IOC Scan API API ID: 12658

Real-time threat intelligence for URLs, file hashes, IPv4 addresses, and domains by Crawland. Send any of four indicator types and get back a consolidated reputation score plus the underlying verdicts from 70+ security vendors (BitDefender, Sophos, Forcepoint, Cisco, ESET, Kaspersky, Fortinet, McAfee and more), along with type-specific context: WHOIS for domains, ASN/network/country for IPs, file metadata for hashes, and content categories for URLs. Status code contract: this API returns HTTP 200 for every authenticated, in-quota request - including invalid inputs and 'no data found' responses. Always inspect the `is_success` boolean and the `response_code` field in the body (200 = data found, 400 = invalid input, 404 = no intelligence found). HTTP 401/403/429/5xx are reserved for authentication, rate-limit, and server-error scenarios.

Use this API from your AI agent via MCP

Works with OpenClaw, Claude Code/Desktop, Cursor, Windsurf, Cline and any MCP-compatible AI client.

Docs & setup

Create a skill by wrapping this MCP: https://mcp.zylalabs.com/mcp?apikey=YOUR_ZYLA_API_KEY

API Documentation

Endpoints

URL Scan Endpoint ID: 24484

Look up a URL. Returns reputation, vendor analysis, content classification, and threat names for a fully-qualified URL. Tip: pass the full URL including the scheme. Common use cases: phishing detection, link-safety previews, URL filtering for proxies, and threat-feed enrichment.

                                                                            
GET https://zylalabs.com/api/12658/ioc+scan+api/24484/url+scan

URL Scan - Endpoint Features

Object	Description

Free test requests remaining: 3 of 3.

INPUT PARAMETERS

query

This endpoint does not require any input parameters.

API EXAMPLE RESPONSE

{
 "data": {
  "analysis_date": 1779614396,
  "categories": {
   "BitDefender": "searchengines",
   "Forcepoint ThreatSeeker": "search engines and portals",
   "Sophos": "search engines",
   "Xcitium Verdict Cloud": "search engines \u0026 portals",
   "alphaMountain.ai": "Search Engines/Portals (alphaMountain.ai)"
  },
  "hash_id": "9d116b1b0c1200ca75016e4c010bc94836366881b021a658ea7f8548b6543c1e",
  "modification_date": 1779614865,
  "reputation": 210,
  "search_type": "url",
  "security_vendor_analysis": {
   "0xSI_f33d": {
    "category": "undetected",
    "enginename": "0xSI_f33d",
    "method": "blacklist",
    "result": "unrated"
   },
   "ADMINUSLabs": {
    "category": "harmless",
    "enginename": "ADMINUSLabs",
    "method": "blacklist",
    "result": "clean"
   },
   "AILabs (MONITORAPP)": {
    "category": "harmless",
    "enginename": "AILabs (MONITORAPP)",
    "method": "blacklist",
    "result": "clean"
   },
   "Abusix": {
    "category": "harmless",
    "enginename": "Abusix",
    "method": "blacklist",
    "result": "clean"
   },
   "Acronis": {
    "category": "harmless",
    "enginename": "Acronis",
    "method": "blacklist",
    "result": "clean"
   },
   "AlienVault": {
    "category": "harmless",
    "enginename": "AlienVault",
    "method": "blacklist",
    "result": "clean"
   },
   "AlphaSOC": {
    "category": "undetected",
    "enginename": "AlphaSOC",
    "method": "blacklist",
    "result": "unrated"
   },
   "Antiy-AVL": {
    "category": "harmless",
    "enginename": "Antiy-AVL",
    "method": "blacklist",
    "result": "clean"
   },
   "ArcSight Threat Intelligence": {
    "category": "undetected",
    "enginename": "ArcSight Threat Intelligence",
    "method": "blacklist",
    "result": "unrated"
   },
   "AutoShun": {
    "category": "undetected",
    "enginename": "AutoShun",
    "method": "blacklist",
    "result": "unrated"
   },
   "Bfore.Ai PreCrime": {
    "category": "harmless",
    "enginename": "Bfore.Ai PreCrime",
    "method": "blacklist",
    "result": "clean"
   },
   "BitDefender": {
    "category": "harmless",
    "enginename": "BitDefender",
    "method": "blacklist",
    "result": "clean"
   },
   "Bkav": {
    "category": "harmless",
    "enginename": "Bkav",
    "method": "blacklist",
    "result": "clean"
   },
   "BlockList": {
    "category": "harmless",
    "enginename": "BlockList",
    "method": "blacklist",
    "result": "clean"
   },
   "Blueliv": {
    "category": "harmless",
    "enginename": "Blueliv",
    "method": "blacklist",
    "result": "clean"
   },
   "CINS Army": {
    "category": "harmless",
    "enginename": "CINS Army",
    "method": "blacklist",
    "result": "clean"
   },
   "CRDF": {
    "category": "harmless",
    "enginename": "CRDF",
    "method": "blacklist",
    "result": "clean"
   },
   "CSIS Security Group": {
    "category": "undetected",
    "enginename": "CSIS Security Group",
    "method": "blacklist",
    "result": "unrated"
   },
   "CTX AI": {
    "category": "harmless",
    "enginename": "CTX AI",
    "method": "blacklist",
    "result": "clean"
   },
   "Certego": {
    "category": "harmless",
    "enginename": "Certego",
    "method": "blacklist",
    "result": "clean"
   },
   "ChainPatrol": {
    "category": "harmless",
    "enginename": "ChainPatrol",
    "method": "blacklist",
    "result": "clean"
   },
   "Chong Lua Dao": {
    "category": "harmless",
    "enginename": "Chong Lua Dao",
    "method": "blacklist",
    "result": "clean"
   },
   "Cluster25": {
    "category": "undetected",
    "enginename": "Cluster25",
    "method": "blacklist",
    "result": "unrated"
   },
   "Criminal IP": {
    "category": "undetected",
    "enginename": "Criminal IP",
    "method": "blacklist",
    "result": "unrated"
   },
   "CyRadar": {
    "category": "harmless",
    "enginename": "CyRadar",
    "method": "blacklist",
    "result": "clean"
   },
   "Cyan": {
    "category": "undetected",
    "enginename": "Cyan",
    "method": "blacklist",
    "result": "unrated"
   },
   "Cyble": {
    "category": "harmless",
    "enginename": "Cyble",
    "method": "blacklist",
    "result": "clean"
   },
   "DNS8": {
    "category": "harmless",
    "enginename": "DNS8",
    "method": "blacklist",
    "result": "clean"
   },
   "Dr.Web": {
    "category": "harmless",
    "enginename": "Dr.Web",
    "method": "blacklist",
    "result": "clean"
   },
   "ESET": {
    "category": "harmless",
    "enginename": "ESET",
    "method": "blacklist",
    "result": "clean"
   },
   "ESTsecurity": {
    "category": "harmless",
    "enginename": "ESTsecurity",
    "method": "blacklist",
    "result": "clean"
   },
   "EmergingThreats": {
    "category": "harmless",
    "enginename": "EmergingThreats",
    "method": "blacklist",
    "result": "clean"
   },
   "Emsisoft": {
    "category": "harmless",
    "enginename": "Emsisoft",
    "method": "blacklist",
    "result": "clean"
   },
   "Ermes": {
    "category": "undetected",
    "enginename": "Ermes",
    "method": "blacklist",
    "result": "unrated"
   },
   "Forcepoint ThreatSeeker": {
    "category": "harmless",
    "enginename": "Forcepoint ThreatSeeker",
    "method": "blacklist",
    "result": "clean"
   },
   "Fortinet": {
    "category": "harmless",
    "enginename": "Fortinet",
    "method": "blacklist",
    "result": "clean"
   },
   "G-Data": {
    "category": "harmless",
    "enginename": "G-Data",
    "method": "blacklist",
    "result": "clean"
   },
   "GCP Abuse Intelligence": {
    "category": "undetected",
    "enginename": "GCP Abuse Intelligence",
    "method": "blacklist",
    "result": "unrated"
   },
   "Google Safebrowsing": {
    "category": "harmless",
    "enginename": "Google Safebrowsing",
    "method": "blacklist",
    "result": "clean"
   },
   "GreenSnow": {
    "category": "harmless",
    "enginename": "GreenSnow",
    "method": "blacklist",
    "result": "clean"
   },
   "GreyNoise": {
    "category": "undetected",
    "enginename": "GreyNoise",
    "method": "blacklist",
    "result": "unrated"
   },
   "Gridinsoft": {
    "category": "undetected",
    "enginename": "Gridinsoft",
    "method": "blacklist",
    "result": "unrated"
   },
   "Guardpot": {
    "category": "undetected",
    "enginename": "Guardpot",
    "method": "blacklist",
    "result": "unrated"
   },
   "Heimdal Security": {
    "category": "harmless",
    "enginename": "Heimdal Security",
    "method": "blacklist",
    "result": "clean"
   },
   "Hunt.io Intelligence": {
    "category": "undetected",
    "enginename": "Hunt.io Intelligence",
    "method": "blacklist",
    "result": "unrated"
   },
   "IPsum": {
    "category": "harmless",
    "enginename": "IPsum",
    "method": "blacklist",
    "result": "clean"
   },
   "Juniper Networks": {
    "category": "harmless",
    "enginename": "Juniper Networks",
    "method": "blacklist",
    "result": "clean"
   },
   "K7AntiVirus": {
    "category": "undetected",
    "enginename": "K7AntiVirus",
    "method": "blacklist",
    "result": "unrated"
   },
   "Kaspersky": {
    "category": "harmless",
    "enginename": "Kaspersky",
    "method": "blacklist",
    "result": "clean"
   },
   "LevelBlue": {
    "category": "harmless",
    "enginename": "LevelBlue",
    "method": "blacklist",
    "result": "clean"
   },
   "Lionic": {
    "category": "harmless",
    "enginename": "Lionic",
    "method": "blacklist",
    "result": "clean"
   },
   "Lumu": {
    "category": "undetected",
    "enginename": "Lumu",
    "method": "blacklist",
    "result": "unrated"
   },
   "MalwarePatrol": {
    "category": "harmless",
    "enginename": "MalwarePatrol",
    "method": "blacklist",
    "result": "clean"
   },
   "MalwareURL": {
    "category": "undetected",
    "enginename": "MalwareURL",
    "method": "blacklist",
    "result": "unrated"
   },
   "Malwared": {
    "category": "harmless",
    "enginename": "Malwared",
    "method": "blacklist",
    "result": "clean"
   },
   "Mimecast": {
    "category": "undetected",
    "enginename": "Mimecast",
    "method": "blacklist",
    "result": "unrated"
   },
   "Netcraft": {
    "category": "undetected",
    "enginename": "Netcraft",
    "method": "blacklist",
    "result": "unrated"
   },
   "OpenPhish": {
    "category": "harmless",
    "enginename": "OpenPhish",
    "method": "blacklist",
    "result": "clean"
   },
   "PREBYTES": {
    "category": "harmless",
    "enginename": "PREBYTES",
    "method": "blacklist",
    "result": "clean"
   },
   "PhishFort": {
    "category": "undetected",
    "enginename": "PhishFort",
    "method": "blacklist",
    "result": "unrated"
   },
   "PhishLabs": {
    "category": "harmless",
    "enginename": "PhishLabs",
    "method": "blacklist",
    "result": "clean"
   },
   "Phishing Database": {
    "category": "harmless",
    "enginename": "Phishing Database",
    "method": "blacklist",
    "result": "clean"
   },
   "Phishtank": {
    "category": "harmless",
    "enginename": "Phishtank",
    "method": "blacklist",
    "result": "clean"
   },
   "PrecisionSec": {
    "category": "undetected",
    "enginename": "PrecisionSec",
    "method": "blacklist",
    "result": "unrated"
   },
   "Quick Heal": {
    "category": "harmless",
    "enginename": "Quick Heal",
    "method": "blacklist",
    "result": "clean"
   },
   "Quttera": {
    "category": "harmless",
    "enginename": "Quttera",
    "method": "blacklist",
    "result": "clean"
   },
   "Rising": {
    "category": "harmless",
    "enginename": "Rising",
    "method": "blacklist",
    "result": "clean"
   },
   "SCUMWARE.org": {
    "category": "harmless",
    "enginename": "SCUMWARE.org",
    "method": "blacklist",
    "result": "clean"
   },
   "SOCRadar": {
    "category": "harmless",
    "enginename": "SOCRadar",
    "method": "blacklist",
    "result": "clean"
   },
   "SafeToOpen": {
    "category": "undetected",
    "enginename": "SafeToOpen",
    "method": "blacklist",
    "result": "unrated"
   }}},"_note":"Response truncated for documentation purposes"}

URL Scan - CODE SNIPPETS


curl --location --request GET 'https://zylalabs.com/api/12658/ioc+scan+api/24484/url+scan' --header 'Authorization: Bearer YOUR_API_KEY'

Hash Scan Endpoint ID: 24485

Look up a file hash. Returns vendor analysis, file metadata (size, type, signing details), and behavioural tags for a file identified by hash. Accepted formats: MD5, SHA-1, SHA-256 (case-insensitive). Common use cases: AV-result confirmation, software supply-chain hygiene, malware family classification, and sample triage in incident response.

                                                                            
GET https://zylalabs.com/api/12658/ioc+scan+api/24485/hash+scan

Hash Scan - Endpoint Features

Object	Description

Free test requests remaining: 3 of 3.

INPUT PARAMETERS

query

This endpoint does not require any input parameters.

API EXAMPLE RESPONSE

{
 "data": {
  "analysis_date": 1779457450,
  "authentihash": "",
  "bundled_files": null,
  "classification": {
   "popularthreatcategory": [
    {
     "count": 15,
     "value": "virus"
    },
    {
     "count": 2,
     "value": "trojan"
    }
   ],
   "popularthreatname": [
    {
     "count": 60,
     "value": "eicar"
    },
    {
     "count": 49,
     "value": "test"
    },
    {
     "count": 35,
     "value": "file"
    }
   ],
   "suggestedthreatlabel": "virus.eicar/test"
  },
  "contacted_domains": [
   {
    "categories": {},
    "dns_records": [
     {
      "priority": 0,
      "ttl": 20,
      "type": "A",
      "value": "23.195.81.107"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "A",
      "value": "23.195.81.72"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "AAAA",
      "value": "2600:1405:6400::17c3:5132"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "AAAA",
      "value": "2600:1405:6400::17c3:5138"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "AAAA",
      "value": "2600:1405:6400::17c3:5133"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "AAAA",
      "value": "2600:1405:6400::17c3:512b"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "AAAA",
      "value": "2600:1405:6400::17c3:512a"
     }
    ],
    "dns_records_update_date": 1779222925,
    "domain": "a1666.dscr.akamai.net",
    "http_certificate": {
     "certsignature": {
      "algorithm": "1.2.840.10045.4.3.3",
      "signature": "306502306bb6476c04da114fb6452a16f836f18f769bc927530fa5ea8c353fdfa41d2c4c5140cc261b8f5818e07e166aad867bb6023100ee51adac1c1ff38aedc0b30683c6857eb53f8f54a1f3924aa86cf9a422e816574679c524d05e58fddf656c49d9f4efe1"
     },
     "extensions": {
      "authoritykeyid": {
       "keyid": "8a23eb9e6bd7f9375df96d2139769aa167de10a8"
      },
      "ca": false,
      "cainformationaccess": {
       "caissuers": "http://cacerts.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crt",
       "ocsp": "http://ocsp.digicert.com"
      },
      "certificatepolicies": [
       "2.23.140.1.2.2"
      ],
      "crldistributionpoints": [
       "http://crl3.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl",
       "http://crl4.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl"
      ],
      "extendedkeyusage": [
       "serverAuth"
      ],
      "keyusage": [
       "digitalSignature",
       "keyAgreement"
      ],
      "subjectalternativename": [
       "a248.e.akamai.net",
       "*.akamaized.net",
       "*.akamaized-staging.net",
       "*.akamaihd.net",
       "*.akamaihd-staging.net"
      ],
      "subjectkeyidentifier": "af3247f9a94b6258e313388b8ac5ea796b5d61b4"
     },
     "issuer": {
      "c": "US",
      "cn": "DigiCert Global G3 TLS ECC SHA384 2020 CA1",
      "o": "DigiCert Inc"
     },
     "publickey": {
      "algorithm": "EC",
      "ec": {
       "oid": "secp256r1",
       "pub": "3059301306072a8648ce3d020106082a8648ce3d030107034200046fbac61c8cd25f45a6200a08947802a9a31d7435f7b0cf84f77e85d95afec5cca1dda22d285d7cd7ad6df2e7bd448a4e9e7cc8dbd3d082ca47f5937b6e87b0ae"
      }
     },
     "serialnumber": "373ab420f54941b555742d9ac890626",
     "size": 1485,
     "subject": {
      "c": "US",
      "cn": "a248.e.akamai.net",
      "o": "Akamai Technologies, Inc."
     },
     "thumbprint": "80b29fce36f71b99cdbb7138b2107d022d478af9",
     "thumbprintsha256": "792ce717b665ca8a0aedf9f7a3ba68bd15b7bf81da354e2c7dc4869bf9f22e62",
     "validity": {
      "notafter": "2026-12-22 23:59:59",
      "notbefore": "2025-12-22 00:00:00"
     },
     "version": "V3"
    },
    "http_certificate_updated_date": 1779222925,
    "jarm": "27d27d27d29d27d21c42d42d000000996c218236a1fd203fd29824aa76026c",
    "modification_date": 1779401619,
    "popularity_ranks": {
     "Cisco Umbrella": {
      "rank": 3676,
      "timestamp": 1779374295
     }
    },
    "reputation": -2,
    "security_vendor_analysis_stats": {
     "harmless": 57,
     "malicious": 0,
     "suspicious": 0,
     "timeout": 0,
     "undetected": 34
    },
    "tags": [],
    "tld": "net",
    "votes_result": {
     "harmless": 2,
     "malicious": 4
    },
    "whois": "Creation Date: 1999-03-03T05:00:00+0000\nCreation Date: 1999-03-03T05:00:00Z\nDNSSEC: unsigned\nDomain Name: AKAMAI.NET\nDomain Name: akamai.net\nDomain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nDomain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)\nDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited\nDomain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)\nDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited\nDomain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)\nDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited\nName Server: NS1-1.AKAMAITECH.NET\nName Server: NS3-193.AKAMAITECH.NET\nName Server: NS4-193.AKAMAITECH.NET\nName Server: ZC.AKAMAITECH.NET\nName Server: ZD.AKAMAITECH.NET\nName Server: ZE.AKAMAITECH.NET\nName Server: ZG.AKAMAITECH.NET\nName Server: ZH.AKAMAITECH.NET\nName Server: ns1-1.akamaitech.net\nName Server: ns3-193.akamaitech.net\nName Server: ns4-193.akamaitech.net\nName Server: zc.akamaitech.net\nName Server: zd.akamaitech.net\nName Server: ze.akamaitech.net\nName Server: zg.akamaitech.net\nName Server: zh.akamaitech.net\nRegistrant Country: US\nRegistrant Email: 5ae50e5a8a6eacc9s@\nRegistrant Organization: efe514ac26d2f3a6\nRegistrar Abuse Contact Email: [email protected]\nRegistrar Abuse Contact Phone: +1.2086851750\nRegistrar Abuse Contact: https://corp.markmonitor.com/domain/ui/abuse-report\nRegistrar IANA ID: 292\nRegistrar Registration Expiration Date: 2027-03-03T00:00:00+0000\nRegistrar URL: http://www.markmonitor.com\nRegistrar WHOIS Server: whois.markmonitor.com\nRegistrar: MarkMonitor Inc.\nRegistrar: MarkMonitor, Inc.\nRegistry Domain ID: 4025973_DOMAIN_NET-VRSN\nRegistry Expiry Date: 2027-03-03T05:00:00Z\nUpdated Date: 2026-01-30T11:48:15+0000\nUpdated Date: 2026-01-30T11:48:15Z",
    "whois_update_date": 0
   },
   {
    "categories": {},
    "dns_records": [
     {
      "priority": 0,
      "ttl": 20,
      "type": "AAAA",
      "value": "2600:1405:e400:4::1737:ec48"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "AAAA",
      "value": "2600:1405:e400:4::1737:ec49"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "A",
      "value": "23.33.29.22"
     },
     {
      "priority": 0,
      "ttl": 20,
      "type": "A",
      "value": "23.33.29.9"
     }
    ],
    "dns_records_update_date": 1779408350,
    "domain": "a1672.dscr.akamai.net",
    "http_certificate": {
     "certsignature": {
      "algorithm": "1.2.840.10045.4.3.3",
      "signature": "306502306bb6476c04da114fb6452a16f836f18f769bc927530fa5ea8c353fdfa41d2c4c5140cc261b8f5818e07e166aad867bb6023100ee51adac1c1ff38aedc0b30683c6857eb53f8f54a1f3924aa86cf9a422e816574679c524d05e58fddf656c49d9f4efe1"
     },
     "extensions": {
      "authoritykeyid": {
       "keyid": "8a23eb9e6bd7f9375df96d2139769aa167de10a8"
      },
      "ca": false,
      "cainformationaccess": {
       "caissuers": "http://cacerts.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crt",
       "ocsp": "http://ocsp.digicert.com"
      },
      "certificatepolicies": [
       "2.23.140.1.2.2"
      ],
      "crldistributionpoints": [
       "http://crl3.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl",
       "http://crl4.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl"
      ],
      "extendedkeyusage": [
       "serverAuth"
      ],
      "keyusage": [
       "digitalSignature",
       "keyAgreement"
      ],
      "subjectalternativename": [
       "a248.e.akamai.net",
       "*.akamaized.net",
       "*.akamaized-staging.net",
       "*.akamaihd.net",
       "*.akamaihd-staging.net"
      ],
      "subjectkeyidentifier": "af3247f9a94b6258e313388b8ac5ea796b5d61b4"
     },
     "issuer": {
      "c": "US",
      "cn": "DigiCert Global G3 TLS ECC SHA384 2020 CA1",
      "o": "DigiCert Inc"
     },
     "publickey": {
      "algorithm": "EC",
      "ec": {
       "oid": "secp256r1",
       "pub": "3059301306072a8648ce3d020106082a8648ce3d030107034200046fbac61c8cd25f45a6200a08947802a9a31d7435f7b0cf84f77e85d95afec5cca1dda22d285d7cd7ad6df2e7bd448a4e9e7cc8dbd3d082ca47f5937b6e87b0ae"
      }
     },
     "serialnumber": "373ab420f54941b555742d9ac890626",
     "size": 1485,
     "subject": {
      "c": "US",
      "cn": "a248.e.akamai.net",
      "o": "Akamai Technologies, Inc."
     },
     "thumbprint": "80b29fce36f71b99cdbb7138b2107d022d478af9",
     "thumbprintsha256": "792ce717b665ca8a0aedf9f7a3ba68bd15b7bf81da354e2c7dc4869bf9f22e62",
     "validity": {
      "notafter": "2026-12-22 23:59:59",
      "notbefore": "2025-12-22 00:00:00"
     },
     "version": "V3"
    },
    "http_certificate_updated_date": 1779408350,
    "jarm": "27d27d27d29d27d21c42d42d000000996c218236a1fd203fd29824aa76026c",
    "modification_date": 1779458161,
    "popularity_ranks": {
     "Cisco Umbrella": {
      "rank": 6126,
      "timestamp": 1779374295
     }
    },
    "reputation": -3,
    "security_vendor_analysis_stats": {
     "harmless": 60,
     "malicious": 0,
     "suspicious": 0,
     "timeout": 0,
     "undetected": 31
    },
    "tags": [],
    "tld": "net"}]},"_note":"Response truncated for documentation purposes"}

Hash Scan - CODE SNIPPETS


curl --location --request GET 'https://zylalabs.com/api/12658/ioc+scan+api/24485/hash+scan' --header 'Authorization: Bearer YOUR_API_KEY'

IP Address Scan Endpoint ID: 24486

Look up an IPv4 address. Returns reputation, vendor verdicts, network ownership (AS owner, ASN, network range, country), and historical WHOIS for an IPv4 address. Accepted format: dotted-quad IPv4. Common use cases: firewall enrichment, cloud-workload connection auditing, fraud signals (proxy/VPN/hosting attribution), and threat-feed correlation.

                                                                            
GET https://zylalabs.com/api/12658/ioc+scan+api/24486/ip+address+scan

IP Address Scan - Endpoint Features

Object	Description

Free test requests remaining: 3 of 3.

INPUT PARAMETERS

query

This endpoint does not require any input parameters.

API EXAMPLE RESPONSE

{
 "data": {
  "analysis_date": 1779562485,
  "as_owner": "Google LLC",
  "asn": 15169,
  "communicating_files": [
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "aaddb47104d94939d9d2caa975db2cab",
    "modification_date": 1779170823,
    "names": [
     "RMS Module",
     "00000006e9d3a7e85d1f1e7711787b9a117655e249a565122ee12e9962199007.exe",
     "RMS.exe"
    ],
    "packers": {
     "F-PROT": "appended, 7Z",
     "PEiD": "Microsoft Visual C++",
     "Varist": "7zSFX, msi, 7zSFX, msi, 7zSFX, msi"
    },
    "reputation": -179,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 48,
     "suspicious": 0,
     "timeout": 1,
     "typeunsupported": 4,
     "undetected": 22
    },
    "sha1": "b4246b529fa6aa05e1d146070c64a8eacbccb9e1",
    "sha256": "00000006e9d3a7e85d1f1e7711787b9a117655e249a565122ee12e9962199007",
    "size": 6603814,
    "ssdeep": "196608:2fJuZjiz+Bi6jBy003L2uNIUmTpur/LjN2hyL:2fJCk+psHRNI9wDUo",
    "submission_count": 5,
    "submitted_date": 1773132804,
    "tags": [
     "peexe",
     "checks-usb-bus",
     "checks-user-input",
     "long-sleeps",
     "overlay",
     "detect-debug-environment",
     "executes-dropped-file"
    ],
    "tlsh": "T134663332BBD02573D12D877D6AD96EBCD7A6E2405F5ACE42B79C0C53A336025AF2D204",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 2,
     "malicious": 12
    }
   },
   {
    "magic": "ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped",
    "md5": "317228475fed0e69ddb8f8c62a7db890",
    "modification_date": 1778303098,
    "names": [
     "i686"
    ],
    "packers": null,
    "reputation": -35,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 46,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 11,
     "undetected": 19
    },
    "sha1": "82cb66767f857ef666d52a4460a0e02dd764d494",
    "sha256": "0000002a10959ec38b808d8252eed2e814294fbb25d2cd016b24bf853a44857e",
    "size": 104139,
    "ssdeep": "3072:SOGAEtZoGZKWl6u4YTnbHMbimmFVcqq0G27ZT:SqEtZ755nbHMbimmFVcqq0G27ZT",
    "submission_count": 3,
    "submitted_date": 1720670185,
    "tags": [
     "elf",
     "sets-process-name",
     "service-scan"
    ],
    "tlsh": "T112A3F972E642CA72C44306F102A79A6B0D21BE7B0A3A5E86F32C3DB49F334C97555F59",
    "type_description": "ELF",
    "type_tag": "elf",
    "type_tags": [
     "executable",
     "linux",
     "elf"
    ],
    "votes_result": {
     "harmless": 1,
     "malicious": 3
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "c535fac305240858dbcbfe62d1b94d0b",
    "modification_date": 1779130775,
    "names": [
     "file-archive_FjMixC2ckw.exe"
    ],
    "packers": null,
    "reputation": -64,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 48,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 23
    },
    "sha1": "b76f64978ef6d3fcced57c9e35b19f4525a2250b",
    "sha256": "000000663c7400a78ee27404b7b7a8d2705aff4cc1fd2ddc8e1ebff2c4875913",
    "size": 5223977,
    "ssdeep": "98304:fCT9rG4QJjW6Tq4ZhO1zpsl+0werXZV65QcISds:KTaTq2cpstFXZVIoSq",
    "submission_count": 1,
    "submitted_date": 1709790524,
    "tags": [
     "checks-network-adapters",
     "detect-debug-environment",
     "peexe",
     "calls-wmi",
     "checks-user-input",
     "overlay"
    ],
    "tlsh": "T1F036336529B10CB4D9E0CC726DEAF92C4E621E615C35327936EE531E7DA3AF4032E712",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 1,
     "malicious": 5
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows",
    "md5": "f8e4463d1c88d17459948623fb2cb370",
    "modification_date": 1775496564,
    "names": [
     "SearchHelper.exe",
     "ibqjwyqw.exe"
    ],
    "packers": null,
    "reputation": 0,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 68,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 4
    },
    "sha1": "2d9db4ca202b44c7d32db628c74dbb8a7bb91263",
    "sha256": "000000716fa472f01dbafd6f3adc57f4c476b11854d8304ee36afea88397ba45",
    "size": 457875,
    "ssdeep": "12288:vqtC9qtzxXV4SvYQq1UbkHwv5Rh2vwAur/NE0Mei:SEArXV4uq1UbkTvRu5E0s",
    "submission_count": 1,
    "submitted_date": 1598337037,
    "tags": [
     "checks-user-input",
     "peexe",
     "overlay",
     "spreader",
     "detect-debug-environment",
     "persistence"
    ],
    "tlsh": "T1E3A4BFFEB556A40FD2AED7F1051429BE9FAB8143E36834FE9FE9290FB287C448594401",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 0
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "cc17c4e2805306984a614f5dcb3915e7",
    "modification_date": 1778005216,
    "names": [
     "lhgew.exe"
    ],
    "packers": null,
    "reputation": -6,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 66,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 6
    },
    "sha1": "39d39d2ef7c05d8afc2848e8ae2a08e55ca422a3",
    "sha256": "00000075d77e227cdb2d386181e42f42b579eb16403143dc54cd4a3d17fc8622",
    "size": 126976,
    "ssdeep": "1536:KYsz45Y9hRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:tGKY9hkFoN3Oo1+FvfSW",
    "submission_count": 3,
    "submitted_date": 1508179641,
    "tags": [
     "direct-cpu-clock-access",
     "runtime-modules",
     "persistence",
     "long-sleeps",
     "checks-network-adapters",
     "checks-usb-bus",
     "checks-user-input",
     "peexe"
    ],
    "tlsh": "T18EC3FDAAFB82107DF156017C16DAE6F337A578059D6BD08ABB34B2A40CDAD1108FD763",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 6
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "d041c6e0156b87978a54ab6a49f66593",
    "modification_date": 1779552882,
    "names": [
     "VDFSURfs",
     "VDFSURfs.exe",
     "Vobfus.EFPC",
     "00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a.exe",
     "00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a"
    ],
    "packers": {
     "PEiD": "Microsoft Visual Basic v5.0/v6.0"
    },
    "reputation": -120,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 68,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 3
    },
    "sha1": "0a6d717d33329bbc794ac3d608d197e276654228",
    "sha256": "00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a",
    "size": 155648,
    "ssdeep": "3072:H3sVvl3Po5+tTjFqV+t3DRGCKBiAKN4oQZiEx0:SQ5+t8+NDR5AWWs",
    "submission_count": 8,
    "submitted_date": 1774472088,
    "tags": [
     "persistence",
     "peexe",
     "direct-cpu-clock-access",
     "checks-usb-bus",
     "checks-network-adapters",
     "runtime-modules",
     "checks-user-input"
    ],
    "tlsh": "T16EE3941676D0F27EC415CAF43D2A4394A475ED3625D2AC13FAC22F2AB6B2D67D220353",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 9
    }
   },
   {
    "magic": "PDF document, version 1.5 (zip deflate encoded)",
    "md5": "c649ac1182cbc6dab413d81e7bb6407b",
    "modification_date": 1778303454,
    "names": [
     "PTC_CT_Mtg2_Agenda"
    ],
    "packers": null,
    "reputation": -1,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 0,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 12,
     "undetected": 63
    },
    "sha1": "d5bbd6242ded2c35d73cf4039956c156f35ccdbf",
    "sha256": "0000007e69ce5aed0e23ca1c5f85ac2bda42f71f84841aea9db049633b7a1677",
    "size": 47168,
    "ssdeep": "768:gnQft0yE3ujmbVyo9JkjySFGuq2C2mD9QOYYiYVe81Wo6UAT16j90Dc33G:gkzje0o2Mu3C2+uYiYt1v6VT16jTnG",
    "submission_count": 7,
    "submitted_date": 1626195519,
    "tags": [
     "pdf",
     "detect-debug-environment",
     "checks-network-adapters",
     "direct-cpu-clock-access",
     "checks-user-input",
     "long-sleeps",
     "runtime-modules"
    ],
    "tlsh": "T13023E1999F72ACC825413B64BB60496AC98750D7A4892D03B9ACC6D34F00DE3EC79DE7",
    "type_description": "PDF",
    "type_tag": "pdf",
    "type_tags": [
     "document",
     "pdf"
    ],
    "votes_result": {
     "harmless": 2,
     "malicious": 3
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows",
    "md5": "3ba651bc817e38f3aa04da9257ea9c0d",
    "modification_date": 1778724307,
    "names": [
     "ShareIt Service.exe",
     "shareit service.exe"
    ],
    "packers": null,
    "reputation": -5,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 67,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 5
    },
    "sha1": "9d71c4a3b517adebe25e06fc64772c9bb9da0ac0"}]},"_note":"Response truncated for documentation purposes"}

IP Address Scan - CODE SNIPPETS


curl --location --request GET 'https://zylalabs.com/api/12658/ioc+scan+api/24486/ip+address+scan' --header 'Authorization: Bearer YOUR_API_KEY'

Domain Scan Endpoint ID: 24487

Look up a domain. Returns reputation, vendor verdicts, popularity ranks (Alexa, Cisco Umbrella, Cloudflare Radar, Majestic), WHOIS, registrar, DNS records, JARM fingerprint, and content categories for a domain. Common use cases: brand protection, lookalike-domain monitoring, email-defence enrichment, domain-age verification for fraud signals, and content-filter category lookups.

                                                                            
GET https://zylalabs.com/api/12658/ioc+scan+api/24487/domain+scan

Domain Scan - Endpoint Features

Object	Description

Free test requests remaining: 3 of 3.

INPUT PARAMETERS

query

This endpoint does not require any input parameters.

API EXAMPLE RESPONSE

{
 "data": {
  "analysis_date": 1779580805,
  "categories": {
   "BitDefender": "searchengines",
   "Forcepoint ThreatSeeker": "search engines and portals",
   "Sophos": "search engines"
  },
  "communicating_files": [
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "1bcbb0093803273fd15a09cb434bfdb9",
    "modification_date": 1778005485,
    "names": [
     "ngIu.exe"
    ],
    "packers": null,
    "reputation": -58,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 67,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 5
    },
    "sha1": "c76062ece727bcafd460ed93a084454dc5617188",
    "sha256": "0000005a57419b46ddb7b88e3a10ad2da3f29140e6280766d84f84e363e1646d",
    "size": 576000,
    "ssdeep": "12288:eOzcB899uB5sWl7Ug156imU5OtqBe9I8MtPKOuCW2WeoGqJqQ+GMlm:pzysW9rn6B9qVPKOlWgwqQND",
    "submission_count": 1,
    "submitted_date": 1584420649,
    "tags": [
     "runtime-modules",
     "spreader",
     "direct-cpu-clock-access",
     "peexe",
     "long-sleeps",
     "detect-debug-environment",
     "checks-cpu-name",
     "checks-user-input",
     "persistence"
    ],
    "tlsh": "T15AC41234E9DE9F25CFAAC6F6C52B2C57C14A0CE77F30B2499198A1B52552707CE81E0B",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 4
    }
   },
   {
    "magic": "Zip archive data, at least v2.0 to extract, compression method=deflate",
    "md5": "5e4542dcda95154db9d1aa424e4254fa",
    "modification_date": 1779039482,
    "names": [
     "5e4542dcda95154db9d1aa424e4254fa.virus"
    ],
    "packers": null,
    "reputation": -57,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 24,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 7,
     "undetected": 44
    },
    "sha1": "34846812eb6ad8e421e49155dbf81a3a6ff8a2bf",
    "sha256": "000000a512a847e8ed28fdaf433d6dd601a88d74e5dd7d71bd07817b1ce3a2a2",
    "size": 3729047,
    "ssdeep": "49152:Cc64JrERNAGCd8VXMvSl3TM07ubIBiZL250fy6EroFz8F8E8eiXZy0aiTg/tuYvg:RpERN4d8VXmeIbd2eFco1iHiJ5aV/TO3",
    "submission_count": 1,
    "submitted_date": 1509406289,
    "tags": [
     "reflection",
     "contains-elf",
     "obfuscated",
     "checks-network-adapters",
     "android",
     "telephony",
     "runtime-modules",
     "apk",
     "cve-2009-1157",
     "exploit"
    ],
    "tlsh": "T120060142FB48E41EC4B7D4338AA2427265514D058542EB1B3A4DB31CAFF7ECA5B4EEC9",
    "type_description": "Android",
    "type_tag": "android",
    "type_tags": [
     "executable",
     "mobile",
     "android",
     "apk"
    ],
    "votes_result": {
     "harmless": 1,
     "malicious": 4
    }
   },
   {
    "magic": "Google Chrome extension, version 3",
    "md5": "25d517c5ccdd71630c185b8017f64bdb",
    "modification_date": 1779287137,
    "names": [
     "cjighmmbcdpbfnhinpakjloafcpmefgl.1.5.crx",
     "vmdazz.exe",
     "tmp0hybweho"
    ],
    "packers": null,
    "reputation": 0,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 6,
     "harmless": 0,
     "malicious": 0,
     "suspicious": 0,
     "timeout": 1,
     "typeunsupported": 14,
     "undetected": 54
    },
    "sha1": "f4ed89ca2f281faeadbecd5359bf82d17f2c6823",
    "sha256": "00000181a1a133b9b7dc2b1f1485bf984ee560a10952953d8504bdd705c8d2cc",
    "size": 22085,
    "ssdeep": "384:pfiVlVqdU+wxU1QqEBNE3AlpPFhJXE05VM3JXE05214+Bpupc02g7Vg0G:parMU+M9LEWpND35el352aiYO0ra0G",
    "submission_count": 2,
    "submitted_date": 1779279825,
    "tags": [
     "crx"
    ],
    "tlsh": "T1B1A2D09F6C922405F417673187CD8943DE6A22AC530F357AACC497E948B5E93FF2206B",
    "type_description": "Google Chrome Extension",
    "type_tag": "crx",
    "type_tags": [
     "crx",
     "chrome",
     "extension",
     "browser"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 0
    }
   },
   {
    "magic": "HTML document, ASCII text, with very long lines (4836u)",
    "md5": "f65ef442e711637cb952e36a55270dd3",
    "modification_date": 1779337592,
    "names": [
     "VirusShare_f65ef442e711637cb952e36a55270dd3"
    ],
    "packers": null,
    "reputation": -1,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 2,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 14,
     "undetected": 59
    },
    "sha1": "7c9395103485b281466636a97194626825d6a477",
    "sha256": "000001c3351e7fd50ce5500c79a0021ad5f9e2c5bbef41301253e6931a41f790",
    "size": 31900,
    "ssdeep": "768:X11pKVAqnd+qq9oxoB2meRleHeAQIj+xD2SqU:X1/KVhnd+xmoB3eRleHeAQICxz",
    "submission_count": 4,
    "submitted_date": 1745387906,
    "tags": [
     "html",
     "contains-embedded-js"
    ],
    "tlsh": "T1DAE26CA3BD74641CFB5AC9ACBC17BA19F9499B26C401A0A4D4FD8F1E06C6F97803539C",
    "type_description": "HTML",
    "type_tag": "html",
    "type_tags": [
     "internet",
     "html"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 1
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "dccccec175b74b267330c30f0711b811",
    "modification_date": 1778304355,
    "names": [
     "idle.exe"
    ],
    "packers": null,
    "reputation": -56,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 64,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 8
    },
    "sha1": "93e2d5b1e72252bb7e1ce8c38b8c67bd5d922330",
    "sha256": "000001e41599558a88da7cf4549285f6bab7bc348f4fd780aaaf27df8552fb02",
    "size": 276451,
    "ssdeep": "6144:ztvBPnU1b7e9SQii1EkoNlhlrQ2ZrM2x8FNjtO+y+x51:Zv1nWdQP1EDhZPxkjtO+5f1",
    "submission_count": 1,
    "submitted_date": 1665060364,
    "tags": [
     "peexe",
     "overlay",
     "direct-cpu-clock-access",
     "persistence",
     "upx",
     "detect-debug-environment",
     "spreader",
     "runtime-modules"
    ],
    "tlsh": "T1AE44F11FB1ED1F41C23A9DBB32724E36D81DCC75B80C54E9E7AD7664A9F8AA1016063C",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 2
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "e9aaa45159dacbc596ebefb6311eae54",
    "modification_date": 1779170977,
    "names": [
     "nsMi.exe"
    ],
    "packers": null,
    "reputation": -55,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 66,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 6
    },
    "sha1": "63d59d09f942caaf635f80d5c8df69e5db0261d6",
    "sha256": "000001e7a228b2a7abdf7f7e404bc8522df32b725e86907dde32176bccbbbb27",
    "size": 669184,
    "ssdeep": "12288:ntlgpnsDQ1wbmdtrN+1HFbqr8b7DIQiSf+DwnRP4kgr5ZXtmhDN7BrgcGAmhicdS:ntJDQ1cmdtSbqfbaRPTr7BrgcGAmhic0",
    "submission_count": 1,
    "submitted_date": 1595107319,
    "tags": [
     "peexe",
     "runtime-modules",
     "persistence",
     "spreader",
     "direct-cpu-clock-access",
     "detect-debug-environment",
     "checks-user-input",
     "long-sleeps"
    ],
    "tlsh": "T1C0E4E0B3845858DDDAC6F4F11FDE7DB205ACDC3E93A79C882152BC6004E96A432FA15E",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 1
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "f2920f79fdaba16992898520c718f47b",
    "modification_date": 1777703362,
    "names": [
     "mxgy4oe0q.exe",
     "ewcq.exe"
    ],
    "packers": null,
    "reputation": -55,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 0,
     "failure": 0,
     "harmless": 0,
     "malicious": 64,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 6
    },
    "sha1": "7ea365c37233ddf17e9630479a4d1947299ec946",
    "sha256": "0000037207f3e7a827998846d7a9c65b8de3e64069fad82c4e46f3236d7f9130",
    "size": 497152,
    "ssdeep": "12288:pRON45judSblzg4uQhQ+81L2JPKY11GTmoiXdMFeng:pcugdyRgzKgSPz1GTleieng",
    "submission_count": 1,
    "submitted_date": 1610388876,
    "tags": [
     "detect-debug-environment",
     "peexe",
     "runtime-modules",
     "direct-cpu-clock-access",
     "persistence",
     "long-sleeps",
     "spreader"
    ],
    "tlsh": "T1F1B4BECCD2367428EA2B0C3C6D607D3D264B62C855EDE67A2F1ED745AAD317C0B0B1A1",
    "type_description": "Win32 EXE",
    "type_tag": "peexe",
    "type_tags": [
     "executable",
     "windows",
     "win32",
     "pe",
     "peexe"
    ],
    "votes_result": {
     "harmless": 0,
     "malicious": 1
    }
   },
   {
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
    "md5": "bf22577720d623893c32bccefee3ea22",
    "modification_date": 1776243719,
    "names": [
     "bMMY.exe"
    ],
    "packers": null,
    "reputation": -56,
    "security_vendor_analysis_stats": {
     "confirmedtimeout": 1,
     "failure": 0,
     "harmless": 0,
     "malicious": 61,
     "suspicious": 0,
     "timeout": 0,
     "typeunsupported": 4,
     "undetected": 10
    },
    "sha1": "87f68048c885cc6dee1ebbff6adbe2c711e29077",
    "sha256": "0000037593b2616d896205f0dc4166ab83b87b3dab3db142f6bd8a465f837d80",
    "size": 875008,
    "ssdeep": "12288:1YJuwtBNaaMcJ1f8CIg4b7pipg9uaGVX8s3y463HWkFFFFNzDztxAjauKRR6D:msw9f/e9NGVMsCVHnAjauuQD",
    "submission_count": 1,
    "submitted_date": 1647669037}]},"_note":"Response truncated for documentation purposes"}

Domain Scan - CODE SNIPPETS


curl --location --request GET 'https://zylalabs.com/api/12658/ioc+scan+api/24487/domain+scan' --header 'Authorization: Bearer YOUR_API_KEY'

API Access Key & Authentication

After signing up, every developer is assigned a personal API access key, a unique combination of letters and digits provided to access to our API endpoint. To authenticate with the IOC Scan API simply include your bearer token in the Authorization header.

Headers

Header	Description
`Authorization`	[Required] Should be `Bearer access_key`. See "Your API Access Key" above when you are subscribed.

Questions

Simple Transparent Pricing

No long-term commitment. Upgrade, downgrade, or cancel anytime. Free Trial includes up to 50 requests.

Monthly Annually

(Save 2 months with annual billing 🎉)

💫Basic

$24.99/Month

1,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 60 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

Popular

⚡Pro

$49.99/Month

5,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 120 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

🔥Pro Plus

$99.99/Month

20,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 120 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

⚜️Premium

$199.99/Month

100,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 150 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

🌟Elite

$499.99/Month

300,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 150 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

💎Ultimate

$999.99/Month

1,000,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 150 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

💫Basic

$20.83/Month

1,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 60 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

Popular

⚡Pro

$41.66/Month

5,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 120 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

🔥Pro Plus

$83.33/Month

20,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 120 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

⚜️Premium

$166.66/Month

100,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 150 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

🌟Elite

$416.66/Month

300,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 150 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

💎Ultimate

$833.33/Month

1,000,000 Requests / Month
Then $0.0324870 per request if limit exceeded.
Rate Limit: 150 reqs per minute
Specialized Customer Support
Real-Time API Monitoring
Unlimited Data Transfer Included

Free 7-day trial

No commitment. Cancel anytime

🚀 Enterprise

Starts at
$ 10,000/Year

Custom Volume
Custom Rate Limit
Specialized Customer Support
Real-Time API Monitoring

Book a Call

Customer favorite features

✔︎ Only Pay for Successful Requests
✔︎ Free 7-Day Trial
✔︎ Multi-Language Support
✔︎ One API Key, All APIs.
✔︎ Intuitive Dashboard

✔︎ Comprehensive Error Handling
✔︎ Developer-Friendly Docs
✔︎ Postman Integration
✔︎ Secure HTTPS Connections
✔︎ Reliable Uptime

IOC Scan API FAQs

What type of data does each endpoint return?

Each endpoint returns a consolidated reputation score and detailed analysis from over 70 security vendors. For URLs, it includes content classification; for hashes, file metadata; for IPs, network ownership; and for domains, WHOIS and DNS records.

What are the key fields in the response data?

Key fields include `is_success`, `response_code`, `reputation_score`, `vendor_verdicts`, and type-specific data such as WHOIS for domains, file metadata for hashes, and ASN/network details for IPs.

What is the format and structure of the returned data?

The returned data is structured in JSON format, containing a top-level object with fields like `is_success`, `response_code`, and a `data` object that varies by endpoint, providing relevant details based on the indicator type.

What types of information are available through each endpoint?

The URL endpoint provides reputation and threat names; the Hash endpoint offers file metadata; the IP endpoint includes network ownership and historical WHOIS; the Domain endpoint delivers WHOIS, registrar info, and content categories.

How is the response data organized?

The response data is organized into a JSON object with a success indicator, a response code, and a `data` section that contains specific details relevant to the queried indicator type, allowing for easy parsing and analysis.

What are the sources of the data?

The data is sourced from over 70 security vendors, including BitDefender, Sophos, and Kaspersky, ensuring a comprehensive view of threat intelligence and maintaining high accuracy through continuous updates and vendor collaboration.

What are typical use cases for this data?

Typical use cases include phishing detection using URLs, malware classification via file hashes, fraud signal identification through IP analysis, and brand protection by monitoring domain reputation and lookalikes.

How can users effectively utilize the returned data?

Users can leverage the returned data by integrating it into security workflows, such as enhancing firewalls with IP reputation, validating file safety in software supply chains, or enriching threat feeds with URL classifications.

General FAQs

How do I get an API key?

To obtain your API key, you first need to sign in to your account and subscribe to the API you want to use. Once subscribed, go to your Profile, open the Subscription section, and select the specific API. Your API key will be available there and can be used to authenticate your requests.

Can I switch APIs during the free trial?

You can’t switch APIs during the free trial. If you subscribe to a different API, your trial will end and the new subscription will start as a paid plan.

What happens if I don’t cancel before the trial ends?

If you don’t cancel before the 7th day, your free trial will end automatically and your subscription will switch to a paid plan under the same plan you originally subscribed to, meaning you will be charged and gain access to the API calls included in that plan.

When does the free trial end?

The free trial ends when you reach 50 API requests or after 7 days, whichever comes first.

Can I use the free trial more than once?

No, the free trial is available only once, so we recommend using it on the API that interests you the most. Most of our APIs offer a free trial, but some may not include this option.

Do you offer a free trial?

Yes, we offer a 7-day free trial that allows you to make up to 50 API calls at no cost, so you can test our APIs without any commitment.

What is Zyla API Hub?

Zyla API Hub is like a big store for APIs, where you can find thousands of them all in one place. We also offer dedicated support and real-time monitoring of all APIs. Once you sign up, you can pick and choose which APIs you want to use. Just remember, each API needs its own subscription. But if you subscribe to multiple ones, you'll use the same key for all of them, making things easier for you.

What currencies and payment methods are allowed?

Prices are listed in USD (United States Dollar), EUR (Euro), CAD (Canadian Dollar), AUD (Australian Dollar), and GBP (British Pound). We accept all major debit and credit cards. Our payment system uses the latest security technology and is powered by Stripe, one of the world's most reliable payment companies. If you have any trouble paying by card, just contact us at [email protected]

Additionally, if you already have an active subscription in any of these currencies (USD, EUR, CAD, AUD, GBP), that currency will remain for subsequent subscriptions. You can change the currency at any time as long as you don't have any active subscriptions.

Why can't I pay with my local currency even though I see it on the pricing page?

The local currency shown on the pricing page is based on the country of your IP address and is provided for reference only. The actual prices are in USD (United States Dollar). When you make a payment, the charge will appear on your card statement in USD, even if you see the equivalent amount in your local currency on our website. This means you cannot pay directly with your local currency.

My payment was declined, what should I do?

Occasionally, a bank may decline the charge due to its fraud protection settings. We suggest reaching out to your bank initially to check if they are blocking our charges. Also, you can access the Billing Portal and change the card associated to make the payment. If these does not work and you need further assistance, please contact our team at [email protected]

How will I be charged for my API subscription?

Prices are determined by a recurring monthly or yearly subscription, depending on the chosen plan.

How will my API calls be deducted from my plan?

API calls are deducted from your plan based on successful requests. Each plan comes with a specific number of calls that you can make per month. Only successful calls, indicated by a Status 200 response, will be counted against your total. This ensures that failed or incomplete requests do not impact your monthly quota.

How does your billing cycle work?

Zyla API Hub works on a recurring monthly subscription system. Your billing cycle will start the day you purchase one of the paid plans, and it will renew the same day of the next month. So be aware to cancel your subscription beforehand if you want to avoid future charges.

How do I upgrade my current subscription plan with an API?

To upgrade your current subscription plan, simply go to the pricing page of the API and select the plan you want to upgrade to. The upgrade will be instant, allowing you to immediately enjoy the features of the new plan. Please note that any remaining calls from your previous plan will not be carried over to the new plan, so be aware of this when upgrading. You will be charged the full amount of the new plan.

How can I see the remaining number of API calls I can make this month?

To check how many API calls you have left for the current month, refer to the 'X-Zyla-API-Calls-Monthly-Remaining' field in the response header. For example, if your plan allows 1,000 requests per month and you've used 100, this field in the response header will indicate 900 remaining calls.

How do I find out the maximum number of API requests allowed in my subscription plan?

To see the maximum number of API requests your plan allows, check the 'X-Zyla-RateLimit-Limit' response header. For instance, if your plan includes 1,000 requests per month, this header will display 1,000.

How do I know when my rate limit will reset?

The 'X-Zyla-RateLimit-Reset' header shows the number of seconds until your rate limit resets. This tells you when your request count will start fresh. For example, if it displays 3,600, it means 3,600 seconds are left until the limit resets.

Can I cancel anytime?

Yes, you can cancel your plan anytime by going to your account and selecting the cancellation option on the Billing page. Please note that upgrades, downgrades, and cancellations take effect immediately. Additionally, upon cancellation, you will no longer have access to the service, even if you have remaining calls left in your quota.

What happens if I forget to cancel my free trial?

After 7 days, you will be charged the full amount for the plan you were subscribed to during the trial. Therefore, it's important to cancel before the trial period ends. Refund requests for forgetting to cancel on time are not accepted.

How many calls can I make during the free trial?

When you subscribe to an API free trial, you can make up to 50 API calls. If you wish to make additional API calls beyond this limit, the API will prompt you to perform an "Start Your Paid Plan." You can find the "Start Your Paid Plan" button in your profile under Subscription -> Choose the API you are subscribed to -> Pricing tab.

When are Payout Orders processed?

Payout Orders are processed between the 20th and the 30th of each month. If you submit your request before the 20th, your payment will be processed within this timeframe.

If I have any problems, who I should contact?

You can contact us through our chat channel to receive immediate assistance. We are always online from 8 am to 5 pm (EST). If you reach us after that time, we will get back to you as soon as possible. Additionally, you can contact us via email at [email protected]

What is your refund policy?

Please have a look at our Refund Policy: https://zylalabs.com/terms#refund

Start Free Trial

Service Level

100%

Response Time

247ms

Category:

Security & Cybersecurity

Tags:

#Threat Intelligence

#URL Reputation

#File Hash Analysis

#IP Address Verification

#Domain WHOIS Lookup

#Security Vendor Insights

Related APIs

VIN Scanner API

Decode any VIN and retrieve rich automotive data: specs, safety, plant info, engine, drive type, transmission, and equipment features.

Automotive & Vehicle Data

Service Level:

100%

Response Time:

110ms

Text Scan API

The Text Scan API converts scanned images and documents into editable text, extracting and recognizing characters and words for easy editing.

Visual Recognition & Imaging Free 7-Day Trial

Service Level:

100%

Response Time:

2,524ms

Web Scan Safe API

"Retrieves detailed security analysis results for specific websites, improving cybersecurity measures."

Security & Cybersecurity Free 7-Day Trial

Service Level:

100%

Response Time:

213ms

Virus Scan API

The Virus Scan API detects and analyzes suspicious content in URLs and files, identifying potential threats and malicious activity to protect systems and data.

Security & Cybersecurity Free 7-Day Trial

Service Level:

100%

Response Time:

885ms

Domain Scan API

The Domain Scan API is a tool that verifies the availability of domain names in real time to ensure that they can be registered quickly and accurately.

Location & Mapping Free 7-Day Trial

Service Level:

100%

Response Time:

338ms

Auto Diagnostic Code Insights API

Unlock vehicle issues with our Auto Diagnostic Code Insights API, providing clear, actionable insights for automotive diagnostics.

Automotive & Vehicle Data

Service Level:

99%

Response Time:

461ms

Secure Scan API

Secure Scan API detects and analyzes potential threats in files and URLs, identifying malicious content and vulnerabilities to protect systems and data.

Security & Cybersecurity Free 7-Day Trial

Service Level:

100%

Response Time:

7,847ms

Car Analyzer by Image API

Analyzes a vehicle image and returns the make, model, year, color, type, condition, external features, and confidence level.

Automotive & Vehicle Data Free 7-Day Trial

Service Level:

100%

Response Time:

563ms

VIN Image Capture for Vehicles API

Capture stunning images of vehicles based on VIN, making car listings more attractive and informative.

Automotive & Vehicle Data Free 7-Day Trial

Service Level:

100%

Response Time:

1,955ms

Email Scan API

The Email Scan API quickly and accurately identifies disposable or invalid email addresses, ensuring data quality and streamlining communication processes.

Communication & Messaging

Service Level:

100%

Response Time:

60ms

IOC Scan API API ID: 12658

What would you like to see? See the information or check the documentation?

API Documentation

Endpoints

INPUT PARAMETERS

API EXAMPLE RESPONSE

URL Scan - CODE SNIPPETS

INPUT PARAMETERS

API EXAMPLE RESPONSE

Hash Scan - CODE SNIPPETS

INPUT PARAMETERS

API EXAMPLE RESPONSE

IP Address Scan - CODE SNIPPETS

INPUT PARAMETERS

API EXAMPLE RESPONSE

Domain Scan - CODE SNIPPETS

API Access Key & Authentication

Questions

Simple Transparent Pricing

💫Basic

$24.99/Month

⚡Pro

$49.99/Month

🔥Pro Plus

$99.99/Month

⚜️Premium

$199.99/Month

🌟Elite

$499.99/Month

💎Ultimate

$999.99/Month

💫Basic

$20.83/Month

⚡Pro

$41.66/Month

🔥Pro Plus

$83.33/Month

⚜️Premium

$166.66/Month

🌟Elite

$416.66/Month

💎Ultimate

$833.33/Month

🚀 Enterprise

Starts at $ 10,000/Year

Customer favorite features

IOC Scan API FAQs

What type of data does each endpoint return?

What are the key fields in the response data?

What is the format and structure of the returned data?

What types of information are available through each endpoint?

How is the response data organized?

What are the sources of the data?

What are typical use cases for this data?

How can users effectively utilize the returned data?

General FAQs

How do I get an API key?

Can I switch APIs during the free trial?

What happens if I don’t cancel before the trial ends?

When does the free trial end?

Can I use the free trial more than once?

Do you offer a free trial?

What is Zyla API Hub?

What currencies and payment methods are allowed?

Why can't I pay with my local currency even though I see it on the pricing page?

My payment was declined, what should I do?

How will I be charged for my API subscription?

How will my API calls be deducted from my plan?

How does your billing cycle work?

How do I upgrade my current subscription plan with an API?

How can I see the remaining number of API calls I can make this month?

How do I find out the maximum number of API requests allowed in my subscription plan?

How do I know when my rate limit will reset?

Can I cancel anytime?

What happens if I forget to cancel my free trial?

How many calls can I make during the free trial?

When are Payout Orders processed?

If I have any problems, who I should contact?

What is your refund policy?

Service Level

Starts at
$ 10,000/Year