The Malware & Phishing URL Scanner API helps developers, security platforms, and email providers detect unsafe, suspicious, or malicious URLs. It combines VirusTotal threat intelligence with local heuristics (WHOIS, SSL validity, domain age, suspicious keywords) to give reliable results.
All requests must include your RapidAPI key in the header:
"x-rapidapi-key": "YOUR_RAPIDAPI_KEY"
"x-rapidapi-host": "malware-scanner-api.p.rapidapi.com"Endpoint:
GET /scan
POST /scanDescription: Analyze a given URL and return its safety status with reasons.
Request Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
url |
string | Yes | The URL to analyze (must be valid, e.g. https://example.com) |
GET Example
curl -X GET "https://malware-scanner-api.p.rapidapi.com/scan?url=https://example.com" \
-H "x-rapidapi-key: YOUR_RAPIDAPI_KEY" \
-H "x-rapidapi-host: malware-scanner-api.p.rapidapi.com"POST Example
curl -X POST "https://malware-scanner-api.p.rapidapi.com/scan" \
-H "Content-Type: application/json" \
-H "x-rapidapi-key: YOUR_RAPIDAPI_KEY" \
-H "x-rapidapi-host: malware-scanner-api.p.rapidapi.com" \
-d '{"url": "https://suspicious-login.com"}'{
"success": true,
"input": "https://google.com",
"analysis": {
"status": "safe",
"reason": "No suspicious indicators found",
"cached": false
}
}{
"success": true,
"input": "http://suspicious-login.com",
"analysis": {
"status": "suspicious",
"reason": "Flagged suspicious by 3 engines",
"cached": true
}
}| Status | Reason |
|---|---|
400 |
Missing or invalid URL parameter |
500 |
Internal server error (WHOIS / VirusTotal failure) |
Example Error
{
"success": false,
"error": "Invalid URL format"
}- VirusTotal Threat Intel β Real-time analysis against 70+ AV engines
- WHOIS Check β Detect newly registered domains often used in phishing
- SSL Certificate Check β Identifies invalid/missing SSL
- Suspicious Keyword Detection β Flags URLs containing risky words (
login,bank,secure)