Skip to content
Cloudflare API
Start here
API Reference
URL Scanner
Scans

Search URL scans

url_scanner.scans.list(ScanListParams**kwargs) -> ScanListResponse
GET/accounts/{account_id}/urlscanner/v2/search

Use a subset of ElasticSearch Query syntax to filter scans. Some example queries:

- 'path:"/bundles/jquery.js"': Searches for scans who requested resources with the given path.
- 'page.asn:AS24940 AND hash:xxx': Websites hosted in AS24940 where a resource with the given hash was downloaded.
- 'page.domain:microsoft* AND verdicts.malicious:true AND NOT page.domain:microsoft.com': malicious scans whose hostname starts with "microsoft".
- 'apikey:me AND date:[2025-01 TO 2025-02]': my scans from 2025 January to 2025 February.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
URL Scanner WriteURL Scanner Read
ParametersExpand Collapse
account_id: str

Account ID.

q: Optional[str]

Filter scans

size: Optional[int]

Limit the number of objects in the response.

ReturnsExpand Collapse
class ScanListResponse:
results: List[Result]
_id: str
page: ResultPage
asn: str
country: str
ip: str
url: str
result: str
stats: ResultStats
data_length: float
requests: float
uniq_countries: float
uniq_ips: float
task: ResultTask
time: str
url: str
uuid: str
visibility: str
verdicts: ResultVerdicts
malicious: bool

Search URL scans

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
scans = client.url_scanner.scans.list(
    account_id="account_id",
)
print(scans.results)
{
  "results": [
    {
      "_id": "9626f773-9ffb-4cfb-89d3-30b120fc8011",
      "page": {
        "asn": "AS15133",
        "country": "US",
        "ip": "93.184.215.14",
        "url": "https://example.com"
      },
      "result": "https://radar.clouflare.com/scan/9626f773-9ffb-4cfb-89d3-30b120fc8011",
      "stats": {
        "dataLength": 2512,
        "requests": 2,
        "uniqCountries": 1,
        "uniqIPs": 1
      },
      "task": {
        "time": "2024-09-30T23:54:02.881000+00:00",
        "url": "https://example.com",
        "uuid": "9626f773-9ffb-4cfb-89d3-30b120fc8011",
        "visibility": "public"
      },
      "verdicts": {
        "malicious": true
      }
    }
  ]
}
Returns Examples
{
  "results": [
    {
      "_id": "9626f773-9ffb-4cfb-89d3-30b120fc8011",
      "page": {
        "asn": "AS15133",
        "country": "US",
        "ip": "93.184.215.14",
        "url": "https://example.com"
      },
      "result": "https://radar.clouflare.com/scan/9626f773-9ffb-4cfb-89d3-30b120fc8011",
      "stats": {
        "dataLength": 2512,
        "requests": 2,
        "uniqCountries": 1,
        "uniqIPs": 1
      },
      "task": {
        "time": "2024-09-30T23:54:02.881000+00:00",
        "url": "https://example.com",
        "uuid": "9626f773-9ffb-4cfb-89d3-30b120fc8011",
        "visibility": "public"
      },
      "verdicts": {
        "malicious": true
      }
    }
  ]
}