Skip to main content
POST
/
v2
/
ip
/
query
IP Intelligence (V2)
curl --request POST \
  --url https://api.threatbook.io/v2/ip/query
{
  "response_code": 200,
  "msg": "Success",
  "data": {
    "basic": {
      "carrier": "Cloudflare, Inc.",
      "location": {
        "country": "United States",
        "province": "",
        "city": "",
        "lng": "-101.407912",
        "lat": "39.765054",
        "country_code": "US"
      }
    },
    "threat_types": [
      "Whitelist"
    ],
    "verdict": "benign",
    "inbound_verdict": "benign",
    "outbound_verdict": "benign",
    "intel_labels": [],
    "is_highly_active": false,
    "seen_in_honeypot": false,
    "intelligences": [
      {
        "confidence": 100,
        "expired": false,
        "find_time": "2020-07-02 08:23:09",
        "intel_types": [
          "Whitelist"
        ],
        "intel_labels": [],
        "update_time": "2023-05-14 14:37:15"
      },
      {
        "confidence": 100,
        "expired": true,
        "find_time": "2019-05-27 19:34:00",
        "intel_types": [
          "Whitelist"
        ],
        "intel_labels": [],
        "update_time": "2020-07-01 14:52:24"
      }
    ]
  },
  "samples": [
    {
      "sha256": "08e9828b447cd3b12ddadf97985f858458d44769a04e7673f72249fc369f5eea",
      "ratio": "9/26",
      "scan_time": "2018-10-12 20:57:32",
      "malware_type": "SoftwareBundler",
      "malware_family": "ICLoader"
    },
    {
      "sha256": "75f515c886b417aa22e41d3b98630a5fe3b7254c25b6eb9c1a0d45d8b02c65b3",
      "ratio": "18/26",
      "scan_time": "2018-10-11 23:43:26",
      "malware_type": "",
      "malware_family": ""
    },
    {
      "sha256": "c0d40937bc77fa5facd4f08a7f2a74e4b8892cc6306cbf472a1a5045c0c0652a",
      "ratio": "12/26",
      "scan_time": "2018-10-11 19:23:38",
      "malware_type": "",
      "malware_family": ""
    },
    {
      "sha256": "66c302f6557ab3383ae559f5214232e64087c56c76b08fc75380eded732b37cb",
      "ratio": "6/26",
      "scan_time": "2018-09-21 05:31:35",
      "malware_type": "",
      "malware_family": ""
    },
    {
      "sha256": "1baf005a5d0f6ccc544191290cad02fc686aa065ab963b30f3e252318d9f71c4",
      "ratio": "6/26",
      "scan_time": "2018-09-21 05:26:13",
      "malware_type": "",
      "malware_family": ""
    },
    {
      "sha256": "efd4c9d36bf59e9c4f3d0e36784c274d890267535a3182b073df1db1ccbd8dcb",
      "ratio": "1/26",
      "scan_time": "2018-05-23 03:05:24",
      "malware_type": "",
      "malware_family": ""
    }
  ],
  "asn": {
    "rank": 4,
    "info": "CLOUDFLARENET, US",
    "number": 13335
  },
  "ssl_certs": [
    {
      "protocol": "https",
      "port": 443,
      "period": [],
      "digital_certificate": {
        "sha256": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699",
        "subject": "cloudflare-dns.com",
        "issuer": "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
        "fingerprint": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e",
        "purpose": "SSL client|SSL server|Any Purpose|Any Purpose CA|OCSP helper",
        "verify": "SHA256withRSA",
        "status": "0",
        "revoked": false,
        "begin": "2025-01-02",
        "end": "2026-01-21",
        "status_desc": "Valid",
        "serial_number": "27dc8c5e17294aec9ed3f67728e8a08",
        "revoked_time": ""
      }
    },
    {
      "protocol": "https",
      "port": 443,
      "period": [],
      "digital_certificate": {
        "sha256": "f380cf2805268c47602eea2941b5f6f361c453d0ad3a504652cc83c53bd8e198",
        "subject": "kosmos4770.top",
        "issuer": "WE1",
        "fingerprint": "e753b0d29a651af5ebd3f19db66608cea4b86fcd",
        "purpose": "SSL server|Any Purpose|Any Purpose CA|OCSP helper",
        "verify": "SHA256withECDSA",
        "status": "1",
        "revoked": false,
        "begin": "2025-06-20",
        "end": "2025-09-18",
        "status_desc": "Expired",
        "serial_number": "ddfa47ab063dfbc40ea0f14f3ac27b32",
        "revoked_time": ""
      }
    },
    {
      "protocol": "https",
      "port": 443,
      "period": [],
      "digital_certificate": {
        "sha256": "9f1d849073f8b93b6032dcb0148a936c3dd77e2e4ebe9f6ba6b0f75d71107cf9",
        "subject": "www.paradoxfwc.com",
        "issuer": "WE1",
        "fingerprint": "de76416fb1695a995bbc96baa8a35e86c6e2f91d",
        "purpose": "SSL server|Any Purpose|Any Purpose CA|OCSP helper",
        "verify": "SHA256withECDSA",
        "status": "1",
        "revoked": false,
        "begin": "2025-06-28",
        "end": "2025-09-26",
        "status_desc": "Expired",
        "serial_number": "c50cee2014a63c2911c04140c3a4b2a2",
        "revoked_time": ""
      }
    }
  ],
  "update_time": "2023-05-14 14:37:15",
  "pdns_count": "993",
  "scene": ""
}

Query Parameters

apikey
string
required

Your API Key.

You are able to get the key on "My API" page of i.threatbook.io.

Kindly note:

Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.

resource
string
required

Single IPv4 or IPv6 address to query.

exclude
string

You can exclude the following parameters from the response based on actual usage scenarios. When specifying multiple parameters, separate them with commas (note: do not include spaces).

  • asn: ASN information.
  • ssl_certs: SSL certificate and related information.
  • intelligences: Threat intelligence.
  • judgments: Threat types derived from threat intelligence through comprehensive analysis.
  • tags_classes: Tags related to attack groups or security incidents.
  • samples: Related samples.
  • update_time: Latest update time of the intelligence.
  • pdns_count: Number of currently pointing domains.
  • scene: Application scenario.

If you don’t specify this parameter, we will return all data by default.

Response

msg
string
required
response_code
integer
required
data
object
required