Skip to main content

Get Phishing Domain Threat

Gets a specific phishing domain threat.

Parameters

ParameterDescription
Threat IDThe ID of the threat to be fetched. Threat IDs can be obtained by running the List Phishing Domain Threats action.

Example Output

{
"_id": "5b154ceb3a21b34c6d6e6194",
"Type": "Phishing",
"Domain": "exampla.com",
"Status": "Alert"
"Assets": [
{
"Type": "Domains",
"Value": "example.com",
"PermutationName": "ProximityReplacement"
}
],
"OriginalSourceDate: "2018-01-01T00:00:00.000Z",
"OriginalSourceDate: "2018-01-02T00:00:00.000Z",
"LastSourceDate: "2018-01-03T00:00:00.000Z",
"LastReportDate: "2018-01-04T00:00:00.000Z",
"FoundDate": "2018-01-01T20:01:27.344Z",
"AlertIds": ["5c62847fd6d5da985af806cb", "5c628488d6d5da985af806cc"],
"ImageId": "5c629009d6d5da985af806cd",
"MonitoredArguments": {
"Registrar": "example",
"RegistrationDate": "2018-01-01T00:00:00.000Z",
"UpdatedDate": "2018-01-02T00:00:00.000Z",
"ExpirationDate": "2018-01-03T00:00:00.000Z",
"Registrant": "Example",
"IsLoginForm": "true",
"HasHttp": "true",
"HasHttps": "false",
"IsCertified": "false",
"IsInAlexaTop1M": "true", (Deprecated, use "IsPopularWebsite" instead)
"IsPopularWebsite": "true",
"IsRedirected": "true",
"ARecords": ["192.168.1.1"],
"MXRecords": ["mail.server.net"],
"NSRecords": ["ns.server.com"]
}
}

Workflow Library Example

Get Phishing Domain Threat with Rapid7 Threat Command and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop