post

/report

Reports an email address. Date of malicious activity defaults to the current time unless otherwise specified.

Authorization

apiKey - Key

Request Body

Report content.

Schema
object
email
string

Email address being reported.

1 validation + required
tags
array[string]

Tags that should be applied. See detailed descriptions below for more information.

  • account_takeover - Legitimate email has been taken over by a malicious actor
  • bec - Business email compromise, whaling, contact impersonation/display name spoofing
  • brand_impersonation - Impersonating a well-known brand (e.g. Paypal, Microsoft, Google, etc.)
  • browser_exploit - The hosted website serves an exploit
  • credential_phishing - Attempting to steal user credentials
  • generic_phishing - Generic phishing, should only be used if others don’t apply or a more specific determination can’t be made or would be too difficult
  • malware - Malicious documents and droppers. Can be direct attachments, indirect free file hosting sites or droppers from malicious websites
  • scam - Catch-all for scams. Sextortion, payment scams, lottery scams, investment scams, fake bank scams, etc.
  • spam - Unsolicited spam or spammy behavior (e.g. forum submissions, unwanted bulk email)
  • spoofed - Forged sender email (e.g. the envelope from is different than the header from)
  • task_request - Request that the recipient perform a task (e.g. gift card purchase, update payroll, send w-2s, etc.)
  • threat_actor - Threat actor/owner of phishing kit
1 validation + required
description
string

Additional information and context.

1 validation
timestamp
integer

When this activity occurred in UTC. Defaults to now().

1 validation
expires
integer

Number of hours the email should be considered risky (suspicious=true and blacklisted=true in the QueryResponse). Defaults to no expiration unless account_takeover tag is specified, in which case the default is 14 days.

1 validation

Responses

report successful

Send a Test Request

Send requests directly from the browser (CORS must be enabled)
$$.env
1 variable not set
Key