Threat intelligence API Docs Pricing Resources Contact us

Threat intelligence API docs

Domain Reputation API

Evaluate a domain's reputation based on numerous security data sources as well as on an instant host's audit procedure. For a given domain name or IPv4 address, collect and evaluate over 120 parameters and calculate the resulting reputation score.

GEThttps://api.threatintelligenceplatform.com/v1/reputation?domainName=threatintelligenceplatform.com&mode=fast&apiKey=YOUR_API_KEY

Input parameters


Parameter
Type
What it means
domainName (required) string The target domain name or IPv4 address.
apiKey (required) string Get your personal API KEY on My subscriptions page.
mode (optional) string

TIP can check your domain in 2 modes:

  • fast (default) some heavy tests and data collectors will be disabled.
  • full all the data and the tests will be processed like the TIP web tool does.

The data returned


Field
Type
What it means
reputationScore integer Composite safety score based on numerous security data sources. 0 is dangerous, and 100 is safe.
testResults[0].test string

The test name which reduced the final score.

By now, the following tests are available:

  • Open ports and services
  • WHOIS Domain check
  • WHOIS Domain status
  • Host configuration issues
  • Mail servers response
  • Malware databases check
  • Mail servers configuration check
  • WHOIS and DNS name servers match
  • Name servers response
  • Name servers configuration check
  • Name servers configuration meets best practices
  • Potentially dangerous content
  • Mail servers Real-time blackhole check
  • Mail servers Reverse IP addresses match
  • SOA record configuration check
  • SSL certificate validity
  • SSL vulnerabilities
testResults[0].warnings string[] The list of warnings detected during the test execution.

Sample output


{
    "reputationScore": 97.51,
    "testResults": [
        {
            "test": "Name servers configuration meets best practices",
            "warnings": [
                "Some name servers are located on a single ASN: ns68.domaincontrol.com - AS26496, ns67.domaincontrol.com - AS26496"
            ]
        },
        {
            "test": "SOA record configuration check",
            "warnings": [
                "The minimum TTL is 600. Recommended range is [3600 .. 86400]"
            ]
        },
        ...
}

Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to