Skip to main content


Read about the basics of URL Intel

Quick View

What it doesRetrieves reputation score of a submitted URL
Supported Languages
  • Look up the reputation score of an URL
  • Retrieve a detailed intelligence report for a URL
Supported Providers

About URL Intel service

The URL Intel service allows you to retrieve intelligence about known URLs. Through a combination of providers, you gain access to the disposition of millions of URLs.

Benefits of using URL Intel service

Pangea serves intelligence data from third party providers, normalizing response data, to help you quickly identify malicious URLs. All of this happens through a unified API and SDK - with no contracts or direct integrations with the provider required.

For example, if you set CrowdStrike as your default provider, you’ll receive a standard verdict that can be easily interpreted in the API response. Armed with this information, you might choose to redact the URL from user-provided data, or block the URL in your environment.

Here are some of the helpful fields returned by the URL Intel service:


The verdict normalized categorization as interpreted by the data returned by the third party provider. There are four possible verdicts:

  • Benign - Confirmed as non-malicious

  • Suspicious - Associated with actions that are malicious

  • Malicious - Confirmed as malicious

  • Unknown - No data


The normalized score as interpreted by the data returned by the third party provider. Scores are associated with the verdict values listed above:

  • 0 = Benign

  • 1 - 99 = Suspicious

  • 100 = Malicious

  • -1 = Unknown


A summary of the various categories associated with a URL, which help illustrate why a URL received a particular verdict.


Indicates the category associated with the URL (e.g. Adware, Malware). This field may return more than one category and may, at times, not be populated.


Raw data returned by the provider you specified in the API request. You can investigate the raw data if its meaningful to your use case or if you want to supply it to your users. You must set the raw field to true to receive this data.

Use Cases

The URL Intel API can be embedded directly into your cloud app to determine if URLs are known to be malicious. Common use cases include: Extract, evaluate, and redact malicious URLs from publicly viewable, user-provided data - e.g., forum comments, discussion posts.

  • Check URLs embedded in user-uploaded documents.
  • Check unknown/rare URLs from web proxy logs.
  • Check URLs from statically or dynamically analyzed files

Was this article helpful?

Contact us