll": [
                                        50.1188,
                                        8.6843
                                    ],
                                    "metro": 0,
                                    "area": 100,
                                    "eu": "1",
                                    "timezone": "Europe/Berlin",
                                    "country_name": "Germany"
                                }
                            },
                            {
                                "ip": "*****",
                                "geoip": {
                                    "range": "",
                                    "country": "DE",
                                    "region": "HE",
                                    "city": "Frankfurt am Main",
                                    "ll": [
                                        50.1188,
                                        8.6843
                                    ],
                                    "metro": 0,
                                    "area": 100,
                                    "eu": "1",
                                    "timezone": "Europe/Berlin",
                                    "country_name": "Germany"
                                }
                            }
                        ]
                    },
                    "rdns": {
                        "state": "done",
                        "data": [
                            {
                                "ip": "1.1.1.1",
                                "ptr": "urlscan.io"
                            },
                            {
                                "ip": "[*****:808::2004]",
                                "ptr": null
                            },
                            {
                                "ip": "[]",
                                "ptr": null
                            },
                            {
                                "ip": "[*****:82f::200a]",
                                "ptr": null
                            },
                            {
                                "ip": "[*****:830::2003]",
                                "ptr": null
                            },
                            {
                                "ip": "[*****:809::2004]",
                                "ptr": null
                            },
                            {
                                "ip": "[*****]",
                                "ptr": null
                            }
                        ]
                    },
                    "asn": {
                        "state": "done",
                        "data": [
                            {
                                "ip": "1.1.1.1",
                                "asn": "",
                                "country": "DE",
                                "registrar": "ripencc",
                                "date": "2002-06-03",
                                "description": "HETZNER-AS, DE",
                                "route": "148.251.0.0/16",
                                "name": "HETZNER-AS"
                            },
                            {
                                "ip": "*****:808::2004",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            {
                                "ip": "",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            {
                                "ip": "*****:82f::200a",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            {
                                "ip": "*****:830::2003",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            {
                                "ip": "*****:809::2004",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            },
                            {
                                "ip": "*****",
                                "asn": "****",
                                "country": "US",
                                "registrar": "arin",
                                "date": "2000-03-30",
                                "description": "GOOGLE, US",
                                "route": "*****::/48",
                                "name": "GOOGLE"
                            }
                        ]
                    },
                    "wappa": {
                        "state": "done",
                        "data": [
                            {
                                "app": "Bootstrap",
                                "confidence": [
                                    {
                                        "pattern": "html /]+?href=\"[^\"]*bootstrap(?:\\.min)?\\.css/i",
                                        "confidence": 100
                                    }
                                ],
                                "confidenceTotal": 100,
                                "icon": "Bootstrap.png",
                                "website": "https://getbootstrap.com",
                                "categories": [
                                    {
                                        "name": "Web Frameworks",
                                        "priority": 7
                                    }
                                ]
                            },
                            {
                                "app": "Nginx",
                                "confidence": [
                                    {
                                        "pattern": "headers server /nginx(?:\\/([\\d.]+))?/i",
                                        "confidence": 100
                                    }
                                ],
                                "confidenceTotal": 100,
                                "icon": "Nginx.svg",
                                "website": "http://nginx.org/en",
                                "categories": [
                                    {
                                        "name": "Web Servers",
                                        "priority": 8
                                    },
                                    {
                                        "name": "Reverse Proxy",
                                        "priority": 7
                                    }
                                ]
                            },
                            {
                                "app": "Google Font API",
                                "confidence": [
                                    {
                                        "pattern": "html /]* href=[^>]+fonts\\.(?:googleapis|google)\\.com/i",
                                        "confidence": 100
                                    }
                                ],
                                "confidenceTotal": 100,
                                "icon": "Google Font API.png",
                                "website": "http://google.com/fonts",
                                "categories": [
                                    {
                                        "name": "Font Scripts",
                                        "priority": 9
                                    }
                                ]
                            }
                        ]
                    },
                    "done": {
                        "state": "done",
                        "data": {
                            "state": "done"
                        }
                    }
                }
            },
            "task": {
                "uuid": "***-***-***-***",
                "time": "2021-07-09T18:37:49.979Z",
                "url": "https://urlscan.io",
                "visibility": "private",
                "options": {
                    "useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
                },
                "method": "api",
                "source": "*****",
                "tags": [],
                "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36",
                "reportURL": "https://urlscan.io/result/***-***-***-***/",
                "screenshotURL": "https://urlscan.io/screenshots/***-***-***-***.png",
                "domURL": "https://urlscan.io/dom/***-***-***-***/"
            },
            "page": {
                "url": "https://urlscan.io/",
                "domain": "urlscan.io",
                "country": "DE",
                "city": "",
                "server": "nginx",
                "ip": "1.1.1.1",
                "ptr": "urlscan.io",
                "asn": "AS",
                "asnname": "HETZNER-AS, DE"
            },
            "lists": {
                "ips": [
                    "*****",
                    "*****:809::2004",
                    "*****:830::2003",
                    "*****:82f::200a",
                    "",
                    "*****:808::2004",
                    "1.1.1.1"
                ],
                "countries": [
                    "DE"
                ],
                "asns": [
                    "****",
                    "****",
                    "****",
                    "****",
                    "****",
                    "****",
                    ""
                ],
                "domains": [
                    "urlscan.io",
                    "www.gstatic.com",
                    "fonts.gstatic.com",
                    "www.google.com",
                    "fonts.googleapis.com"
                ],
                "servers": [
                    "nginx",
                    "sffe",
                    "GSE",
                    "ESF"
                ],
                "urls": [
                    "https://urlscan.io/",
                    "https://urlscan.io/vendor/bootstrap/fonts/glyphicons-halflings-regular.woff2",
                    "https://urlscan.io/vendor/bootstrap/css/bootstrap.min.css",
                    "https://urlscan.io/vendor/flag-icon-css/css/flag-icon.min.css",
                    "https://urlscan.io/img/urlscan_.png",
                    "https://urlscan.io/img/securitytrails.svg",
                    "https://www.google.com/recaptcha/api.js",
                    "https://urlscan.io/img/loading.svg",
                    "https://urlscan.io/img/securitytrails.png",
                    "https://urlscan.io/img/tines_logo.png",
                    "https://urlscan.io/img/joesecurity.svg",
                    "https://urlscan.io/img/hatching.svg",
                    "https://urlscan.io/img/intezer.png",
                    "https://urlscan.io/img/ctm360.png",
                    "https://urlscan.io/js/0.*****.js",
                    "https://urlscan.io/js/****.js",
                    "https://urlscan.io/js/index.*****.js",
                    "https://urlscan.io/js/app.*****.js",
                    "https://urlscan.io/js/vendor.****.js",
                    "https://www.gstatic.com/recaptcha/releases/***-****/recaptcha__en.js",
                    "https://fonts.googleapis.com/css?family=Lato:400,700,400italic&display=swap",
                    "https://fonts.gstatic.com/s/lato/v17/*****.woff2",
                    "https://fonts.gstatic.com/s/lato/v17/*****-q.woff2",
                    "https://fonts.gstatic.com/s/lato/v17/*****.woff2",
                    "https://www.google.com/recaptcha/api2/anchor?ar=1&k=*****&co=aHR0cHM6Ly91cmxzY2FuLmlvOjQ0Mw..&hl=en&v=***-****&size=invisible&cb=trmzpgrim9h5",
                    "https://urlscan.io/json/live/",
                    "https://urlscan.io/user/username/",
                    "https://urlscan.io/stats",
                    "https://www.gstatic.com/recaptcha/releases/***-****/styles__ltr.css",
                    "https://urlscan.io/vendor/flag-icon-css/flags/4x3/us.svg",
                    "https://urlscan.io/vendor/flag-icon-css/flags/4x3/nz.svg",
                    "https://urlscan.io/vendor/flag-icon-css/flags/4x3/de.svg",
                    "https://urlscan.io/vendor/flag-icon-css/flags/4x3/ca.svg",
                    "https://urlscan.io/vendor/flag-icon-css/flags/4x3/il.svg",
                    "https://www.gstatic.com/recaptcha/api2/logo_48.png",
                    "https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
                    "https://fonts.gstatic.com/s/roboto/v18/*****.woff2",
                    "https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=***-****",
                    "https://www.google.com/recaptcha/api2/bframe?hl=en&v=***-****&k=*****&cb=*****",
                    "https://www.google.com/recaptcha/api2/reload?k=*****",
                    "https://www.gstatic.com/recaptcha/api2/refresh_2x.png",
                    "https://www.gstatic.com/recaptcha/api2/audio_2x.png",
                    "https://www.gstatic.com/recaptcha/api2/info_2x.png",
                    "https://fonts.gstatic.com/s/roboto/v18/***.woff2",
                    "https://www.google.com/recaptcha/api2/payload?p=*****-****-****-*****&k=*****",
                    "https://urlscan.io/vendor/flag-icon-css/flags/4x3/se.svg",
                    "https://urlscan.io/vendor/flag-icon-css/flags/4x3/br.svg"
                ],
                "linkDomains": [
                    "securitytrails.com",
                    "tines.io",
                    "www.joesecurity.org",
                    "tria.ge",
                    "www.intezer.com",
                    "www.ctm360.com",
                    "twitter.com",
                    "urlscan.us20.list-manage.com",
                    "status.urlscan.io"
                ],
                "certificates": [
                    {
                        "subjectName": "urlscan.io",
                        "issuer": "R3",
                        "validFrom": 1622502326,
                        "validTo": 1630278326
                    },
                    {
                        "subjectName": "www.google.com",
                        "issuer": "GTS CA 1C3",
                        "validFrom": 1624377984,
                        "validTo": 1631635583
                    },
                    {
                        "subjectName": "*.gstatic.com",
                        "issuer": "GTS CA 1C3",
                        "validFrom": 1624375494,
                        "validTo": 1631633093
                    },
                    {
                        "subjectName": "upload.video.google.com",
                        "issuer": "GTS CA 1O1",
                        "validFrom": 1624375547,
                        "validTo": 1631633146
                    },
                    {
                        "subjectName": "*.google.com",
                        "issuer": "GTS CA 1C3",
                        "validFrom": 1624369029,
                        "validTo": 1631626628
                    }
                ],
                "hashes": [
                    "",
                    "*****"
                ]
            },
            "verdicts": {
                "overall": {
                    "score": 0,
                    "categories": [],
                    "brands": [],
                    "tags": [],
                    "malicious": false,
                    "hasVerdicts": 0
                },
                "urlscan": {
                    "score": 0,
                    "categories": [],
                    "brands": [],
                    "tags": [],
                    "detectionDetails": [],
                    "malicious": false
                },
                "engines": {
                    "score": 0,
                    "malicious": [],
                    "benign": [],
                    "maliciousTotal": 0,
                    "benignTotal": 0,
                    "verdicts": [],
                    "enginesTotal": 0
                },
                "community": {
                    "score": 0,
                    "votes": [],
                    "votesTotal": 0,
                    "votesMalicious": 0,
                    "votesBenign": 0,
                    "tags": [],
                    "categories": []
                }
            },
            "submitter": {
                "country": "CA"
            }
        }
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

Context Data stores information that can be derived for Return Data.
In check reputation commands, data within the Context Data are risk scores converted into D3-defined risk levels from the raw data. There are 5 possible values of a D3 risk level: High, Medium, Low, Default, or ZeroRisk.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "url": "https://urlscan.io",
        "riskLevel": "ZeroRisk"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
    "url": [
        "https://urlscan.io"
    ],
    "riskLevel": [
        "ZeroRisk"
    ]
}
Return Data

In check reputation commands, Return Data converts the risk score from the raw data into D3-defined risk levels as a numerical value (1-5). This will be used to enrich artifacts with reputation information.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

D3-defined Risk Levels

The table below lists the possible output risk levels with the corresponding return context data:

Return Data

Context Data

1

High

2

Medium

3

Low

4

Default

5

ZeroRisk

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Check URL Reputation failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the urlscan.io portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: This looks like a weird hostname.

Error Sample Data

Check URL Reputation failed.

Status Code: 400.

Message: This looks like a weird hostname.

Search For Scans

Searches for existing scans by domains, IPs, Autonomous System (AS) numbers, file hashes, etc.

Input

Input Parameter

Required/Optional

Description

Example

Query

Required

The query string to search for scans. The syntax is based on ElasticSearch's query string syntax. For more information, see Query string query | Elasticsearch Guide [8.6] | Elastic. An example of a query string is "domain:urlscan.io". For a complete list of searchable fields, see Search API Reference - urlscan.io.

domain:*****.com

Limit

Optional

The maximum number of results (up to 10,000) to return. The default value is 100.

5

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "results": [
            {
                "indexedAt": "2021-07-19T17:18:31.447Z",
                "task": {
                    "visibility": "public",
                    "method": "api",
                    "domain": "experience.*****.com",
                    "time": "2021-07-19T17:18:08.547Z",
                    "uuid": "***-***-***-***",
                    "url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
                    "tags": [
                        "falconsandbox"
                    ]
                },
                "stats": {
                    "uniqIPs": 1,
                    "consoleMsgs": 0,
                    "uniqCountries": 1,
                    "dataLength": 23311,
                    "encodedDataLength": 25282,
                    "requests": 4
                },
                "page": {
                    "country": "DE",
                    "server": "envoy",
                    "city": "Frankfurt am Main",
                    "domain": "experience.*****.com",
                    "ip": "1.1.1.1",
                    "mimeType": "text/html",
                    "asnname": "*****-AS, US",
                    "asn": "*****",
                    "url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
                    "ptr": "a104-117-220-120.deploy.static.*****technologies.com",
                    "status": "200"
                },
                "_id": "***-***-***-***",
                "sort": [
                    1626715088547,
                    "***-***-***-***"
                ],
                "result": "https://urlscan.io/api/v1/result/***-***-***-***/",
                "screenshot": "https://urlscan.io/screenshots/***-***-***-***.png"
            },
            {
                "indexedAt": "2021-07-12T18:02:10.537Z",
                "task": {
                    "visibility": "public",
                    "method": "api",
                    "domain": "gwl.*****.com",
                    "time": "2021-07-12T18:01:47.901Z",
                    "uuid": "***-***-***-***-***-***",
                    "url": "https://gwl.*****.com/sign-in"
                },
                "stats": {
                    "uniqIPs": 8,
                    "consoleMsgs": 0,
                    "uniqCountries": 5,
                    "dataLength": 2218746,
                    "encodedDataLength": 860998,
                    "requests": 28
                },
                "page": {
                    "country": "CA",
                    "city": "Montreal",
                    "domain": "gwl.*****.com",
                    "ip": "1.1.1.1",
                    "mimeType": "text/html",
                    "asnname": "*****-02, US",
                    "asn": "*****",
                    "url": "https://gwl.*****.com/sign-in",
                    "ptr": "dpl7-yhu.na196-yhu.inst.siteforce.com",
                    "status": "200"
                },
                "_id": "***-***-***-***-***-***",
                "sort": [
                    1626112907901,
                    "***-***-***-***-***-***"
                ],
                "result": "https://urlscan.io/api/v1/result/***-***-***-***-***-***/",
                "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***-***.png"
            },
            {
                "indexedAt": "2021-06-07T22:44:54.369Z",
                "task": {
                    "visibility": "public",
                    "method": "manual",
                    "domain": "insights.*****.com",
                    "time": "2021-06-07T22:44:30.902Z",
                    "uuid": "***-***-***-***-***",
                    "url": "https://insights.*****.com/jfe/form/SV_3mVkuKXDbq4H5cy?Q_DL=33rMkT3uovBr4FC_3mVkuKXDbq4H5cy_CGC_XoSoXQ95616Masw&Q_CHL=email"
                },
                "stats": {
                    "uniqIPs": 2,
                    "consoleMsgs": 1,
                    "uniqCountries": 1,
                    "dataLength": 2076945,
                    "encodedDataLength": 1222972,
                    "requests": 17
                },
                "page": {
                    "country": "DE",
                    "server": "nginx",
                    "city": "Frankfurt am Main",
                    "domain": "test.com",
                    "ip": "2.2.2.2",
                    "mimeType": "text/html",
                    "asnname": "*****-AS, US",
                    "asn": "*****",
                    "url": "https://insights.*****.com/jfe1/form/SV_3mVkuKXDbq4H5cy?Q_DL=33rMkT3uovBr4FC_3mVkuKXDbq4H5cy_CGC_XoSoXQ95616Masw&Q_CHL=email",
                    "status": "200"
                },
                "_id": "***-***-***-***-***",
                "sort": [
                    1623105870902,
                    "***-***-***-***-***"
                ],
                "result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
                "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
            },
            {
                "indexedAt": "2021-06-04T17:45:22.437Z",
                "task": {
                    "visibility": "public",
                    "method": "manual",
                    "domain": "www.*****.com",
                    "time": "2021-06-04T17:45:02.475Z",
                    "uuid": "***-***-***-***-***",
                    "url": "http://www.*****.com/"
                },
                "stats": {
                    "uniqIPs": 16,
                    "consoleMsgs": 0,
                    "uniqCountries": 5,
                    "dataLength": 2720471,
                    "encodedDataLength": 1079870,
                    "requests": 77
                },
                "page": {
                    "country": "US",
                    "city": "Kansas City",
                    "domain": "www.*****.com",
                    "ip": "1.1.1.1",
                    "mimeType": "text/html",
                    "asnname": "GOOGLE, US",
                    "asn": "AS****",
                    "url": "https://www.*****.com/",
                    "ptr": "201.134.107.34.bc.googleusercontent.com",
                    "status": "200"
                },
                "_id": "***-***-***-***-***",
                "sort": [
                    1622828702475,
                    "***-***-***-***-***"
                ],
                "result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
                "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
            },
            {
                "indexedAt": "2021-05-20T19:19:19.735Z",
                "task": {
                    "visibility": "public",
                    "method": "manual",
                    "domain": "www.*****.com",
                    "time": "2021-05-20T19:18:43.81Z",
                    "uuid": "***-***-***-***-***",
                    "url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf"
                },
                "stats": {
                    "uniqIPs": 1,
                    "consoleMsgs": 0,
                    "uniqCountries": 1,
                    "dataLength": 0,
                    "encodedDataLength": 0,
                    "requests": 1
                },
                "page": {
                    "country": "US",
                    "city": "Kansas City",
                    "domain": "www.*****.com",
                    "ip": "1.1.1.1",
                    "mimeType": "application/pdf",
                    "asnname": "GOOGLE, US",
                    "asn": "AS****",
                    "url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf",
                    "ptr": "201.134.107.34.bc.googleusercontent.com",
                    "status": "200"
                },
                "_id": "***-***-***-***-***",
                "sort": [
                    1621538323810,
                    "***-***-***-***-***"
                ],
                "result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
                "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
            }
        ],
        "total": 68,
        "took": 32,
        "has_more": false
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

D3 customizes the Context Data by extracting the data from path $.results in API returned JSON.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "indexedAt": "2021-07-19T17:18:31.447Z",
        "task": {
            "visibility": "public",
            "method": "api",
            "domain": "experience.*****.com",
            "time": "2021-07-19T17:18:08.547Z",
            "uuid": "***-***-***-***",
            "url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
            "tags": [
                "falconsandbox"
            ]
        },
        "stats": {
            "uniqIPs": 1,
            "consoleMsgs": 0,
            "uniqCountries": 1,
            "dataLength": 23311,
            "encodedDataLength": 25282,
            "requests": 4
        },
        "page": {
            "country": "DE",
            "server": "envoy",
            "city": "Frankfurt am Main",
            "domain": "experience.*****.com",
            "ip": "1.1.1.1",
            "mimeType": "text/html",
            "asnname": "*****-AS, US",
            "asn": "*****",
            "url": "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
            "ptr": "a104-117-220-120.deploy.static.*****technologies.com",
            "status": "200"
        },
        "_id": "***-***-***-***",
        "sort": [
            1626715088547,
            "***-***-***-***"
        ],
        "result": "https://urlscan.io/api/v1/result/***-***-***-***/",
        "screenshot": "https://urlscan.io/screenshots/***-***-***-***.png"
    },
    {
        "indexedAt": "2021-07-12T18:02:10.537Z",
        "task": {
            "visibility": "public",
            "method": "api",
            "domain": "gwl.*****.com",
            "time": "2021-07-12T18:01:47.901Z",
            "uuid": "***-***-***-***-***-***",
            "url": "https://gwl.*****.com/sign-in"
        },
        "stats": {
            "uniqIPs": 8,
            "consoleMsgs": 0,
            "uniqCountries": 5,
            "dataLength": 2218746,
            "encodedDataLength": 860998,
            "requests": 28
        },
        "page": {
            "country": "CA",
            "city": "Montreal",
            "domain": "gwl.*****.com",
            "ip": "1.1.1.1",
            "mimeType": "text/html",
            "asnname": "*****-02, US",
            "asn": "*****",
            "url": "https://gwl.*****.com/sign-in",
            "ptr": "dpl7-yhu.na196-yhu.inst.siteforce.com",
            "status": "200"
        },
        "_id": "***-***-***-***-***-***",
        "sort": [
            1626112907901,
            "***-***-***-***-***-***"
        ],
        "result": "https://urlscan.io/api/v1/result/***-***-***-***-***-***/",
        "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***-***.png"
    },
    {
        "indexedAt": "2021-06-07T22:44:54.369Z",
        "task": {
            "visibility": "public",
            "method": "manual",
            "domain": "insights.*****.com",
            "time": "2021-06-07T22:44:30.902Z",
            "uuid": "***-***-***-***-***",
            "url": "https://insights.*****.com/jfe/form/****?Q_DL=***&Q_CHL=email"
        },
        "stats": {
            "uniqIPs": 2,
            "consoleMsgs": 1,
            "uniqCountries": 1,
            "dataLength": 2076945,
            "encodedDataLength": 1222972,
            "requests": 17
        },
        "page": {
            "country": "DE",
            "server": "nginx",
            "city": "Frankfurt am Main",
            "domain": "insights.*****.com",
            "ip": "1.1.1.1",
            "mimeType": "text/html",
            "asnname": "*****-AS, US",
            "asn": "*****",
            "url": "https://insights.*****.com/***/form/***?Q_DL=***&Q_CHL=email",
            "status": "200"
        },
        "_id": "***-***-***-***-***",
        "sort": [
            1623105870902,
            "***-***-***-***-***"
        ],
        "result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
        "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
    },
    {
        "indexedAt": "2021-06-04T17:45:22.437Z",
        "task": {
            "visibility": "public",
            "method": "manual",
            "domain": "www.*****.com",
            "time": "2021-06-04T17:45:02.475Z",
            "uuid": "***-***-***-***-***",
            "url": "http://www.*****.com/"
        },
        "stats": {
            "uniqIPs": 16,
            "consoleMsgs": 0,
            "uniqCountries": 5,
            "dataLength": 2720471,
            "encodedDataLength": 1079870,
            "requests": 77
        },
        "page": {
            "country": "US",
            "city": "Kansas City",
            "domain": "www.*****.com",
            "ip": "1.1.1.1",
            "mimeType": "text/html",
            "asnname": "GOOGLE, US",
            "asn": "AS****",
            "url": "https://www.*****.com/",
            "ptr": "201.134.107.34.bc.googleusercontent.com",
            "status": "200"
        },
        "_id": "***-***-***-***-***",
        "sort": [
            1622828702475,
            "***-***-***-***-***"
        ],
        "result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
        "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
    },
    {
        "indexedAt": "2021-05-20T19:19:19.735Z",
        "task": {
            "visibility": "public",
            "method": "manual",
            "domain": "www.*****.com",
            "time": "2021-05-20T19:18:43.81Z",
            "uuid": "***-***-***-***-***",
            "url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf"
        },
        "stats": {
            "uniqIPs": 1,
            "consoleMsgs": 0,
            "uniqCountries": 1,
            "dataLength": 0,
            "encodedDataLength": 0,
            "requests": 1
        },
        "page": {
            "country": "US",
            "city": "Kansas City",
            "domain": "www.*****.com",
            "ip": "1.1.1.1",
            "mimeType": "application/pdf",
            "asnname": "GOOGLE, US",
            "asn": "AS****",
            "url": "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf",
            "ptr": "201.134.107.34.bc.googleusercontent.com",
            "status": "200"
        },
        "_id": "***-***-***-***-***",
        "sort": [
            1621538323810,
            "***-***-***-***-***"
        ],
        "result": "https://urlscan.io/api/v1/result/***-***-***-***-***/",
        "screenshot": "https://urlscan.io/screenshots/***-***-***-***-***.png"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
    "ScanTimes": [
        "2021-07-19T17:18:31.447Z",
        "2021-07-12T18:02:10.537Z",
        "2021-06-07T22:44:54.369Z",
        "2021-06-04T17:45:22.437Z",
        "2021-05-20T19:19:19.735Z"
    ],
    "UniqueIPs": [
        1,
        8,
        2,
        16,
        1
    ],
    "UniqueCountries": [
        1,
        5,
        1,
        5,
        1
    ],
    "Countries": [
        "DE",
        "CA",
        "DE",
        "US",
        "US"
    ],
    "Cities": [
        "Frankfurt am Main",
        "Montreal",
        "Frankfurt am Main",
        "Kansas City",
        "Kansas City"
    ],
    "Domains": [
        "experience.*****.com",
        "gwl.*****.com",
        "insights.*****.com",
        "www.*****.com",
        "www.*****.com"
    ],
    "IPs": [
        "1.1.1.1",
        "1.1.1.1",
        "1.1.1.1",
        "1.1.1.1",
        "1.1.1.1"
    ],
    "ASNs": [
        "*****",
        "*****",
        "*****",
        "AS****",
        "AS****"
    ],
    "URLs": [
        "https://experience.*****.com/CP/Register.php?OptOut=true&RID=CTR_cx5eouXgSJW5xFY&LID=UR_5gwbKzgUkz8BIZT&DID=EMD_K35NQ8ugdfFa4d3&BT=Z3dsY3g&_=1",
        "https://gwl.*****.com/sign-in",
        "https://insights.*****.com/jfe1/form/SV_3mVkuKXDbq4H5cy?Q_DL=33rMkT3uovBr4FC_3mVkuKXDbq4H5cy_CGC_XoSoXQ95616Masw&Q_CHL=email",
        "https://www.*****.com/",
        "https://www.*****.com/content/dam/*****/documents/ext-files/auxiliaire-de-travail-de-la-canada-vie-sur-le-service-de-courriel-securise.pdf"
    ],
    "Statuses": [
        "200",
        "200",
        "200",
        "200",
        "200"
    ],
    "ResultURLs": [
        "https://urlscan.io/api/v1/result/***-***-***-***/",
        "https://urlscan.io/api/v1/result/***-***-***-***-***-***/",
        "https://urlscan.io/api/v1/result/***-***-***-***-***/",
        "https://urlscan.io/api/v1/result/***-***-***-***-***/",
        "https://urlscan.io/api/v1/result/***-***-***-***-***/"
    ]
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Search For Scans failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the urlscan.io portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: The value for parameter (Limit) is invalid.

Error Sample Data

Search For Scans failed.

Status Code: 400.

Message: The value for parameter (Limit) is invalid.

Test Connection

Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

SAMPLE DATA

CODE
Successful

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the urlscan.io portal. Refer to the HTTP Status Code Registry for details.

Status Code: 443.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Failed to establish a new connection.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 443.

Message: Failed to establish a new connection.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.