Network Threat Intelligence API
URL
GET /api/network-threat-intel/url/
Returns information about the provided URL.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| url | Required | The requested URL. This string needs to be URI-encoded. | query, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/url/?url=https%3A%2F%2Fwww.example.com' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and requested_url
token = "exampletoken"
requested_url = "https%3A%2F%2Fwww.example.com"
url = f"https://appliance.example.com/api/network-threat-intel/url/?url={requested_url}"
headers = {
"authorization": f"token {token}"
}
# add verify=False in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format
Response Schema
properties:
third_party_reputations:
type: object
properties:
sources:
type: array
items:
type: object
properties:
source:
type: string
detection:
type: string
category:
type: string
update_time:
type: string
detect_time:
type: string
statistics:
type: object
properties:
total:
type: integer
malicious:
type: integer
clean:
type: integer
undetected:
type: integer
classification:
type: string
analysis:
type: object
properties:
analysis_history:
type: array
items:
type: object
properties:
domain:
type: string
final_url:
type: string
http_response_code:
type: integer
analysis_id:
type: string
availability_status:
type: string
serving_ip_address:
type: string
analysis_time:
type: string
last_analysis:
type: object
properties:
domain:
type: string
http_response_code:
type: integer
analysis_id:
type: string
availability_status:
type: string
serving_ip_address:
type: string
analysis_time:
type: string
first_analysis:
type: string
analysis_count:
type: integer
top_threats:
type: array
items:
type: object
properties:
threat_name:
type: string
files_count:
type: integer
risk_score:
type: integer
statistics:
type: object
properties:
unknown:
type: integer
suspicious:
type: integer
total:
type: integer
malicious:
type: integer
goodware:
type: integer
requested_url:
type: string
Response Examples
{
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "phishing_database",
"update_time": "2022-11-28T10:43:53"
},
{
"detection": "undetected",
"source": "cyren",
"update_time": "2022-11-28T06:12:42"
},
{
"detection": "undetected",
"source": "cyradar",
"update_time": "2022-11-28T06:36:08"
},
{
"detection": "undetected",
"source": "netstar",
"update_time": "2022-11-28T11:39:32"
},
{
"detection": "undetected",
"source": "malsilo",
"update_time": "2022-11-28T00:06:54"
},
{
"detection": "undetected",
"source": "mute",
"update_time": "2022-11-28T10:37:58"
},
{
"detection": "undetected",
"source": "adminus_labs",
"update_time": "2022-11-28T11:53:02"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2022-11-28T02:20:40"
},
{
"detection": "undetected",
"source": "0xSI_f33d",
"update_time": "2022-11-28T06:22:08"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2022-11-28T08:22:21"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2022-11-28T10:47:29"
},
{
"detection": "undetected",
"source": "phishstats",
"update_time": "2022-11-28T05:20:19"
},
{
"detection": "undetected",
"source": "comodo_valkyrie",
"update_time": "2022-11-27T15:42:30"
},
{
"detection": "undetected",
"source": "alien_vault",
"update_time": "2022-11-28T02:02:35"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2022-11-28T01:31:05"
},
{
"detection": "undetected",
"source": "openphish",
"update_time": "2022-11-27T18:02:25"
},
{
"detection": "undetected",
"source": "mrg",
"update_time": "2022-11-28T10:44:41"
},
{
"detection": "undetected",
"source": "phishtank",
"update_time": "2022-11-28T11:24:33"
},
{
"detection": "undetected",
"source": "crdf",
"update_time": "2022-11-28T08:30:08"
},
{
"detection": "undetected",
"source": "urlhaus",
"update_time": "2022-11-28T11:20:58"
}
],
"statistics": {
"total": 20,
"malicious": 0,
"clean": 0,
"undetected": 20
}
},
"classification": "goodware",
"analysis": {
"analysis_history": [
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16685201231489dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T12:53:25"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1668516805009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T12:53:25"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16685489790689dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T20:53:28"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1668545608009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T20:53:28"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16685921996389dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-16T08:53:58"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1668588838009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-16T08:53:58"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16691106111989dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-22T08:54:43"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1669107283009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-22T08:54:43"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "1669636389639c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-28T10:57:09"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1669633029009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-28T10:57:09"
}
],
"last_analysis": {
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1669633029009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-28T10:57:09"
},
"first_analysis": "2022-11-15T12:53:25",
"analysis_count": 171,
"statistics": {
"unknown": 0,
"suspicious": 0,
"total": 2,
"malicious": 0,
"goodware": 2
}
},
"requested_url": "www.example.com"
}
Domain
GET /api/network-threat-intel/domain/{domain}/
Returns information about the provided domain.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| domain | Required | The requested domain. | path, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/domain/example.com/' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and domain
token = "exampletoken"
domain = "example.com"
url = f"https://appliance.example.com/api/network-threat-intel/domain/{domain}/"
headers = {
"authorization": f"token {token}"
}
# add verify=false in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format
Response Schema
properties:
parent_domain:
type: string
last_dns_records:
type: array
items:
type: object
properties:
type:
type: string
value:
type: string
provider:
type: string
last_dns_records_time:
type: string
third_party_reputations:
type: object
properties:
sources:
type: array
items:
type: object
properties:
source:
type: string
detection:
type: string
category:
type: string
update_time:
type: string
detect_time:
type: string
statistics:
type: object
properties:
total:
type: integer
malicious:
type: integer
undetected:
type: integer
clean:
type: integer
top_threats:
type: array
items:
type: object
properties:
threat_name:
type: string
files_count:
type: integer
risk_score:
type: integer
modified_time:
type: string
downloaded_files_statistics:
type: object
properties:
unknown:
type: integer
suspicious:
type: integer
total:
type: integer
malicious:
type: integer
goodware:
type: integer
requested_domain:
type: string
Response Example
{
"last_dns_records": [
{
"type": "A",
"value": "93.184.216.34",
"provider": "ReversingLabs"
}
],
"last_dns_records_time": "2022-11-28T10:57:09",
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "phishing_database",
"update_time": "2022-11-28T02:24:00"
},
{
"detection": "undetected",
"source": "0xSI_f33d",
"update_time": "2022-11-28T06:22:08"
},
{
"detection": "malicious",
"source": "cyradar",
"update_time": "2022-11-28T06:36:08",
"detect_time": "2022-06-08T12:55:18"
},
{
"detection": "undetected",
"source": "adminus_labs",
"update_time": "2022-11-28T12:39:42"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2022-11-28T04:06:58"
},
{
"detection": "undetected",
"source": "netstar",
"update_time": "2022-11-28T12:33:27"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2022-11-28T08:22:21"
},
{
"detection": "undetected",
"source": "botvrij",
"update_time": "2022-11-28T02:25:14"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2022-11-28T12:54:06"
},
{
"detection": "undetected",
"source": "comodo_valkyrie",
"update_time": "2022-11-28T05:54:08"
},
{
"detection": "undetected",
"source": "web_security_guard",
"update_time": "2022-01-21T06:56:15"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2022-11-28T01:31:05"
},
{
"detection": "undetected",
"source": "crdf",
"update_time": "2022-11-28T08:30:08"
}
],
"statistics": {
"total": 13,
"malicious": 1,
"undetected": 12,
"clean": 0
}
},
"top_threats": [],
"modified_time": "2022-11-28T12:54:06",
"downloaded_files_statistics": {
"unknown": 0,
"suspicious": 0,
"total": 2,
"malicious": 0,
"goodware": 2
},
"requested_domain": "example.com"
}
IP Address
The IP Address API has four separate endpoints:
- report
- resolutions
- URLs
- downloaded files
Report
GET /api/network-threat-intel/ip/{ip}/report/
Returns:
- Third-party IP address reputation and categorization.
- Counters of samples downloaded from the IP address, mapped to their classification status (malicious, suspicious, known, no threats found).
- The most common threats (malware type, family) hosted on the submitted IP address.
Request Format
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| ip | Required | The requested IP address. | path, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/ip/93.184.216.34/report/' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and ip
token = "exampletoken"
ip = "93.184.216.34"
url = f"https://appliance.example.com/api/network-threat-intel/ip/{ip}/report/"
headers = {
"authorization": f"token {token}"
}
# add verify=false in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format�
Response Schema
properties:
third_party_reputations:
type: object
properties:
statistics:
type: object
properties:
total:
type: integer
malicious:
type: integer
undetected:
type: integer
clean:
type: integer
sources:
type: array
items:
type: object
properties:
source:
type: string
detection:
type: string
category:
type: string
update_time:
type: string
detect_time:
type: string
downloaded_files_statistics:
type: object
properties:
total:
type: integer
unknown:
type: integer
suspicious:
type: integer
malicious:
type: integer
goodware:
type: integer
top_threats:
type: array
items:
type: object
properties:
threat_name:
type: string
files_count:
type: integer
risk_score:
type: integer
requested_ip:
type: string
modified_time:
type: string
Response Example
{
"third_party_reputations": {
"statistics": {
"total": 6,
"malicious": 0,
"undetected": 5,
"clean": 1
},
"sources": [
{
"detection": "clean",
"update_time": "2022-11-28T12:54:06",
"detect_time": "2022-08-02T17:50:15",
"category": null,
"source": "alphamountain"
},
{
"detection": "undetected",
"update_time": "2022-11-28T08:22:21",
"detect_time": null,
"category": null,
"source": "threatfox_abuse_ch"
},
{
"detection": "undetected",
"update_time": "2022-11-28T13:05:55",
"detect_time": null,
"category": null,
"source": "adminus_labs"
},
{
"detection": "undetected",
"update_time": "2022-11-28T01:31:05",
"detect_time": null,
"category": null,
"source": "osint"
},
{
"detection": "undetected",
"update_time": "2022-11-28T05:28:18",
"detect_time": null,
"category": null,
"source": "feodotracker"
},
{
"detection": "undetected",
"update_time": "2022-11-28T13:31:27",
"detect_time": null,
"category": null,
"source": "crdf"
}
]
},
"downloaded_files_statistics": {
"total": 1,
"unknown": 0,
"suspicious": 0,
"malicious": 0,
"goodware": 1
},
"top_threats": [],
"requested_ip": "93.184.216.34",
"modified_time": "2022-11-28T13:31:27"
}
Resolutions
GET /api/network-threat-intel/ip/{ip}/resolutions/
Provides a list of IP-to-domain mappings.
Request Format
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| ip | Required | The requested IP address. | path, string |
| page | Optional | SHA1 hash of the next page. | query, string |
| page_size | Optional | Number of records in the response. | query, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/ip/142.250.186.142/resolutions/?page=973f00c91945cb04b89f0657b581974156ad4922&page_size=2' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and ip
token = "exampletoken"
ip = "142.250.186.142"
url = f"https://appliance.example.com/api/network-threat-intel/ip/{ip}/resolutions/?page=973f00c91945cb04b89f0657b581974156ad4922&page_size=2"
headers = {
"authorization": f"token {token}"
}
# add verify=false in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format
Response Schema
properties:
next_page:
type: string
nullable: true
description: If there is no next page, this field is ``null``.
resolutions:
type: array
items:
type: object
properties:
provider:
type: string
last_resolution_time:
type: string
host_name:
type: string
requested_ip:
type: string
Response Example
{
"next_page": null,
"resolutions": [
{
"provider": "ReversingLabs",
"last_resolution_time": "2022-11-28T10:57:09",
"host_name": "example.com"
},
{
"provider": "ReversingLabs",
"last_resolution_time": "2022-11-26T10:17:43",
"host_name": "example.org"
},
{
"provider": "ReversingLabs",
"last_resolution_time": "2022-10-23T09:19:51",
"host_name": "iplogger.com"
},
{
"provider": "ReversingLabs",
"last_resolution_time": "2021-09-21T18:38:46",
"host_name": "example.net"
},
{
"provider": "ReversingLabs",
"last_resolution_time": "2022-03-14T19:26:01",
"host_name": "savemoneyindia.com"
},
{
"provider": "ReversingLabs",
"last_resolution_time": "2022-03-24T17:44:25",
"host_name": "denylist-api.herokuapp.com"
}
],
"requested_ip": "93.184.216.34"
}
URLs
GET /api/network-threat-intel/ip/{ip}/urls/
Returns a list of URLs hosted on the submitted IP address.
Request Format
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| ip | Required | The requested IP address. | path, string |
| page | Optional | SHA1 hash of the next page. | query, string |
| page_size | Optional | Number of records in the response. | query, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/ip/93.184.216.34/urls/?page=973f00c91945cb04b89f0657b581974156ad4922&page_size=2' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and ip
token = "exampletoken"
ip = "142.250.186.142"
url = f"https://appliance.example.com/api/network-threat-intel/ip/{ip}/urls/?page=973f00c91945cb04b89f0657b581974156ad4922&page_size=2"
headers = {
"authorization": f"token {token}"
}
# add verify=false in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format
Response Schema
properties:
next_page:
type: string
nullable: true
description: If there is no next page, this field is ``null``.
urls:
type: array
items:
type: object
properties:
url:
type: string
requested_ip:
type: string
Response Example
{
"next_page": null,
"urls": [
{
"url": "https://example.org/"
},
{
"url": "http://example.com/index.html"
},
{
"url": "https://example.com/?amp;elq=bfa5214c59ef4b51b9356f3b8d8dd10b&elqCampaignId=10525985&elqTrackId=230b8353717a4ce89604e386558dad08&elq_cid=82168169&elqaid=17733&elqat=1&elqcsid=46283&elqcst=272&elq_mid=17733"
},
{
"url": "http://example.org/)"
},
{
"url": "https://example.com/?elq=bfa5214c59ef4b51b9356f3b8d8dd10b&elqCampaignId=10525985&elqTrackId=230b8353717a4ce89604e386558dad08&elq_cid=82168169&elq_mid=17733&elqaid=17733&elqat=1&elqcsid=46283&elqcst=272"
},
{
"url": "http://example.net/"
},
{
"url": "http://:a@example.com/"
},
{
"url": "https://iplogger.com/2gJez3"
},
{
"url": "https://savemoneyindia.com/url.php?go=http://tiny.cc/gd6anz"
},
{
"url": "http://example.com/~user/ispscript.cgi"
},
{
"url": "http://denylist-api.herokuapp.com/"
},
{
"url": "http://example.com/"
},
{
"url": "https://example.com/"
},
{
"url": "http://a:@example.com/"
},
{
"url": "http://example.org/"
},
{
"url": "http://a:b@example.com/"
}
],
"requested_ip": "93.184.216.34"
}
Downloaded Files
GET /api/network-threat-intel/ip/{ip}/downloaded_files/
Provides a list of hashes and classifications for files found on the submitted IP address.
Request Format
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| ip | Required | The requested IP address. | path, string |
| page | Optional | SHA1 hash of the next page. | query, string |
| page_size | Optional | Number of records in the response. | query, string |
| extended | Optional | Include additional information on downloaded files. | query, boolean |
| classification | Optional | Include classification of downloaded files. Allowed values: MALICIOUS, SUSPICIOUS, GOODWARE, UNKNOWN. | query, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/ip/93.184.216.34/downloaded_files/?page=973f00c91945cb04b89f0657b581974156ad4922&page_size=2&extended=true&classification=MALICIOUS' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and ip
token = "exampletoken"
ip = "142.250.186.142"
url = f"https://appliance.example.com/api/network-threat-intel/ip/{ip}/downloaded_files/?page=973f00c91945cb04b89f0657b581974156ad4922&page_size=2&extended=true&classification=MALICIOUS"
headers = {
"authorization": f"token {token}"
}
# add verify=false in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format
Response Schema
properties:
next_page:
type: string
nullable: true
description: If there is no next page, this field is ``null``.
downloaded_files:
type: array
items:
type: object
properties:
sha1:
type: string
last_download_url:
type: string
classification:
type: string
first_download:
type: string
last_seen:
type: string
sample_size:
type: integer
sample_available:
type: boolean
last_download:
type: string
first_seen:
type: string
sha256:
type: string
md5:
type: string
risk_score:
type: integer
sample_type:
type: string
threat_name:
type: 'null'
malware_family:
type: 'null'
malware_type:
type: 'null'
platform:
type: 'null'
subplatform:
type: 'null'
requested_ip:
type: string
Response Example
{
"next_page": null,
"downloaded_files": [
{
"sha1": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047",
"last_download_url": "http://example.com/",
"classification": "GOODWARE",
"first_download": "2022-08-24T12:14:03",
"last_seen": "2022-11-21T12:04:31",
"sample_size": 1256,
"sample_available": true,
"last_download": "2022-11-28T10:57:09",
"first_seen": "2019-10-19T19:48:47",
"sha256": "ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9",
"md5": "84238dfc8092e5d9c0dac8ef93371a07",
"risk_score": 5,
"sample_type": "Text/HTML/HTML",
"threat_name": null,
"malware_family": null,
"malware_type": null,
"platform": null,
"subplatform": null
}
],
"requested_ip": "93.184.216.34"
}