IP Intelligence(v1) - ThreatBook CTI Documentation

IP Intelligence (V1)

curl --request POST \
  --url https://api.threatbook.io/v1/ip/query

{
  "msg": "Success",
  "data": {
    "summary": {
      "judgments": [],
      "whitelist": true,
      "family": [],
      "first_seen": "2020-07-02",
      "last_seen": "2022-09-11",
      "APT": false,
      "threat_actor": [],
      "tag_categories": []
    },
    "intelligences": {
      "threatbook_lab": [
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2021-08-29",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2021-08-30"
        },
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2021-08-29",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2021-08-30"
        },
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2020-07-02",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2022-09-11"
        },
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2019-05-27",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2020-07-01"
        }
      ],
      "open_source": [
        {
          "source": "phishtank.com",
          "confidence": 55,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2024-07-02",
          "intel_types": [
            "Phishing"
          ],
          "last_seen": "2024-10-25"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2024-02-08",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2025-04-19"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2018-09-13",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2018-09-29"
        },
        {
          "source": "cinsscore.com",
          "confidence": 50,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2018-04-24",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-04-24"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2018-02-24",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-03-10"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-10-11",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2017-10-28"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-10-02",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-04-04"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-07-07",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2025-04-28"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-07-07",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2017-10-23"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-07-06",
          "intel_types": [
            "Spam"
          ],
          "last_seen": "2018-09-23"
        },
        {
          "source": "Open Source ",
          "confidence": 55,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2020-06-17",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2025-03-21"
        },
        {
          "source": "Open Source ",
          "confidence": 75,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2020-05-07",
          "intel_types": [
            "CDN"
          ],
          "last_seen": "2020-08-25"
        },
        {
          "source": "Open Source ",
          "confidence": 50,
          "expired": true,
          "intel_tags": [
            {
              "tags": [
                "Bitrep"
              ],
              "tags_type": "virus_family"
            }
          ],
          "first_seen": "2018-03-15",
          "intel_types": [
            "C2"
          ],
          "last_seen": "2019-09-18"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2017-07-14",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2023-08-31"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2017-07-06",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2023-08-31"
        },
        {
          "source": "Open Source ",
          "confidence": 35,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2016-11-10",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2022-08-08"
        },
        {
          "source": "Open Source ",
          "confidence": 43,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2016-10-06",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-06-08"
        },
        {
          "source": "openphish.com",
          "confidence": 26,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2016-09-03",
          "intel_types": [
            "Phishing"
          ],
          "last_seen": "2018-07-15"
        },
        {
          "source": "spamhaus.org",
          "confidence": 69,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2015-12-02",
          "intel_types": [
            "Phishing"
          ],
          "last_seen": "2016-09-25"
        },
        {
          "source": "Open Source ",
          "confidence": 35,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2015-11-25",
          "intel_types": [
            "Exploit",
            "Malware"
          ],
          "last_seen": "2016-05-03"
        },
        {
          "source": "Open Source ",
          "confidence": 75,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2015-08-07",
          "intel_types": [
            "C2"
          ],
          "last_seen": "2016-10-16"
        }
      ]
    },
    "samples": [
      {
        "sha256": "08e9828b447cd3b12ddadf97985f858458d44769a04e7673f72249fc369f5eea",
        "ratio": "9/26",
        "scan_time": "2018-10-12 20:57:32",
        "malware_type": "SoftwareBundler",
        "malware_family": "ICLoader"
      },
      {
        "sha256": "75f515c886b417aa22e41d3b98630a5fe3b7254c25b6eb9c1a0d45d8b02c65b3",
        "ratio": "18/26",
        "scan_time": "2018-10-11 23:43:26",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "2236cd5dde6cb49d555ac787848a46ae9b1fba30928e775fbe750590164b7530",
        "ratio": "17/26",
        "scan_time": "2018-10-11 23:38:49",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "39c73e94d7fce76bb8a66c744a9326953d763795c0a9eafb5aab1e2cdea21482",
        "ratio": "17/26",
        "scan_time": "2018-10-11 21:16:15",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "e9dca6a2cb8642fcffd88e4668b669c110188922b11b88073b1e8fd9663f446c",
        "ratio": "6/26",
        "scan_time": "2018-10-11 20:13:38",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "a657c145a49bb467073b3ad98cbfbe951542ea7f86636696e9c05f701aba59a7",
        "ratio": "16/26",
        "scan_time": "2018-10-11 20:03:50",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "c0d40937bc77fa5facd4f08a7f2a74e4b8892cc6306cbf472a1a5045c0c0652a",
        "ratio": "18/26",
        "scan_time": "2018-10-11 19:23:38",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "f8b59451e34354cd82f5a13b63e0b9ea5d982c88c16b7bf9ba41bad983426d70",
        "ratio": "5/26",
        "scan_time": "2018-09-21 19:14:03",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "697c3b1fe1f886f6825c5b00f9185cfe180ae91253d3ea935e9498de8c97d92f",
        "ratio": "9/26",
        "scan_time": "2018-09-21 05:51:01",
        "malware_type": "SoftwareBundler",
        "malware_family": "ICLoader"
      },
      {
        "sha256": "66c302f6557ab3383ae559f5214232e64087c56c76b08fc75380eded732b37cb",
        "ratio": "6/26",
        "scan_time": "2018-09-21 05:31:35",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "1baf005a5d0f6ccc544191290cad02fc686aa065ab963b30f3e252318d9f71c4",
        "ratio": "6/26",
        "scan_time": "2018-09-21 05:26:13",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "b343cca26cd6ca83f903527831c778bafa45908a7b797c04e3f136a61111737f",
        "ratio": "6/26",
        "scan_time": "2018-09-21 05:15:11",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "37cfcbc7ab3cd031b5e23710c4c295bd5a128c68a9257afe95d94df645d3cd68",
        "ratio": "6/26",
        "scan_time": "2018-09-21 03:47:16",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "6dcbf32d8c6695d6070d6d589513da5ee43d95414c1d1f50456db4c2ab3e1ad3",
        "ratio": "11/26",
        "scan_time": "2018-08-23 20:16:15",
        "malware_type": "SoftwareBundler",
        "malware_family": "ICLoader"
      },
      {
        "sha256": "34589e27b7362fcd59c32a8c4ed7995c950c7db265aca58ee121dc091ae321b2",
        "ratio": "7/26",
        "scan_time": "2018-07-10 21:18:39",
        "malware_type": "",
        "malware_family": "Downloader"
      },
      {
        "sha256": "94a7e25aa2e79df2f84fd7a9670c440a8886e5cb37b47eb475bbce3e402fae47",
        "ratio": "3/26",
        "scan_time": "2018-06-16 18:43:28",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "c3589327ad0e848caf61b15c6b61ff234dbdaa28a18ea74e916d04974c471817",
        "ratio": "3/26",
        "scan_time": "2018-06-15 17:52:36",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "2fffb84c9304f0cd47f412229b7f71ba52cf84b5c2526e580a2e0457a28f1d25",
        "ratio": "3/26",
        "scan_time": "2018-06-15 17:47:14",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "c5ecadd07034afcae90d8504d4dc8d52353b1194b811566a0c0f41d4fee50644",
        "ratio": "1/26",
        "scan_time": "2018-06-03 00:12:20",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "efd4c9d36bf59e9c4f3d0e36784c274d890267535a3182b073df1db1ccbd8dcb",
        "ratio": "1/26",
        "scan_time": "2018-05-23 03:05:24",
        "malware_type": "",
        "malware_family": ""
      }
    ],
    "basic": {
      "carrier": "Cloudflare, Inc.",
      "location": {
        "country": "Australia",
        "province": "",
        "city": "",
        "lng": "151.211354",
        "lat": "-33.86264",
        "country_code": "AU"
      }
    },
    "asn": {
      "rank": 4,
      "info": "CLOUDFLARENET, US",
      "number": 13335
    },
    "ports": [
      {
        "port": 80,
        "module": "http",
        "product": "Cloudflare http proxy",
        "version": "",
        "detail": ""
      },
      {
        "port": 443,
        "module": "https",
        "product": "Cloudflare http proxy",
        "version": "",
        "detail": ""
      }
    ],
    "cas": [
      {
        "protocol": "https",
        "port": 443,
        "digital_certificate": {
          "sha256": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699",
          "subject": "cloudflare-dns.com",
          "issuer": "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
          "fingerprint": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e",
          "purpose": "SSL client|SSL server|Any Purpose|Any Purpose CA|OCSP helper",
          "verify": "SHA256withRSA",
          "status": "0",
          "revoked": false,
          "begin": "2025-01-02",
          "end": "2026-01-21",
          "status_desc": "Valid",
          "serial_number": "27dc8c5e17294aec9ed3f67728e8a08",
          "revoked_time": ""
        }
      }
    ],
    "IP": "1.1.1.1"
  },
  "response_code": 200
}

POST

query

IP Intelligence (V1)

curl --request POST \
  --url https://api.threatbook.io/v1/ip/query

{
  "msg": "Success",
  "data": {
    "summary": {
      "judgments": [],
      "whitelist": true,
      "family": [],
      "first_seen": "2020-07-02",
      "last_seen": "2022-09-11",
      "APT": false,
      "threat_actor": [],
      "tag_categories": []
    },
    "intelligences": {
      "threatbook_lab": [
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2021-08-29",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2021-08-30"
        },
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2021-08-29",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2021-08-30"
        },
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2020-07-02",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2022-09-11"
        },
        {
          "source": "ThreatBook Labs",
          "confidence": 100,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2019-05-27",
          "intel_types": [
            "Whitelist"
          ],
          "last_seen": "2020-07-01"
        }
      ],
      "open_source": [
        {
          "source": "phishtank.com",
          "confidence": 55,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2024-07-02",
          "intel_types": [
            "Phishing"
          ],
          "last_seen": "2024-10-25"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2024-02-08",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2025-04-19"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2018-09-13",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2018-09-29"
        },
        {
          "source": "cinsscore.com",
          "confidence": 50,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2018-04-24",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-04-24"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2018-02-24",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-03-10"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-10-11",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2017-10-28"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-10-02",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-04-04"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-07-07",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2025-04-28"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-07-07",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2017-10-23"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": false,
          "intel_tags": [],
          "first_seen": "2017-07-06",
          "intel_types": [
            "Spam"
          ],
          "last_seen": "2018-09-23"
        },
        {
          "source": "Open Source ",
          "confidence": 55,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2020-06-17",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2025-03-21"
        },
        {
          "source": "Open Source ",
          "confidence": 75,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2020-05-07",
          "intel_types": [
            "CDN"
          ],
          "last_seen": "2020-08-25"
        },
        {
          "source": "Open Source ",
          "confidence": 50,
          "expired": true,
          "intel_tags": [
            {
              "tags": [
                "Bitrep"
              ],
              "tags_type": "virus_family"
            }
          ],
          "first_seen": "2018-03-15",
          "intel_types": [
            "C2"
          ],
          "last_seen": "2019-09-18"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2017-07-14",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2023-08-31"
        },
        {
          "source": "Open Source ",
          "confidence": 65,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2017-07-06",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2023-08-31"
        },
        {
          "source": "Open Source ",
          "confidence": 35,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2016-11-10",
          "intel_types": [
            "Malware"
          ],
          "last_seen": "2022-08-08"
        },
        {
          "source": "Open Source ",
          "confidence": 43,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2016-10-06",
          "intel_types": [
            "Suspicious"
          ],
          "last_seen": "2018-06-08"
        },
        {
          "source": "openphish.com",
          "confidence": 26,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2016-09-03",
          "intel_types": [
            "Phishing"
          ],
          "last_seen": "2018-07-15"
        },
        {
          "source": "spamhaus.org",
          "confidence": 69,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2015-12-02",
          "intel_types": [
            "Phishing"
          ],
          "last_seen": "2016-09-25"
        },
        {
          "source": "Open Source ",
          "confidence": 35,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2015-11-25",
          "intel_types": [
            "Exploit",
            "Malware"
          ],
          "last_seen": "2016-05-03"
        },
        {
          "source": "Open Source ",
          "confidence": 75,
          "expired": true,
          "intel_tags": [],
          "first_seen": "2015-08-07",
          "intel_types": [
            "C2"
          ],
          "last_seen": "2016-10-16"
        }
      ]
    },
    "samples": [
      {
        "sha256": "08e9828b447cd3b12ddadf97985f858458d44769a04e7673f72249fc369f5eea",
        "ratio": "9/26",
        "scan_time": "2018-10-12 20:57:32",
        "malware_type": "SoftwareBundler",
        "malware_family": "ICLoader"
      },
      {
        "sha256": "75f515c886b417aa22e41d3b98630a5fe3b7254c25b6eb9c1a0d45d8b02c65b3",
        "ratio": "18/26",
        "scan_time": "2018-10-11 23:43:26",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "2236cd5dde6cb49d555ac787848a46ae9b1fba30928e775fbe750590164b7530",
        "ratio": "17/26",
        "scan_time": "2018-10-11 23:38:49",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "39c73e94d7fce76bb8a66c744a9326953d763795c0a9eafb5aab1e2cdea21482",
        "ratio": "17/26",
        "scan_time": "2018-10-11 21:16:15",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "e9dca6a2cb8642fcffd88e4668b669c110188922b11b88073b1e8fd9663f446c",
        "ratio": "6/26",
        "scan_time": "2018-10-11 20:13:38",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "a657c145a49bb467073b3ad98cbfbe951542ea7f86636696e9c05f701aba59a7",
        "ratio": "16/26",
        "scan_time": "2018-10-11 20:03:50",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "c0d40937bc77fa5facd4f08a7f2a74e4b8892cc6306cbf472a1a5045c0c0652a",
        "ratio": "18/26",
        "scan_time": "2018-10-11 19:23:38",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "f8b59451e34354cd82f5a13b63e0b9ea5d982c88c16b7bf9ba41bad983426d70",
        "ratio": "5/26",
        "scan_time": "2018-09-21 19:14:03",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "697c3b1fe1f886f6825c5b00f9185cfe180ae91253d3ea935e9498de8c97d92f",
        "ratio": "9/26",
        "scan_time": "2018-09-21 05:51:01",
        "malware_type": "SoftwareBundler",
        "malware_family": "ICLoader"
      },
      {
        "sha256": "66c302f6557ab3383ae559f5214232e64087c56c76b08fc75380eded732b37cb",
        "ratio": "6/26",
        "scan_time": "2018-09-21 05:31:35",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "1baf005a5d0f6ccc544191290cad02fc686aa065ab963b30f3e252318d9f71c4",
        "ratio": "6/26",
        "scan_time": "2018-09-21 05:26:13",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "b343cca26cd6ca83f903527831c778bafa45908a7b797c04e3f136a61111737f",
        "ratio": "6/26",
        "scan_time": "2018-09-21 05:15:11",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "37cfcbc7ab3cd031b5e23710c4c295bd5a128c68a9257afe95d94df645d3cd68",
        "ratio": "6/26",
        "scan_time": "2018-09-21 03:47:16",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "6dcbf32d8c6695d6070d6d589513da5ee43d95414c1d1f50456db4c2ab3e1ad3",
        "ratio": "11/26",
        "scan_time": "2018-08-23 20:16:15",
        "malware_type": "SoftwareBundler",
        "malware_family": "ICLoader"
      },
      {
        "sha256": "34589e27b7362fcd59c32a8c4ed7995c950c7db265aca58ee121dc091ae321b2",
        "ratio": "7/26",
        "scan_time": "2018-07-10 21:18:39",
        "malware_type": "",
        "malware_family": "Downloader"
      },
      {
        "sha256": "94a7e25aa2e79df2f84fd7a9670c440a8886e5cb37b47eb475bbce3e402fae47",
        "ratio": "3/26",
        "scan_time": "2018-06-16 18:43:28",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "c3589327ad0e848caf61b15c6b61ff234dbdaa28a18ea74e916d04974c471817",
        "ratio": "3/26",
        "scan_time": "2018-06-15 17:52:36",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "2fffb84c9304f0cd47f412229b7f71ba52cf84b5c2526e580a2e0457a28f1d25",
        "ratio": "3/26",
        "scan_time": "2018-06-15 17:47:14",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "c5ecadd07034afcae90d8504d4dc8d52353b1194b811566a0c0f41d4fee50644",
        "ratio": "1/26",
        "scan_time": "2018-06-03 00:12:20",
        "malware_type": "",
        "malware_family": ""
      },
      {
        "sha256": "efd4c9d36bf59e9c4f3d0e36784c274d890267535a3182b073df1db1ccbd8dcb",
        "ratio": "1/26",
        "scan_time": "2018-05-23 03:05:24",
        "malware_type": "",
        "malware_family": ""
      }
    ],
    "basic": {
      "carrier": "Cloudflare, Inc.",
      "location": {
        "country": "Australia",
        "province": "",
        "city": "",
        "lng": "151.211354",
        "lat": "-33.86264",
        "country_code": "AU"
      }
    },
    "asn": {
      "rank": 4,
      "info": "CLOUDFLARENET, US",
      "number": 13335
    },
    "ports": [
      {
        "port": 80,
        "module": "http",
        "product": "Cloudflare http proxy",
        "version": "",
        "detail": ""
      },
      {
        "port": 443,
        "module": "https",
        "product": "Cloudflare http proxy",
        "version": "",
        "detail": ""
      }
    ],
    "cas": [
      {
        "protocol": "https",
        "port": 443,
        "digital_certificate": {
          "sha256": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699",
          "subject": "cloudflare-dns.com",
          "issuer": "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
          "fingerprint": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e",
          "purpose": "SSL client|SSL server|Any Purpose|Any Purpose CA|OCSP helper",
          "verify": "SHA256withRSA",
          "status": "0",
          "revoked": false,
          "begin": "2025-01-02",
          "end": "2026-01-21",
          "status_desc": "Valid",
          "serial_number": "27dc8c5e17294aec9ed3f67728e8a08",
          "revoked_time": ""
        }
      }
    ],
    "IP": "1.1.1.1"
  },
  "response_code": 200
}

Query Parameters

apikey

string

required

Your API Key.

You are able to get the key on "My API" page of i.threatbook.io.

Kindly note: Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.

resource

string

required

Single IPv4 or IPv6 address to query.

include

string

You are allowed to specify the following arguments to get specific data back. Each of them should be separated by commas if you would like to request more than two of them.

summary: Full summary of the threat intelligence;
intelligences: Original threat intelligence.
samples: Relevant samples;
ports: open ports of the IP;
cas: Relevant certificates of the IP;
basic: Geographic location and carrier, etc.
asn: Asn information.

If you don’t specify this parameter, we will return all data by default.

Response

msg

string

required

Allowed value: "Success"

Allowed value: "Success"

data

object

required

Hide child attributes

data.summary

object

required

Summary of the intelligence determined by ThreatBook
It is produced in a strict quality control process.

Each item includes the following fields:

judgments: Array. Intelligence type of the final verdict by ThreatBook.
whitelist: Boolean.
- true: It is whitelisted.
- false: It is not whitelisted.
APT: Boolean.
- true: It is an APT.
- false: There is not enough evidence to identify whether it is an APT.
threat_actor: Array.
family: Array. Virus or trojan family.
tag_categories: Array. Fields for each item are shown below.
- tag_type: Tag type. For example, "industry".
- tags: Specific tags are under the tag type.
first_seen: String. UTC time of the first discovery of intelligence.
last_seen: String. UTC time of the last discovery of intelligence.

data.intelligences

object

required

Complete original intelligence

Intelligence consists of two parts:

threatbook_lab: The intelligence is produced or discovered by ThreatBook. All the final comprehensive verdicts are determined based on our own intelligence.
- source: Intelligence source.
- first_seen: String. UTC time.
- last_seen: String. UTC time.
- confidence: String. Confidence score. The higher the score, the higher the credibility of the intelligence.
- expired: Boolean.
  - true: This piece of intelligence is expired.
  - false: This piece of intelligence is still valid.
- intel_types: Array. Intelligence type.
- intel_tags: Array. Tags for this intelligence.
open_source: The intelligence is gathered from open source. It is just for reference for our customers; we will not use it in our final verdict.
- All the fields are the same as "threatbook_lab" above.

Open source intelligence includes the following non-exclusive intelligence sources, updating continuously…

data.samples

object[]

required

Relevant samples
It will return up to 20 samples. Each item includes the following fields:

sha256
scan_time
ratio: Detecting by multi-engine antivirus scanners. For example, "1/22" means one of the antivirus scanners considers this sample as malicious.
malware_type
malware_family

data.basic

object

required

Geographic location information

carrier
location
- country
- country_code
- province
- city
- lng: longitude
- lat: latitude

data.asn

object

required

ASN information.

data.ports

object[]

required

Open ports
Each item includes the following fields:

port
module
product
version
detail

data.cas

object[]

required

SSL certificates associated with this IP address
Each item includes the following fields:

protocol
port
digital_certificate: Certificate detail.
- subject
- issuer
- fingerprint
- purpose
- verify: Digital signature algorithm.
- status: There are four status values for the certificate.
  - 0: Normal
  - 1: Expired
  - 2: Invalid
  - 3: Self-signed
- status_desc: Description for the certificate status.
- revoked: Boolean. Indicates whether the certificate is revoked.
- revoke_time: The revoke time for the certificate.
- begin: Effective time of the certificate.
- end: Expiration time of the certificate.
- serial_number: Serial number of the certificate.

data.IP

string

required

IP address for query will be returned.

Please pay attention, IPv6 will be returned in the following format.

For example: 2001:0db8:0000:0000:0001:0000:0000:0000

response_code

integer

required

URL Intelligence Domain Intelligence(v1)