Detonate URL - Generic

Detonates a URL through active integrations that supports URL detonation.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Detonate URL - Lastline v2
  • Detonate URL - Cuckoo
  • Detonate URL - JoeSecurity
  • Detonate URL - ANYRUN
  • Detonate URL - McAfee ATD
  • Detonate URL - CrowdStrike
  • Detonate URL - ThreatGrid


This playbook does not use any integrations.


This playbook does not use any scripts.


This playbook does not use any commands.

Playbook Inputs

NameDescriptionDefault ValueSourceRequired
URLThe URL object of the URL to be detonated.NoneURLOptional

Playbook Outputs

FileThe file's object.unknown
File.NameThe filename.string
File.SizeThe file size.number
File.TypeThe file type. For example, "PE" (only in case of report type=json).string
File.SHA256The SHA256 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.MD5The MD5 hash of the file.string
File.Malicious.VendorThe vendor that made the decision that the file is malicious.string
File.Malicious.DescriptionThe reason for the vendor to make the decision that the file is malicious.string
DBotScoreThe Indicator's object.unknown
DBotScore.TypeThe type of the indicator.string
DBotScore.IndicatorThe indicator was tested.string
DBotScore.VendorThe vendor used to calculate the score.string
DBotScore.ScoreThe actual score.number
Joe.Analysis.WebIDThe web ID.string
Joe.Analysis.StatusThe analysis status.string
Joe.Analysis.CommentsThe analysis comments.string
Joe.Analysis.TimeThe submitted
Joe.Analysis.RunsThe sub-analysis information.unknown
Joe.Analysis.ResultThe analysis results.string
Joe.Analysis.ErrorsThe errors raised during sampling.unknown
Joe.Analysis.SystemsThe analysis OS.unknown
Joe.Analysis.MD5The MD5 hash of the analysis sample.string
Joe.Analysis.SHA1The SHA1 hash of the analysis sample.string
Joe.Analysis.SHA256The SHA256 hash of the analysis sample.string
Joe.Analysis.SampleNameThe sample data. Can be a "filename" or "URL".string
InfoFile.NameThe filename.string
InfoFile.EntryIDThe EntryID of the sample.string
InfoFile.SizeThe file size.number
InfoFile.TypeThe file type. For example, "PE".string
InfoFile.InfoThe basic information of the file.string
Sample.StateThe sample state.string
Sample.IDThe sample ID.string
IP.AddressThe IP addresses's relevant to the sample.string
InfoFileThe report file's object.unknown
Cuckoo.Task.CategoryThe category of the task.unknown
Cuckoo.Task.MachineThe machine of the task.unknown
Cuckoo.Task.ErrorsThe errors of the task.unknown
Cuckoo.Task.TargetThe target of the task.unknown
Cuckoo.Task.PackageThe package of the task.unknown
Cuckoo.Task.SampleIDThe sample ID of the task.unknown
Cuckoo.Task.GuestThe task guest.unknown
Cuckoo.Task.CustomThe custom values of the task.unknown
Cuckoo.Task.OwnerTHe task owner.unknown
Cuckoo.Task.PriorityThe priority of task.unknown
Cuckoo.Task.PlatformThe platform of task.unknown
Cuckoo.Task.OptionsThe task options.unknown
Cuckoo.Task.StatusThe task status.unknown
Cuckoo.Task.EnforceTimeoutWhether the timeout of task enforced.unknown
Cuckoo.Task.TimeoutThe task timeout.unknown
Cuckoo.Task.MemoryThe task memory.unknown
Cuckoo.Task.TagsThe task tags.unknown
Cuckoo.Task.IDThe ID of the task.unknown
Cuckoo.Task.AddedOnThe date the task was added.unknown
Cuckoo.Task.CompletedOnThe date the task was completed.unknown
Cuckoo.Task.ScoreThe reported score of the the task.unknown
Cuckoo.Task.MonitorThe monitor of the reported task.unknown
ANYRUN.Task.AnalysisDateThe date and time the analysis was executed.String
ANYRUN.Task.Behavior.CategoryThe category of a process behavior.String
ANYRUN.Task.Behavior.ActionThe actions performed by a process.String
ANYRUN.Task.Behavior.ThreatLevelThe threat score associated with a process behavior.Number
ANYRUN.Task.Behavior.ProcessUUIDThe unique ID of the process whose behaviors are being profiled.String
ANYRUN.Task.Connection.ReputationThe connection reputation.String
ANYRUN.Task.Connection.ProcessUUIDThe ID of the process that created the connection.String
ANYRUN.Task.Connection.ASNThe connection autonomous system network.String
ANYRUN.Task.Connection.CountryThe connection country.String
ANYRUN.Task.Connection.ProtocolThe connection protocol.String
ANYRUN.Task.Connection.PortThe connection port number.Number
ANYRUN.Task.Connection.IPThe connection IP address number.String
ANYRUN.Task.DnsRequest.ReputationThe reputation of the DNS request.String
ANYRUN.Task.DnsRequest.IPThe IP addresses associated with a DNS request.Unknown
ANYRUN.Task.DnsRequest.DomainThe Domain resolution of a DNS request.String
ANYRUN.Task.Threat.ProcessUUIDThe unique process ID from where the threat originated.String
ANYRUN.Task.Threat.MsgThe threat message.String
ANYRUN.Task.Threat.ClassThe class of the threat.String
ANYRUN.Task.Threat.SrcPortThe port on which the threat originated.Number
ANYRUN.Task.Threat.DstPortThe destination port of the threat.Number
ANYRUN.Task.Threat.SrcIPThe source IP address where the threat originated.String
ANYRUN.Task.Threat.DstIPThe destination IP address of the threat.String
ANYRUN.Task.HttpRequest.ReputationThe reputation of the HTTP request.String
ANYRUN.Task.HttpRequest.CountryThe HTTP request country.String
ANYRUN.Task.HttpRequest.ProcessUUIDThe ID of the process making the HTTP request.String
ANYRUN.Task.HttpRequest.BodyThe HTTP request body parameters and details.Unknown
ANYRUN.Task.HttpRequest.HttpCodeThe HTTP request response code.Number
ANYRUN.Task.HttpRequest.StatusThe status of the HTTP request.String
ANYRUN.Task.HttpRequest.ProxyDetectedWhether the HTTP request was made through a proxy.Boolean
ANYRUN.Task.HttpRequest.PortThe HTTP request port.Number
ANYRUN.Task.HttpRequest.IPThe HTTP request IP address.String
ANYRUN.Task.HttpRequest.URLThe HTTP request URL.String
ANYRUN.Task.HttpRequest.HostThe HTTP request host.String
ANYRUN.Task.HttpRequest.MethodThe HTTP request method type.String
ANYRUN.Task.FileInfoThe details of the submitted file.String
ANYRUN.Task.OSThe OS of the sandbox in which the file was analyzed.String
ANYRUN.Task.IDThe unique ID of the task.String
ANYRUN.Task.MIMEThe MIME of the file submitted for analysis.String
ANYRUN.Task.VerdictThe ANY.RUN verdict for the maliciousness of the submitted file or URL.String
ANYRUN.Task.Process.FileNameThe file name of the process.String
ANYRUN.Task.Process.PIDThe process identification number.Number
ANYRUN.Task.Process.PPIDThe parent process identification number.Number
ANYRUN.Task.Process.ProcessUUIDThe unique process ID (used by ANY.RUN).String
ANYRUN.Task.Process.CMDThe process command.String
ANYRUN.Task.Process.PathThe path of the executed command.String
ANYRUN.Task.Process.UserThe user who executed the command.String
ANYRUN.Task.Process.IntegrityLevelThe process integrity level.String
ANYRUN.Task.Process.ExitCodeThe process exit code.Number
ANYRUN.Task.Process.MainProcessWhether the process is the main process.Boolean
ANYRUN.Task.Process.Version.CompanyThe company responsible for the program executed.String
ANYRUN.Task.Process.Version.DescriptionThe description of the type of program.String
ANYRUN.Task.Process.Version.VersionThe version of the program executed.String
DBotScore.IndicatorThe indicator that was tested.String
DBotScore.ScoreThe actual score.Number
DBotScore.TypeThe type of the indicator.String
DBotScore.VendorThe vendor used to calculate the score.String
URL.DataThe URL data.String
URL.Malicious.VendorThe vendor that made the decision that the URL is malicious.String
URL.Malicious.DescriptionThe reason for the vendor to make the decision that the URL is malicious.String
ANYRUN.Task.StatusThe task analysis status.String

Playbook Image