Spectra Intelligence API reference (5.0.0)
Download OpenAPI specification:Download
ReversingLabs Spectra Intelligence offers REST web services providing file reputation, file analysis, malware hunting and network indicator information. These can be used for incident response triage, malware analysis, threat intelligence augmentation, and other uses. The output format of API results is either XML or JSON.
TCA-0101: File Reputation (single query)
The File Reputation (Malware Presence) API provides file reputation status calculated by a proprietary ReversingLabs algorithm for the requested sample. The status can be: MALICIOUS, SUSPICIOUS, KNOWN (non-malicious or benign), UNKNOWN. Additional classification-related metadata and hashes can be requested using optional parameters.
Authorizations:
path Parameters
hash_type required | string Enum: "md5" "sha1" "sha256" Required parameter. Specifies which hash type will be used in the request. Supported values: md5, sha1, sha256. |
hash_value required | string Required parameter. Hash of the file for which the user is requesting data from the service. The value must be a valid hash of the same type specified by the |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
extended | boolean Default: false Example: extended=true Optional parameter that specifies whether additional classification metadata for the requested sample should be returned in the response. Additional metadata includes information such as trust factor and threat level values; malware type, family name, and platform; first and last seen times, and more. If the parameter is not provided in the request, the default value is |
show_hashes | boolean Default: false Example: show_hashes=true Optional parameter that specifies whether MD5, SHA1, and SHA256 hashes should be returned in the response for the requested sample, in addition to the rest of the Malware Presence information. If the parameter is not provided in the request, the default value is |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/databrowser/malware_presence/query/sha1/2cfbb1d2ee28644934bbd3baf6a6667905eee27b?extended=true&show_hashes=true&format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "malware_presence": {
- "status": "KNOWN",
- "sha1": "2cfbb1d2ee28644934bbd3baf6a6667905eee27b",
- "threat_level": 0,
- "scanner_percent": 0,
- "scanner_match": 0,
- "last_seen": "2021-11-16T06:56:41",
- "reason": "best_source",
- "scanner_count": 47,
- "query_hash": {
- "sha1": "2cfbb1d2ee28644934bbd3baf6a6667905eee27b"
}, - "first_seen": "2017-08-06T19:56:25",
- "sha256": "624200f51a513c05cdcb948649367f725953da9753a23e7f62861eabdb1f79c9",
- "trust_factor": 0,
- "md5": "c8ef05f345b61d4892496b1f8ddae78c"
}
}
}
TCA-0101: File Reputation (bulk query)
The File Reputation (Malware Presence) Bulk API provides file reputation status calculated by a proprietary ReversingLabs algorithm for the requested samples. Up to 100 hashes can be submitted in one request. The status can be: MALICIOUS, SUSPICIOUS, KNOWN (non-malicious or benign), UNKNOWN. Additional classification-related metadata and hashes can be requested using optional parameters.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
query Parameters
format | string Enum: "xml" "json" Optional parameter that allows choosing the response format. Supported values: json, xml. When the parameter is not included in the request, the response is in the same format specified by the |
extended | boolean Default: false Example: extended=true Optional parameter that specifies whether additional classification metadata for the requested sample should be returned in the response. Additional metadata includes information such as trust factor and threat level values; malware type, family name, and platform; first and last seen times, and more. If the parameter is not provided in the request, the default value is |
show_hashes | boolean Default: false Example: show_hashes=true Optional parameter that specifies whether MD5, SHA1, and SHA256 hashes should be returned in the response for the requested sample, in addition to the rest of the Malware Presence information. If the parameter is not provided in the request, the default value is |
Request Body schema: application/jsonrequired
hashes
is an array of valid hashes of the same type as specified in the hash_type
parameter.
Up to 100 hashes can be submitted in one request.
required | object | ||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "hash_type": "sha1",
- "hashes": [
- "a7afddb68260a60f86c02a021efba7f216c2e7cf",
- "ca03064987d3c4465f91552ba8b6a883eecfd3e5",
- "b363713a938afcd3c74603827fab79e935b2b09b",
- "example_of_a_wrong_hash"
]
}
}
}
Response samples
- 200
{- "rl": {
- "invalid_hashes": [
- "example_of_a_wrong_hash"
], - "entries": [
- {
- "status": "UNKNOWN",
- "query_hash": {
- "sha1": "ca03064987d3c4465f91552ba8b6a883eecfd3e5"
}
}, - {
- "status": "KNOWN",
- "query_hash": {
- "sha1": "b363713a938afcd3c74603827fab79e935b2b09b"
}
}, - {
- "status": "KNOWN",
- "query_hash": {
- "sha1": "a7afddb68260a60f86c02a021efba7f216c2e7cf"
}
}
]
}
}
TCA-0102: File Reputation Override
The File Reputation Override (Malware Presence) API enables file reputation status override for the requested samples. Up to 100 hashes can be submitted in one request. The status can be: MALICIOUS, SUSPICIOUS, or KNOWN (non-malicious or benign). Additional classification-related metadata and can be specified using optional parameters.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Request Body schema: application/jsonrequired
override_samples
is an array of samples to override. Each sample must be defined by sha1
, md5
, and sha256
, and include new status
for those hashes and may include threat_name
, threat_level
and trust_factor
depending on the status
value. remove_override
is an array of samples which already have an override that should be removed. Each sample must be defined by sha1
, md5
and sha256
. Up to 100 hashes can be submitted in one request.
required | object | ||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "override_samples": [
- {
- "sha1": "9865c7ecda437034e1513cc43ae9a1f6f334bb7f",
- "md5": "294c7e5ecdc3e94c6ea3f5a7c9ccc581",
- "sha256": "3cdbba0294d51b060436952e23dcf6243dd53e52a7b41bf60ee90583f27bc4ea",
- "status": "KNOWN",
- "trust_factor": 3
}, - {
- "sha1": "2cfbb1d2ee28644934bbd3baf6a6667905eee27b",
- "md5": "c8ef05f345b61d4892496b1f8ddae78c",
- "sha256": "624200f51a513c05cdcb948649367f725953da9753a23e7f62861eabdb1f79c9",
- "status": "MALICIOUS",
- "threat_level": 2,
- "threat_name": "Win32.Backdoor.Bifrost"
}
], - "remove_override": [
- {
- "sha1": "00000aae8c7a59999e156524a8d6fd35009f4275",
- "md5": "77459f04fde5c9945ed57508bfe54922",
- "sha256": "c88f99d08545143779123578804d71e83db8c0dfeb00284b646e3a3982568034"
}
]
}
}
}
Response samples
- 200
{- "rl": {
- "user_override": {
- "create_override": [
- {
- "sha1": "9865c7ecda437034e1513cc43ae9a1f6f334bb7f",
- "md5": "294c7e5ecdc3e94c6ea3f5a7c9ccc581",
- "sha256": "3cdbba0294d51b060436952e23dcf6243dd53e52a7b41bf60ee90583f27bc4ea",
- "status": "KNOWN",
- "trust_factor": 3
}
], - "replace_override": [
- {
- "sha1": "2cfbb1d2ee28644934bbd3baf6a6667905eee27b",
- "md5": "c8ef05f345b61d4892496b1f8ddae78c",
- "sha256": "624200f51a513c05cdcb948649367f725953da9753a23e7f62861eabdb1f79c9",
- "status": "MALICIOUS",
- "threat_level": 2,
- "threat_name": "Win32.Backdoor.Bifrost"
}
], - "remove_override": [
- {
- "sha1": "00000aae8c7a59999e156524a8d6fd35009f4275",
- "md5": "77459f04fde5c9945ed57508bfe54922",
- "sha256": "c88f99d08545143779123578804d71e83db8c0dfeb00284b646e3a3982568034"
}
]
}
}
}
TCA-0102: File Reputation Override (list)
The File Reputation Override (list) API lists all existing file reputation status overrides for the requested user. The hashes are sorted. Up to 1000 hashes will be returned. If there are more than 1000 active overrides, next_hash
value in the previous response may be provided as the start_hash
of the subsequent request to enumerate all hashes. Find more information in the official API documentation.
Authorizations:
path Parameters
hash_type required | string Enum: "xml" "json" Required parameter that defines the type of hash to be returned. Supported options are sha1, md5, and sha256. |
query Parameters
start_hash | string Example: start_hash=9865c7ecda437034e1513cc43ae9a1f6f334bb7f Optional parameter that specified the first hash in the response to be returned. Enables pagination. |
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/databrowser/malware_presence/user_override/list_hashes/sha1?start_hash=9865c7ecda437034e1513cc43ae9a1f6f334bb7f&format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "user_override": {
- "hash_values": [
- "9865c7ecda437034e1513cc43ae9a1f6f334bb7f",
- "a59e1bcd410e160a59fd3d5a599afd73039bd110",
- "f27c761f8ba4da2049e3fb5a04664d24cb22f020",
- "f47dbda56cce16999b9784965ea2db6ed541f080"
], - "next_hash": null
}
}
}
TCA-0103: Historic Multi-AV Scan Records (single query)
The Historic Multi-AV Scan Records (XREF) API provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for the requested sample. An optional parameter history
can be used in requests to this API to retrieve historical XREF record changes for the sample (if available).
Authorizations:
path Parameters
hash_type required | string Enum: "md5" "sha1" "sha256" Required parameter. Specifies which hash type will be used in the request. Supported values: md5, sha1, sha256. |
hash_value required | string Required parameter. Hash of the file for which the user is requesting data from the service. The value must be a valid hash of the same type specified by the |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
history | boolean Default: false Example: history=true Optional parameter that defines whether the response should contain a history of XREF records for a sample (when |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/xref/v2/query/sha1/7d8f177243cfa055c95cbbf32ebc2d7e8c71d4fb?format=json&history=true' --user <username>:<password>
Response samples
- 200
TCA-0103: Historic Multi-AV Scan Records (bulk query)
The Historic Multi-AV Scan Records Bulk API provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for up to 100 requested samples. An optional parameter history
can be used in requests to this API to retrieve historical XREF record changes for each sample (if available).
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
query Parameters
format | string Enum: "xml" "json" Optional parameter that allows choosing the response format. Supported values: json, xml. When the parameter is not included in the request, the response is in the same format specified by the |
history | boolean Default: false Example: history=true Optional parameter that defines whether the response should contain a history of XREF records for a sample (when |
Request Body schema: application/jsonrequired
hashes
is an array of valid hashes of the same type as specified in the hash_type
parameter.
Up to 100 hashes can be submitted in one request.
required | object | ||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "hash_type": "sha1",
- "hashes": [
- "a7afddb68260a60f86c02a021efba7f216c2e7cf",
- "ca03064987d3c4465f91552ba8b6a883eecfd3e5",
- "b363713a938afcd3c74603827fab79e935b2b09b",
- "example_of_a_wrong_hash"
]
}
}
}
Response samples
- 200
{- "rl": {
- "samples": [
- {
- "sha1": "string",
- "first_seen_on": "string",
- "last_scanned_on": "string",
- "last_seen_on": "string",
- "single_scan": true,
- "first_scanned_on": "string",
- "sample_type": "string",
- "sample_size": 0,
- "xref": [
- {
- "scanner_match": 0,
- "scanner_count": 0,
- "scanners": [
- {
- "timestamp": "string",
- "version": "string",
- "name": "string"
}
], - "scanned_on": "string",
- "results": [
- {
- "scanner": "string",
- "result": "string"
}
]
}
], - "sha384": "string",
- "sha256": "string",
- "sha512": "string",
- "ripemd160": "string",
- "md5": "string"
}
], - "unknown_hashes": [
- { }
], - "invalid_hashes": [
- { }
]
}
}
TCA-0104: File Analysis - Hash (single query)
The File Analysis - Hash [RLDATA] API provides analysis results for the requested hash. The extent of analysis data returned in the response varies based on the file type. Note that the dynamic analysis report is only available with additional permissions.
Authorizations:
path Parameters
hash_type required | string Enum: "md5" "sha1" "sha256" Required parameter. Specifies which hash type will be used in the request. Supported values: md5, sha1, sha256. |
hash_value required | string Required parameter. Hash of the file for which the user is requesting data from the service. The value must be a valid hash of the same type specified by the |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/databrowser/rldata/query/sha1/a45ab18fb7a06dd5ecb44bf6c221a951f974059f?format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "sample": {
- "sha1": "string",
- "md5": "string",
- "sha256": "string",
- "sha384": "string",
- "sha512": "string",
- "ripemd160": "string",
- "ssdeep": "string",
- "tlsh": "string",
- "sample_size": 0,
- "relationships": {
- "container_sample_sha1": [
- { }
]
}, - "analysis": {
- "entries": [
- {
- "record_time": "string",
- "analysis_type": "string",
- "analysis_version": "string",
- "tc_report": {
- "info": {
- "file": {
- "file_type": "string",
- "file_subtype": "string",
- "proposed_filename": "string"
}, - "identification": {
- "name": "string"
}, - "validation": "string",
- "package": { }
}, - "metadata": {
- "application": [ ],
- "certificate": [ ],
- "attack": [ ],
- "software_packages": [ ]
}, - "interesting_strings": [
- {
- "category": "string",
- "values": [
- { }
]
}
], - "story": "string"
}, - "indicators": "string"
}
]
}, - "xref": {
- "entries": [
- {
- "record_time": "string",
- "scanners": [
- {
- "name": "string",
- "result": "string"
}
], - "info": {
- "scanners": [
- {
- "name": "string",
- "version": "string",
- "timestamp": "string"
}
]
}
}
], - "first_seen": "string",
- "last_seen": "string",
- "sample_type": "string"
}, - "sources": {
- "entries": [
- {
- "record_time": "string",
- "tag": "string",
- "properties": [
- {
- "name": "string",
- "value": "string"
}
], - "domain": {
- "name": "string"
}
}
]
}
}
}
}
TCA-0104: File Analysis - Hash (bulk query)
The File Analysis - Hash [RLDATA] Bulk API provides analysis results for up to 100 requested hashes in a single response. The extent of analysis data returned in the response varies based on the file type. Note that the dynamic analysis report is only available with additional permissions. Find more information in the official API documentation.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
query Parameters
format | string Enum: "xml" "json" Optional parameter that allows choosing the response format. Supported values: json, xml. When the parameter is not included in the request, the response is in the same format specified by the |
Request Body schema: application/jsonrequired
hashes
is an array of valid hashes of the same type as specified in the hash_type
parameter.
Up to 100 hashes can be submitted in one request.
required | object | ||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "hash_type": "sha1",
- "hashes": [
- "a7afddb68260a60f86c02a021efba7f216c2e7cf",
- "ca03064987d3c4465f91552ba8b6a883eecfd3e5",
- "b363713a938afcd3c74603827fab79e935b2b09b",
- "example_of_a_wrong_hash"
]
}
}
}
Response samples
- 200
{- "rl": {
- "entries": [
- {
- "sha1": "string",
- "crc32": "string",
- "md5": "string",
- "sha256": "string",
- "sha384": "string",
- "sha512": "string",
- "ripemd160": "string",
- "sample_size": 0,
- "relationships": {
- "container_sample_sha1": [
- { }
], - "parent_sample_sha1": [
- { }
]
}, - "analysis": {
- "entries": [
- {
- "record_time": "string",
- "analysis_type": "string",
- "analysis_version": "string",
- "tc_report": {
- "info": {
- "file": {
- "file_type": null,
- "file_subtype": null
}
}
}
}
]
}, - "xref": {
- "entries": [
- {
- "record_time": "string",
- "scanners": [
- {
- "name": "string",
- "result": "string"
}
], - "info": {
- "scanners": [
- {
- "name": null,
- "version": null,
- "timestamp": null
}
]
}
}
], - "first_seen": "string",
- "last_seen": "string",
- "sample_type": "string"
}, - "sources": {
- "entries": [
- {
- "record_time": "string",
- "tag": "string",
- "properties": [
- {
- "name": "string",
- "value": "string"
}
]
}
]
}
}
], - "invalid_hashes": [
- { }
], - "unknown_hashes": [
- { }
]
}
}
TCA-0105: File Analysis - Non-Malicious (single query)
The File Analysis - Non-Malicious [RLDATA Goodware] API provides sample hashes, trust factor, relationships, size, and sources for benign samples only. If a malicious hash is queried, a 404 (Not Found) HTTP response will be returned.
Authorizations:
path Parameters
hash_type required | string Enum: "md5" "sha1" "sha256" Required parameter. Specifies which hash type will be used in the request. Supported values: md5, sha1, sha256. |
hash_value required | string Required parameter. Hash of the file for which the user is requesting data from the service. The value must be a valid hash of the same type specified by the |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/databrowser/rldata/goodware/query/sha1/a25b6db2d363eaa31de348399aedc5651280b52b?format=json' --user <username>:<password> --header 'Content-Type: application/json'
Response samples
- 200
{- "rl": {
- "sample": {
- "sha1": "string",
- "trust_factor": 0,
- "md5": "string",
- "sha256": "string",
- "sha384": "string",
- "sha512": "string",
- "pe_sha1": "string",
- "pe_sha256": "string",
- "ripemd160": "string",
- "ssdeep": "string",
- "sample_size": 0,
- "tlsh": "string",
- "relationships": {
- "container_sample_sha1": [
- { }
]
}, - "sources": {
- "entries": [
- {
- "record_time": "string",
- "tag": "string",
- "properties": [
- {
- "name": "string",
- "value": "string"
}
], - "domain": {
- "name": "string"
}
}
]
}
}
}
}
TCA-0105: File Analysis - Non-Malicious (bulk query)
The File Analysis - Non-Malicious [RLDATA Goodware] Bulk API provides sample hashes, trust factor, relationships, size, and sources for benign samples only. Up to 100 hashes can be submitted in one request. If a malicious hash is queried, a 404 (Not Found) HTTP response will be returned. Find more information in the official API documentation.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
query Parameters
format | string Enum: "xml" "json" Optional parameter that allows choosing the response format. Supported values: json, xml. When the parameter is not included in the request, the response is in the same format specified by the |
Request Body schema: application/jsonrequired
hashes
is an array of valid hashes of the same type as specified in the hash_type
parameter.
Up to 100 hashes can be submitted in one request.
required | object | ||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "hash_type": "sha1",
- "hashes": [
- "a7afddb68260a60f86c02a021efba7f216c2e7cf",
- "ca03064987d3c4465f91552ba8b6a883eecfd3e5",
- "b363713a938afcd3c74603827fab79e935b2b09b",
- "example_of_a_wrong_hash"
]
}
}
}
Response samples
- 200
{- "rl": {
- "entries": [
- {
- "sha1": "string",
- "trust_factor": 0,
- "crc32": "string",
- "md5": "string",
- "sha256": "string",
- "sha384": "string",
- "sha512": "string",
- "pe_sha1": "string",
- "pe_sha256": "string",
- "ripemd160": "string",
- "sample_size": 0,
- "tlsh": "string",
- "relationships": {
- "container_sample_sha1": [
- { }
], - "parent_sample_sha1": [
- { }
]
}, - "sources": {
- "entries": [
- {
- "record_time": "string",
- "tag": "string",
- "properties": [
- {
- "name": "string",
- "value": "string"
}
]
}
]
}
}
], - "invalid_hashes": [
- { }
], - "unknown_hashes": [
- { }
]
}
}
TCA-0501: Certificate Index
The Certificate Index API provides a list of samples that are signed with the requested certificate. The certificate should be requested using its thumbprint value as a SHA1, SHA256, or MD5 hash. Only one certificate thumbprint can be submitted in one request. Optional parameters can be used in the request to retrieve additional sample metadata and filter the results by classification status.
Authorizations:
path Parameters
thumbprint required | string Required parameter that specifies the thumbprint of the certificate for which the user is requesting data from the service. The thumbprint value should be provided as a valid hash. Supported hash types are: MD5, SHA1, SHA256. |
query Parameters
limit | integer [ 1 .. 100 ] Default: 100 Example: limit=50 Optional parameter; specifies the maximum number of sample SHA1 hashes to include in the response. This value has to be an integer in the range from 1 and 100. When the parameter is not included in the request, 100 hashes are returned by default. |
extended | boolean Default: false Example: extended=true If the extended option is selected, each SHA1 hash in the list will be expanded with additional metadata: certificate validation status, classification, threat level, trust factor, malware family name, threat name, malware type, targeted platform and subplatform; SHA1, MD5, PE_SHA1, PE_SHA256 and SHA256 hashes; sample size, sample type, download availability, first and last seen dates (UTC). |
classification | string Enum: "known" "malicious" "suspicious" "unknown" Example: classification=malicious Optional parameter that allows filtering the results by their classification status. If this parameter is provided in the request, the response will include only those samples that match the requested status. Supported values are: known, malicious, suspicious, unknown (case-insensitive). |
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/certificate/index/v1/query/thumbprint/A909502DD82AE41433E6F83886B00D4277A32A7B?format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "next_page": "0133a64a3e360138da5820e25178490577d0400d",
- "request": {
- "extended": false,
- "limit": "100",
- "response_format": "json",
- "thumbprint": "A909502DD82AE41433E6F83886B00D4277A32A7B"
}, - "samples": {
- "item": [
- "0114bec01a2248fe7cb147f7c064d1d88d00430e",
- "011c509102410d427105dbce0d927d66263db0bd",
- "..."
]
}
}
}
TCA-0501: Certificate Index (paginated)
The Certificate Index API provides a list of samples that are signed with the requested certificate. The certificate should be requested using its thumbprint value as a SHA1, SHA256, or MD5 hash. Only one certificate thumbprint can be submitted in one request. Optional parameters can be used in the request to retrieve additional sample metadata and filter the results by classification status.
Authorizations:
path Parameters
thumbprint required | string Required parameter that specifies the thumbprint of the certificate for which the user is requesting data from the service. The thumbprint value should be provided as a valid hash. Supported hash types are: MD5, SHA1, SHA256. |
next_page | string Optional parameter used for pagination. To get the next page of results from the API, use the |
query Parameters
limit | integer [ 1 .. 100 ] Default: 100 Example: limit=50 Optional parameter; specifies the maximum number of sample SHA1 hashes to include in the response. This value has to be an integer in the range from 1 and 100. When the parameter is not included in the request, 100 hashes are returned by default. |
extended | boolean Default: false Example: extended=true If the extended option is selected, each SHA1 hash in the list will be expanded with additional metadata: certificate validation status, classification, threat level, trust factor, malware family name, threat name, malware type, targeted platform and subplatform; SHA1, MD5, PE_SHA1, PE_SHA256 and SHA256 hashes; sample size, sample type, download availability, first and last seen dates (UTC). |
classification | string Enum: "known" "malicious" "suspicious" "unknown" Example: classification=malicious Optional parameter that allows filtering the results by their classification status. If this parameter is provided in the request, the response will include only those samples that match the requested status. Supported values are: known, malicious, suspicious, unknown (case-insensitive). |
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/certificate/index/v1/query/thumbprint/A909502DD82AE41433E6F83886B00D4277A32A7B?format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "next_page": "0133a64a3e360138da5820e25178490577d0400d",
- "request": {
- "extended": false,
- "limit": "100",
- "response_format": "json",
- "thumbprint": "A909502DD82AE41433E6F83886B00D4277A32A7B"
}, - "samples": {
- "item": [
- "0114bec01a2248fe7cb147f7c064d1d88d00430e",
- "011c509102410d427105dbce0d927d66263db0bd",
- "..."
]
}
}
}
TCA-0502: Certificate Analytics
The Certificate Analytics API provides certificate analytics for the requested certificate and its chain of trust. The certificate should be requested using its thumbprint value as a SHA1, SHA256, or MD5 hash. Sending requests using the GET method allows only one thumbprint per request, while the POST method accepts up to 100 thumbprints in one request. Find more information in the official API documentation.
Authorizations:
path Parameters
post_format required | string |
thumbprint required | string Required parameter that specifies the thumbprint of the certificate for which the user is requesting data from the service. The thumbprint value should be provided as a valid hash. Supported hash types are: MD5, SHA1, SHA256. |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/certificate/analytics/v1/query/thumbprint/18254B1DC375B74E339EB99ABFE31AF0D735CB5A3B535570731175811D735B0D?format=json' --user <username>:<password> --header 'Content-Type: application/json'
Response samples
- 200
{- "rl": {
- "request": {
- "response_format": "json",
- "thumbprint": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
}, - "certificate_analytics": {
- "certificate_first_seen": "2022-09-14T08:05:10",
- "statistics": {
- "known": 77,
- "unknown": 1,
- "malicious": 0,
- "suspicious": 0,
- "total": 78
}, - "classification": {
- "status": "undefined"
}, - "certificate": {
- "valid_from": "2022-06-14T04:02:43Z",
- "signature_algorithm": "sha256WithRSAEncryption",
- "valid_to": "2025-07-12T07:06:34Z",
- "version": "2",
- "extensions": [
- {
- "is_critical": "True",
- "name": "X509v3 Key Usage",
- "value": "Digital Signature"
}, - {
- "is_critical": "False",
- "name": "Authority Information Access",
- "value": "CA Issuers - URI:http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt\nOCSP - URI:http://ocsp.globalsign.com/gsgccr45evcodesignca2020\n"
}, - {
- "is_critical": "False",
- "name": "X509v3 Certificate Policies",
- "value": "Policy: 1.3.6.1.4.1.4146.1.2\n CPS: https://www.globalsign.com/repository/\nPolicy: 2.23.140.1.3\n"
}, - {
- "is_critical": "False",
- "name": "X509v3 Basic Constraints",
- "value": "CA:FALSE"
}, - {
- "is_critical": "False",
- "name": "X509v3 CRL Distribution Points",
- "value": "Full Name:\n URI:http://crl.globalsign.com/gsgccr45evcodesignca2020.crl\n"
}, - {
- "is_critical": "False",
- "name": "X509v3 Extended Key Usage",
- "value": "Code Signing"
}, - {
- "is_critical": "False",
- "name": "X509v3 Authority Key Identifier",
- "value": "keyid:25:9D:D0:FC:59:09:86:63:C5:EC:F3:B1:13:3B:57:1C:03:92:36:11\n"
}, - {
- "is_critical": "False",
- "name": "X509v3 Subject Key Identifier",
- "value": "B9:8B:D3:79:F7:03:DC:12:78:E5:28:C2:AF:E8:61:4D:3E:E1:AC:E3"
}
], - "signature": "5B69F2E4D90E7BE365D1C7AC43371CB7776CEECA23F711A58800F1091BFABCC1B84E48ADAC4369227C12B4E245B3614E4A458EC2F4910F403A5C65AF14FB75D183C5CAEA2F1420728FAE1E982286FCDFFFC05B1CE0B1A7F20B40722AD54BB6DCC9E43A8C56B6F7095FC1A9BE7C66B8C7C5AF02F1796D5A83C571256B969FC26F7D7FC450D18424862E8CD1E025EEA76AA1960A98A9A3901BCEC5F0BE5C4EE75A3B54737E95458AE7945904FB998A00AFFD6EC08545B5617352444248D5AFF9F2AC565F8002F64C03FBFFD06052849F3C198AD516E7C6B711704B9F3A005076DDA3059DEBC975DB2F3965F589494E62DE687762783502E2E2EBA139A54300B59E116BA9CBD8323F7EB2C831A857D540E243C277C7DC59320AA3122E4A60E0908102342BFEC432407BD0F911E53D8C2CDF36A63FD1FE8DC271DF5F0CA0A32C6DC01DB8BD271F7766C2798F220171DDE4189C3411E88E0573D23291CDA2884217BB55458C8D4B957EFBC8B0D58F88490924C68E1BE8A7348C3F490B7D4158DB936902FF473A033A2F78F311FB44EEF9C2547A1632CEE370A20D3E9042C49C219C877AE9DB73E0542657A66F27C7EA7C3B594CCC4CD0BDEFC3B40443DBE4AA0E7875684531C6E51BCCF876BD9AA052E0A15FF5BBE1D5E77F63E80E3C5D08D200CAE0C5BC219A89DF67FA38C60EB60FFDA27324DEC43EBBB2E37BF341458B075084B5",
- "common_name": "Reallusion Inc.",
- "serial_number": "67C6DAAFB381A5567534EB0F",
- "certificate_thumbprints": [
- {
- "name": "MD5",
- "value": "3b5d3951bd5930863767cd86a4ba27c5"
}, - {
- "name": "SHA1",
- "value": "e18af391a8ba1ae94eb61794c573c5a9856c80d3"
}, - {
- "name": "SHA256",
- "value": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
}
], - "issuer": "GlobalSign GCC R45 EV CodeSigning CA 2020"
}
}
}
}
TCA-0502: Certificate Analytics
The Certificate Analytics API provides certificate analytics for the requested certificate and its chain of trust. The certificate should be requested using its thumbprint value as a SHA1, SHA256, or MD5 hash. Sending requests using the GET method allows only one thumbprint per request, while the POST method accepts up to 100 thumbprints in one request. Find more information in the official API documentation.
Authorizations:
path Parameters
thumbprint required | string |
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
thumbprints
is a required parameter that specifies a list of certificate thumbprints for which the user is requesting data from the service. Each thumbprint value should be provided as a valid hash. Supported hash types are: MD5, SHA1, SHA256. Up to 100 thumbprints can be submitted in one request.
required | object | ||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "thumbprints": [
- "18254B1DC375B74E339EB99ABFE31AF0D735CB5A3B535570731175811D735B0D"
], - "format": "json"
}
}
}
Response samples
- 200
{- "rl": {
- "request": {
- "response_format": "json",
- "thumbprints": [
- "18254B1DC375B74E339EB99ABFE31AF0D735CB5A3B535570731175811D735B0D"
]
}, - "certificate_analytics": [
- {
- "certificate_first_seen": "2018-11-25T23:50:11",
- "statistics": {
- "known": 1,
- "unknown": 0,
- "malicious": 0,
- "suspicious": 0,
- "total": 1
}, - "classification": {
- "status": "undefined"
}, - "certificate": {
- "valid_from": "Sep 3 17:25:37 2018 GMT",
- "signature_algorithm": "sha1WithRSAEncryption",
- "valid_to": "Oct 3 17:25:37 2018 GMT",
- "usage": [
- "X509v3 Key Usage",
- "X509v3 Basic Constraints",
- "Authority Information Access",
- "X509v3 Certificate Policies",
- "X509v3 CRL Distribution Points",
- "X509v3 Extended Key Usage"
], - "version": "2",
- "signature": "CB1D7E0B933642F8B9CA16C90825B6FE7C449932DFBB2B6651077E73583394B37551B2AA2880C7B0F4C2E7289D0743996ACB34CB8FE71D0438072F921F3E7A53E547970B4BC8928D2F18ED9FCCA8062D46A6EBFE24166523DF9191AF84F8FCD3450D82E0556031E7580494597661EB155DA13D744F0BADCD14510FF29C18499BDB3239926A0281FB0090EF548D2AB7DC68A952CFAC1B48ED459E777EA9136DAAA33ACB5149748146DC7138FE7E8F06978B12F8B2B0F47CA24E927EB6A3A8A26A6A85AD046F1D8897F3843A072E3695BAAA4AC39797D66C7A6C1E50F1F6B3B1D9131288343BF44436A071B36B5137F206025550755F16D7E79D02709ACF3235FD",
- "common_name": "Microsoft",
- "serial_number": "9935F30E9D6FECB0873E4114E000E1C776B3D432",
- "certificate_thumbprints": [
- {
- "name": "MD5",
- "value": "2377666edb5a4d5656f68e002efb8415"
}, - {
- "name": "SHA1",
- "value": "4f0333347b6f953b33966e976f24c5da36d75143"
}, - {
- "name": "SHA256",
- "value": "18254B1DC375B74E339EB99ABFE31AF0D735CB5A3B535570731175811D735B0D"
}
], - "issuer": {
- "valid_from": "Apr 21 12:15:17 2009 GMT",
- "signature_algorithm": "sha1WithRSAEncryption",
- "valid_to": "Apr 14 23:59:59 2028 GMT",
- "usage": [
- "X509v3 Key Usage",
- "X509v3 Basic Constraints",
- "X509v3 Certificate Policies",
- "X509v3 Subject Key Identifier",
- "X509v3 CRL Distribution Points",
- "Authority Information Access",
- "X509v3 Authority Key Identifier"
], - "version": "2",
- "signature": "949497A1A31399BA864A5C8B658B3E824CAC6F744C02DB8A01994B5CD360BB08C14C5FC7456776147F614EDD5107F9BC53E1CD07FD9B09BDBE2753F56C1DE968348660E24FC2E1E72ED3E17CAA8EE30A377729EDE0C592B482521BD3F0B8369FFAB179E24C0F7821B45868C97B48E40FFA0A63C706470D32D4190213912A3A49E35C126BEBC7EAFD53CC2F28B70FB1BB18320243BF8519A6981220183BB0C4A7CBADD05045959E051996A87EE0AD0944D20618A41152E05968AF006A8E2203A7A147E763AB2D2F602D5D9FD5E9B1310025C21DCB3019B0BD4B5342CFBEF0CF285F61295D90881DEA0E10510C6F3984BF823CF32A281C9C5C4CBD36EAF725FF52",
- "common_name": "Ascertia Public CA 1",
- "serial_number": "E6",
- "certificate_thumbprints": [
- {
- "name": "MD5",
- "value": "c00947372e2954d2202b82c0b435810e"
}, - {
- "name": "SHA1",
- "value": "36d8f9de10381aaee9bca2aebca8b75804f49ea7"
}, - {
- "name": "SHA256",
- "value": "74FBDED7D182E0C8BD89EE7F277EC99A18688265B28918D24E8787CFE9E70599"
}
], - "issuer": "Ascertia Root CA 2"
}
}
}
]
}
}
TCA-0503: Certificate Thumbprint Search
The Certificate Thumbprint Search API allows users to find certificate thumbprints by using the full or partial certificate common name as the search keyword. The results contain thumbprints of certificates that match the requested common name. Those thumbprints can be used with the TCA-0501 and TCA-0502 APIs to obtain a list of certificate-signed samples and certificate analytics, respectively.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "common_name": "Microsoft*",
- "response_format": "json",
- "limit": 5
}
}
}
Response samples
- 200
{- "rl": {
- "next_page_common_name": "Microsoft",
- "search": [
- {
- "common_name": "Microsoft",
- "thumbprints": [
- {
- "certificate_thumbprints": [
- {
- "name": "MD5",
- "value": "65cea96f7314405df019c2986c7fce75"
}, - {
- "name": "SHA1",
- "value": "e1a3bad62fdb0190b404b42255ea1362563fc193"
}, - {
- "name": "SHA256",
- "value": "405B4768D0259046589D49C8B6..."
}
]
}, - {
- "certificate_thumbprints": [
- {
- "name": "MD5",
- "value": "7fe3e576b290124c52407ee921717146"
}, - {
- "name": "SHA1",
- "value": "d5d0b2a4ccb4de53281f744b6a5b779b0c30ffbc"
}, - {
- "name": "SHA256",
- "value": "29CE46C4F39751D4FF9D2024.."
}
]
}
]
}
], - "next_page_thumbprint": "405B4768D0259046589D49C8B6734...",
- "request": {
- "common_name": "Microsoft*",
- "limit": 5,
- "response_format": "json"
}
}
}
TCA-0401: URI to Hash Search
The URI to Hash Search API provides a list of all available SHA1 hashes associated with the requested URI. The following URI types are supported: email, URL, IPv4 address, domain. Only one URI can be submitted in one request. Sending requests using the GET method requires the SHA1 value of the URI string, while the POST method accepts the URI string value in plain text.
Authorizations:
path Parameters
hash required | string SHA1 hash value of the URI string for which the user is requesting data from the service. The user should generate a SHA1 hash of the URI string prior to submitting a request. |
query Parameters
classification | string Enum: "known" "malicious" "suspicious" "unknown" Example: classification=malicious Optional parameter that allows filtering the results by their classification status. If this parameter is provided in the request, the response will include only those samples that match the requested status. Supported values are: known, malicious, suspicious, unknown (case-insensitive). |
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/uri_index/v1/query/c2208abde9668e8e9815c3690855edd1e63abeac?format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "uri_index": {
- "query_uri": "c2208abde9668e8e9815c3690855edd1e63abeac",
- "next_page_sha1": "0001abca87b025b7421af1f373127d113a6b4cba",
- "sha1_list": [
- "000000e468f936299bb9187535aa96d8db8e3962",
- "000000f892ff8066e0e801e53c2c309959fe34ca",
- "000001271c7236f5ddc9732a5aeec2127ca8855d",
- "0000014a076179bc98c54afc507ca13d29473715",
- "000001700c0d84071dc274a8bd8c58b93e921137",
- "0000031185694d6ea5119204dbb4a3388f8688ca",
- "0000032bf47e3fe80d81152b35fb18f4245e9568",
- "000003340e70a507e5f90a4b653082b6d4ed7c02",
- "00000357120e5c11cc244d1c5bd867b47522fb27",
- "000003cb5efc20bac3953df5261bc7488987a076",
- "000003e288a9f4931fa14fee2853ab774624d724",
- "0000042018062a913b1ed124dd73ba8f41f545c8",
- "000005bf7867d0c2e34e8933faa7db53e058b024",
- "000005cff15f1b56eb6ffa0061015fdf2a013b42",
- "000006ae8c452c3c2d50a471f5eb80fb00744914",
- "000006e55f1b311dce64f4f9246a21d96a7d6a23",
- "000007d039919c650898f73f8c678a1eb4ec5d2d"
]
}
}
}
TCA-0401: URI to Hash Search (paginated)
The URI to Hash Search API provides a list of all available SHA1 hashes associated with the requested URI. The following URI types are supported: email, URL, IPv4 address, domain. Only one URI can be submitted in one request. Sending requests using the GET method requires the SHA1 value of the URI string, while the POST method accepts the URI string value in plain text. Find more information in the official API documentation.
Authorizations:
path Parameters
hash required | string Next page hash value. |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
header Parameters
Content-Type: required | string Enum: "application/json" "text/xml" Required parameter that defines the POST payload format. |
Request Body schema: application/jsonrequired
object | |||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "uri": "google.com",
- "next_page_sha1": "0514718b9f0eba3dac00"
}
}
}
Response samples
- 200
{- "rl": {
- "uri_index": {
- "query_uri": "c2208abde9668e8e9815c3690855edd1e63abeac",
- "next_page_sha1": "0001abca87b025b7421af1f373127d113a6b4cba",
- "sha1_list": [
- "000000e468f936299bb9187535aa96d8db8e3962",
- "000000f892ff8066e0e801e53c2c309959fe34ca",
- "000001271c7236f5ddc9732a5aeec2127ca8855d",
- "0000014a076179bc98c54afc507ca13d29473715",
- "000001700c0d84071dc274a8bd8c58b93e921137",
- "0000031185694d6ea5119204dbb4a3388f8688ca",
- "0000032bf47e3fe80d81152b35fb18f4245e9568",
- "000003340e70a507e5f90a4b653082b6d4ed7c02",
- "00000357120e5c11cc244d1c5bd867b47522fb27",
- "000003cb5efc20bac3953df5261bc7488987a076",
- "000003e288a9f4931fa14fee2853ab774624d724",
- "0000042018062a913b1ed124dd73ba8f41f545c8",
- "000005bf7867d0c2e34e8933faa7db53e058b024",
- "000005cff15f1b56eb6ffa0061015fdf2a013b42",
- "000006ae8c452c3c2d50a471f5eb80fb00744914",
- "000006e55f1b311dce64f4f9246a21d96a7d6a23",
- "000007d039919c650898f73f8c678a1eb4ec5d2d"
]
}
}
}
TCA-0401: URI to Hash Search
The URI to Hash Search service provides a list of all available SHA1 hashes associated with the requested URI. This service takes into account network IOCs extracted during file static analysis and uses that data to correlate URIs with samples. The following URI types are supported: email, URL, IPv4 address, and domain. Only one URI can be submitted in one request. Find more information in the official API documentation.
Authorizations:
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
header Parameters
Content-Type: required | string Enum: "application/json" "text/xml" Required parameter that defines the POST payload format. |
Request Body schema: application/jsonrequired
object | |||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "uri": "google.com",
- "next_page_sha1": "0514718b9f0eba3dac00"
}
}
}
Response samples
- 200
{- "rl": {
- "uri_index": {
- "query_uri": "c2208abde9668e8e9815c3690855edd1e63abeac",
- "next_page_sha1": "0001abca87b025b7421af1f373127d113a6b4cba",
- "sha1_list": [
- "000000e468f936299bb9187535aa96d8db8e3962",
- "000000f892ff8066e0e801e53c2c309959fe34ca",
- "000001271c7236f5ddc9732a5aeec2127ca8855d",
- "0000014a076179bc98c54afc507ca13d29473715",
- "000001700c0d84071dc274a8bd8c58b93e921137",
- "0000031185694d6ea5119204dbb4a3388f8688ca",
- "0000032bf47e3fe80d81152b35fb18f4245e9568",
- "000003340e70a507e5f90a4b653082b6d4ed7c02",
- "00000357120e5c11cc244d1c5bd867b47522fb27",
- "000003cb5efc20bac3953df5261bc7488987a076",
- "000003e288a9f4931fa14fee2853ab774624d724",
- "0000042018062a913b1ed124dd73ba8f41f545c8",
- "000005bf7867d0c2e34e8933faa7db53e058b024",
- "000005cff15f1b56eb6ffa0061015fdf2a013b42",
- "000006ae8c452c3c2d50a471f5eb80fb00744914",
- "000006e55f1b311dce64f4f9246a21d96a7d6a23",
- "000007d039919c650898f73f8c678a1eb4ec5d2d"
]
}
}
}
TCA-0401: URI to Hash Search (paginated)
The URI to Hash Search API provides a list of all available SHA1 hashes associated with the requested URI. The following URI types are supported: email, URL, IPv4 address, domain. Only one URI can be submitted in one request. Sending requests using the GET method requires the SHA1 value of the URI string, while the POST method accepts the URI string value in plain text.
Authorizations:
path Parameters
uri_sha1 required | string The SHA1 hash value of the URI string |
next_page_sha1 required | string Optional path parameter used for pagination. To get the next page of results from the API, use the |
query Parameters
classification | string Enum: "known" "malicious" "suspicious" "unknown" Example: classification=malicious Optional parameter that allows filtering the results by their classification status. If this parameter is provided in the request, the response will include only those samples that match the requested status. Supported values are: known, malicious, suspicious, unknown (case-insensitive). |
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/uri_index/v1/query/c2208abde9668e8e9815c3690855edd1e63abeac?format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "uri_index": {
- "query_uri": "c2208abde9668e8e9815c3690855edd1e63abeac",
- "next_page_sha1": "0001abca87b025b7421af1f373127d113a6b4cba",
- "sha1_list": [
- "000000e468f936299bb9187535aa96d8db8e3962",
- "000000f892ff8066e0e801e53c2c309959fe34ca",
- "000001271c7236f5ddc9732a5aeec2127ca8855d",
- "0000014a076179bc98c54afc507ca13d29473715",
- "000001700c0d84071dc274a8bd8c58b93e921137",
- "0000031185694d6ea5119204dbb4a3388f8688ca",
- "0000032bf47e3fe80d81152b35fb18f4245e9568",
- "000003340e70a507e5f90a4b653082b6d4ed7c02",
- "00000357120e5c11cc244d1c5bd867b47522fb27",
- "000003cb5efc20bac3953df5261bc7488987a076",
- "000003e288a9f4931fa14fee2853ab774624d724",
- "0000042018062a913b1ed124dd73ba8f41f545c8",
- "000005bf7867d0c2e34e8933faa7db53e058b024",
- "000005cff15f1b56eb6ffa0061015fdf2a013b42",
- "000006ae8c452c3c2d50a471f5eb80fb00744914",
- "000006e55f1b311dce64f4f9246a21d96a7d6a23",
- "000007d039919c650898f73f8c678a1eb4ec5d2d"
]
}
}
}
TCA-0402: URI Statistics
The URI Statistics API provides statistical information on how many known, malicious, and suspicious samples are associated with a particular URI. The following URI types are supported: email, URL, IPv4 address, domain. Only one URI can be submitted in one request. This service accepts only SHA1 values of URI strings. Requested URI strings cannot be in plain text. Find more information in the official API documentation.
Authorizations:
path Parameters
uri_sha1 required | string The SHA1 hash value of the URI string for which the user is requesting data from the service. The user should generate a SHA1 hash of the URI string prior to submitting a request. Supported URI types are: email (e.g., |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/uri/statistics/uri_state/sha1/234988566c9a0a9cf952cec82b143bf9c207ac16?format=json' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "uri_state": {
- "sha1": "234988566c9a0a9cf952cec82b143bf9c207ac16",
- "uri_type": "url",
- "counters": {
- "known": 379027,
- "malicious": 261038,
- "suspicious": 2538
}
}
}
}
TCA-0403: URL Threat Intelligence (report)
This service returns the report for the submitted URL. The report contains the ReversingLabs URL classification status, URL reputation from various reputation sources, metadata for performed URL analyses, statistics of files found on the submitted URL mapped to their classification, and an overview of the most common threats.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{
}
Response samples
- 200
{- "rl": {
- "classification": "malicious",
- "last_seen": "2020-07-18T18:02:34",
- "analysis": {
- "first_analysis": "2020-06-18T17:45:26",
- "analysis_count": 6,
- "last_analysis": {
- "analysis_id": "159509535435924b",
- "analysis_time": "2020-07-18T18:02:34",
- "availability_status": "offline",
- "domain": "microtechnology.hk"
}, - "statistics": {
- "known": 0,
- "unknown": 0,
- "suspicious": 0,
- "malicious": 10,
- "total": 10
}, - "analysis_history": [
- {
- "analysis_id": "159509535435924b",
- "analysis_time": "2020-07-18T18:02:34",
- "availability_status": "offline",
- "domain": "microtechnology.hk"
}, - {
- "analysis_id": "159310706659924b",
- "analysis_time": "2020-06-25T17:44:26",
- "availability_status": "offline",
- "domain": "microtechnology.hk"
}, - {
- "analysis_id": "159258872979924b",
- "analysis_time": "2020-06-19T17:45:29",
- "http_response_code": 200,
- "availability_status": "online",
- "domain": "microtechnology.hk",
- "serving_ip_address": "84.17.55.85"
}, - {
- "analysis_id": "159254551008924b",
- "analysis_time": "2020-06-19T05:45:10",
- "http_response_code": 200,
- "availability_status": "online",
- "domain": "microtechnology.hk",
- "serving_ip_address": "84.17.55.85"
}, - {
- "analysis_id": "159251669624924b",
- "analysis_time": "2020-06-18T21:44:56",
- "http_response_code": 200,
- "availability_status": "online",
- "domain": "microtechnology.hk",
- "serving_ip_address": "84.17.55.85"
}, - {
- "analysis_id": "159250213511924b",
- "analysis_time": "2020-06-18T17:45:26",
- "http_response_code": 200,
- "availability_status": "online",
- "domain": "microtechnology.hk",
- "serving_ip_address": "84.17.55.85"
}
], - "top_threats": [
- {
- "threat_name": "ByteCode-MSIL.Trojan.Kryptik",
- "threat_level": 5,
- "files_count": 9
}, - {
- "threat_name": "ByteCode-MSIL.Trojan.AgentTesla",
- "threat_level": 5,
- "files_count": 1
}
]
}, - "third_party_reputations": {
- "statistics": {
- "total": 11,
- "malicious": 0,
- "clean": 0,
- "undetected": 11
}, - "sources": [
- {
- "source": "adminus_labs",
- "update_time": "2020-08-12T10:39:19",
- "detection": "undetected"
}, - {
- "source": "alien_vault",
- "update_time": "2020-08-12T02:27:20",
- "detection": "undetected"
}, - {
- "source": "comodo_valkyrie",
- "update_time": "2020-08-07T05:16:27",
- "detection": "undetected"
}, - {
- "source": "malsilo",
- "update_time": "2020-08-12T01:09:34",
- "detection": "undetected"
}, - {
- "source": "malwaredomainlist",
- "update_time": "2020-08-12T08:09:54",
- "detection": "undetected"
}, - {
- "source": "netstar",
- "update_time": "2020-08-12T11:45:15",
- "detection": "undetected"
}, - {
- "source": "openphish",
- "update_time": "2020-08-12T11:41:17",
- "detection": "undetected"
}, - {
- "source": "phishstats",
- "update_time": "2020-08-12T06:12:06",
- "detection": "undetected"
}, - {
- "source": "phishtank",
- "update_time": "2020-08-04T15:04:01",
- "detection": "undetected"
}, - {
- "source": "urlhaus",
- "update_time": "2020-08-12T01:58:54",
- "detection": "undetected"
}, - {
- "source": "vxvault",
- "update_time": "2020-08-12T06:34:43",
- "detection": "undetected"
}
]
}
}
}
TCA-0403: URL Threat Intelligence (downloaded files)
This service provides a list of hashes for files downloaded from the submitted URL, across all analyses, during the last analysis, or those downloaded during a specific analysis.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "analysis_id": "string",
- "last_analysis": false,
- "response_format": "json",
- "limit": 1000,
- "classification": "KNOWN",
- "extended": false
}
}
}
Response samples
- 200
{- "rl": {
- "requested_url": "string",
- "first_analysis": "string",
- "last_analysis": "string",
- "analysis_count": 0,
- "total_files_count": 0,
- "files": [
- {
- "sha1": "string",
- "first_download": "string",
- "last_download": "string",
- "classification": "string",
- "md5": "string",
- "sha256": "string",
- "sample_available": true,
- "first_seen": "string",
- "last_seen": "string",
- "sample_type": "string",
- "sample_size": 0
}
]
}
}
TCA-0403: URL Threat Intelligence (notifications) (time range)
This service provides a continuous list of completed analyses. The records enter the feed once the submitted URL is analyzed to completion and the report is ready.
Authorizations:
path Parameters
time_format required | string Enum: "timestamp" "utc" Required parameter that specifies the time format for the |
time_value required | string <Unix timestamp OR date-time> Accepts values formatted according to the format set in the time_format parameter. |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
limit | integer [ 1 .. 1000 ] Default: 1000 Example: limit=50 Specifies the maximum number of reports to return in the response. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/networking/url/v1/notifications/query/latest?limit=1' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "urls": [
- {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T08:57:44",
- "analysis_id": "15947161334231c0"
}, - {
- "availability_status": "online",
- "analysis_time": "2020-07-14T09:31:49",
- "analysis_id": null
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T10:43:05",
- "analysis_id": "1594722480864193"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T13:00:29",
- "analysis_id": "15947316295131c0"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T22:47:24",
- "analysis_id": "1594766844714193"
}
], - "next_page": "15874700660fc075d084e05839478b2f2e6056ec64b5f8ee48"
}
}
TCA-0403: URL Threat Intelligence (notifications) (time range) (paginated)
This service provides a continuous list of completed analyses. The records enter the feed once the submitted URL is analyzed to completion and the report is ready.
Authorizations:
path Parameters
time_format required | string Enum: "timestamp" "utc" Required parameter that specifies the time format for the |
time_value required | string Accepts values formatted according to the format set in the time_format parameter. |
page required | string The pagination value for the next page is provided in the previous request response |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
limit | integer [ 1 .. 1000 ] Default: 1000 Example: limit=50 Specifies the maximum number of reports to return in the response. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/networking/url/v1/notifications/query/latest?limit=1' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "urls": [
- {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T08:57:44",
- "analysis_id": "15947161334231c0"
}, - {
- "availability_status": "online",
- "analysis_time": "2020-07-14T09:31:49",
- "analysis_id": null
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T10:43:05",
- "analysis_id": "1594722480864193"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T13:00:29",
- "analysis_id": "15947316295131c0"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T22:47:24",
- "analysis_id": "1594766844714193"
}
], - "next_page": "15874700660fc075d084e05839478b2f2e6056ec64b5f8ee48"
}
}
TCA-0403: URL Threat Intelligence (notifications) (latest)
This service provides a continuous list of completed analyses. The records enter the feed once the submitted URL is analyzed to completion and the report is ready.
Authorizations:
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
limit | integer [ 1 .. 1000 ] Default: 1000 Example: limit=50 Specifies the maximum number of reports to return in the response. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/networking/url/v1/notifications/query/latest?limit=1' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "urls": [
- {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T08:57:44",
- "analysis_id": "15947161334231c0"
}, - {
- "availability_status": "online",
- "analysis_time": "2020-07-14T09:31:49",
- "analysis_id": null
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T10:43:05",
- "analysis_id": "1594722480864193"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T13:00:29",
- "analysis_id": "15947316295131c0"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T22:47:24",
- "analysis_id": "1594766844714193"
}
], - "next_page": "15874700660fc075d084e05839478b2f2e6056ec64b5f8ee48"
}
}
TCA-0403: URL Threat Intelligence (notifications) (latest) (paginated)
This service provides a continuous list of completed analyses. The records enter the feed once the submitted URL is analyzed to completion and the report is ready.
Authorizations:
path Parameters
page required | string |
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
limit | integer [ 1 .. 1000 ] Default: 1000 Example: limit=50 Specifies the maximum number of reports to return in the response. |
Responses
Request samples
- bash
- Python
curl --url 'https://data.reversinglabs.com/api/networking/url/v1/notifications/query/latest?limit=1' --user <username>:<password>
Response samples
- 200
{- "rl": {
- "urls": [
- {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T08:57:44",
- "analysis_id": "15947161334231c0"
}, - {
- "availability_status": "online",
- "analysis_time": "2020-07-14T09:31:49",
- "analysis_id": null
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T10:43:05",
- "analysis_id": "1594722480864193"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T13:00:29",
- "analysis_id": "15947316295131c0"
}, - {
- "availability_status": "offline",
- "analysis_time": "2020-07-14T22:47:24",
- "analysis_id": "1594766844714193"
}
], - "next_page": "15874700660fc075d084e05839478b2f2e6056ec64b5f8ee48"
}
}
TCA-0404: Analyze URL
This service allows users to submit a URL for analysis. The analysis is a crawling process that will start looking for files to download from the submitted URL. When downloaded, the files are sent for analysis to the ReversingLabs file processing pipeline.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST body format. |
header Parameters
Content-Type required | string Value: "application/octet-stream" Required parameter that defines the POST payload format. |
Request Body schema: application/jsonrequired
object | |||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{
}
Response samples
- 200
{- "rl": {
- "status": "started",
- "analysis_id": "159134594237612a"
}
}
TCA-0405 Domain Threat Intelligence (resolutions)
This service provides a list of domain-to-IP mappings for the requested domain.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "domain": "string",
- "limit": 1000,
- "response_format": "json"
}
}
}
Response samples
- 200
{- "rl": {
- "requested_domain": "string",
- "resolutions": "field",
- "next_page": "string"
}
}
TCA-0405 Domain Threat Intelligence (URLs)
This service provides a list of URLs associated with the requested domain.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "domain": "string",
- "response_format": "string",
- "limit": 0
}
}
}
Response samples
- 200
{- "rl": {
- "requested_domain": "string",
- "urls": "field",
- "next_page": "string"
}
}
TCA-0405 Domain Threat Intelligence (report)
This service returns threat intelligence data for the submitted domain. The report contains domain reputation from various reputation sources, classification statistics for files downloaded from the domain, the most common threats found on the domain DNS information about the domain, and parent domain information.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "domain": "string",
- "response_format": "json"
}
}
}
Response samples
- 200
{- "rl": {
- "last_dns_records": "",
- "third_party_reputations": {
- "item": {
- "sources": [
- {
- "detection": "malicious",
- "source": "phishing_database",
- "update_time": "2023-01-09T02:30:34",
- "detect_time": "2022-10-12T08:30:56",
- "categories": "phishing"
}, - {
- "detection": "undetected",
- "source": "0xSI_f33d",
- "update_time": "2023-01-09T06:21:01"
}, - {
- "detection": "undetected",
- "source": "cyradar",
- "update_time": "2023-01-09T06:45:40"
}, - {
- "detection": "malicious",
- "source": "adminus_labs",
- "update_time": "2023-01-09T09:02:20",
- "detect_time": "2023-01-09T03:34:34"
}, - {
- "detection": "undetected",
- "source": "apwg",
- "update_time": "2023-01-09T04:26:46"
}, - {
- "detection": "undetected",
- "source": "netstar",
- "update_time": "2023-01-09T09:25:41"
}, - {
- "detection": "undetected",
- "source": "threatfox_abuse_ch",
- "update_time": "2023-01-09T08:20:42"
}, - {
- "detection": "undetected",
- "source": "botvrij",
- "update_time": "2023-01-09T02:24:58"
}, - {
- "detection": "undetected",
- "source": "alphamountain",
- "update_time": "2023-01-09T06:51:55"
}, - {
- "detection": "undetected",
- "source": "comodo_valkyrie",
- "update_time": "2023-01-09T05:53:00"
}, - {
- "detection": "undetected",
- "source": "web_security_guard",
- "update_time": "2022-01-21T06:56:15"
}, - {
- "detection": "undetected",
- "source": "osint",
- "update_time": "2023-01-09T01:30:43"
}, - {
- "detection": "malicious",
- "source": "crdf",
- "update_time": "2023-01-09T08:41:06",
- "detect_time": "2022-11-11T07:28:22"
}
], - "statistics": {
- "total": 13,
- "malicious": 3,
- "undetected": 10,
- "clean": 0
}
}
}, - "top_threats": {
- "item": [
- {
- "threat_name": "Script-JS.Trojan.Cryxos",
- "threat_level": 5,
- "files_count": 2
}, - {
- "threat_name": "Script-JS.Phishing.Generic",
- "threat_level": 5,
- "files_count": 1
}
]
}, - "last_seen": {
- "item": "2023-01-09T09:25:41"
}, - "modified_time": {
- "item": "2023-01-09T09:25:41"
}, - "downloaded_files_statistics": {
- "item": {
- "known": 19,
- "unknown": 0,
- "suspicious": 0,
- "total": 22,
- "malicious": 3
}
}, - "parent_domain": {
- "item": "selcdn.ru"
}, - "requested_domain": {
- "item": "530908.selcdn.ru"
}
}
}
TCA-0405 Domain Threat Intelligence (downloaded files)
This service provides a list of hashes for files downloaded from the submitted domain.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "domain": "string",
- "limit": 0,
- "extended": true,
- "classification": "string",
- "response_format": "string"
}
}
}
Response samples
- 200
{- "rl": {
- "requested_domain": "string",
- "downloaded_files": {
- "last_download_url": "string",
- "classification": "string",
- "md5": "string",
- "sha1": "string",
- "sha256": "string",
- "first_download": "string",
- "last_download": "string",
- "sample_available": "bool",
- "trust_factor": "number",
- "threat_level": "number",
- "threat_name": "string",
- "malware_family": "string",
- "malware_type": "string",
- "platform": "string",
- "subplatform": "string",
- "sample_type": "string",
- "sample_size": "number",
- "first_seen": "string",
- "last_seen": "string"
}
}
}
TCA-0406 IP Threat Intelligence (resolutions)
This service provides a list of IP-to-domain mappings for the specified IP.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "ip": "string",
- "limit": 1000,
- "response_format": "json"
}
}
}
Response samples
- 200
{- "rl": {
- "requested_ip": "string",
- "resolutions": "field",
- "next_page": "string"
}
}
TCA-0406 IP Threat Intelligence (URLs)
This service provides a list of URLs associated with the requested IP. Find more information in the official API documentation.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "ip": "string",
- "limit": 1000,
- "response_format": "json"
}
}
}
Response samples
- 200
{- "rl": {
- "requested_ip": "string",
- "urls": "field",
- "next_page": "string"
}
}
TCA-0406 IP Threat Intelligence (report)
This service returns threat intelligence data for the submitted IP. The report contains IP reputation from various reputation sources, classification statistics for files downloaded from the IP, and the top threats hosted on the submitted IP.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "ip": "string",
- "response_format": "json"
}
}
}
Response samples
- 200
{- "rl": {
- "requested_ip": "104.19.138.57",
- "third_party_reputations": {
- "statistics": {
- "total": 2,
- "malicious": 1,
- "clean": 0,
- "undetected": 1
}, - "sources": [
- {
- "source": "adminus_labs",
- "update_time": "2020-07-21T04:00:49",
- "detect_time": "2020-07-21T05:00:00",
- "detection": "malicious",
- "categories": "phishing"
}, - {
- "source": "alien_vault",
- "update_time": "2020-07-27T02:32:23",
- "detect_time": "2020-07-27T02:32:23",
- "categories": "search_engines_and_portals",
- "detection": "undetected"
}
]
}, - "downloaded_files_statistics": {
- "suspicious": 0,
- "unknown": 0,
- "known": 1,
- "malicious": 0,
- "total": 1
}, - "top_threats": [
- {
- "threat_name": "Document-HTML.Trojan.Microsoft",
- "threat_level": 5,
- "files_count": 1
}
], - "last_seen": "2020-07-08T12:00:00",
- "modified_time": "2020-07-08T12:00:00"
}
}
TCA-0406 IP Threat Intelligence (downloaded files)
This service provides a list of hashes for files downloaded from the submitted IP address.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
required | object | ||||||||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "ip": "string",
- "limit": 1000,
- "response_format": "json",
- "classification": "KNOWN",
- "extended": false
}
}
}
Response samples
- 200
{- "rl": {
- "requested_ip": "string",
- "downloaded_files": {
- "last_download_url": "string",
- "classification": "string",
- "md5": "string",
- "sha1": "string",
- "sha256": "string",
- "first_download": "string",
- "last_download": "string",
- "sample_available": "bool",
- "trust_factor": "number",
- "threat_level": "number",
- "threat_name": "string",
- "malware_family": "string",
- "malware_type": "string",
- "platform": "string",
- "subplatform": "string",
- "sample_type": "string",
- "sample_size": "number",
- "first_seen": "string",
- "last_seen": "string"
}
}
}
TCA-0407: Network Reputation API
The Network Reputation service provides information regarding the reputation of a requested URL, domain, or IP address. When a URL is submitted, the service provides its ReversingLabs classification, along with an overview of detections from our partners. It also includes the category of the URL (for example phishing, gambling, adult content) and indicates whether we have encountered any malware samples associated with the submitted URL.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/json
object | |||||||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "network_locations": [
- {
- "network_location": "string",
- "type": "url"
}
], - "response_format": "json"
}
}
}
Response samples
- 200
{- "rl": {
- "entries": [
- {
- "type": "url",
- "first_seen": "2023-06-26T13:45:01",
- "last_seen": "2023-06-26T13:45:01",
- "classification": "malicious",
- "reason": "third_party_reputation",
- "third_party_reputations": {
- "total": 20,
- "malicious": 1,
- "clean": 0,
- "undetected": 19
}, - "categories": [
- "phishing"
], - "associated_malware": false
}, - {
- "type": "ip",
- "requested_network_location": "92.123.37.9",
- "first_seen": "2023-06-30T13:13:06",
- "last_seen": "2023-06-28T22:07:57",
- "third_party_reputations": {
- "total": 7,
- "malicious": 7,
- "clean": 0,
- "undetected": 0
}, - "associated_malware": false
}, - {
- "type": "domain",
- "requested_network_location": "shamrocksuppliersummit.com",
- "first_seen": "2023-05-29T16:54:40",
- "last_seen": "2023-06-30T08:07:32",
- "third_party_reputations": {
- "total": 13,
- "malicious": 2,
- "clean": 11,
- "undetected": 0
}, - "associated_malware": true
}, - {
- "type": "url",
- "first_seen": "2023-06-05T12:26:09",
- "last_seen": "2023-06-26T07:57:06",
- "classification": "malicious",
- "reason": "file_reputation",
- "third_party_reputations": {
- "total": 20,
- "malicious": 0,
- "clean": 0,
- "undetected": 0
}, - "associated_malware": true
}, - {
- "type": "url",
- "first_seen": "2022-12-09T07:25:38",
- "last_seen": "2023-06-30T12:14:17",
- "classification": "known",
- "reason": "whitelist",
- "third_party_reputations": {
- "total": 20,
- "malicious": 1,
- "clean": 0,
- "undetected": 19
}, - "associated_malware": false
}
]
}
}
TCA-0408: Network Reputation User Override
The Network Reputation User Override service enables URL classification overrides. Any URL can be overridden to malicious, suspicious, or known. Overrides are visible to all users within the same organization. The service also supports listing existing overrides.
Authorizations:
path Parameters
post_format required | string Enum: "xml" "json" Required parameter that defines the POST payload format. Supported options are xml and json. By default, the response format matches the format defined by this parameter. |
Request Body schema: application/jsonrequired
object | |||||
|
Responses
Request samples
- Payload
- bash
- Python
{- "rl": {
- "query": {
- "user_override": {
- "override_network_locations": [
- {
- "network_location": "string",
- "type": "url",
- "classification": "malicious",
- "TTL": "string",
- "threat_level": "string",
- "categories": [
- "string"
]
}
]
}
}, - "response_format": "json"
}
}
Response samples
- 200
{- "rl": {
- "user_override": {
- "created_overrides": [
- {
- "network_location": "string",
- "type": "url",
- "classification": "malicious",
- "TTL": "string",
- "threat_level": "string",
- "categories": [
- "string"
]
}
]
}
}
}
TCA-0408: List User Overrides
The Network Reputation User Override service enables URL classification overrides. Any URL can be overridden to malicious, suspicious, or known. Overrides are visible to all users within the same organization. The service also supports listing existing overrides.
Authorizations:
query Parameters
format | string Default: "xml" Enum: "xml" "json" Example: format=json Optional parameter that allows choosing the response format. Supported values: xml, json. When the parameter is not included in the request, defaults to xml. |
next_network_location | string <sha1> Optional parameter used for pagination. To get the next page of results from the API, use the |