URI statistics

The ReversingLabs URI Statistics API provides statistical information on how many known, malicious, and suspicious samples are associated with a particular URI. This service takes into account network IOCs extracted during file static analysis and uses that data to correlate URIs with samples. The following URI types are supported: email, URL, IPv4 address and domain.

This service accepts only SHA1 values of URI strings. Requested URI strings cannot be in plain text.

There are two available response formats: XML and JSON.

URI Statistics Query

This query returns information about the state of an URI. It provides an unhashed value and numbers for malicious, suspicious, and known files associated with it.

Request

GET /api/uri/statistics/uri_state/sha1/{uri_sha1}?[format=xml|json]

uri_sha1
- The SHA1 hash value of the URI string
- Required
format
- Response format. Accepts the following parameters: xml (default) and json
- Optional

Response

{
  "rl": {
    "uri_state": {
      "url": "string",
      "sha1": "string",
      "uri_type": "string",
      "counters": {
        "known": 0,
        "malicious": 0,
        "suspicious": 0
      }
    }
  }
}

sha1
- SHA1 hash of the URI
uri_type
- can be one of the following: email, URL, IPv4, domain
  - email (e.g., user@domain.com)
  - URL (e.g., http://domain.com/download/picture.jpg)
  - IPv4 address (e.g., 127.0.0.1)
  - domain (e.g., domain.com)
counters
- suspicious - number of associations with suspicious samples, malicious - number of associations with malicious samples, known - number of associations with known samples

Examples

Request Examples

Retrieving the URI state in different formats:

/api/uri/statistics/uri_state/sha1/234988566c9a0a9cf952cec82b143bf9c207ac16?format=json
/api/uri/statistics/uri_state/sha1/baea954b95731c68ae6e45bd1e252eb4560cdc45?format=xml

Response Examples

URL

{
  "rl": {
    "uri_state": {
      "url": "http://google.com",
      "sha1": "234988566c9a0a9cf952cec82b143bf9c207ac16",
      "uri_type": "url",
      "counters": {
        "known": 77700,
        "malicious": 48296,
        "suspicious": 526
      }
    }
  }
}

IPv4

{
  "rl": {
    "uri_state": {
      "ipv4": "127.0.0.1",
      "sha1": "4b84b15bff6ee5796152495a230e45e3d7e947d9",
      "uri_type": "ipv4",
      "counters": {
        "known": 48558,
        "malicious": 163953,
        "suspicious": 596
      }
    }
  }
}

URI statistics

URI Statistics Query​

Request​

Response​

Examples​

Request Examples​

Response Examples​