API Documentation
Enrichment
Vulnerabilities
Integration
URL Intelligence (V2)
curl --request POST \
--url https://api.threatbook.io/v2/url/query{
"response_code": 200,
"msg": "Success",
"data": {
"multiengines": {
"threatbook": "whitelist",
"threatcrowd.com": "safe",
"squidblacklist.org": "safe",
"osint.bambenekconsulting.com": "safe",
"malwaredomains.com": "safe",
"malwareconfig.com": "safe",
"cymon.io": "safe",
"cybercrime-tracker.net": "safe",
"circl.lu-misp": "malware",
"alienvault.com": "safe",
"AlienVault-OTX": "safe",
"Google Safebrowsing": "safe"
},
"threat_level": "unknown",
"sandbox": {
"threat_level": "unknown",
"submit_time": "2021-02-04 06:12:03",
"file_name": "allowlist",
"sample_sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"sb_status": "OK",
"sandbox_type": "win10_1903_enx64_office2016",
"tag": {
"s": [
"json"
],
"x": [
"",
""
]
},
"sandbox_type_list": [
"win7_sp1_enx86_office2013",
"win7_sp1_enx64_office2013",
"win10_1903_enx64_office2016"
]
},
"details": {
"headers": {
"X-CDN-TraceID": "0.df2dc017.1758892677.32052bfa",
"X-EventID": "68d6928658de47418e6664d5720929ec",
"Permissions-Policy": "unload=()",
"Connection": "keep-alive",
"P3P": "CP=\"NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND\"",
"X-MSEdge-Ref": "Ref A: 03CF8523D6C7499D93664520AC6F5B41 Ref B: TYO201151004060 Ref C: 2025-09-26T13:17:58Z",
"Date": "Fri, 26 Sep 2025 13:17:58 GMT",
"UserAgentReductionOptOut": "A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=",
"Cache-Control": "public, max-age=3600",
"ETag": "DpuVz2peupDazmhHdjK3mg==",
"Report-To": "{\"group\":\"csp-endpoint\",\"max_age\":86400,\"endpoints\":[{\"url\":\"https://aefd.nelreports.net/api/report?cat=bingcsp\"}]}",
"Content-Security-Policy": "script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-g64bSCNlxMpRWgFmG+SaCfJW+j9m5j1IfL0M6CaWuVU='; base-uri 'self';report-to csp-endpoint",
"Vary": "Accept-Encoding",
"Accept-CH": "Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version",
"Content-Type": "application/json"
},
"lastSeen": "2025-09-26 05:17:57",
"ip": "150.171.27.10",
"finalUrl": "http://www.bing.com/edgepinning/allowlist",
"url": "http://bing.com/edgepinning/allowlist",
"sha256s": [
"c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187"
],
"status": 3,
"httpStatusCode": 200,
"historyScans": [
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
}
]
},
"me_positives": 1,
"me_ratio": "1/12"
}
}Enrichment
URL Intelligence
Retrieve URL scan engine detection results and the analysis results of downloaded files.
POST
/
v2
/
url
/
query
URL Intelligence (V2)
curl --request POST \
--url https://api.threatbook.io/v2/url/query{
"response_code": 200,
"msg": "Success",
"data": {
"multiengines": {
"threatbook": "whitelist",
"threatcrowd.com": "safe",
"squidblacklist.org": "safe",
"osint.bambenekconsulting.com": "safe",
"malwaredomains.com": "safe",
"malwareconfig.com": "safe",
"cymon.io": "safe",
"cybercrime-tracker.net": "safe",
"circl.lu-misp": "malware",
"alienvault.com": "safe",
"AlienVault-OTX": "safe",
"Google Safebrowsing": "safe"
},
"threat_level": "unknown",
"sandbox": {
"threat_level": "unknown",
"submit_time": "2021-02-04 06:12:03",
"file_name": "allowlist",
"sample_sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"sb_status": "OK",
"sandbox_type": "win10_1903_enx64_office2016",
"tag": {
"s": [
"json"
],
"x": [
"",
""
]
},
"sandbox_type_list": [
"win7_sp1_enx86_office2013",
"win7_sp1_enx64_office2013",
"win10_1903_enx64_office2016"
]
},
"details": {
"headers": {
"X-CDN-TraceID": "0.df2dc017.1758892677.32052bfa",
"X-EventID": "68d6928658de47418e6664d5720929ec",
"Permissions-Policy": "unload=()",
"Connection": "keep-alive",
"P3P": "CP=\"NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND\"",
"X-MSEdge-Ref": "Ref A: 03CF8523D6C7499D93664520AC6F5B41 Ref B: TYO201151004060 Ref C: 2025-09-26T13:17:58Z",
"Date": "Fri, 26 Sep 2025 13:17:58 GMT",
"UserAgentReductionOptOut": "A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=",
"Cache-Control": "public, max-age=3600",
"ETag": "DpuVz2peupDazmhHdjK3mg==",
"Report-To": "{\"group\":\"csp-endpoint\",\"max_age\":86400,\"endpoints\":[{\"url\":\"https://aefd.nelreports.net/api/report?cat=bingcsp\"}]}",
"Content-Security-Policy": "script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-g64bSCNlxMpRWgFmG+SaCfJW+j9m5j1IfL0M6CaWuVU='; base-uri 'self';report-to csp-endpoint",
"Vary": "Accept-Encoding",
"Accept-CH": "Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version",
"Content-Type": "application/json"
},
"lastSeen": "2025-09-26 05:17:57",
"ip": "150.171.27.10",
"finalUrl": "http://www.bing.com/edgepinning/allowlist",
"url": "http://bing.com/edgepinning/allowlist",
"sha256s": [
"c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187"
],
"status": 3,
"httpStatusCode": 200,
"historyScans": [
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
},
{
"fileName": "allowlist",
"sha256": "c707737d9b33b1c3f97c58c16557fe522d72d2a787fe3904f3e15853bcdc6187",
"multiEngines": "0/28",
"fileType": "json"
}
]
},
"me_positives": 1,
"me_ratio": "1/12"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.threatbook.io/llms.txt
Use this file to discover all available pages before exploring further.
Query Parameters
Your API Key
You are able to get the key on "My API" page of i.threatbook.io.
Kindly note:
Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.
The URL to be scanned. The URL must be encoded.
⌘I