> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pulsedive.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Indicator by ID

> Retrieve detailed threat intelligence information for a specific indicator by looking up the indicator's unique identifier.




## OpenAPI

````yaml /api/indicator/indicator-by-id.yaml get /api/indicator.php
openapi: 3.0.3
info:
  title: Pulsedive API Reference
  version: 1.0.0
  description: >
    The Pulsedive API lets you programmatically manage resources within
    Pulsedive.

    Users can look up known indicators and threats, enrich and investigate
    indicators, query Pulsedive data, and automate workflows.


    Please report any discrepancies in API behavior to <a
    href="mailto:support@pulsedive.com">Pulsedive Support</a>.
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  contact:
    email: support@pulsedive.com
servers:
  - url: https://www.pulsedive.com
security: []
tags:
  - name: Indicators
    description: Look up known indicators.
externalDocs:
  url: https://docs.pulsedive.com
paths:
  /api/indicator.php:
    get:
      tags:
        - Indicators
      summary: Get Indicator by ID
      description: >
        Retrieve detailed threat intelligence information for a specific
        indicator by looking up the indicator's unique identifier.
      operationId: getIndicatorByValue
      parameters:
        - $ref: '#/components/parameters/APIKey'
        - $ref: '#/components/parameters/IndicatorID'
        - $ref: '#/components/parameters/Historical'
        - $ref: '#/components/parameters/Schema'
        - $ref: '#/components/parameters/Pretty'
      responses:
        '200':
          description: Successful request. Returns indicator information in JSON format.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IndicatorResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-codeSamples:
        - lang: curl
          label: Get by ID
          source: |
            curl "https://pulsedive.com/api/indicator.php?iid=47936201"
components:
  parameters:
    APIKey:
      name: key
      in: query
      required: false
      description: >
        Your Pulsedive API key.


        API key authentication is optional. However, requests without a key have
        stricter rate limits. We recommend including an API key for better
        performance and reliability.
      schema:
        type: string
    IndicatorID:
      name: iid
      in: query
      required: true
      description: |
        Unique identifier of the indicator to retrieve.
      schema:
        type: string
        example: 47936201
    Historical:
      name: historical
      in: query
      description: >
        Indicates whether to return indicator properties as they appeared in
        previous scans. Use to analyze trends or audit historical threat
        activity.


        For historical data, set to 1.

        For recent data, set to 0.
      schema:
        type: integer
        enum:
          - 0
          - 1
        default: 0
      examples:
        recent:
          summary: Recent data
          value: 0
        historical:
          summary: Historical data
          value: 1
    Schema:
      name: schema
      in: query
      description: >
        Indicates whether to return attributes associated with the indicator
        type you are querying.


        To return associated attributes, set to 1.

        To return default data, set to 0.
      schema:
        type: integer
        enum:
          - 0
          - 1
        default: 0
      examples:
        associated:
          summary: Return associated attributes
          value: 1
        default:
          summary: Return default data
          value: 0
    Pretty:
      name: pretty
      in: query
      required: false
      description: |
        Indicates whether to format returned JSON results.

        For pretty-printed output, set to `1`.
        For compact output, set to `0`.
      schema:
        type: integer
        enum:
          - 0
          - 1
        default: 0
      examples:
        compact:
          summary: Compact output
          value: 0
        pretty:
          summary: Pretty-printed output
          value: 1
  schemas:
    IndicatorResponse:
      type: object
      properties:
        qid:
          type: integer
          description: >
            Unique identifier of an associated previous submission request, if
            available.
          nullable: true
        iid:
          type: integer
          description: Unique identifier of the indicator.
          nullable: false
        indicator:
          type: string
          description: Value of the indicator.
        type:
          type: string
          description: Type of indicator.
          enum:
            - domain
            - ip
            - url
        risk:
          type: string
          description: >
            Final risk score for the indicator.


            If a user has manually adjusted the risk score, this value may
            differ from the recommended risk score.

            In this case, `manualrisk` is set to `1`.
          enum:
            - unknown
            - very low
            - low
            - medium
            - high
            - critical
        risk_recommended:
          type: string
          description: Recommended risk level based on Pulsedive automated risk scoring.
          enum:
            - unknown
            - very low
            - low
            - medium
            - high
            - critical
        manualrisk:
          type: integer
          description: >
            Indicates whether the risk score has been manually adjusted.


            When set to `1`, the risk score has been manually adjusted.

            When set to `0`, the risk score reflects Pulsedive's automated
            assessment.
          enum:
            - 0
            - 1
        retired:
          type: integer
          description: >
            Indicates whether the indicator is inactive or obsolete.


            An indicator is automatically retired if, in the past three months,
            it has not been:


            - Reported using the Seen button in the Pulsedive UI

            - Observed in any source feeds

            - Submitted through the Analyze section of the Pulsedive UI


            Pulsedive research can also retire indicators manually.


            When set to `1`, this indicator is retired.

            When set to `0`, this indicator is active.
          enum:
            - 0
            - 1
          nullable: true
        stamp_added:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the indicator was first added to Pulsedive. 24-hour
            format, UTC time zone.
          nullable: true
          example: '2025-05-19 14:23:45'
        stamp_updated:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the indicator record was last updated in Pulsedive.
            24-hour format, UTC time zone.
          nullable: true
          example: '2025-05-19 14:23:45'
        stamp_seen:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the indicator was last reported or seen in feeds or
            user submissions in Pulsedive. 24-hour format, UTC time zone.
          nullable: true
          example: '2025-05-19 14:23:45'
        stamp_probed:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the indicator was last actively scanned (probed) by
            Pulsedive. 24-hour format, UTC time zone.
          nullable: true
          example: '2025-05-19 14:23:45'
        stamp_retired:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the indicator was retired in Pulsedive, if
            applicable. 24-hour format, UTC time zone.
          nullable: true
          example: '2025-05-19 14:23:45'
        recent:
          type: integer
          description: >
            Indicates whether this indicator has had recent activity.
            Deprecated.


            When set to `1`, the indicator has had recent activity.

            When set to `0`, the indicator has not had recent activity.
          enum:
            - 0
            - 1
        submissions:
          type: integer
          description: Number of times the indicator has been submitted by any user.
        umbrella_rank:
          type: integer
          description: >
            Rank of the indicator on Cisco Umbrella's top one million domains
            list.

            This list reflects the most frequently queried domains, based on
            passive DNS data across Cisco's global Umbrella network.
          example: 11032
        umbrella_domain:
          type: string
          description: >
            Canonical (base) domain as recognized by Cisco Umbrella. Populated
            when `umbrella_rank` is present.
        riskfactors:
          type: array
          description: List of risk factors influencing this indicator's score.
          items:
            type: object
            properties:
              rfid:
                type: integer
                description: Unique identifier of the risk factor.
              description:
                type: string
                description: Explanation of the risk factor.
                example: found in threat feeds
              risk:
                type: string
                description: Risk level associated with the risk factor.
                enum:
                  - unknown
                  - very low
                  - low
                  - medium
                  - high
                  - critical
        redirects:
          type: object
          description: Redirect relationships involving this indicator.
          properties:
            from:
              type: array
              description: Other indicators that redirect to this indicator.
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: Unique identifier of other indicator.
                  indicator:
                    type: string
                    description: |
                      Value for other indicator.

                      May be:

                      - a domain name (e.g., `microsoft.com`)
                      - an IP address (e.g., `8.8.8.8`)
                      - a URL (e.g., `https://pulsedive.com/explore`)
            to:
              type: array
              description: Other indicators that this indicator redirects to.
              items:
                type: object
                properties:
                  iid:
                    type: integer
                    description: Unique identifier of other indicator.
                  indicator:
                    type: string
                    description: |
                      Value for other indicator.

                      May be:

                      - a domain name (e.g., `microsoft.com`)
                      - an IP address (e.g., `8.8.8.8`)
                      - a URL (e.g., `https://pulsedive.com/explore`)
        threats:
          type: array
          description: Known threats associated with this indicator.
          items:
            type: object
            properties:
              tid:
                type: integer
                description: Unique identifier of the threat.
              name:
                type: string
                description: Name of the threat.
                example: Zeus
              category:
                type: string
                description: Category assigned to the threat.
                example: malware
              risk:
                type: string
                description: Risk level associated with the threat.
                enum:
                  - unknown
                  - very low
                  - low
                  - medium
                  - high
                  - critical
              stamp_linked:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the threat was linked to this indicator.
                  24-hour format, UTC time zone.
                example: '2025-05-19 14:23:45'
        feeds:
          type: array
          description: Threat intelligence feeds that reference this indicator.
          items:
            type: object
            properties:
              fid:
                type: integer
                description: Unique identifier for the feed.
                nullable: false
              name:
                type: string
                description: Name of the feed.
                example: Zeus Bad Domains
              category:
                type: string
                description: Category assigned to the feed.
                example: malware
              organization:
                type: string
                description: Organization that provides the feed.
                example: abuse.ch
              pricing:
                type: string
                description: Pricing tier of the feed.
                example: free
              stamp_linked:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the feed was linked to this indicator. 24-hour
                  format, UTC time zone.
                example: '2025-05-19 14:23:45'
        comments:
          type: array
          description: Comments submitted by Pulsedive contributors for this indicator.
          items:
            type: object
            properties:
              cid:
                type: integer
                description: Unique identifier for the comment.
                nullable: false
              username:
                type: string
                description: Username of the comment's author.
                example: sherd
              title:
                type: string
                description: Job title of the comment's author.
                example: Founder
              comment:
                type: string
                description: Text content of the comment.
                example: Have you seen our Pro tier? 😎
              stamp_added:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the comment was created. 24-hour format, UTC
                  time zone.
                example: '2025-05-19 14:23:45'
              stamp_updated:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the comment was last modified. 24-hour format,
                  UTC time zone.
                example: '2025-05-19 14:23:45'
              uid:
                type: integer
                description: >
                  Unique identifier for the user who created the comment.
                  Visible to only the user who submitted the comment.
        attributes:
          type: object
          description: Technical metadata observed for this indicator.
          properties:
            port:
              type: array
              description: List of ports open/in use.
              items:
                type: string
                example:
                  - '443'
                  - '80'
            protocol:
              type: array
              description: List of network protocols in use.
              items:
                type: string
                example:
                  - HTTP
                  - HTTPS
            technology:
              type: array
              description: List of technologies identified.
              items:
                type: string
                example:
                  - Apache
                  - jQuery
        properties:
          type: object
          description: >-
            Detailed sub-properties for this indicator, grouped by type or data
            source.
          properties:
            geo:
              type: object
              description: Geolocation details linked to this indicator.
              properties:
                countrycode:
                  type: string
                  description: Two-letter ISO country code.
                  example: US
                region:
                  type: string
                  description: State or region.
                  example: CA
                country:
                  type: string
                  description: Full country name.
                  example: United States of America
                address:
                  type: string
                  description: Street address.
                  example: 221 Lombard Street
                zip:
                  type: string
                  description: Postal or ZIP code.
                  example: '94102'
                city:
                  type: string
                  description: City or municipality.
                  example: San Francisco
                org:
                  type: string
                  description: Name of the associated organization.
                  example: Pulsedive
            whois:
              type: object
              description: >
                Collection of data sourced from WHOIS records and
                registrar-specific extensions to the base WHOIS schema, along
                with supplemental fields provided by Pulsedive (identified by a
                `++` prefix). May include details related to the domain, its
                registrar, and related contacts.


                Standard WHOIS data appears as key-value pairs, where each key
                matches a field name from the record and its value contains the
                corresponding content. Fields with multiple values are
                represented as arrays of strings.


                Pulsedive's supplemental fields do not appear in the original
                source data. These values are derived from raw data or parsed
                from related sources to provide additional context.
              properties:
                ++abuse:
                  type: string
                  description: Email address to report abuse related to the domain.
                  example: abuse-complaints@squarespace.com
                ++email:
                  type: array
                  description: >-
                    List of email addresses associated with the domain
                    registration. May include technical, administrative, or
                    contact emails.
                  items:
                    type: string
                  example:
                    - username1@organization1.org
                    - username2@organization1.org
                    - username@organization2.org
                ++expires:
                  type: string
                  format: sql-date-time
                  pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                  description: >
                    Timestamp when the domain's registration is set to expire.
                    24-hour format, UTC time zone.

                    Normalizes the ISO date in `registrar registration
                    expiration date`.
                  example: '2025-05-19 14:23:45'
                ++gdpr:
                  type: string
                  description: >
                    Indicates whether the domain's WHOIS data is restricted
                    under the General Data Protection Regulation (GDPR).


                    When set to `1`, the data is subject to GDPR restrictions.

                    When set to `0`, the data is not restricted by GDPR.
                  enum:
                    - '0'
                    - '1'
                ++phone:
                  type: array
                  description: >-
                    List of phone numbers associated with the domain
                    registration. May include technical, administrative, or
                    contact phone numbers.
                  items:
                    type: string
                  example:
                    - +1.646-693-5324
                ++privacy:
                  type: string
                  description: |
                    Indicates whether WHOIS privacy protection is enabled.

                    When set to `1`, privacy protection is enabled.
                    When set to `0`, privacy protect is not enabled.
                  enum:
                    - '0'
                    - '1'
                ++registered:
                  type: string
                  format: sql-date-time
                  pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                  description: >
                    Timestamp when the domain was initially registered. 24-hour
                    format, UTC time zone.

                    Normalizes the ISO date in `creation date`.
                  example: '2025-05-19 14:23:45'
                ++registrant:
                  type: array
                  description: >-
                    Supplementary list of registrant names. Derived from
                    `registrant name` and `registrant organization`.
                  items:
                    type: string
                  example:
                    - Zero Cool
                    - Titan Digital
                ++registrar:
                  type: string
                  description: Name of the registrar managing the domain registration.
                  example: Squarespace Domains II LLC
                ++updated:
                  type: string
                  format: sql-date-time
                  pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                  description: >
                    Timestamp when the domain's WHOIS record was last updated.
                    24-hour format, UTC time zone.

                    Normalizes the ISO date in `updated date`.
                  example: '2025-05-19 14:23:45'
              additionalProperties:
                anyOf:
                  - type: string
                    description: >
                      Dynamic key-value pairs representing WHOIS data field
                      names and values.


                      Each `{key}` represents the name of a WHOIS data field.
                      The `{value}` string contains the content retrieved for
                      that field.
                  - type: array
                    items:
                      type: string
                      description: >
                        Dynamic key-value pairs representing WHOIS data field
                        names and values.


                        Each `{key}` represents the name of a WHOIS data field.
                        The `{value}` array contains multiple pieces of content
                        retrieved for that field.
                example:
                  registrant organization: Titan Digital
                  name server:
                    - ns1.example.com
                    - ns2.example.com
              example:
                ++abuse: abuse-complaints@squarespace.com
                ++email:
                  - username1@organization1.org
                ++expires: '2025-05-19 14:23:45'
                ++gdpr: '0'
                ++phone:
                  - +1.646-693-5324
                ++privacy: '0'
                ++registered: '2025-05-19 14:23:45'
                ++registrant:
                  - Zero Cool
                  - Titan Digital
                ++registrar: Squarespace Domains II LLC
                ++updated: '2025-05-19 14:23:45'
                registrant organization: Titan Digital
                name server:
                  - ns1.example.com
                  - ns2.example.com
            http:
              type: object
              description: >
                Collection of data extracted from the HTTP response and headers,
                along with supplemental fields provided by Pulsedive (identified
                by a `++` prefix). May include details related to the result,
                server, content, caching, security, redirects, timing, or custom
                headers. Collected during active scanning.


                Standard HTTP response data appears as key-value pairs, where
                each key matches a header name and its value contains the
                corresponding content. Fields with multiple values are
                represented as arrays of strings.


                Pulsedive's supplemental fields do not appear in the original
                source data. These values are derived from raw data or parsed
                from related sources to provide additional context.
              properties:
                ++code:
                  type: string
                  description: >-
                    Numeric portion of the HTTP status code, indicating the
                    result of the HTTP request.
                  example: '200'
                ++status:
                  type: string
                  description: >-
                    Text portion of the HTTP status code, indicating the result
                    of the HTTP request.
                  example: OK
                ++content-type:
                  type: string
                  description: MIME type of the page, excluding parameters.
                  example: text/html
                ++base:
                  type: string
                  description: Base URL or origin context.
                  example: https://pulsedive.com/
                ++target:
                  type: string
                  description: >-
                    Target URL of the scan. For example, if you scan
                    `google.com`, the target URL will be `http://google.com`.
                  example: http://pulsedive.com/
                ++redirect:
                  type: string
                  description: >-
                    Final URL of the scan, after any redirects or automatic
                    HTTPS upgrades (HSTS).
                  example: https://pulsedive.com/
              additionalProperties:
                anyOf:
                  - type: string
                    description: >
                      Dynamic key-value pair representing a single HTTP header
                      and its value.


                      Each `{key}` represents the name of the HTTP header. The
                      `{value}` string contains the content returned in the
                      response.
                  - type: array
                    items:
                      type: string
                      description: >
                        Dynamic key-value pair representing a single HTTP header
                        and its value.


                        Each `{key}` represents the name of the HTTP header. The
                        `{value}` array contains the content returned for
                        headers that appear multiple times in the response.
                example:
                  Content-Type: application/json
                  Set-Cookie:
                    - sessionid=abc123; Path=/; Secure
                    - userid=42; Path=/; HttpOnly
              example:
                ++code: '200'
                ++status: OK
                ++content-type: text/html
                ++base: https://pulsedive.com/
                ++target: http://pulsedive.com/
                ++redirect: https://pulsedive.com/
                Content-Type: application/json
                Set-Cookie:
                  - sessionid=abc123; Path=/; Secure
                  - userid=42; Path=/; HttpOnly
            ssl:
              type: object
              description: >
                Collection of data extracted from the SSL/TLS certificate
                presented during a handshake. May include information about
                ownership and identity, issuing authority, certificate
                lifecycle, and technical fingerprinting. Collected during active
                scanning.
              properties:
                subject:
                  type: string
                  description: Entity to which the certificate was issued.
                  example: /CN=pulsedive.com
                domain:
                  type: array
                  description: >-
                    Primary domain name associated with the certificate,
                    typically from the Common Name (CN) or Subject Alternative
                    Name (SAN).
                  items:
                    type: string
                    example:
                      - pulsedive.com
                      - www.pulsedive.com
                version:
                  type: string
                  description: Version of the X.509 standard used by the certificate.
                  example: v3
                org:
                  type: string
                  description: >-
                    Common Name (CN) of the specific certificate authority that
                    signed the certificate, extracted from the issuer field.
                  example:
                    - WE1
                    - R11
                ip:
                  oneOf:
                    - type: string
                      format: ipv4
                    - type: string
                      format: ipv6
                  description: >-
                    IP address of the server presenting the certificate, if
                    resolved.
                  example:
                    - 162.159.36.1
                    - 2606:4700:4700::1001
                issuer:
                  type: string
                  description: >-
                    Full Distinguished Name (DN) of the Certificate Authority
                    (CA) that issued the certificate. Includes components like
                    country (C), organization (O), and common name (CN).
                  example:
                    - /C=US/O=Google Trust Services/CN=WE1
                    - /C=US/O=Let's Encrypt/CN=R11
                expires:
                  type: string
                  format: sql-date-time
                  pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                  description: >
                    Timestamp when the certificate expires. After this date, the
                    certificate is no longer valid. 24-hour format, UTC time
                    zone.
                  example: '2025-05-19 14:23:45'
                fingerprint:
                  type: string
                  description: >-
                    Hash of the certificate used to uniquely identify the
                    certificate and detect duplicates or known bad certs.
                  example: >-
                    c47649d46db4cf725334942920ccb076b331a5a60dc3f58608bbf72512d222cd
                valid:
                  type: string
                  format: sql-date-time
                  pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                  description: >
                    Timestamp when the certificate becomes valid. 24-hour
                    format, UTC time zone.
                  example: '2025-05-19 14:23:45'
                email:
                  type: string
                  description: >-
                    Email address listed in the certificate's `subject` or
                    `issuer` fields.
                  example: username@pulsedive.com
            dns:
              type: object
              description: >
                Collection of DNS records gathered from public resolvers. May
                include details related to domain ownership, mail exchange
                servers, name servers, and other DNS configurations. Collected
                during active and passive scanning.


                Data appears as key-value pairs, where each key represents a DNS
                record type and its value contains the corresponding data.
                Fields with multiple values are represented as arrays of
                strings.
              additionalProperties:
                anyOf:
                  - type: string
                    description: >
                      Dynamic key-value pair representing a single DNS record
                      type and its value.


                      Each `{key}` represents the DNS record type. The `{value}`
                      string contains the response associated with that type.
                  - type: array
                    items:
                      type: string
                      description: >
                        Dynamic key-value pair representing a single DNS record
                        type and its value.


                        Each `{key}` represents the DNS record type. The
                        `{value}` array contains the response associated with
                        types that appear multiple times in the response.
              example:
                a: 142.250.190.14
                aaaa: 2607:f8b0:4004:c1b::8e
                mx: alt3.aspmx.l.google.com
                ns:
                  - ns1.digitalocean.com
                  - ns2.digitalocean.com
                  - ns3.digitalocean.com
                txt:
                  - v=spf1 include:_spf.google.com ~all
                  - google-site-verification=abc123
            meta:
              type: object
              description: >-
                Website metadata extracted from the HTML <head> tag. May include
                standard WC3 meta tags (e.g., charset), SEO and crawling tags
                (e.g., description, robots), social media platform meta tags
                (e.g., twitter:card or og:card), or custom meta tags. Each key
                represents a meta tag type, and its corresponding value is the
                value retrieved from that meta tag.Collected during active
                scanning.
              properties:
                ++title:
                  type: string
                  description: >-
                    Title of the website collected from the HTML <title> tag in
                    the <head> tag.
                  example: Threat Intelligence - Pulsedive
              additionalProperties:
                anyOf:
                  - type: string
                    description: >
                      Dynamic key-value pairs representing website metadata tags
                      and values.


                      Each `{key}` represents the name of metadata tag. The
                      `{value}` string contains the value retrieved for that
                      tag.
                  - type: array
                    items:
                      type: string
                      description: >
                        Dynamic key-value pairs representing website metadata
                        tags and values.


                        Each `{key}` represents the name of a metadata tag. The
                        `{value}` array contains multiple values retrieved for
                        that tag.
                example:
                  Content-Type: text/html; charset=UTF-8
                  og:image:
                    - https://example.com/image1.jpg
                    - https://example.com/image2.jpg
              example:
                ++title: Threat Intelligence - Pulsedive
                Content-Type: text/html; charset=UTF-8
                og:image:
                  - https://example.com/image1.jpg
                  - https://example.com/image2.jpg
            banners:
              type: object
              description: >
                Mapping of port numbers to service banner strings, collected
                during active scanning.


                Each `{key}` matches a port number. The corresponding value may
                be a string or an array of strings, depending on how many
                banners were retrieved for that port.
              additionalProperties:
                anyOf:
                  - type: string
                    description: >
                      Each `{key}` matches a port number. The `{value}` string
                      contains the banner retrieved for that port.
                  - type: array
                    items:
                      type: string
                    description: >
                      Each `{key}` matches a port number. The `{value}` array
                      contains multiple banners retrieved for that port.
              example:
                '22': |
                  SSH-2.0-OpenSSH_7.4
                '143':
                  - >
                    * OK [CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED] Dovecot
                    ready.
                  - |
                    * PREAUTH [CAPABILITY IMAP4rev1 SASL-IR] Logged in as user
            cookies:
              type: object
              description: >
                Mapping of HTTP cookies set by this indicator, collected during
                active scanning.


                Each `{key}` represents the name of a cookie. The corresponding
                value may be a string or an array of strings, depending on how
                many pieces of content were retrieved for that cookie.
              additionalProperties:
                anyOf:
                  - type: string
                    description: >
                      Each `{key}` represents the name of a cookie. The
                      `{value}` string contains the content retrieved for that
                      cookie.
                  - type: array
                    items:
                      type: string
                    description: >
                      Each `{key}` represents the name of a cookie. The
                      `{value}` array contains multiple pieces of content
                      retrieved for that cookie.
              example:
                _ga: GA1.1.1991921685.1744247816
                _ga_g550td8bzn: GS1.1.1744247869.1.0.1744247869.0.0.0
                token:
                  - abc
                  - def
            dom:
              type: object
              description: >-
                Data related to the Document Object Model (DOM) of this
                indicator. Collected during active scanning.
              properties:
                screenshot:
                  type: string
                  format: url
                  description: URL of a screenshot of the loaded page.
                  example: >-
                    https://sandbox.pulsedive.com/screenshots/4179fbe377b84604ba4eaee47f5de9d2.jpeg
    ErrorResponse:
      type: object
      properties:
        error:
          type: string
          description: Message describing the error that occurred, if available.
  responses:
    BadRequest:
      description: |
        Bad request. The request was malformed or missing required parameters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: |
        Unauthorized. Your API key is missing or invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFound:
      description: |
        Not found. The requested indicator could not be located.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    TooManyRequests:
      description: >
        Rate limit exceeded. Too many requests have been made in a short period
        of time.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerError:
      description: |
        Server error. An unexpected problem occurred on our end.
        These errors are automatically reported to our team.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'

````