URL Intelligence (V2)
curl --request POST \
--url https://api.threatbook.io/v2/url/query{
"response_code": 200,
"msg": "Success",
"data": {
"multiengines": {
"threatbook": "whitelist",
"threatcrowd.com": "safe",
"squidblacklist.org": "safe",
"osint.bambenekconsulting.com": "safe",
"malwaredomains.com": "safe",
"malwareconfig.com": "safe",
"cymon.io": "safe",
"cybercrime-tracker.net": "safe",
"circl.lu-misp": "malware",
"alienvault.com": "safe",
"AlienVault-OTX": "safe",
"Google Safebrowsing": "safe"
},
"threat_level": "unknown",
"sandbox": {
"threat_level": "unknown",
"submit_time": "2021-02-04 06:12:03",
"file_name": "allowlist",
"sample_sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"sb_status": "OK",
"sandbox_type": "win10_1903_enx64_office2016",
"tag": {
"s": [
"json"
],
"x": [
"",
""
]
},
"sandbox_type_list": [
"win7_sp1_enx86_office2013",
"win7_sp1_enx64_office2013",
"win10_1903_enx64_office2016"
]
},
"details": {
"headers": {
"X-CDN-TraceID": "0.df2dc017.1758892677.32052bfa",
"X-EventID": "68d6928658de47418e6664d5720929ec",
"Permissions-Policy": "unload=()",
"Connection": "keep-alive",
"P3P": "CP=\"NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND\"",
"X-MSEdge-Ref": "Ref A: 03CF8523D6C7499D93664520AC6F5B41 Ref B: TYO201151004060 Ref C: 2025-09-26T13:17:58Z",
"Date": "Fri, 26 Sep 2025 13:17:58 GMT",
"UserAgentReductionOptOut": "A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=",
"Cache-Control": "public, max-age=3600",
"ETag": "DpuVz2peupDazmhHdjK3mg==",
"Report-To": "{\"group\":\"csp-endpoint\",\"max_age\":86400,\"endpoints\":[{\"url\":\"https://aefd.nelreports.net/api/report?cat=bingcsp\"}]}",
"Content-Security-Policy": "script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-g64bSCNlxMpRWgFmG+SaCfJW+j9m5j1IfL0M6CaWuVU='; base-uri 'self';report-to csp-endpoint",
"Vary": "Accept-Encoding",
"Accept-CH": "Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version",
"Content-Type": "application/json"
},
"lastSeen": "2025-09-26 05:17:57",
"ip": "150.171.27.10",
"finalUrl": "http://www.bing.com/edgepinning/allowlist",
"url": "http://bing.com/edgepinning/allowlist",
"sha256s": [
"c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187"
],
"status": 3,
"httpStatusCode": 200,
"historyScans": [
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
}
]
},
"me_positives": 1,
"me_ratio": "1/12"
}
}Enrichment
URL Intelligence
Retrieve URL scan engine detection results and the analysis results of downloaded files.
POST
/
v2
/
url
/
query
URL Intelligence (V2)
curl --request POST \
--url https://api.threatbook.io/v2/url/query{
"response_code": 200,
"msg": "Success",
"data": {
"multiengines": {
"threatbook": "whitelist",
"threatcrowd.com": "safe",
"squidblacklist.org": "safe",
"osint.bambenekconsulting.com": "safe",
"malwaredomains.com": "safe",
"malwareconfig.com": "safe",
"cymon.io": "safe",
"cybercrime-tracker.net": "safe",
"circl.lu-misp": "malware",
"alienvault.com": "safe",
"AlienVault-OTX": "safe",
"Google Safebrowsing": "safe"
},
"threat_level": "unknown",
"sandbox": {
"threat_level": "unknown",
"submit_time": "2021-02-04 06:12:03",
"file_name": "allowlist",
"sample_sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"sb_status": "OK",
"sandbox_type": "win10_1903_enx64_office2016",
"tag": {
"s": [
"json"
],
"x": [
"",
""
]
},
"sandbox_type_list": [
"win7_sp1_enx86_office2013",
"win7_sp1_enx64_office2013",
"win10_1903_enx64_office2016"
]
},
"details": {
"headers": {
"X-CDN-TraceID": "0.df2dc017.1758892677.32052bfa",
"X-EventID": "68d6928658de47418e6664d5720929ec",
"Permissions-Policy": "unload=()",
"Connection": "keep-alive",
"P3P": "CP=\"NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND\"",
"X-MSEdge-Ref": "Ref A: 03CF8523D6C7499D93664520AC6F5B41 Ref B: TYO201151004060 Ref C: 2025-09-26T13:17:58Z",
"Date": "Fri, 26 Sep 2025 13:17:58 GMT",
"UserAgentReductionOptOut": "A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=",
"Cache-Control": "public, max-age=3600",
"ETag": "DpuVz2peupDazmhHdjK3mg==",
"Report-To": "{\"group\":\"csp-endpoint\",\"max_age\":86400,\"endpoints\":[{\"url\":\"https://aefd.nelreports.net/api/report?cat=bingcsp\"}]}",
"Content-Security-Policy": "script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-g64bSCNlxMpRWgFmG+SaCfJW+j9m5j1IfL0M6CaWuVU='; base-uri 'self';report-to csp-endpoint",
"Vary": "Accept-Encoding",
"Accept-CH": "Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version",
"Content-Type": "application/json"
},
"lastSeen": "2025-09-26 05:17:57",
"ip": "150.171.27.10",
"finalUrl": "http://www.bing.com/edgepinning/allowlist",
"url": "http://bing.com/edgepinning/allowlist",
"sha256s": [
"c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187"
],
"status": 3,
"httpStatusCode": 200,
"historyScans": [
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
}
]
},
"me_positives": 1,
"me_ratio": "1/12"
}
}Query Parameters
Your API key. For details on how to obtain and manage your API key, please refer to the Authentication page.
Kindly note:
Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.
The URL to be scanned. The URL must be encoded.
Response
Hide child attributes
Hide child attributes
URL Scan Engine Detection Results
The following engines are included:
- threatbook
- threatcrowd.com
- squidblacklist.org
- osint.bambenekconsulting.com
- malwaredomains.com
- malwareconfig.com
- cymon.io
- cybercrime-tracker.net
- circl.lu-misp
- alienvault.com
- AlienVault-OTX
- Google Safebrowsing
Detection Result Definitions
-
No Detection: Displayed as safe
-
Detected:
- malware: Malicious software
- c2: Command and Control
- phishing: Phishing
- suspicious_miningpool: Public mining pool
- suspicious_coinminer: Private mining pool
- compromised: Compromised website
-
Whitelist:
- whitelist: Whitelisted
URL Threat Level
This field includes the following types:
- malicious
- suspicious
- unknown
- clean
Sandbox Analysis Report
A JSON object that includes the following fields:
- threat_level: Threat level (
malicious,suspicious,unknown,clean) - submit_time: Submission time
- file_name: File name
- file_type: File type
- sample_sha256: File SHA256
- tag: File detection tags
- sb_status: Task status
- sandbox_type: The last successful sandbox environment used for analysis
- sandbox_type_list: List of all sandbox environments in which the sample was successfully analyzed
HTTP Response Information
A JSON object that includes the following fields:
- headers: Response headers
- lastSeen: Last scan time
- ip: Resolved IP address
- historyScan: Historical detection results of downloaded files
- finalUrl: Final URL after redirection
- url: Original URL address
- sha256s: Hash values (SHA256) of historically downloaded files
- status: Status code
- httpStatusCode: HTTP response code
The number of multi-engines that detected the URL as malicious.
The detection ratio, represented as detected engines / total engines.
- Example:
"1/12"means 1 engine detected the URL out of 12 engines in total.
⌘I