NOC Scanner API Documentation

Scan any domain for malware, SEO spam, and blacklisting status using simple cURL requests.

Get an API Key View Latest Scans

Quick Start

1

Get your API key

Visit the pricing page to get a key. Keys look like this:

NOC-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2

Make your first request

Pass your key and the domain you want to scan as headers:

curl -H "API_KEY: NOC-YOURKEY" \ -H "WEBSITE: example.com" \ https://php-login.com/api/
3

Read the JSON response

You get back a full JSON result — malware detection, DNS blacklists, security headers, detected software and more.

Endpoint

Method: GET

https://php-login.com/api/

Required Headers

API_KEYYour API key
WEBSITEDomain to scan

cURL only. Browser requests return 403.

Request Examples

Basic scan

curl -H "API_KEY: NOC-YOURKEY" \ -H "WEBSITE: google.com" \ https://php-login.com/api/

Domain with https:// prefix — stripped automatically

curl -H "API_KEY: NOC-YOURKEY" \ -H "WEBSITE: https://example.com/some/path" \ https://php-login.com/api/

Save output to a file

curl -H "API_KEY: NOC-YOURKEY" \ -H "WEBSITE: google.com" \ https://php-login.com/api/ -o result.json
Headers are not case sensitive. API_KEY, api_key, and Api_Key all work the same way.

Response Format

All responses are JSON. Successful scans return status: success with full scan data.

{ "status": "success", "requests_remaining": 99, "daily_limit": 100, "category": "Technology", "ip": { "142.250.80.46": "google.com" }, "dns": { "blocked": 0, "failed": 0, "nxdomain": 0 }, "http": { "hardening": { ... }, "app_detection": { ... } } }
Response Fields
Field Description
statussuccess or error
requests_remainingAPI calls left today
dns.blockedNumber of DNS resolvers blocking this domain
dns.failedNumber of DNS resolvers failing to resolve it
http.malwareOnly present when malware is detected — contains signatures and payload
http.hardeningMissing or misconfigured security headers
http.app_detectionCMS, frameworks, and software detected on the site

Error Responses

Missing headers

{ "status": "error", "reason": "Missing API_KEY or WEBSITE header." }

Invalid key

{ "status": "error", "reason": "Invalid or inactive API key." }

Rate limit hit

{ "status": "error", "reason": "Daily request limit reached.", "requests_remaining": 0, "resets_at": "2026-03-21 00:00:00 UTC" }

Invalid domain

{ "status": "error", "reason": "Invalid domain name." }
View Pricing