8 production-ready endpoints covering file scanning, URL safety, email breach, DNS, SSL, and IP lookup — built on SafeSearchScan's own proprietary engine. No third-party AV dependencies.
| Method | Endpoint | What it does | Plan |
|---|---|---|---|
| POST | /scan/file | Full PE static analysis — verdict, IOCs, detection rules | All |
| POST | /scan/hash | Fast SHA-256 hash reputation lookup | All |
| POST | /api/v1/url-check | URL safety check via Google Safe Browsing + heuristics | All |
| POST | /api/v1/email-breach | Check if email appears in known data breaches | All |
| POST | /api/v1/dns-lookup | Full DNS record lookup (A, MX, TXT, NS, CNAME) | All |
| POST | /api/v1/ssl-check | SSL certificate validity, expiry, issuer | All |
| POST | /api/v1/ip-lookup | IP geolocation, ASN, abuse reputation | All |
| GET | /api/developer/usage | Your current quota usage and reset date | All |
| GET | /health | Service health check (no auth required) | All |
One API key. All 8 endpoints. Results in milliseconds.
# Scan a file curl -X POST https://api.safesearchscan.com/scan/file \ -H "X-API-Key: sss_live_your_key_here" \ -F "file=@suspicious.exe" # Check quota curl https://safesearchscan.com/api/developer/usage \ -H "X-API-Key: sss_live_your_key_here"
{
"verdict": "malicious",
"confidence": 0.91,
"threat_name": "Trojan.ProcessInjector",
"threat_family": "Ransomware",
"file_type": "PE32",
"is_pe": true,
"sha256": "a3f2c1d8e9b7...",
"md5": "5f4dcc3b5aa7...",
"file_size": 143360,
"scan_time_ms": 142,
"reasons": [
"High entropy section '.text' (7.82) — likely packed",
"Ransomware strings detected: 'YOUR FILES ARE ENCRYPTED'",
"Crypto wallet found: 1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf3F"
],
"iocs": {
"btc_wallets": ["1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf3F"],
"c2_domains": ["decrypt-my-files.onion"],
"suspicious_commands": [],
"xmr_wallets": [],
"eth_wallets": []
},
"engine_version": "SafeSearchScan-1.0"
}import requests
BASE = "https://api.safesearchscan.com"
HEADERS = {"X-API-Key": "sss_live_your_key"}
def scan_file(filepath: str) -> dict:
with open(filepath, "rb") as f:
r = requests.post(f"{BASE}/scan/file", headers=HEADERS, files={"file": f})
r.raise_for_status()
return r.json()
def check_url(url: str) -> dict:
r = requests.post(
"https://safesearchscan.com/api/v1/url-check",
headers={**HEADERS, "Content-Type": "application/json"},
json={"url": url}
)
return r.json()
result = scan_file("suspicious.exe")
print(result["verdict"], result["confidence"]) # malicious 0.91const FormData = require('form-data')
const fs = require('fs')
const fetch = require('node-fetch')
const API_KEY = 'sss_live_your_key'
const HEADERS = { 'X-API-Key': API_KEY }
async function scanFile(filepath) {
const form = new FormData()
form.append('file', fs.createReadStream(filepath))
const res = await fetch('https://api.safesearchscan.com/scan/file', {
method: 'POST', headers: { ...HEADERS, ...form.getHeaders() }, body: form,
})
return res.json()
}
async function checkUrl(url) {
const res = await fetch('https://safesearchscan.com/api/v1/url-check', {
method: 'POST',
headers: { ...HEADERS, 'Content-Type': 'application/json' },
body: JSON.stringify({ url }),
})
return res.json()
}
scanFile('suspicious.exe').then(r => console.log(r.verdict, r.threat_family))/scan/filehttps://api.safesearchscan.comFull static analysis of any file. Runs PE parsing, string classification, and all 11 detection rules. Max file size: 50MB.
X-API-KeyheaderYour API keyContent-Typeheadermultipart/form-datafileform-dataThe file to scan{
"verdict": "malicious",
"confidence": 0.91,
"threat_name": "Trojan.ProcessInjector",
"threat_family": "Ransomware",
"file_type": "PE32",
"is_pe": true,
"sha256": "a3f2c1d8e9b7...",
"md5": "5f4dcc3b5aa7...",
"file_size": 143360,
"scan_time_ms": 142,
"reasons": [
"High entropy section '.text' (7.82) — likely packed",
"Ransomware strings detected: 'YOUR FILES ARE ENCRYPTED'",
"Crypto wallet found: 1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf3F"
],
"iocs": {
"btc_wallets": ["1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf3F"],
"c2_domains": ["decrypt-my-files.onion"],
"suspicious_commands": [],
"xmr_wallets": [],
"eth_wallets": []
},
"engine_version": "SafeSearchScan-1.0"
}/scan/hashhttps://api.safesearchscan.comFast SHA-256 hash lookup. Returns immediately — no file upload needed. Database grows as files are scanned.
X-API-KeyheaderYour API keysha256body (JSON)64-character hex SHA-256 hash// Request body: { "sha256": "a3f2c1d8e9b7..." }
{
"sha256": "a3f2c1d8e9b7...",
"verdict": "unknown",
"in_database": false,
"message": "Hash not found. Submit file for full static analysis.",
"engine_version": "SafeSearchScan-1.0"
}/api/v1/url-checkhttps://safesearchscan.comCheck a URL for phishing, malware, and suspicious patterns.
X-API-KeyheaderYour API keyurlbody (JSON)The URL to check// Request body: { "url": "https://example.com" }
{
"url": "https://example.com",
"verdict": "clean",
"stats": { "malicious": 0, "suspicious": 1, "clean": 65 },
"flags": [],
"source": "safebrowsing"
}/api/v1/email-breachhttps://safesearchscan.comCheck if an email address has appeared in known data breaches.
X-API-KeyheaderYour API keyemailbody (JSON)Email address to check{ "breached": true, "count": 2, "breaches": [{ "name": "LinkedIn", "breachDate": "2012-06-01", "pwnCount": 117000000, "dataClasses": ["Email", "Password"] }] }/api/v1/dns-lookuphttps://safesearchscan.comFull DNS record lookup for any domain.
X-API-KeyheaderYour API keydomainbody (JSON)Domain to look up{ "domain": "example.com", "records": { "A": [{ "ttl": "1h", "value": "93.184.216.34" }], "MX": [{ "ttl": "1h", "value": "0 example.com." }] }, "queriedTypes": ["A","AAAA","MX","TXT","NS"] }/api/v1/ssl-checkhttps://safesearchscan.comVerify SSL certificate validity, expiry date, and issuer.
X-API-KeyheaderYour API keydomainbody (JSON)Domain to check{ "hostname": "example.com", "cert": { "issuer": { "O": "Let's Encrypt" }, "validTo": "2026-06-01T00:00:00.000Z", "daysRemaining": 78, "isExpired": false, "grade": "A", "protocol": "TLSv1.3" } }/api/v1/ip-lookuphttps://safesearchscan.comIP geolocation, ASN, and abuse reputation lookup.
X-API-KeyheaderYour API keyipbody (JSON)IPv4 or IPv6 address{ "ip": "8.8.8.8", "country": "United States", "countryCode": "us", "city": "Mountain View", "isp": "Google LLC", "asn": "AS15169 Google LLC", "isProxy": false, "isHosting": true, "riskLevel": "suspicious", "riskReasons": ["Hosted on a data center"] }/api/developer/usagehttps://safesearchscan.comCheck your current quota usage and when it resets. Also returns X-RateLimit headers.
X-API-KeyheaderYour API key{
"calls_this_month": 342,
"monthly_limit": 100000,
"calls_remaining": 99658,
"reset_date": "2026-04-01T00:00:00.000Z",
"percent_used": 0
}11 proprietary rules run on every file scan. Each rule reports its confidence score and human-readable reason.
High entropy executable
Packed or encrypted PE sections (>7.0 Shannon entropy)
No imports
PE with empty import table — common in shellcode loaders
W+X section
Writable + executable memory — hallmark of process injection
Process injection
VirtualAllocEx, WriteProcessMemory, CreateRemoteThread
Anti-analysis
IsDebuggerPresent, timing checks, VM detection imports
Persistence
Registry Run keys, scheduled tasks, startup folder writes
Download & execute
URLDownloadToFile + CreateProcess combination
Ransomware strings
Ransom notes, payment instructions, encryption keywords
Crypto wallet
BTC, XMR, ETH wallet addresses extracted from binary
Suspicious shell
PowerShell encoded commands, curl pipe bash patterns
C2 indicators
Onion domains, DGA patterns, hardcoded C2 IPs
| HTTP Status | Meaning | Fix |
|---|---|---|
| 401 | Invalid or missing API key | Check your X-API-Key header. Key must start with sss_live_ |
| 400 | Bad request | Check required fields (file, url, hash, etc.) |
| 413 | File too large | File exceeds 50MB limit |
| 429 | Monthly quota exceeded | Check /api/developer/usage. Upgrade plan or wait for reset. |
| 500 | Server error | Temporary issue. Retry after 30s. Contact support if persistent. |
Simple monthly pricing. All plans include all 8 endpoints. No per-call fees.
Free
1,000 calls/month
₹2,499/mo
100,000 calls/month
₹7,999/mo
500,000 calls/month
Free Starter plan available to all registered users — no card needed. Create an account if you don't have one yet.
Our PE parser, string classifier, and rule engine are 100% proprietary. You own the integration, not a third-party subscription.
File scanning, URL safety, email breach, DNS, SSL, IP lookup — everything under one API key and one billing plan.
Bitcoin/Monero wallets, C2 domains, onion addresses, and shell commands extracted and returned in every scan.
Files analyzed in memory, never stored. Your users' data never touches a third-party server.
Flat monthly rate. No per-call billing. No surprise invoices. Budget at any scale.
LightGBM on EMBER dataset for zero-day detection. +30% accuracy over the current rule-based engine.
Start free. No credit card required for the Starter plan.