API Reference

tags

Sandbox behavior tagged

tags field contains a list of labels summarizing key observations. It can be any of the following:

  • external-resources external resources loaded.
  • third-party-cookies external cookies loaded.
  • iframespresence of IFRAMES in DOM.
  • script-load external scripts loaded.
  • base64-embedded
  • opendir URL is an open directory.
  • dom-modification DOM nodes have been added/removed.
  • contains-pe
  • contains-msi
  • contains-dmg
  • contains-apk
  • contains-zip
  • phishing phishing detected on target URL.
  • proxy-auth proxy auth prompt detected.
{
    "data": {
        "attributes": {
            "tags": [
                "<string>",...
            ]
  `      }
    }
}`

{
    "data": {
        "attributes": {
            "tags": [
                "DIRECT_CPU_CLOCK_ACCESS",
                "DETECT_DEBUG_ENVIRONMENT",
                "RUNTIME_MODULES",
                "PERSISTENCE"
            ]
        }
    }
}