Skip to main content

URL Intel

Prevent users from posting content containing links pointing to known malicious URLs. Use URL Intel to identify malicious and suspicious content.

Developer Resources

Are Reddit post links malicious?

Quick View

What it doesRetrieves intelligence about known URLs. Through a combination of providers, you gain access to the disposition of millions of URLs.
Supported Languages
Capabilities
  • Look up the reputation score of an URL
  • Retrieve a detailed intelligence report for a URL
Supported Providers

Benefits of using URL Intel service

Pangea serves intelligence data from third party providers, normalizing response data, to help you quickly identify malicious URLs. All of this happens through a unified API and SDK - with no contracts or direct integrations with the provider required.

For example, if you set CrowdStrike as your default provider, you’ll receive a standard verdict that can be easily interpreted in the API response. Armed with this information, you might choose to redact the URL from user-provided data, or block the URL in your environment.

Here are some of the helpful fields returned by the URL Intel service:

verdict

The verdict normalized categorization as interpreted by the data returned by the third party provider. There are four possible verdicts:

  • Benign - Confirmed as non-malicious

  • Suspicious - Associated with actions that are malicious

  • Malicious - Confirmed as malicious

  • Unknown - No data

score

The normalized score as interpreted by the data returned by the third party provider. Scores are associated with the verdict values listed above:

  • 0 = Benign

  • 1 - 99 = Suspicious

  • 100 = Malicious

  • -1 = Unknown

summary

A summary of the various categories associated with a URL, which help illustrate why a URL received a particular verdict.

category

Indicates the category associated with the URL (e.g. Adware, Malware). This field may return more than one category and may, at times, not be populated.

raw

Raw data returned by the provider you specified in the API request. You can investigate the raw data if its meaningful to your use case or if you want to supply it to your users. You must set the raw field to true to receive this data.

Use Cases

The URL Intel API can be embedded directly into your cloud app to determine if URLs are known to be malicious. Common use cases include: Extract, evaluate, and redact malicious URLs from publicly viewable, user-provided data - e.g., forum comments, discussion posts.

  • Check URLs embedded in user-uploaded documents.
  • Check unknown/rare URLs from web proxy logs.
  • Check URLs from statically or dynamically analyzed files

Was this article helpful?

Contact us