How to Scan a Website for Threats, Malicious Content using PHP

2 min readFeb 6


If there’s anything the average employee (or casual internet user) has learned during the last decade of digital renaissance, it’s that clicking on suspicious links can get you in a LOT of trouble.

However, it’s not enough to put the onus entirely on client-side users, especially when we include file URLs in that pool. Malicious URLs can be programmatically investigated before they reach our users, and the API solution provided below makes a URL scanning policy easy to implement. This API will quickly scan the contents of any given URL for malicious content and threats (including viruses and phishing threats) and return what threat type, if any, was present.

To take advantage of this API, simply follow steps below to structure your API call using ready-to-run PHP code snippets.

Start by running this command to install the PHP SDK:

composer require cloudmersive/cloudmersive_virusscan_api_client

Next, call the function:

require_once(__DIR__ . '/vendor/autoload.php');

// Configure API key authorization: Apikey
$config = Swagger\Client\Configuration::getDefaultConfiguration()->setApiKey('Apikey', 'YOUR_API_KEY');

$apiInstance = new Swagger\Client\Api\ScanApi(

new GuzzleHttp\Client(),
$input = new \Swagger\Client\Model\WebsiteScanRequest(); // \Swagger\Client\Model\WebsiteScanRequest |

try {
$result = $apiInstance->scanWebsite($input);
} catch (Exception $e) {
echo 'Exception when calling ScanApi->scanWebsite: ', $e->getMessage(), PHP_EOL;

That’s all the code you’ll need! To complete your API call with a free-tier API key, register a free account on our website.




There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.