Xprotect
XPR Network
DNS

Xprotect API

A sophisticated API tailored for Web3, delivering advanced domain intelligence solutions.

API Documenation

Utilize the Xprotect API to perform various checks offered within our API.
Quickstart

<API KEY>
Request API key for your service

Getting Started

To leverage our API, please reach out to us to obtain an API key and undergo the whitelisting process for access.
API Key Validation

This section handles the validation of API keys to ensure that only authorized users can access the API.
How to Use:

Provide the API key in the request header.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "all"}' https://api.xprotect.org/v1/

Domain Scanning

This section initiates the scanning process for a specified domain, performing various checks based on the specified check_type.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "all"}' https://api.xprotect.org/v1/
Output in JSON format will look like this.
{
  "checks": {
    "blocked_providers": {
      "Cleanbrowsing": false,
      "Cloudflare": false,
      "OpenDNS": false,
      "Quad9": false,
      "Xprotect": false
    },
    "dns": {
      "a": [
        "195.201.93.102"
      ],
      "caa": [
        "0 issue \"comodoca.com\""
      ],
      "dmarc": [
        "\"v=DMARC1; p=reject; pct=100; rua=mailto:report@alvosec.com; adkim=s; aspf=r;\""
      ],
      "mx": [
        "mail.alvosec.com."
      ],
      "ns": [
        "novalee.ns.cloudflare.com.",
        "ken.ns.cloudflare.com."
      ],
      "txt": [
        "\"v=spf1 a mx a:mail.alvosec.com ip4:195.201.93.102/32 ~all\""
      ]
    },
    "domain_rank": 356817,
    "google_search": {
      "has_results": true,
      "link": "https://alvosec.com",
      "snippet": "Alvosec offer cybersecurity solutions for your business.",
      "title": "Cybersecurity & network solutions."
    },
    "headers": {
      "http_headers": {
        "Connection": [
          "keep-alive, Keep-Alive"
        ],
        "Content-Type": [
          "text/html; charset=UTF-8"
        ],
        "Date": [
          "Wed, 20 Dec 2023 21:14:44 GMT"
        ],
        "Keep-Alive": [
          "timeout=5, max=100"
        ],
        "Link": [
          "<https://alvosec.com/wp-json/>; rel=\"https://api.w.org/\"",
          "<https://alvosec.com/>; rel=shortlink"
        ],
        "Referrer-Policy": [
          "no-referrer"
        ],
        "Server": [
          "ALS"
        ],
        "Strict-Transport-Security": [
          "max-age=31536000; includeSubDomains; preload"
        ],
        "Upgrade": [
          "h2"
        ],
        "X-Frame-Options": [
          "SAMEORIGIN"
        ],
        "X-XSS-Protection": [
          "1; mode=block"
        ]
      }
    },
    "malicious_files": {},
    "phishing": {
      "check1": false,
      "check2": false
    },
    "robots": {
      "blocking_spiders": false,
      "exists": true
    },
    "ssl": {
      "issuer": [
        [
          [
            "countryName",
            "US"
          ]
        ],
        [
          [
            "organizationName",
            "Let's Encrypt"
          ]
        ],
        [
          [
            "commonName",
            "R3"
          ]
        ]
      ],
      "subject": [
        [
          [
            "commonName",
            "*.alvosec.com"
          ]
        ]
      ],
      "subject_alt_names": [
        [
          "DNS",
          "*.alvosec.com"
        ],
        [
          "DNS",
          "alvosec.com"
        ]
      ],
      "valid_from": "Nov 22 20:15:16 2023 GMT",
      "valid_to": "Feb 20 20:15:15 2024 GMT"
    },
    "virus_total": {
      "total": "0/90"
    },
    "whois": {
      "creation_date": "Tue, 04 Aug 2015 20:52:01 GMT",
      "expiration_date": "Sun, 04 Aug 2024 20:52:01 GMT",
      "registrar": "NAMECHEAP INC",
      "status": "clientTransferProhibited https://icann.org/epp#clientTransferProhibited",
      "whois_server": "whois.namecheap.com"
    }
  },
  "datetime": "2023-12-20 21:14:43",
  "domain": "alvosec.com",
  "domain_tld": "com",
  "ip_asn_country": {
    "asn": "24940",
    "country": "DE",
    "ip": "195.201.93.102"
  },
  "is_idn_domain": false,
  "is_most_abused_tld": false,
  "request_id": "eb2fdca5-cd46-474f-952d-4b41163ab173"
}

DNS Check

Performs DNS-related checks for the specified domain, including NS, A, MX, TXT, CAA, and DMARC records.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "dns"}' https://api.xprotect.org/v1/

SSL Check

Performs SSL certificate checks for the specified domain, including issuer, subject, subject alt names, and validity period.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "ssl"}' https://api.xprotect.org/v1/

Blocked Providers Check

Checks if the domain is blocked by specific DNS providers. Currently using 5 DNS providers: Quad9. CleanBrowsing, Cloudflare, OpenDNS and Xprotect.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "blocked_providers"}' https://api.xprotect.org/v1/

Robots Check

Checks the existence and content of the robots.txt file for the specified domain.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "robots"}' https://api.xprotect.org/v1/

Headers Check

Retrieves HTTP headers for the specified domain.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "headers"}' https://api.xprotect.org/v1/

Malicious Files Check

Checks for the presence of potentially malicious files on the specified domain.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "malicious_files"}' https://api.xprotect.org/v1/

Phishing Check

Performs phishing checks using external APIs.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "phishing"}' https://api.xprotect.org/v1/

Google Search Check

Performs a Google search to check the presence of the specified domain in search results.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "google_search"}' https://api.xprotect.org/v1/

VirusTotal Check

Checks the VirusTotal database for information about the specified domain.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "virus_total"}' https://api.xprotect.org/v1/

Domain Rank Check

Retrieves the rank of the specified domain from the Tranco list.
curl -X POST -H "Content-Type: application/json" -H "apiKey: YOUR_API_KEY" -d '{"domain": "example.com", "check_type": "domain_rank"}' https://api.xprotect.org/v1/
Thank you for choosing Xprotect API! Our API is designed to provide valuable insights into domain-related information through a range of checks and queries. Before you get started, we would like to emphasize the following points:

1. Purpose and Usage:

Xprotect API is intended to be used for legitimate and constructive purposes. It is a tool meant to assist developers, businesses, and individuals in gaining insights into various aspects of a domain. Please refrain from using this API for any malicious or harmful activities.

2. Responsible Usage:

We encourage users to deploy Xprotect API responsibly and ethically. Respect the privacy and security of others, and ensure that your use of the API aligns with applicable laws and regulations.

3. Prohibited Activities:

The following activities are strictly prohibited:

Any form of malicious intent or cyber attacks.
Violation of privacy or unauthorized access to systems.
Any activity that may cause harm or disruption to individuals or organizations.

4. Feedback and Suggestions:

We welcome feedback and suggestions from the user community. If you have ideas for improvement, encounter issues, or have specific feature requests, please reach out to us. Your input is invaluable, and it helps us enhance the functionality and usability of Xprotect API.
lock