ZeroCERT API v1.1

Public API


old Public API v1.0

Public API v1.1 Summary:
Type method Auth request URL Explanation
domain POST Y /api/v1.1/check/domain domain check
ip POST Y /api/v1.1/check/ip ip check
url POST Y /api/v1.1/check/url full url check
file POST Y /api/v1.1/check/hash file hash(md5, sha256) check
- POST Y /api/v1.1/check/reputation level 0~5
ip, domain, url
Compromised(90-Days)


Parameters:
Query Params Description
key api key
value domain, ip, url, hash


Result code:
Result code Description
type Lookup type
date Detection date (new)
value Lookup value
state State code (*)
tag tag


(*)State code:
State code Explanation
compromised Compromised site (latest 90 days)
mailcious mailcious url
malware malware file
phishing phishing site
suspicious suspicious site
deface deface site
clean No results found. clean site


[PHP Example code]
$KEY = "api key code";
$TARGET = "https://center.zerocert.org/api/v1.1/check/domain";
$VALUE = "zerocert.org";

$post_data = array(
"key" => $KEY,
"value" => $VALUE
);


[Example response]
{ "Result": { "Type": "domain", "Value": "zerocert.org", "State": "clean" } }



Private API



Private API v1.1 Summary:
Type method Auth request URL Explanation
POST Y /api/v1.1/feed/url Latest 24 hours Bad URLs
/api/v1.1/feed/link Referer url
/api/v1.1/relation/domain Related information between nodes
/api/v1.1/relation/ip
/api/v1.1/relation/url
/api/v1.1/search/domain Search
/api/v1.1/search/ip
/api/v1.1/search/url
/api/v1.1/search/hash
/api/v1.1/search/tag
/api/v1.1/search/ssdeep File Similarity Search
/api/v1.1/search_box/domain Search Sandbox
(*) being prepared
/api/v1.1/search_box/ip
/api/v1.1/search_box/url
/api/v1.1/search_box/hash
/api/v1.1/search_box/strings


/api/v1.1/feed/url, /link

Parameters:
Query Params Description
key api key
date ex) 201805291700
Latest detection date (default 24 hours)


Result code:
Result code Description
scan_date Lookup date (default 24 hours)
date Detection date
state State code (*)
domain Domain or IP address
url Bad url
sub_url Sub url regular expression check
ip IP address
cc Country code
md5_file File Hash(md5)
sha256_file File Hash(sha256)
ssdeep Ssdeep value
tag tag




/api/v1.1/relation/domain, /ip, /url

Parameters:
Query Params Description
key api key
value domain, ip, url


/api/v1.1/search/domain, /ip, /url, /hash, /tag, /ssdeep

Parameters:
Query Params Description
key api key
value domain, ip, url, hash(md5, sha256), tag(ex: ransomware)


ZeroCERT.org | Circle map | Safeguard | API | Facebook | hello@zerocert.org