Network threat intelligence

📄️ Network reputation (TCA-0407)

The Network Reputation service provides information regarding the reputation of a requested URL, domain, or IP address. When a URL is submitted, the service provides its ReversingLabs classification, along with an overview of detections from our partners. It also includes the category of the URL (for example phishing, gambling, adult content) and indicates whether we have encountered any malware samples associated with the submitted URL.

📄️ Network reputation (user override) (TCA-0408)

The Network Reputation User Override service enables URL classification overrides. Any URL can be overridden to malicious, suspicious, or known. Overrides are visible to all users within the same organization. The service also supports listing existing overrides.

📄️ URL threat intelligence (TCA-0403)

This service returns threat intelligence data for the submitted URL. The report contains the ReversingLabs URL classification status, URL reputation from various reputation sources, metadata for performed URL analyses, and the maliciousness of files found on the submitted URL. The service also provides the option to get a list of these downloaded files.

📄️ Domain threat intelligence (TCA-0405)

This service returns threat intelligence data for the submitted domain name. The reports contain domain reputation from various reputation sources, the maliciousness of files found on the submitted domain, and other metadata like last DNS records, related URLs, and related domains (subdomains, siblings).

📄️ IP threat intelligence (TCA-0406)

This service returns threat intelligence data for the submitted IP address. The reports contain IP address reputation from various reputation sources, the maliciousness of files found on the submitted IP address, and other metadata like related URLs and IP address resolutions.

📄️ Analyze URL (TCA-0404)

This service allows users to submit a URL for analysis. Essentially, the analysis is a crawling process that will start looking for files to download from the submitted URL. When downloaded, the files are sent for analysis to the ReversingLabs file processing pipeline.

📄️ URI-to-hash search (TCA-0401)

The URI to Hash Search service provides a list of SHA1 hashes of files that, during static analysis, were found to contain the requested URI.

📄️ URI statistics (TCA-0402)

The ReversingLabs URI Statistics API provides statistical information on how many known, malicious, and suspicious samples are associated with a particular URI. This service takes into account network IOCs extracted during file static analysis and uses that data to correlate URIs with samples. The following URI types are supported: email, URL, IPv4 address and domain.