Network Threat Intelligence API
URL
GET /api/network-threat-intel/url/
Returns information about the provided URL.
Request Format
Request Parameters
NAME | REQUIRED | DESCRIPTION | TYPE |
---|---|---|---|
url | Required | The requested URL. This string needs to be URI-encoded. | query, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/url/?url=https%3A%2F%2Fwww.example.com' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and requested_url
token = "exampletoken"
requested_url = "https%3A%2F%2Fwww.example.com"
url = f"https://appliance.example.com/api/network-threat-intel/url/?url={requested_url}"
headers = {
"authorization": f"token {token}"
}
# add verify=False in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format
Response Schema
properties:
third_party_reputations:
type: object
properties:
sources:
type: array
items:
type: object
properties:
source:
type: string
detection:
type: string
category:
type: string
update_time:
type: string
detect_time:
type: string
statistics:
type: object
properties:
total:
type: integer
malicious:
type: integer
clean:
type: integer
undetected:
type: integer
classification:
type: string
analysis:
type: object
properties:
analysis_history:
type: array
items:
type: object
properties:
domain:
type: string
final_url:
type: string
http_response_code:
type: integer
analysis_id:
type: string
availability_status:
type: string
serving_ip_address:
type: string
analysis_time:
type: string
last_analysis:
type: object
properties:
domain:
type: string
http_response_code:
type: integer
analysis_id:
type: string
availability_status:
type: string
serving_ip_address:
type: string
analysis_time:
type: string
first_analysis:
type: string
analysis_count:
type: integer
top_threats:
type: array
items:
type: object
properties:
threat_name:
type: string
files_count:
type: integer
risk_score:
type: integer
statistics:
type: object
properties:
unknown:
type: integer
suspicious:
type: integer
total:
type: integer
malicious:
type: integer
goodware:
type: integer
requested_url:
type: string
Response Examples
{
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "phishing_database",
"update_time": "2022-11-28T10:43:53"
},
{
"detection": "undetected",
"source": "cyren",
"update_time": "2022-11-28T06:12:42"
},
{
"detection": "undetected",
"source": "cyradar",
"update_time": "2022-11-28T06:36:08"
},
{
"detection": "undetected",
"source": "netstar",
"update_time": "2022-11-28T11:39:32"
},
{
"detection": "undetected",
"source": "malsilo",
"update_time": "2022-11-28T00:06:54"
},
{
"detection": "undetected",
"source": "mute",
"update_time": "2022-11-28T10:37:58"
},
{
"detection": "undetected",
"source": "adminus_labs",
"update_time": "2022-11-28T11:53:02"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2022-11-28T02:20:40"
},
{
"detection": "undetected",
"source": "0xSI_f33d",
"update_time": "2022-11-28T06:22:08"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2022-11-28T08:22:21"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2022-11-28T10:47:29"
},
{
"detection": "undetected",
"source": "phishstats",
"update_time": "2022-11-28T05:20:19"
},
{
"detection": "undetected",
"source": "comodo_valkyrie",
"update_time": "2022-11-27T15:42:30"
},
{
"detection": "undetected",
"source": "alien_vault",
"update_time": "2022-11-28T02:02:35"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2022-11-28T01:31:05"
},
{
"detection": "undetected",
"source": "openphish",
"update_time": "2022-11-27T18:02:25"
},
{
"detection": "undetected",
"source": "mrg",
"update_time": "2022-11-28T10:44:41"
},
{
"detection": "undetected",
"source": "phishtank",
"update_time": "2022-11-28T11:24:33"
},
{
"detection": "undetected",
"source": "crdf",
"update_time": "2022-11-28T08:30:08"
},
{
"detection": "undetected",
"source": "urlhaus",
"update_time": "2022-11-28T11:20:58"
}
],
"statistics": {
"total": 20,
"malicious": 0,
"clean": 0,
"undetected": 20
}
},
"classification": "goodware",
"analysis": {
"analysis_history": [
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16685201231489dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T12:53:25"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1668516805009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T12:53:25"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16685489790689dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T20:53:28"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1668545608009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-15T20:53:28"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16685921996389dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-16T08:53:58"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1668588838009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-16T08:53:58"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "16691106111989dc",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-22T08:54:43"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1669107283009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-22T08:54:43"
},
{
"domain": "example.com",
"final_url": "http://example.com/",
"http_response_code": 200,
"analysis_id": "1669636389639c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-28T10:57:09"
},
{
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1669633029009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-28T10:57:09"
}
],
"last_analysis": {
"domain": "example.com",
"http_response_code": 200,
"analysis_id": "1669633029009c17",
"availability_status": "online",
"serving_ip_address": "93.184.216.34",
"analysis_time": "2022-11-28T10:57:09"
},
"first_analysis": "2022-11-15T12:53:25",
"analysis_count": 171,
"statistics": {
"unknown": 0,
"suspicious": 0,
"total": 2,
"malicious": 0,
"goodware": 2
}
},
"requested_url": "www.example.com"
}
Domain
GET /api/network-threat-intel/domain/{domain}/
Returns information about the provided domain.
Request Format
Request Parameters
NAME | REQUIRED | DESCRIPTION | TYPE |
---|---|---|---|
domain | Required | The requested domain. | path, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/domain/example.com/' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and domain
token = "exampletoken"
domain = "example.com"
url = f"https://appliance.example.com/api/network-threat-intel/domain/{domain}/"
headers = {
"authorization": f"token {token}"
}
# add verify=false in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)
Response Format
Response Schema
properties:
parent_domain:
type: string
last_dns_records:
type: array
items:
type: object
properties:
type:
type: string
value:
type: string
provider:
type: string
last_dns_records_time:
type: string
third_party_reputations:
type: object
properties:
sources:
type: array
items:
type: object
properties:
source:
type: string
detection:
type: string
category:
type: string
update_time:
type: string
detect_time:
type: string
statistics:
type: object
properties:
total:
type: integer
malicious:
type: integer
undetected:
type: integer
clean:
type: integer
top_threats:
type: array
items:
type: object
properties:
threat_name:
type: string
files_count:
type: integer
risk_score:
type: integer
modified_time:
type: string
downloaded_files_statistics:
type: object
properties:
unknown:
type: integer
suspicious:
type: integer
total:
type: integer
malicious:
type: integer
goodware:
type: integer
requested_domain:
type: string
Response Example
{
"last_dns_records": [
{
"type": "A",
"value": "93.184.216.34",
"provider": "ReversingLabs"
}
],
"last_dns_records_time": "2022-11-28T10:57:09",
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "phishing_database",
"update_time": "2022-11-28T02:24:00"
},
{
"detection": "undetected",
"source": "0xSI_f33d",
"update_time": "2022-11-28T06:22:08"
},
{
"detection": "malicious",
"source": "cyradar",
"update_time": "2022-11-28T06:36:08",
"detect_time": "2022-06-08T12:55:18"
},
{
"detection": "undetected",
"source": "adminus_labs",
"update_time": "2022-11-28T12:39:42"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2022-11-28T04:06:58"
},
{
"detection": "undetected",
"source": "netstar",
"update_time": "2022-11-28T12:33:27"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2022-11-28T08:22:21"
},
{
"detection": "undetected",
"source": "botvrij",
"update_time": "2022-11-28T02:25:14"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2022-11-28T12:54:06"
},
{
"detection": "undetected",
"source": "comodo_valkyrie",
"update_time": "2022-11-28T05:54:08"
},
{
"detection": "undetected",
"source": "web_security_guard",
"update_time": "2022-01-21T06:56:15"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2022-11-28T01:31:05"
},
{
"detection": "undetected",
"source": "crdf",
"update_time": "2022-11-28T08:30:08"
}
],
"statistics": {
"total": 13,
"malicious": 1,
"undetected": 12,
"clean": 0
}
},
"top_threats": [],
"modified_time": "2022-11-28T12:54:06",
"downloaded_files_statistics": {
"unknown": 0,
"suspicious": 0,
"total": 2,
"malicious": 0,
"goodware": 2
},
"requested_domain": "example.com"
}
IP Address
The IP Address API has four separate endpoints:
- report
- resolutions
- URLs
- downloaded files
Report
GET /api/network-threat-intel/ip/{ip}/report/
Returns:
- Third-party IP address reputation and categorization.
- Counters of samples downloaded from the IP address, mapped to their classification status (malicious, suspicious, known, no threats found).
- The most common threats (malware type, family) hosted on the submitted IP address.
Request Format
NAME | REQUIRED | DESCRIPTION | TYPE |
---|---|---|---|
ip | Required | The requested IP address. | path, string |
Request Examples
cURL
# Add --insecure before the URL if you're using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/network-threat-intel/ip/93.184.216.34/report/' \
--header 'Authorization: Token exampletoken'
Python
import requests
# change the values of url, token, and ip
token = "exampletoken"
ip = "93.184.216.34"
url = f"https://appliance.example.com/api/network-threat-intel/ip/{ip}/report/"
headers = {
"authorization": f"token {token}"
}
# add verify=false in the request if you are using a self-signed ssl certificate
response = requests.get(url, headers=headers)
print(response.text)