Request Threat Scoring API Documentation

This API allows you to score HTTP requests for potential security threats. It analyzes various aspects of a request and returns a numerical score and risk level.

{
  "total_score": 35,
  "risk_level": "medium",
  "factors": {
    "ip_reputation": {
      "score": 5,
      "value": "203.0.113.1",
      "max_score": 40,
      "percentage": 13
    },
    "user_agent": {
      "score": 0,
      "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
      "max_score": 30,
      "percentage": 0
    },
    "http_method": {
      "score": 0,
      "value": "GET",
      "max_score": 25,
      "percentage": 0
    },
    "query_parameters": {
      "score": 0,
      "count": 0,
      "max_score": 50,
      "percentage": 0
    },
    "headers": {
      "score": 5,
      "count": 10,
      "max_score": 30,
      "percentage": 17
    },
    "path_analysis": {
      "score": 10,
      "value": "/admin",
      "max_score": 20,
      "percentage": 50
    },
    "content_analysis": {
      "score": 0,
      "max_score": 30,
      "percentage": 0
    },
    "rate_analysis": {
      "score": 15,
      "max_score": 35,
      "percentage": 43
    }
  },
  "timestamp": "2025-04-30T12:34:56+00:00",
  "domain": "score.edk.pw",
  "processing_time": 0.1234,
  "max_possible_score": 260
}

{
  "total_score": 35,
  "risk_level": "medium",
  "factors": {
    "ip_reputation": {
      "score": 5,
      "value": "203.0.113.1",
      "max_score": 40,
      "percentage": 13
    },
    "user_agent": {
      "score": 0,
      "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
      "max_score": 30,
      "percentage": 0
    },
    "http_method": {
      "score": 0,
      "value": "GET",
      "max_score": 25,
      "percentage": 0
    },
    "query_parameters": {
      "score": 0,
      "count": 0,
      "max_score": 50,
      "percentage": 0
    },
    "headers": {
      "score": 5,
      "count": 10,
      "max_score": 30,
      "percentage": 17
    },
    "path_analysis": {
      "score": 10,
      "value": "/admin",
      "max_score": 20,
      "percentage": 50
    },
    "content_analysis": {
      "score": 0,
      "max_score": 30,
      "percentage": 0
    },
    "rate_analysis": {
      "score": 15,
      "max_score": 35,
      "percentage": 43
    }
  },
  "timestamp": "2025-04-30T12:34:56+00:00",
  "domain": "score.edk.pw",
  "processing_time": 0.1234,
  "max_possible_score": 260
}

Understanding the Score

The API analyzes the following factors to determine the threat level of a request:

• IP Reputation: Checks if the IP is associated with malicious activities, Tor exit nodes, VPNs, etc.
• User Agent: Analyzes the browser/client identification string for suspicious patterns.
• HTTP Method: Different HTTP methods have different risk profiles.
• Query Parameters: Analyzes URL parameters for SQL injection, XSS, and other attack patterns.
• Headers: Examines request headers for unusual or suspicious values.
• Path Analysis: Checks the requested path for sensitive directories or attack patterns.
• Content Analysis: Examines the request body for malicious payload patterns.
• Rate Analysis: Detects unusual request patterns that could indicate scanning or brute forcing.

Risk Levels