IP Intelligence (V1)
Copy
curl --request POST \
--url https://api.threatbook.io/v1/ip/queryCopy
{
"msg": "Success",
"data": {
"summary": {
"judgments": [],
"whitelist": true,
"family": [],
"first_seen": "2020-07-02",
"last_seen": "2022-09-11",
"APT": false,
"threat_actor": [],
"tag_categories": []
},
"intelligences": {
"threatbook_lab": [
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": false,
"intel_tags": [],
"first_seen": "2021-08-29",
"intel_types": [
"Whitelist"
],
"last_seen": "2021-08-30"
},
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": false,
"intel_tags": [],
"first_seen": "2021-08-29",
"intel_types": [
"Whitelist"
],
"last_seen": "2021-08-30"
},
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": false,
"intel_tags": [],
"first_seen": "2020-07-02",
"intel_types": [
"Whitelist"
],
"last_seen": "2022-09-11"
},
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": true,
"intel_tags": [],
"first_seen": "2019-05-27",
"intel_types": [
"Whitelist"
],
"last_seen": "2020-07-01"
}
],
"open_source": [
{
"source": "phishtank.com",
"confidence": 55,
"expired": false,
"intel_tags": [],
"first_seen": "2024-07-02",
"intel_types": [
"Phishing"
],
"last_seen": "2024-10-25"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2024-02-08",
"intel_types": [
"Suspicious"
],
"last_seen": "2025-04-19"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2018-09-13",
"intel_types": [
"Malware"
],
"last_seen": "2018-09-29"
},
{
"source": "cinsscore.com",
"confidence": 50,
"expired": false,
"intel_tags": [],
"first_seen": "2018-04-24",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-04-24"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2018-02-24",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-03-10"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-10-11",
"intel_types": [
"Suspicious"
],
"last_seen": "2017-10-28"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-10-02",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-04-04"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-07-07",
"intel_types": [
"Malware"
],
"last_seen": "2025-04-28"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-07-07",
"intel_types": [
"Suspicious"
],
"last_seen": "2017-10-23"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-07-06",
"intel_types": [
"Spam"
],
"last_seen": "2018-09-23"
},
{
"source": "Open Source ",
"confidence": 55,
"expired": true,
"intel_tags": [],
"first_seen": "2020-06-17",
"intel_types": [
"Malware"
],
"last_seen": "2025-03-21"
},
{
"source": "Open Source ",
"confidence": 75,
"expired": true,
"intel_tags": [],
"first_seen": "2020-05-07",
"intel_types": [
"CDN"
],
"last_seen": "2020-08-25"
},
{
"source": "Open Source ",
"confidence": 50,
"expired": true,
"intel_tags": [
{
"tags": [
"Bitrep"
],
"tags_type": "virus_family"
}
],
"first_seen": "2018-03-15",
"intel_types": [
"C2"
],
"last_seen": "2019-09-18"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": true,
"intel_tags": [],
"first_seen": "2017-07-14",
"intel_types": [
"Suspicious"
],
"last_seen": "2023-08-31"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": true,
"intel_tags": [],
"first_seen": "2017-07-06",
"intel_types": [
"Suspicious"
],
"last_seen": "2023-08-31"
},
{
"source": "Open Source ",
"confidence": 35,
"expired": true,
"intel_tags": [],
"first_seen": "2016-11-10",
"intel_types": [
"Malware"
],
"last_seen": "2022-08-08"
},
{
"source": "Open Source ",
"confidence": 43,
"expired": true,
"intel_tags": [],
"first_seen": "2016-10-06",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-06-08"
},
{
"source": "openphish.com",
"confidence": 26,
"expired": true,
"intel_tags": [],
"first_seen": "2016-09-03",
"intel_types": [
"Phishing"
],
"last_seen": "2018-07-15"
},
{
"source": "spamhaus.org",
"confidence": 69,
"expired": true,
"intel_tags": [],
"first_seen": "2015-12-02",
"intel_types": [
"Phishing"
],
"last_seen": "2016-09-25"
},
{
"source": "Open Source ",
"confidence": 35,
"expired": true,
"intel_tags": [],
"first_seen": "2015-11-25",
"intel_types": [
"Exploit",
"Malware"
],
"last_seen": "2016-05-03"
},
{
"source": "Open Source ",
"confidence": 75,
"expired": true,
"intel_tags": [],
"first_seen": "2015-08-07",
"intel_types": [
"C2"
],
"last_seen": "2016-10-16"
}
]
},
"samples": [
{
"sha256": "08e9828b447cd3b12ddadf97985f858458d44769a04e7673f72249fc369f5eea",
"ratio": "9/26",
"scan_time": "2018-10-12 20:57:32",
"malware_type": "SoftwareBundler",
"malware_family": "ICLoader"
},
{
"sha256": "75f515c886b417aa22e41d3b98630a5fe3b7254c25b6eb9c1a0d45d8b02c65b3",
"ratio": "18/26",
"scan_time": "2018-10-11 23:43:26",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "2236cd5dde6cb49d555ac787848a46ae9b1fba30928e775fbe750590164b7530",
"ratio": "17/26",
"scan_time": "2018-10-11 23:38:49",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "39c73e94d7fce76bb8a66c744a9326953d763795c0a9eafb5aab1e2cdea21482",
"ratio": "17/26",
"scan_time": "2018-10-11 21:16:15",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "e9dca6a2cb8642fcffd88e4668b669c110188922b11b88073b1e8fd9663f446c",
"ratio": "6/26",
"scan_time": "2018-10-11 20:13:38",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "a657c145a49bb467073b3ad98cbfbe951542ea7f86636696e9c05f701aba59a7",
"ratio": "16/26",
"scan_time": "2018-10-11 20:03:50",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "c0d40937bc77fa5facd4f08a7f2a74e4b8892cc6306cbf472a1a5045c0c0652a",
"ratio": "18/26",
"scan_time": "2018-10-11 19:23:38",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "f8b59451e34354cd82f5a13b63e0b9ea5d982c88c16b7bf9ba41bad983426d70",
"ratio": "5/26",
"scan_time": "2018-09-21 19:14:03",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "697c3b1fe1f886f6825c5b00f9185cfe180ae91253d3ea935e9498de8c97d92f",
"ratio": "9/26",
"scan_time": "2018-09-21 05:51:01",
"malware_type": "SoftwareBundler",
"malware_family": "ICLoader"
},
{
"sha256": "66c302f6557ab3383ae559f5214232e64087c56c76b08fc75380eded732b37cb",
"ratio": "6/26",
"scan_time": "2018-09-21 05:31:35",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "1baf005a5d0f6ccc544191290cad02fc686aa065ab963b30f3e252318d9f71c4",
"ratio": "6/26",
"scan_time": "2018-09-21 05:26:13",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "b343cca26cd6ca83f903527831c778bafa45908a7b797c04e3f136a61111737f",
"ratio": "6/26",
"scan_time": "2018-09-21 05:15:11",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "37cfcbc7ab3cd031b5e23710c4c295bd5a128c68a9257afe95d94df645d3cd68",
"ratio": "6/26",
"scan_time": "2018-09-21 03:47:16",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "6dcbf32d8c6695d6070d6d589513da5ee43d95414c1d1f50456db4c2ab3e1ad3",
"ratio": "11/26",
"scan_time": "2018-08-23 20:16:15",
"malware_type": "SoftwareBundler",
"malware_family": "ICLoader"
},
{
"sha256": "34589e27b7362fcd59c32a8c4ed7995c950c7db265aca58ee121dc091ae321b2",
"ratio": "7/26",
"scan_time": "2018-07-10 21:18:39",
"malware_type": "",
"malware_family": "Downloader"
},
{
"sha256": "94a7e25aa2e79df2f84fd7a9670c440a8886e5cb37b47eb475bbce3e402fae47",
"ratio": "3/26",
"scan_time": "2018-06-16 18:43:28",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "c3589327ad0e848caf61b15c6b61ff234dbdaa28a18ea74e916d04974c471817",
"ratio": "3/26",
"scan_time": "2018-06-15 17:52:36",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "2fffb84c9304f0cd47f412229b7f71ba52cf84b5c2526e580a2e0457a28f1d25",
"ratio": "3/26",
"scan_time": "2018-06-15 17:47:14",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "c5ecadd07034afcae90d8504d4dc8d52353b1194b811566a0c0f41d4fee50644",
"ratio": "1/26",
"scan_time": "2018-06-03 00:12:20",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "efd4c9d36bf59e9c4f3d0e36784c274d890267535a3182b073df1db1ccbd8dcb",
"ratio": "1/26",
"scan_time": "2018-05-23 03:05:24",
"malware_type": "",
"malware_family": ""
}
],
"basic": {
"carrier": "Cloudflare, Inc.",
"location": {
"country": "Australia",
"province": "",
"city": "",
"lng": "151.211354",
"lat": "-33.86264",
"country_code": "AU"
}
},
"asn": {
"rank": 4,
"info": "CLOUDFLARENET, US",
"number": 13335
},
"ports": [
{
"port": 80,
"module": "http",
"product": "Cloudflare http proxy",
"version": "",
"detail": ""
},
{
"port": 443,
"module": "https",
"product": "Cloudflare http proxy",
"version": "",
"detail": ""
}
],
"cas": [
{
"protocol": "https",
"port": 443,
"digital_certificate": {
"sha256": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699",
"subject": "cloudflare-dns.com",
"issuer": "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"fingerprint": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e",
"purpose": "SSL client|SSL server|Any Purpose|Any Purpose CA|OCSP helper",
"verify": "SHA256withRSA",
"status": "0",
"revoked": false,
"begin": "2025-01-02",
"end": "2026-01-21",
"status_desc": "Valid",
"serial_number": "27dc8c5e17294aec9ed3f67728e8a08",
"revoked_time": ""
}
}
],
"IP": "1.1.1.1"
},
"response_code": 200
}Deprecated
IP Intelligence(v1)
IP Intelligence(V1) API provides intelligence labels(intelligence type), relevant threat actors, virus/trojan family, complete original intelligence, as well as associated internet asset and contextual data for each IP address.
POST
/
v1
/
ip
/
query
IP Intelligence (V1)
Copy
curl --request POST \
--url https://api.threatbook.io/v1/ip/queryCopy
{
"msg": "Success",
"data": {
"summary": {
"judgments": [],
"whitelist": true,
"family": [],
"first_seen": "2020-07-02",
"last_seen": "2022-09-11",
"APT": false,
"threat_actor": [],
"tag_categories": []
},
"intelligences": {
"threatbook_lab": [
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": false,
"intel_tags": [],
"first_seen": "2021-08-29",
"intel_types": [
"Whitelist"
],
"last_seen": "2021-08-30"
},
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": false,
"intel_tags": [],
"first_seen": "2021-08-29",
"intel_types": [
"Whitelist"
],
"last_seen": "2021-08-30"
},
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": false,
"intel_tags": [],
"first_seen": "2020-07-02",
"intel_types": [
"Whitelist"
],
"last_seen": "2022-09-11"
},
{
"source": "ThreatBook Labs",
"confidence": 100,
"expired": true,
"intel_tags": [],
"first_seen": "2019-05-27",
"intel_types": [
"Whitelist"
],
"last_seen": "2020-07-01"
}
],
"open_source": [
{
"source": "phishtank.com",
"confidence": 55,
"expired": false,
"intel_tags": [],
"first_seen": "2024-07-02",
"intel_types": [
"Phishing"
],
"last_seen": "2024-10-25"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2024-02-08",
"intel_types": [
"Suspicious"
],
"last_seen": "2025-04-19"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2018-09-13",
"intel_types": [
"Malware"
],
"last_seen": "2018-09-29"
},
{
"source": "cinsscore.com",
"confidence": 50,
"expired": false,
"intel_tags": [],
"first_seen": "2018-04-24",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-04-24"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2018-02-24",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-03-10"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-10-11",
"intel_types": [
"Suspicious"
],
"last_seen": "2017-10-28"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-10-02",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-04-04"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-07-07",
"intel_types": [
"Malware"
],
"last_seen": "2025-04-28"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-07-07",
"intel_types": [
"Suspicious"
],
"last_seen": "2017-10-23"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"first_seen": "2017-07-06",
"intel_types": [
"Spam"
],
"last_seen": "2018-09-23"
},
{
"source": "Open Source ",
"confidence": 55,
"expired": true,
"intel_tags": [],
"first_seen": "2020-06-17",
"intel_types": [
"Malware"
],
"last_seen": "2025-03-21"
},
{
"source": "Open Source ",
"confidence": 75,
"expired": true,
"intel_tags": [],
"first_seen": "2020-05-07",
"intel_types": [
"CDN"
],
"last_seen": "2020-08-25"
},
{
"source": "Open Source ",
"confidence": 50,
"expired": true,
"intel_tags": [
{
"tags": [
"Bitrep"
],
"tags_type": "virus_family"
}
],
"first_seen": "2018-03-15",
"intel_types": [
"C2"
],
"last_seen": "2019-09-18"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": true,
"intel_tags": [],
"first_seen": "2017-07-14",
"intel_types": [
"Suspicious"
],
"last_seen": "2023-08-31"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": true,
"intel_tags": [],
"first_seen": "2017-07-06",
"intel_types": [
"Suspicious"
],
"last_seen": "2023-08-31"
},
{
"source": "Open Source ",
"confidence": 35,
"expired": true,
"intel_tags": [],
"first_seen": "2016-11-10",
"intel_types": [
"Malware"
],
"last_seen": "2022-08-08"
},
{
"source": "Open Source ",
"confidence": 43,
"expired": true,
"intel_tags": [],
"first_seen": "2016-10-06",
"intel_types": [
"Suspicious"
],
"last_seen": "2018-06-08"
},
{
"source": "openphish.com",
"confidence": 26,
"expired": true,
"intel_tags": [],
"first_seen": "2016-09-03",
"intel_types": [
"Phishing"
],
"last_seen": "2018-07-15"
},
{
"source": "spamhaus.org",
"confidence": 69,
"expired": true,
"intel_tags": [],
"first_seen": "2015-12-02",
"intel_types": [
"Phishing"
],
"last_seen": "2016-09-25"
},
{
"source": "Open Source ",
"confidence": 35,
"expired": true,
"intel_tags": [],
"first_seen": "2015-11-25",
"intel_types": [
"Exploit",
"Malware"
],
"last_seen": "2016-05-03"
},
{
"source": "Open Source ",
"confidence": 75,
"expired": true,
"intel_tags": [],
"first_seen": "2015-08-07",
"intel_types": [
"C2"
],
"last_seen": "2016-10-16"
}
]
},
"samples": [
{
"sha256": "08e9828b447cd3b12ddadf97985f858458d44769a04e7673f72249fc369f5eea",
"ratio": "9/26",
"scan_time": "2018-10-12 20:57:32",
"malware_type": "SoftwareBundler",
"malware_family": "ICLoader"
},
{
"sha256": "75f515c886b417aa22e41d3b98630a5fe3b7254c25b6eb9c1a0d45d8b02c65b3",
"ratio": "18/26",
"scan_time": "2018-10-11 23:43:26",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "2236cd5dde6cb49d555ac787848a46ae9b1fba30928e775fbe750590164b7530",
"ratio": "17/26",
"scan_time": "2018-10-11 23:38:49",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "39c73e94d7fce76bb8a66c744a9326953d763795c0a9eafb5aab1e2cdea21482",
"ratio": "17/26",
"scan_time": "2018-10-11 21:16:15",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "e9dca6a2cb8642fcffd88e4668b669c110188922b11b88073b1e8fd9663f446c",
"ratio": "6/26",
"scan_time": "2018-10-11 20:13:38",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "a657c145a49bb467073b3ad98cbfbe951542ea7f86636696e9c05f701aba59a7",
"ratio": "16/26",
"scan_time": "2018-10-11 20:03:50",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "c0d40937bc77fa5facd4f08a7f2a74e4b8892cc6306cbf472a1a5045c0c0652a",
"ratio": "18/26",
"scan_time": "2018-10-11 19:23:38",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "f8b59451e34354cd82f5a13b63e0b9ea5d982c88c16b7bf9ba41bad983426d70",
"ratio": "5/26",
"scan_time": "2018-09-21 19:14:03",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "697c3b1fe1f886f6825c5b00f9185cfe180ae91253d3ea935e9498de8c97d92f",
"ratio": "9/26",
"scan_time": "2018-09-21 05:51:01",
"malware_type": "SoftwareBundler",
"malware_family": "ICLoader"
},
{
"sha256": "66c302f6557ab3383ae559f5214232e64087c56c76b08fc75380eded732b37cb",
"ratio": "6/26",
"scan_time": "2018-09-21 05:31:35",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "1baf005a5d0f6ccc544191290cad02fc686aa065ab963b30f3e252318d9f71c4",
"ratio": "6/26",
"scan_time": "2018-09-21 05:26:13",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "b343cca26cd6ca83f903527831c778bafa45908a7b797c04e3f136a61111737f",
"ratio": "6/26",
"scan_time": "2018-09-21 05:15:11",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "37cfcbc7ab3cd031b5e23710c4c295bd5a128c68a9257afe95d94df645d3cd68",
"ratio": "6/26",
"scan_time": "2018-09-21 03:47:16",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "6dcbf32d8c6695d6070d6d589513da5ee43d95414c1d1f50456db4c2ab3e1ad3",
"ratio": "11/26",
"scan_time": "2018-08-23 20:16:15",
"malware_type": "SoftwareBundler",
"malware_family": "ICLoader"
},
{
"sha256": "34589e27b7362fcd59c32a8c4ed7995c950c7db265aca58ee121dc091ae321b2",
"ratio": "7/26",
"scan_time": "2018-07-10 21:18:39",
"malware_type": "",
"malware_family": "Downloader"
},
{
"sha256": "94a7e25aa2e79df2f84fd7a9670c440a8886e5cb37b47eb475bbce3e402fae47",
"ratio": "3/26",
"scan_time": "2018-06-16 18:43:28",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "c3589327ad0e848caf61b15c6b61ff234dbdaa28a18ea74e916d04974c471817",
"ratio": "3/26",
"scan_time": "2018-06-15 17:52:36",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "2fffb84c9304f0cd47f412229b7f71ba52cf84b5c2526e580a2e0457a28f1d25",
"ratio": "3/26",
"scan_time": "2018-06-15 17:47:14",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "c5ecadd07034afcae90d8504d4dc8d52353b1194b811566a0c0f41d4fee50644",
"ratio": "1/26",
"scan_time": "2018-06-03 00:12:20",
"malware_type": "",
"malware_family": ""
},
{
"sha256": "efd4c9d36bf59e9c4f3d0e36784c274d890267535a3182b073df1db1ccbd8dcb",
"ratio": "1/26",
"scan_time": "2018-05-23 03:05:24",
"malware_type": "",
"malware_family": ""
}
],
"basic": {
"carrier": "Cloudflare, Inc.",
"location": {
"country": "Australia",
"province": "",
"city": "",
"lng": "151.211354",
"lat": "-33.86264",
"country_code": "AU"
}
},
"asn": {
"rank": 4,
"info": "CLOUDFLARENET, US",
"number": 13335
},
"ports": [
{
"port": 80,
"module": "http",
"product": "Cloudflare http proxy",
"version": "",
"detail": ""
},
{
"port": 443,
"module": "https",
"product": "Cloudflare http proxy",
"version": "",
"detail": ""
}
],
"cas": [
{
"protocol": "https",
"port": 443,
"digital_certificate": {
"sha256": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699",
"subject": "cloudflare-dns.com",
"issuer": "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"fingerprint": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e",
"purpose": "SSL client|SSL server|Any Purpose|Any Purpose CA|OCSP helper",
"verify": "SHA256withRSA",
"status": "0",
"revoked": false,
"begin": "2025-01-02",
"end": "2026-01-21",
"status_desc": "Valid",
"serial_number": "27dc8c5e17294aec9ed3f67728e8a08",
"revoked_time": ""
}
}
],
"IP": "1.1.1.1"
},
"response_code": 200
}Query Parameters
Your API Key.
You are able to get the key on "My API" page of i.threatbook.io.
Kindly note: Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.
Single IPv4 or IPv6 address to query.
You are allowed to specify the following arguments to get specific data back. Each of them should be separated by commas if you would like to request more than two of them.
- summary: Full summary of the threat intelligence;
- intelligences: Original threat intelligence.
- samples: Relevant samples;
- ports: open ports of the IP;
- cas: Relevant certificates of the IP;
- basic: Geographic location and carrier, etc.
- asn: Asn information.
If you don’t specify this parameter, we will return all data by default.
Response
Allowed value: "Success"
Allowed value:
"Success"Show child attributes
Show child attributes
Summary of the intelligence determined by ThreatBook
It is produced in a strict quality control process.
Each item includes the following fields:
- judgments: Array. Intelligence type of the final verdict by ThreatBook.
- whitelist: Boolean.
true: It is whitelisted.false: It is not whitelisted.
- APT: Boolean.
true: It is an APT.false: There is not enough evidence to identify whether it is an APT.
- threat_actor: Array.
- family: Array. Virus or trojan family.
- tag_categories: Array. Fields for each item are shown below.
- tag_type: Tag type. For example,
"industry". - tags: Specific tags are under the tag type.
- tag_type: Tag type. For example,
- first_seen: String. UTC time of the first discovery of intelligence.
- last_seen: String. UTC time of the last discovery of intelligence.
Complete original intelligence
Intelligence consists of two parts:
-
threatbook_lab: The intelligence is produced or discovered by ThreatBook. All the final comprehensive verdicts are determined based on our own intelligence.
- source: Intelligence source.
- first_seen: String. UTC time.
- last_seen: String. UTC time.
- confidence: String. Confidence score. The higher the score, the higher the credibility of the intelligence.
- expired: Boolean.
true: This piece of intelligence is expired.false: This piece of intelligence is still valid.
- intel_types: Array. Intelligence type.
- intel_tags: Array. Tags for this intelligence.
-
open_source: The intelligence is gathered from open source. It is just for reference for our customers; we will not use it in our final verdict.
- All the fields are the same as "threatbook_lab" above.
Open source intelligence includes the following non-exclusive intelligence sources, updating continuously…
Relevant samples
It will return up to 20 samples. Each item includes the following fields:
- sha256
- scan_time
- ratio: Detecting by multi-engine antivirus scanners. For example,
"1/22"means one of the antivirus scanners considers this sample as malicious. - malware_type
- malware_family
Geographic location information
- carrier
- location
- country
- country_code
- province
- city
- lng: longitude
- lat: latitude
ASN information.
Open ports
Each item includes the following fields:
- port
- module
- product
- version
- detail
SSL certificates associated with this IP address
Each item includes the following fields:
- protocol
- port
- digital_certificate: Certificate detail.
- subject
- issuer
- fingerprint
- purpose
- verify: Digital signature algorithm.
- status: There are four status values for the certificate.
0: Normal1: Expired2: Invalid3: Self-signed
- status_desc: Description for the certificate status.
- revoked: Boolean. Indicates whether the certificate is revoked.
- revoke_time: The revoke time for the certificate.
- begin: Effective time of the certificate.
- end: Expiration time of the certificate.
- serial_number: Serial number of the certificate.
IP address for query will be returned.
Please pay attention, IPv6 will be returned in the following format.
For example: 2001:0db8:0000:0000:0001:0000:0000:0000
⌘I