This APIs helps you to get the list of unresolved domains and typosquatted domains discovered by EASM.
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
| domainType |
Optional |
String |
Provide the value UNRESOLVED_DOMAINS. If this value is not provided, the unresolved domains are fetched by default. Ensure to enter the value in capital letters only. |
| domainFilterType |
Optional |
String |
Provide the value from the following to filter the data according to your requirements. Note that you must provide the exact value as shown.
|
| pageSize | Optional | Integer | Provide the value for the page size between the range 1-5000. This field is used to decrease the page size. The default page size is 5000. |
| lastFetchDomainID | Optional | Integer | Provide the value of the lastFetchDomainId from the previous request response. Use this field only when the previous response contains "hasMore":1 and you need to fetch unresolved domains from the next page. |
API Request
curl --location --request POST
'<qualys_base_url>/rest/2.0/am/domain/list' \
--header 'Authorization: <JWT token>' \
--data '' Response
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 2,
"lastFetchDomainId": 981517119,
"domainListData": {
"domains": [
{
"domain": "ib.link",
"subdomain": "www.ib.link",
"whoIs": {
"registrar": "Pxx-USA, Inc. dxx Domxxn Roxxt",
"registrantOrg": "Ixxxcaja Bxxco S.A.",
"registrantEmailId": null,
"creationDate": "2017-11-10"
}
},
{
"domain": "ib.link",
"whoIs": {
"registrar": "Pxxx. dxa Doxxin Rxxot",
"registrantOrg": "Ixxrcaja Bxxco S.A.",
"registrantEmailId": null,
"creationDate": "2017-11-10"
}
}
]
}
}
The following fields in the response of the given API request indicate:
- hasMore: More unresolved domains are present on the next page.
- lastFetchDomainId: A unique ID for every unresolved domain that must be provided as a parameter value to go to the next page.
- count: The count of unresolved domains on a particular page.
API Request
curl --location '<qualys_base_url>/rest/2.0/am/domain/list' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT token>' \
--data '{
"filters": [
{
"value": "ib.link",
"field": "asset.domain",
"operator": "EQUALS"
},
{
"value": "www.ib.link",
"field": "asset.subdomain",
"operator": "EQUALS"
}
],
"operation": "AND"
}
Response
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": 575375801,
"domainListData": {
"domains": [
{
"domain": "ib.link",
"subdomain": "www.ib.link",
"whoIs": {
"registrar": "PxxxA, Inc. dxa Dxxxin Rxxot",
"registrantOrg": "Ibxxxx xxxx xxA.",
"registrantEmailId": null,
"creationDate": "2017-11-10"
}
}
]
}
}
API Request
curl --location '<qualys_base_url>/rest/2.0/am/domain/list' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT token>' \
--data '<FilterRequest>
<filters>
<Criteria field="asset.subdomain"
operator="EQUALS"><value>ota.dev.ssllabs.com</value></Criteria>
<Criteria field="whoIs.creationDate" operator="EQUALS"><value>2009-1-
1</value></Criteria>
</filters>
<operation>AND</operation>
</FilterRequest>'
Response
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -66826159,
"domainListData": {
"domains": [
{
"domain": "ssllabs.com",
"subdomain": "ota.dev.ssllabs.com",
"whoIs": {
"registrar": "Gxxx xxS",
"registrantOrg": "Qualys, Inc.",
"registrantEmailId": "f21eded51f345decec6706a0fada7d45-
49095@contact.gandi.net",
"creationDate": "2009-01-01"
}
}
]
}
}
With this API, you can get the list of typosquatted (look alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.
|
Parameter |
Mandatory |
Data Type |
Description |
|
domainType |
Mandatory |
String |
Provide the value TYPOSQUATTED_DOMAINS. If this value is not provided, you get the list of unresolved domains. Provide the value only in the capital case. |
|
domainFilterType |
Optional |
String |
If this parameter is not provided by default, the API fetches ALL Typosquatted Domains. Provide any one of the following two values to filter the data:
Provide the value only in a capital case. |
To filter data, the filters that must be used in the API body along with the supported operators are :
API Request
curl --location --request POST
'<qualys_base_url>/rest/2.0/am/domain/list?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT Token>
--data '<FilterRequest>
<filters>
<Criteria field="permutation.name" operator="EQUALS"><value>seamanage.com</value></Criteria>
</filters>
</FilterRequest>'
API Response
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -2143264294,
"domainListData": {
"domains": [
{
"domain": "secmanage.com",
"whoIs": {
"registrar": "TurnCommerce, Inc. DBA NameBright.com",
"registrantOrg": "HugeDomains.com",
"registrantEmailId": "domains@hugedomains.com",
"creationDate": "2020-04-03",
"registrantCountry": "UNITED STATES",
"expirationDate": "2025-04-03"
},
"ips": [],
"permutation": {
"name": "seamanage.com",
"category": "Bitsquatting",
"types": [
"Defamatory"
]
}
}
]
}
}
API Request
curl --location --request POST
'<qualys_base_url/rest/2.0/am/domain/list?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Authorization: <JWT Token>
--data ''
API Response
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -2143264294,
"domainListData": {
"domains": [
{
"domain": "secmanage.com",
"whoIs": {
"registrar": "TurnCommerce, Inc. DBA NameBright.com",
"registrantOrg": "HugeDomains.com",
"registrantEmailId": "domains@hugedomains.com",
"creationDate": "2020-04-03",
"registrantCountry": "UNITED STATES",
"expirationDate": "2025-04-03"
},
"ips": [],
"permutation": {
"name": "seamanage.com",
"category": "Bitsquatting",
"types": [
"Defamatory"
]
}
}
]
}
}