Skip to main content
POST
/
v2
/
domain
/
query
Domain Intelligence (V2)
curl --request POST \
  --url https://api.threatbook.io/v2/domain/query
{
  "response_code": 200,
  "msg": "Success",
  "data": {
    "threat_types": [
      "Whitelist"
    ],
    "verdict": "benign",
    "intel_labels": [],
    "intelligences": [
      {
        "confidence": 100,
        "expired": false,
        "find_time": "2021-10-31 15:12:25",
        "intel_types": [
          "Whitelist"
        ],
        "intel_labels": [],
        "update_time": "2025-10-16 15:04:36"
      }
    ],
    "samples": [
      {
        "sha256": "fea6767de2bdc2ffe0eb2c18a767d726130566d03008e5cc96bd65b2b792e1af",
        "ratio": "1/28",
        "scan_time": "2025-08-25 10:57:41",
        "malware_type": "Susware",
        "malware_family": "CompileTime"
      },
      {
        "sha256": "fc50c3ddfc38631382112999c6c9eddfc0325a369a65c8fa8b294bf664e7bbc0",
        "ratio": "0/28",
        "scan_time": "2024-11-05 07:29:11",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "5e0aeeb71c21bbe08754709f3a99c51f01cdd53cd163bb61bcad4fe51520b99c",
        "ratio": "0/28",
        "scan_time": "2024-10-22 09:51:22",
        "malware_type": "",
        "malware_family": ""
      }
    ],
    "pdns": [
      {
        "ip": "57.144.186.141",
        "carrier": "Facebook, Inc.",
        "location": {
          "country": "Singapore",
          "province": "Singapore",
          "city": "Singapore",
          "lng": "103.853519",
          "lat": "1.286529",
          "country_code": "SG"
        }
      },
      {
        "ip": "2a03:2880:f00c:20d:face:b00c:0:2",
        "carrier": "Facebook, Inc.",
        "location": {
          "country": "Ireland",
          "province": "Dublin",
          "city": "Dublin",
          "lng": "-6.260246",
          "lat": "53.349764",
          "country_code": "IE"
        }
      }
    ],
    "whois": {
      "cdate": "1991-01-20 21:00:00",
      "edate": "2034-01-21 21:00:00",
      "udate": "2025-01-22 08:09:14",
      "alexa": "",
      "registrar_name": "RegistrarSafe, LLC",
      "name_server": "D.NS.FACEBOOK.COM|A.NS.FACEBOOK.COM|C.NS.FACEBOOK.COM|B.NS.FACEBOOK.COM",
      "registrant_name": "Domain Admin",
      "registrant_email": "[email protected]",
      "registrant_company": "Meta Platforms, Inc.",
      "registrant_address": "1601 Willow Rd,Menlo Park,CA,US",
      "registrant_phone": "+1.6505434800"
    },
    "ssl_certs": [
      {
        "subject": "*.meta.com",
        "issuer": "DigiCert SHA2 High Assurance Server CA",
        "fingerprint": "0a6c23c59117f1af26fbaea710de87cad6e64b57",
        "purpose": "SSL client|SSL server|Netscape SSL server|Any Purpose|Any Purpose CA|OCSP helper",
        "verify": "SHA256withRSA",
        "status": "1",
        "revoked": false,
        "begin": "2022-05-09",
        "end": "2022-08-07",
        "status_desc": "Expired",
        "serial_number": "b8088ce43dd9d87827e44377cca1f03",
        "revoked_time": ""
      },
      {
        "subject": "*.meta.com",
        "issuer": "DigiCert SHA2 High Assurance Server CA",
        "fingerprint": "13c409b0780dab59e6ad54f1ef45f6fb907ac1df",
        "purpose": "SSL client|SSL server|Netscape SSL server|Any Purpose|Any Purpose CA|OCSP helper",
        "verify": "SHA256withRSA",
        "status": "1",
        "revoked": false,
        "begin": "2023-09-18",
        "end": "2023-12-17",
        "status_desc": "Expired",
        "serial_number": "1c6436d29f5fc547460b08b3e9b17c8",
        "revoked_time": ""
      },
      {
        "subject": "*.meta.com",
        "issuer": "DigiCert SHA2 High Assurance Server CA",
        "fingerprint": "058f831cae3c09ee9456227de45d03d2c5d51bbc",
        "purpose": "SSL client|SSL server|Netscape SSL server|Any Purpose|Any Purpose CA|OCSP helper",
        "verify": "SHA256withRSA",
        "status": "1",
        "revoked": false,
        "begin": "2023-10-07",
        "end": "2024-01-05",
        "status_desc": "Expired",
        "serial_number": "6b77fed613e97f91bbb8545ce771269",
        "revoked_time": ""
      }
    ],
    "umbrella_rank": {
      "global_rank": 11447
    },
    "categories": {
      "first_level": [
        "News",
        "Tool"
      ],
      "second_level": "Training and Tools"
    },
    "sub_domains_count": "1000+",
    "pdns_count": "2",
    "update_time": "2025-10-22 15:07:02"
  }
}

Query Parameters

apikey
string
required

Unique identifier for API request.

You are able to get the key on "My API" page of i.threatbook.io.

Kindly note:

Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.

resource
string
required

Single domain to query.

exclude
string

You can exclude the following parameters from the response based on actual usage scenarios. When specifying multiple parameters, separate them with commas (note: do not include spaces).

  • pdns: Resolved IP address information of the domain
  • whois: Current WHOIS information of the domain
  • ssl_certs: SSL certificate and related information
  • intelligences: Threat intelligence
  • judgments: Comprehensively determined threat type, analyzed from threat intelligence
  • tags_classes: Tags related to attack groups or security incidents
  • samples: Related samples
  • categories: Domain classification
  • sub_domains_count: Number of subdomains
  • pdns_count: Number of currently resolved IPs

If you don’t specify this parameter, we will return all data by default.

Response

msg
string
required
response_code
integer
required
data
object
required