Get Phishing Domain Threat

Gets a specific phishing domain threat.

Parameters

Parameter	Description
Threat ID	The ID of the threat to be fetched. Threat IDs can be obtained by running the `List Phishing Domain Threats` action.

Example Output

{
    "_id": "5b154ceb3a21b34c6d6e6194",
    "Type": "Phishing",
    "Domain": "exampla.com",
    "Status": "Alert"
    "Assets": [
        {
            "Type": "Domains",
            "Value": "example.com",
            "PermutationName": "ProximityReplacement"
        }
    ],
    "OriginalSourceDate: "2018-01-01T00:00:00.000Z",
    "OriginalSourceDate: "2018-01-02T00:00:00.000Z",
    "LastSourceDate: "2018-01-03T00:00:00.000Z",
    "LastReportDate: "2018-01-04T00:00:00.000Z",
    "FoundDate": "2018-01-01T20:01:27.344Z",
    "AlertIds": ["5c62847fd6d5da985af806cb", "5c628488d6d5da985af806cc"],
    "ImageId": "5c629009d6d5da985af806cd",
    "MonitoredArguments": {
        "Registrar": "example",
        "RegistrationDate": "2018-01-01T00:00:00.000Z",
        "UpdatedDate": "2018-01-02T00:00:00.000Z",
        "ExpirationDate": "2018-01-03T00:00:00.000Z",
        "Registrant": "Example",
        "IsLoginForm": "true",
        "HasHttp": "true",
        "HasHttps": "false",
        "IsCertified": "false",
        "IsInAlexaTop1M": "true", (Deprecated, use "IsPopularWebsite" instead)
        "IsPopularWebsite": "true",
        "IsRedirected": "true",
        "ARecords": ["192.168.1.1"],
        "MXRecords": ["mail.server.net"],
        "NSRecords": ["ns.server.com"]
    }
}

Workflow Library Example

Get Phishing Domain Threat with Rapid7 Threat Command and Send Results Via Email

Preview this Workflow on desktop

Get Phishing Domain Threat

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example