×
APIVoid

Overview

Security Flow APIVoid Plugin exposes and automates APIVoid functionality. APIVoid is a service that analyzes URLs and IPs using multiple online threat intelligence engines to detect malicious URLs and IPs.

Functionality

The APIVoid Plugin provides the functionality to gather threat intelligence on URLs and IPs.

Instance Configuration Parameters

Property
Description

Instance Name

Name for the APIVoid instance.


Api Key

Api key used to access the APIVoid services.

Flow Node

Communication node which controls the Nevelex Labs APIVoid Plugin Instance according to the specified node configuration.
Property
Description

Name

The display name of the node within the flows.


Action

Communication node which controls the Nevelex Labs APIVoid Plugin Instance according to the specified node configuration.

  • Search Within: dynamically search in the message
  • URL Report: Request a report for the specified URL or Domain
  • IP Report: Request a report for the specified IP

Search Within / URL / IP

This field defines the location from the message, flow, global, or JavaScript expression to use as the data source for the site. Additionally, the node context can also be changed. The following contexts are supported:

  • msg: This selects part of the incoming message as the source of the data. This is typical choice.
  • flow: This selects part of the flow context’s saved data as the source. This information is shared with only the nodes on a given tab.
  • global: This selects part of the global context’s saved data as the source. This information is shared by all nodes regardless of tab.
  • J: expression: JSONata expression language to perform query and transform operations on the payload.
Analyzes the results from the NL-APIVoid node.
Property
Description

Name

The display name of the node within the flows.


Audit Missing Report

If checked, a missing report will be added to the Incident’s timeline.

Learn More

JSON Message Format

The following samples show the JSON content added to the message payload, which conform to Node Messaging Format. The content exists within the apivoid object.

Success

The italicized, green text is inserted into the message payload upon a successful request. The node in the following sample used “google.com” as input:

"payload": {
   "apivoid": {  
      "topic":"/nevelexlabs/service/apivoid/url/report",
      "response":{  
         "data":{  
            "report":{  
               "blacklists":{  
                  "engines":{  
                     "0":{  
                        "engine":"Phishing Test",
                        "detected":false,
                        "reference":"https://www.novirusthanks.org/",
                        "confidence":"low",
                        "elapsed":"0.00"
                     },
                     "1":{  
                        "engine":"Scam Test",
                        "detected":false,
                        "reference":"https://www.novirusthanks.org/",
                        "confidence":"low",
                        "elapsed":"0.00"
                     },
                     "2":{  
                        "engine":"Sinkholed Domain",
                        "detected":false,
                        "reference":"https://www.novirusthanks.org/",
                        "confidence":"low",
                        "elapsed":"0.00"
                     },
                     "3":{  
                        "engine":"SpamhausDBL",
                        "detected":false,
                        "reference":"https://www.spamhaus.org/lookup/",
                        "confidence":"high",
                        "elapsed":"0.09"
                     },
                     "4":{  
                        "engine":"Badbitcoin",
                        "detected":false,
                        "reference":"https://badbitcoin.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "5":{  
                        "engine":"Bambenek Consulting",
                        "detected":false,
                        "reference":"http://www.bambenekconsulting.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "6":{  
                        "engine":"C_APT_ure",
                        "detected":false,
                        "reference":"http://c-apt-ure.blogspot.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "7":{  
                        "engine":"CERT-GIB",
                        "detected":false,
                        "reference":"http://www.cert-gib.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "8":{  
                        "engine":"CERT-PA",
                        "detected":false,
                        "reference":"https://www.cert-pa.it/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "9":{  
                        "engine":"CoinBlockerLists",
                        "detected":false,
                        "reference":"https://gitlab.com/ZeroDot1/CoinBlockerLists/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "10":{  
                        "engine":"CyberCrime",
                        "detected":false,
                        "reference":"http://cybercrime-tracker.net/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "11":{  
                        "engine":"DShield",
                        "detected":false,
                        "reference":"http://www.dshield.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "12":{  
                        "engine":"EtherAddressLookup",
                        "detected":false,
                        "reference":"https://github.com/409H/EtherAddressLookup/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "13":{  
                        "engine":"EtherScamDB",
                        "detected":false,
                        "reference":"https://etherscamdb.info/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "14":{  
                        "engine":"HijackedUrls",
                        "detected":false,
                        "reference":"http://www.hijackedurls.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "15":{  
                        "engine":"Malc0de",
                        "detected":false,
                        "reference":"http://malc0de.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "16":{  
                        "engine":"MalwareDomainList",
                        "detected":false,
                        "reference":"http://www.malwaredomainlist.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "17":{  
                        "engine":"MetaMask EthPhishing",
                        "detected":false,
                        "reference":"https://github.com/MetaMask/eth-phishing-detect/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "18":{  
                        "engine":"OpenPhish",
                        "detected":false,
                        "reference":"http://www.openphish.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "19":{  
                        "engine":"PhishTank",
                        "detected":false,
                        "reference":"http://www.phishtank.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "20":{  
                        "engine":"Ransomware Tracker",
                        "detected":false,
                        "reference":"https://ransomwaretracker.abuse.ch/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "21":{  
                        "engine":"Spam404",
                        "detected":false,
                        "reference":"https://www.spam404.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "22":{  
                        "engine":"SquidBlacklist (Malicious)",
                        "detected":false,
                        "reference":"https://www.squidblacklist.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "23":{  
                        "engine":"ThreatCrowd",
                        "detected":false,
                        "reference":"https://www.threatcrowd.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "24":{  
                        "engine":"ThreatLog",
                        "detected":false,
                        "reference":"http://www.threatlog.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "25":{  
                        "engine":"Threat Sourcing",
                        "detected":false,
                        "reference":"https://www.threatsourcing.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "26":{  
                        "engine":"URLVir",
                        "detected":false,
                        "reference":"http://www.urlvir.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "27":{  
                        "engine":"VXVault",
                        "detected":false,
                        "reference":"http://vxvault.net/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "28":{  
                        "engine":"ZeuS Tracker",
                        "detected":false,
                        "reference":"https://zeustracker.abuse.ch/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     }
                  },
                  "detections":0,
                  "engines_count":29,
                  "detection_rate":"0%",
                  "scantime":"0.10"
               },
               "alexa_top_10k":true,
               "alexa_top_100k":true,
               "alexa_top_250k":true,
               "most_abused_tld":false,
               "domain_length":13
            }
         },
         "credits_remained":9.35,
         "credits_expiration":"Thu, 11 Apr 2019 19:18:56 GMT",
         "estimated_queries":"116",
         "elapsed_time":"0.23",
         "success":true
      },
      "host":"microsoft.com"
   }
}

For “google.com,” there is no report of any issues with the domain. When run with a domain which has potential issues, the detections attribute in the response will be updated. The node in the following sample used “gumblar.cn” as input:

"payload": {
   "apivoid":{
      "topic":"/nevelexlabs/service/apivoid/url/report",
      "response":{  
         "data":{  
            "report":{  
               "blacklists":{  
                  "engines":{  
                     "0":{  
                        "engine":"Phishing Test",
                        "detected":false,
                        "reference":"https://www.novirusthanks.org/",
                        "confidence":"low",
                        "elapsed":"0.01"
                     },
                     "1":{  
                        "engine":"Scam Test",
                        "detected":false,
                        "reference":"https://www.novirusthanks.org/",
                        "confidence":"low",
                        "elapsed":"0.00"
                     },
                     "2":{  
                        "engine":"Sinkholed Domain",
                        "detected":false,
                        "reference":"https://www.novirusthanks.org/",
                        "confidence":"low",
                        "elapsed":"0.00"
                     },
                     "3":{  
                        "engine":"SpamhausDBL",
                        "detected":false,
                        "reference":"https://www.spamhaus.org/lookup/",
                        "confidence":"high",
                        "elapsed":"0.07"
                     },
                     "4":{  
                        "engine":"Badbitcoin",
                        "detected":false,
                        "reference":"https://badbitcoin.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "5":{  
                        "engine":"Bambenek Consulting",
                        "detected":false,
                        "reference":"http://www.bambenekconsulting.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "6":{  
                        "engine":"C_APT_ure",
                        "detected":false,
                        "reference":"http://c-apt-ure.blogspot.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "7":{  
                        "engine":"CERT-GIB",
                        "detected":false,
                        "reference":"http://www.cert-gib.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "8":{  
                        "engine":"CERT-PA",
                        "detected":false,
                        "reference":"https://www.cert-pa.it/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "9":{  
                        "engine":"CoinBlockerLists",
                        "detected":false,
                        "reference":"https://gitlab.com/ZeroDot1/CoinBlockerLists/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "10":{  
                        "engine":"CyberCrime",
                        "detected":false,
                        "reference":"http://cybercrime-tracker.net/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "11":{  
                        "engine":"DShield",
                        "detected":false,
                        "reference":"http://www.dshield.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "12":{  
                        "engine":"EtherAddressLookup",
                        "detected":false,
                        "reference":"https://github.com/409H/EtherAddressLookup/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "13":{  
                        "engine":"EtherScamDB",
                        "detected":false,
                        "reference":"https://etherscamdb.info/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "14":{  
                        "engine":"HijackedUrls",
                        "detected":false,
                        "reference":"http://www.hijackedurls.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "15":{  
                        "engine":"Malc0de",
                        "detected":false,
                        "reference":"http://malc0de.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "16":{  
                        "engine":"MalwareDomainList",
                        "detected":false,
                        "reference":"http://www.malwaredomainlist.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "17":{  
                        "engine":"MetaMask EthPhishing",
                        "detected":false,
                        "reference":"https://github.com/MetaMask/eth-phishing-detect/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "18":{  
                        "engine":"OpenPhish",
                        "detected":false,
                        "reference":"http://www.openphish.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "19":{  
                        "engine":"PhishTank",
                        "detected":false,
                        "reference":"http://www.phishtank.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "20":{  
                        "engine":"Ransomware Tracker",
                        "detected":false,
                        "reference":"https://ransomwaretracker.abuse.ch/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "21":{  
                        "engine":"Spam404",
                        "detected":false,
                        "reference":"https://www.spam404.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "22":{  
                        "engine":"SquidBlacklist (Malicious)",
                        "detected":true,
                        "reference":"https://www.squidblacklist.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "23":{  
                        "engine":"ThreatCrowd",
                        "detected":false,
                        "reference":"https://www.threatcrowd.org/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "24":{  
                        "engine":"ThreatLog",
                        "detected":true,
                        "reference":"http://www.threatlog.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "25":{  
                        "engine":"Threat Sourcing",
                        "detected":false,
                        "reference":"https://www.threatsourcing.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "26":{  
                        "engine":"URLVir",
                        "detected":false,
                        "reference":"http://www.urlvir.com/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "27":{  
                        "engine":"VXVault",
                        "detected":false,
                        "reference":"http://vxvault.net/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     },
                     "28":{  
                        "engine":"ZeuS Tracker",
                        "detected":false,
                        "reference":"https://zeustracker.abuse.ch/",
                        "confidence":"high",
                        "elapsed":"0.00"
                     }
                  },
                  "detections":2,
                  "engines_count":29,
                  "detection_rate":"7%",
                  "scantime":"0.15"
               },
               "alexa_top_10k":false,
               "alexa_top_100k":false,
               "alexa_top_250k":false,
               "most_abused_tld":false,
               "domain_length":10
            }
         },
         "credits_remained":9.43,
         "credits_expiration":"Thu, 11 Apr 2019 19:18:56 GMT",
         "estimated_queries":"117",
         "elapsed_time":"0.32",
         "success":true
      },
      "host":"gumblar.cn"
   }
}

Error

The italicized, maroon text is inserted into the message payload upon a failed request.

"payload": {
    "apivoid": {
        "error": {
            "error_code": 5,
            "error_message": "Error text"
        }
    }
}
Nevelex Labs, Main Office

International Plaza
7900 International Drive, Suite 305
Bloomington, MN 55425
Phone: +1 952-500-8921

Nevelex Labs, West

OPEN
360 N. Pacific Coast Highway, Suite 1056
El Segundo, CA 90245

©Nevelex Labs, LLC. 2018-2019, All Rights Reserved.

EULA