API Documentation
Enrichment
Vulnerabilities
Integration
URL Intelligence (V2)
Copy
curl --request POST \
--url https://api.threatbook.io/v2/url/queryCopy
{
"response_code": 200,
"msg": "Success",
"data": {
"multiengines": {
"threatbook": "whitelist",
"threatcrowd.com": "safe",
"squidblacklist.org": "safe",
"osint.bambenekconsulting.com": "safe",
"malwaredomains.com": "safe",
"malwareconfig.com": "safe",
"cymon.io": "safe",
"cybercrime-tracker.net": "safe",
"circl.lu-misp": "malware",
"alienvault.com": "safe",
"AlienVault-OTX": "safe",
"Google Safebrowsing": "safe"
},
"threat_level": "unknown",
"sandbox": {
"threat_level": "unknown",
"submit_time": "2021-02-04 06:12:03",
"file_name": "allowlist",
"sample_sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"sb_status": "OK",
"sandbox_type": "win10_1903_enx64_office2016",
"tag": {
"s": [
"json"
],
"x": [
"",
""
]
},
"sandbox_type_list": [
"win7_sp1_enx86_office2013",
"win7_sp1_enx64_office2013",
"win10_1903_enx64_office2016"
]
},
"details": {
"headers": {
"X-CDN-TraceID": "0.df2dc017.1758892677.32052bfa",
"X-EventID": "68d6928658de47418e6664d5720929ec",
"Permissions-Policy": "unload=()",
"Connection": "keep-alive",
"P3P": "CP=\"NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND\"",
"X-MSEdge-Ref": "Ref A: 03CF8523D6C7499D93664520AC6F5B41 Ref B: TYO201151004060 Ref C: 2025-09-26T13:17:58Z",
"Date": "Fri, 26 Sep 2025 13:17:58 GMT",
"UserAgentReductionOptOut": "A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=",
"Cache-Control": "public, max-age=3600",
"ETag": "DpuVz2peupDazmhHdjK3mg==",
"Report-To": "{\"group\":\"csp-endpoint\",\"max_age\":86400,\"endpoints\":[{\"url\":\"https://aefd.nelreports.net/api/report?cat=bingcsp\"}]}",
"Content-Security-Policy": "script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-g64bSCNlxMpRWgFmG+SaCfJW+j9m5j1IfL0M6CaWuVU='; base-uri 'self';report-to csp-endpoint",
"Vary": "Accept-Encoding",
"Accept-CH": "Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version",
"Content-Type": "application/json"
},
"lastSeen": "2025-09-26 05:17:57",
"ip": "150.171.27.10",
"finalUrl": "http://www.bing.com/edgepinning/allowlist",
"url": "http://bing.com/edgepinning/allowlist",
"sha256s": [
"c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187"
],
"status": 3,
"httpStatusCode": 200,
"historyScans": [
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
}
]
},
"me_positives": 1,
"me_ratio": "1/12"
}
}Enrichment
URL Intelligence
Retrieve URL scan engine detection results and the analysis results of downloaded files.
POST
/
v2
/
url
/
query
URL Intelligence (V2)
Copy
curl --request POST \
--url https://api.threatbook.io/v2/url/queryCopy
{
"response_code": 200,
"msg": "Success",
"data": {
"multiengines": {
"threatbook": "whitelist",
"threatcrowd.com": "safe",
"squidblacklist.org": "safe",
"osint.bambenekconsulting.com": "safe",
"malwaredomains.com": "safe",
"malwareconfig.com": "safe",
"cymon.io": "safe",
"cybercrime-tracker.net": "safe",
"circl.lu-misp": "malware",
"alienvault.com": "safe",
"AlienVault-OTX": "safe",
"Google Safebrowsing": "safe"
},
"threat_level": "unknown",
"sandbox": {
"threat_level": "unknown",
"submit_time": "2021-02-04 06:12:03",
"file_name": "allowlist",
"sample_sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"sb_status": "OK",
"sandbox_type": "win10_1903_enx64_office2016",
"tag": {
"s": [
"json"
],
"x": [
"",
""
]
},
"sandbox_type_list": [
"win7_sp1_enx86_office2013",
"win7_sp1_enx64_office2013",
"win10_1903_enx64_office2016"
]
},
"details": {
"headers": {
"X-CDN-TraceID": "0.df2dc017.1758892677.32052bfa",
"X-EventID": "68d6928658de47418e6664d5720929ec",
"Permissions-Policy": "unload=()",
"Connection": "keep-alive",
"P3P": "CP=\"NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND\"",
"X-MSEdge-Ref": "Ref A: 03CF8523D6C7499D93664520AC6F5B41 Ref B: TYO201151004060 Ref C: 2025-09-26T13:17:58Z",
"Date": "Fri, 26 Sep 2025 13:17:58 GMT",
"UserAgentReductionOptOut": "A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=",
"Cache-Control": "public, max-age=3600",
"ETag": "DpuVz2peupDazmhHdjK3mg==",
"Report-To": "{\"group\":\"csp-endpoint\",\"max_age\":86400,\"endpoints\":[{\"url\":\"https://aefd.nelreports.net/api/report?cat=bingcsp\"}]}",
"Content-Security-Policy": "script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-g64bSCNlxMpRWgFmG+SaCfJW+j9m5j1IfL0M6CaWuVU='; base-uri 'self';report-to csp-endpoint",
"Vary": "Accept-Encoding",
"Accept-CH": "Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version",
"Content-Type": "application/json"
},
"lastSeen": "2025-09-26 05:17:57",
"ip": "150.171.27.10",
"finalUrl": "http://www.bing.com/edgepinning/allowlist",
"url": "http://bing.com/edgepinning/allowlist",
"sha256s": [
"c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187"
],
"status": 3,
"httpStatusCode": 200,
"historyScans": [
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
}
]
},
"me_positives": 1,
"me_ratio": "1/12"
}
}Query Parameters
Your API Key
You are able to get the key on "My API" page of i.threatbook.io.
Kindly note:
Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.
The URL to be scanned. The URL must be encoded.
⌘I