{
"data": {
"analysis_date": 1779749608,
"categories": {
"BitDefender": "searchengines",
"Forcepoint ThreatSeeker": "search engines and portals",
"Sophos": "search engines",
"alphaMountain.ai": "Search Engines/Portals (alphaMountain.ai)"
},
"hash_id": "9d116b1b0c1200ca75016e4c010bc94836366881b021a658ea7f8548b6543c1e",
"modification_date": 1779749657,
"reputation": 210,
"search_type": "url",
"security_vendor_analysis": {
"0xSI_f33d": {
"method": "blacklist",
"engine_name": "0xSI_f33d",
"category": "undetected",
"result": "unrated"
},
"ADMINUSLabs": {
"method": "blacklist",
"engine_name": "ADMINUSLabs",
"category": "harmless",
"result": "clean"
},
"AILabs (MONITORAPP)": {
"method": "blacklist",
"engine_name": "AILabs (MONITORAPP)",
"category": "harmless",
"result": "clean"
},
"Abusix": {
"method": "blacklist",
"engine_name": "Abusix",
"category": "harmless",
"result": "clean"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"category": "harmless",
"result": "clean"
},
"AlienVault": {
"method": "blacklist",
"engine_name": "AlienVault",
"category": "harmless",
"result": "clean"
},
"AlphaSOC": {
"method": "blacklist",
"engine_name": "AlphaSOC",
"category": "undetected",
"result": "unrated"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"category": "harmless",
"result": "clean"
},
"ArcSight Threat Intelligence": {
"method": "blacklist",
"engine_name": "ArcSight Threat Intelligence",
"category": "undetected",
"result": "unrated"
},
"AutoShun": {
"method": "blacklist",
"engine_name": "AutoShun",
"category": "undetected",
"result": "unrated"
},
"Bfore.Ai PreCrime": {
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime",
"category": "harmless",
"result": "clean"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"category": "harmless",
"result": "clean"
},
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"category": "harmless",
"result": "clean"
},
"BlockList": {
"method": "blacklist",
"engine_name": "BlockList",
"category": "harmless",
"result": "clean"
},
"Blueliv": {
"method": "blacklist",
"engine_name": "Blueliv",
"category": "harmless",
"result": "clean"
},
"CINS Army": {
"method": "blacklist",
"engine_name": "CINS Army",
"category": "harmless",
"result": "clean"
},
"CRDF": {
"method": "blacklist",
"engine_name": "CRDF",
"category": "harmless",
"result": "clean"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"category": "harmless",
"result": "clean"
},
"Sucuri SiteCheck": {
"method": "blacklist",
"engine_name": "Sucuri SiteCheck",
"category": "harmless",
"result": "clean"
},
"ThreatHive": {
"method": "blacklist",
"engine_name": "ThreatHive",
"category": "harmless",
"result": "clean"
},
"URLQuery": {
"method": "blacklist",
"engine_name": "URLQuery",
"category": "harmless",
"result": "clean"
},
"URLhaus": {
"method": "blacklist",
"engine_name": "URLhaus",
"category": "harmless",
"result": "clean"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"category": "undetected",
"result": "unrated"
},
"VX Vault": {
"method": "blacklist",
"engine_name": "VX Vault",
"category": "harmless",
"result": "clean"
},
"Viettel Threat Intelligence": {
"method": "blacklist",
"engine_name": "Viettel Threat Intelligence",
"category": "harmless",
"result": "clean"
},
"ViriBack": {
"method": "blacklist",
"engine_name": "ViriBack",
"category": "harmless",
"result": "clean"
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"category": "harmless",
"result": "clean"
},
"Xcitium Verdict Cloud": {
"method": "blacklist",
"engine_name": "Xcitium Verdict Cloud",
"category": "undetected",
"result": "unrated"
},
"Yandex Safebrowsing": {
"method": "blacklist",
"engine_name": "Yandex Safebrowsing",
"category": "harmless",
"result": "clean"
},
"ZeroCERT": {
"method": "blacklist",
"engine_name": "ZeroCERT",
"category": "harmless",
"result": "clean"
},
"ZeroFox": {
"method": "blacklist",
"engine_name": "ZeroFox",
"category": "undetected",
"result": "unrated"
},
"alphaMountain.ai": {
"method": "blacklist",
"engine_name": "alphaMountain.ai",
"category": "harmless",
"result": "clean"
},
"desenmascara.me": {
"method": "blacklist",
"engine_name": "desenmascara.me",
"category": "harmless",
"result": "clean"
}
},
"security_vendor_analysis_stats": {
"malicious": 0,
"suspicious": 0,
"undetected": 27,
"harmless": 65,
"timeout": 0
},
"tags": [
"external-resources"
],
"threat_names": [
],
"url": "https://google.com/",
"url_content": {
"final_url": "https://www.google.com/",
"meta": {
"viewport": null,
"theme-color": null,
"apple-mobile-web-app-title": null,
"description": null,
"og:description": null,
"twitter:description": null,
"og:site_name": null,
"og:type": null,
"og:title": null,
"twitter:title": null,
"og:url": null,
"monetag": null
},
"outgoing_links": [
"https://about.google/?fg=1\u0026utm_source=google-US\u0026utm_medium=referral\u0026utm_campaign=hp-header",
lmC2Q8",
"https://www.google.com",
"http://www.w3.org/2000/svg"
],
"redirections": [
"https://google.com/",
"https://www.google.com/"
],
"response_code": 200,
"response_content_length": 186183,
"response_headers": {
"accept-ch": "Sec-CH-Prefers-Color-Scheme\nDownlink\nRTT\nSec-CH-UA-Form-Factors\nSec-CH-UA-Platform\nSec-CH-UA-Platform-Version\nSec-CH-UA-Full-Version\nSec-CH-UA-Arch\nSec-CH-UA-Model\nSec-CH-UA-Bitness\nSec-CH-UA-Full-Version-List\nSec-CH-UA-WoW64",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
"cache-control": "private, max-age=0",
"content-encoding": "gzip",
"content-length": "67039",
"content-security-policy-report-only": "object-src 'none';base-uri 'self';script-src 'nonce-VHsCNA4zswj_MV6jXi7baA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp",
"content-type": "text/html; charset=UTF-8",
"cross-origin-opener-policy": "same-origin-allow-popups; report-to=\"gws\"",
"date": "Mon, 25 May 2026 22:39:32 GMT",
"expires": "-1",
"p3p": "CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"",
"permissions-policy": "unload=()",
"report-to": "{\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}]}},"_note":"Response truncated for documentation purposes"}
curl --location --request GET 'https://zylalabs.com/api/12660/real+time+ioc+scan+api/24489/escaneo+de+url?query=https://google.com' --header 'Authorization: Bearer YOUR_API_KEY'
{
"data": null,
"is_success": false,
"message": "Invalid request data",
"response_code": 400
}
curl --location --request GET 'https://zylalabs.com/api/12660/real+time+ioc+scan+api/24490/escaneo+de+hash?query=44d88612fea8a8f36de82e1278abb02f' --header 'Authorization: Bearer YOUR_API_KEY'
{
"data": {
"analysis_date": 1779562485,
"as_owner": "Google LLC",
"asn": 15169,
"communicating_files": [
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "aaddb47104d94939d9d2caa975db2cab",
"modification_date": 1779170823,
"names": [
"RMS Module",
"00000006e9d3a7e85d1f1e7711787b9a117655e249a565122ee12e9962199007.exe",
"RMS.exe"
],
"packers": {
"F-PROT": "appended, 7Z",
"PEiD": "Microsoft Visual C++",
"Varist": "7zSFX, msi, 7zSFX, msi, 7zSFX, msi"
},
"reputation": -179,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 48,
"suspicious": 0,
"timeout": 1,
"typeunsupported": 4,
"undetected": 22
},
"sha1": "b4246b529fa6aa05e1d146070c64a8eacbccb9e1",
"sha256": "00000006e9d3a7e85d1f1e7711787b9a117655e249a565122ee12e9962199007",
"size": 6603814,
"ssdeep": "196608:2fJuZjiz+Bi6jBy003L2uNIUmTpur/LjN2hyL:2fJCk+psHRNI9wDUo",
"submission_count": 5,
"submitted_date": 1773132804,
"tags": [
"peexe",
"checks-usb-bus",
"checks-user-input",
"long-sleeps",
"overlay",
"detect-debug-environment",
"executes-dropped-file"
],
"tlsh": "T134663332BBD02573D12D877D6AD96EBCD7A6E2405F5ACE42B79C0C53A336025AF2D204",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 2,
"malicious": 12
}
},
{
"magic": "ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped",
"md5": "317228475fed0e69ddb8f8c62a7db890",
"modification_date": 1778303098,
"names": [
"i686"
],
"packers": null,
"reputation": -35,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 46,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 11,
"undetected": 19
},
"sha1": "82cb66767f857ef666d52a4460a0e02dd764d494",
"sha256": "0000002a10959ec38b808d8252eed2e814294fbb25d2cd016b24bf853a44857e",
"size": 104139,
"ssdeep": "3072:SOGAEtZoGZKWl6u4YTnbHMbimmFVcqq0G27ZT:SqEtZ755nbHMbimmFVcqq0G27ZT",
"submission_count": 3,
"submitted_date": 1720670185,
"tags": [
"elf",
"sets-process-name",
"service-scan"
],
"tlsh": "T112A3F972E642CA72C44306F102A79A6B0D21BE7B0A3A5E86F32C3DB49F334C97555F59",
"type_description": "ELF",
"type_tag": "elf",
"type_tags": [
"executable",
"linux",
"elf"
],
"votes_result": {
"harmless": 1,
"malicious": 3
}
},
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "c535fac305240858dbcbfe62d1b94d0b",
"modification_date": 1779130775,
"names": [
"file-archive_FjMixC2ckw.exe"
],
"packers": null,
"reputation": -64,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 48,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 23
},
"sha1": "b76f64978ef6d3fcced57c9e35b19f4525a2250b",
"sha256": "000000663c7400a78ee27404b7b7a8d2705aff4cc1fd2ddc8e1ebff2c4875913",
"size": 5223977,
"ssdeep": "98304:fCT9rG4QJjW6Tq4ZhO1zpsl+0werXZV65QcISds:KTaTq2cpstFXZVIoSq",
"submission_count": 1,
"submitted_date": 1709790524,
"tags": [
"checks-network-adapters",
"detect-debug-environment",
"peexe",
"calls-wmi",
"checks-user-input",
"overlay"
],
"tlsh": "T1F036336529B10CB4D9E0CC726DEAF92C4E621E615C35327936EE531E7DA3AF4032E712",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 1,
"malicious": 5
}
},
{
"magic": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows",
"md5": "f8e4463d1c88d17459948623fb2cb370",
"modification_date": 1775496564,
"names": [
"SearchHelper.exe",
"ibqjwyqw.exe"
],
"packers": null,
"reputation": 0,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 68,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 4
},
"sha1": "2d9db4ca202b44c7d32db628c74dbb8a7bb91263",
"sha256": "000000716fa472f01dbafd6f3adc57f4c476b11854d8304ee36afea88397ba45",
"size": 457875,
"ssdeep": "12288:vqtC9qtzxXV4SvYQq1UbkHwv5Rh2vwAur/NE0Mei:SEArXV4uq1UbkTvRu5E0s",
"submission_count": 1,
"submitted_date": 1598337037,
"tags": [
"checks-user-input",
"peexe",
"overlay",
"spreader",
"detect-debug-environment",
"persistence"
],
"tlsh": "T1E3A4BFFEB556A40FD2AED7F1051429BE9FAB8143E36834FE9FE9290FB287C448594401",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 0,
"malicious": 0
}
},
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "cc17c4e2805306984a614f5dcb3915e7",
"modification_date": 1778005216,
"names": [
"lhgew.exe"
],
"packers": null,
"reputation": -6,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 66,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 6
},
"sha1": "39d39d2ef7c05d8afc2848e8ae2a08e55ca422a3",
"sha256": "00000075d77e227cdb2d386181e42f42b579eb16403143dc54cd4a3d17fc8622",
"size": 126976,
"ssdeep": "1536:KYsz45Y9hRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:tGKY9hkFoN3Oo1+FvfSW",
"submission_count": 3,
"submitted_date": 1508179641,
"tags": [
"direct-cpu-clock-access",
"runtime-modules",
"persistence",
"long-sleeps",
"checks-network-adapters",
"checks-usb-bus",
"checks-user-input",
"peexe"
],
"tlsh": "T18EC3FDAAFB82107DF156017C16DAE6F337A578059D6BD08ABB34B2A40CDAD1108FD763",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 0,
"malicious": 6
}
},
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "d041c6e0156b87978a54ab6a49f66593",
"modification_date": 1779552882,
"names": [
"VDFSURfs",
"VDFSURfs.exe",
"Vobfus.EFPC",
"00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a.exe",
"00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a"
],
"packers": {
"PEiD": "Microsoft Visual Basic v5.0/v6.0"
},
"reputation": -120,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 68,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 3
},
"sha1": "0a6d717d33329bbc794ac3d608d197e276654228",
"sha256": "00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a",
"size": 155648,
"ssdeep": "3072:H3sVvl3Po5+tTjFqV+t3DRGCKBiAKN4oQZiEx0:SQ5+t8+NDR5AWWs",
"submission_count": 8,
"submitted_date": 1774472088,
"tags": [
"persistence",
"peexe",
"direct-cpu-clock-access",
"checks-usb-bus",
"checks-network-adapters",
"runtime-modules",
"checks-user-input"
],
"tlsh": "T16EE3941676D0F27EC415CAF43D2A4394A475ED3625D2AC13FAC22F2AB6B2D67D220353",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 0,
"malicious": 9
}
},
{
"magic": "PDF document, version 1.5 (zip deflate encoded)",
"md5": "c649ac1182cbc6dab413d81e7bb6407b",
"modification_date": 1778303454,
"names": [
"PTC_CT_Mtg2_Agenda"
],
"packers": null,
"reputation": -1,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 0,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 12,
"undetected": 63
},
"sha1": "d5bbd6242ded2c35d73cf4039956c156f35ccdbf",
"sha256": "0000007e69ce5aed0e23ca1c5f85ac2bda42f71f84841aea9db049633b7a1677",
"size": 47168,
"ssdeep": "768:gnQft0yE3ujmbVyo9JkjySFGuq2C2mD9QOYYiYVe81Wo6UAT16j90Dc33G:gkzje0o2Mu3C2+uYiYt1v6VT16jTnG",
"submission_count": 7,
"submitted_date": 1626195519,
"tags": [
"pdf",
"detect-debug-environment",
"checks-network-adapters",
"direct-cpu-clock-access",
"checks-user-input",
"long-sleeps",
"runtime-modules"
],
"tlsh": "T13023E1999F72ACC825413B64BB60496AC98750D7A4892D03B9ACC6D34F00DE3EC79DE7",
"type_description": "PDF",
"type_tag": "pdf",
"type_tags": [
"document",
"pdf"
],
"votes_result": {
"harmless": 2,
"malicious": 3
}
},
{
"magic": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows",
"md5": "3ba651bc817e38f3aa04da9257ea9c0d",
"modification_date": 1778724307,
"names": [
"ShareIt Service.exe",
"shareit service.exe"
],
"packers": null,
"reputation": -5,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 67,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 5
},
"sha1": "9d71c4a3b517adebe25e06fc64772c9bb9da0ac0"}]},"_note":"Response truncated for documentation purposes"}
curl --location --request GET 'https://zylalabs.com/api/12660/real+time+ioc+scan+api/24491/escaneo+de+direcci%c3%b3n+ip?query=8.8.8.8' --header 'Authorization: Bearer YOUR_API_KEY'
{
"data": {
"analysis_date": 1779580805,
"categories": {
"BitDefender": "searchengines",
"Forcepoint ThreatSeeker": "search engines and portals",
"Sophos": "search engines"
},
"communicating_files": [
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "1bcbb0093803273fd15a09cb434bfdb9",
"modification_date": 1778005485,
"names": [
"ngIu.exe"
],
"packers": null,
"reputation": -58,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 67,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 5
},
"sha1": "c76062ece727bcafd460ed93a084454dc5617188",
"sha256": "0000005a57419b46ddb7b88e3a10ad2da3f29140e6280766d84f84e363e1646d",
"size": 576000,
"ssdeep": "12288:eOzcB899uB5sWl7Ug156imU5OtqBe9I8MtPKOuCW2WeoGqJqQ+GMlm:pzysW9rn6B9qVPKOlWgwqQND",
"submission_count": 1,
"submitted_date": 1584420649,
"tags": [
"runtime-modules",
"spreader",
"direct-cpu-clock-access",
"peexe",
"long-sleeps",
"detect-debug-environment",
"checks-cpu-name",
"checks-user-input",
"persistence"
],
"tlsh": "T15AC41234E9DE9F25CFAAC6F6C52B2C57C14A0CE77F30B2499198A1B52552707CE81E0B",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 0,
"malicious": 4
}
},
{
"magic": "Zip archive data, at least v2.0 to extract, compression method=deflate",
"md5": "5e4542dcda95154db9d1aa424e4254fa",
"modification_date": 1779039482,
"names": [
"5e4542dcda95154db9d1aa424e4254fa.virus"
],
"packers": null,
"reputation": -57,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 24,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 7,
"undetected": 44
},
"sha1": "34846812eb6ad8e421e49155dbf81a3a6ff8a2bf",
"sha256": "000000a512a847e8ed28fdaf433d6dd601a88d74e5dd7d71bd07817b1ce3a2a2",
"size": 3729047,
"ssdeep": "49152:Cc64JrERNAGCd8VXMvSl3TM07ubIBiZL250fy6EroFz8F8E8eiXZy0aiTg/tuYvg:RpERN4d8VXmeIbd2eFco1iHiJ5aV/TO3",
"submission_count": 1,
"submitted_date": 1509406289,
"tags": [
"reflection",
"contains-elf",
"obfuscated",
"checks-network-adapters",
"android",
"telephony",
"runtime-modules",
"apk",
"cve-2009-1157",
"exploit"
],
"tlsh": "T120060142FB48E41EC4B7D4338AA2427265514D058542EB1B3A4DB31CAFF7ECA5B4EEC9",
"type_description": "Android",
"type_tag": "android",
"type_tags": [
"executable",
"mobile",
"android",
"apk"
],
"votes_result": {
"harmless": 1,
"malicious": 4
}
},
{
"magic": "Google Chrome extension, version 3",
"md5": "25d517c5ccdd71630c185b8017f64bdb",
"modification_date": 1779287137,
"names": [
"cjighmmbcdpbfnhinpakjloafcpmefgl.1.5.crx",
"vmdazz.exe",
"tmp0hybweho"
],
"packers": null,
"reputation": 0,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 6,
"harmless": 0,
"malicious": 0,
"suspicious": 0,
"timeout": 1,
"typeunsupported": 14,
"undetected": 54
},
"sha1": "f4ed89ca2f281faeadbecd5359bf82d17f2c6823",
"sha256": "00000181a1a133b9b7dc2b1f1485bf984ee560a10952953d8504bdd705c8d2cc",
"size": 22085,
"ssdeep": "384:pfiVlVqdU+wxU1QqEBNE3AlpPFhJXE05VM3JXE05214+Bpupc02g7Vg0G:parMU+M9LEWpND35el352aiYO0ra0G",
"submission_count": 2,
"submitted_date": 1779279825,
"tags": [
"crx"
],
"tlsh": "T1B1A2D09F6C922405F417673187CD8943DE6A22AC530F357AACC497E948B5E93FF2206B",
"type_description": "Google Chrome Extension",
"type_tag": "crx",
"type_tags": [
"crx",
"chrome",
"extension",
"browser"
],
"votes_result": {
"harmless": 0,
"malicious": 0
}
},
{
"magic": "HTML document, ASCII text, with very long lines (4836u)",
"md5": "f65ef442e711637cb952e36a55270dd3",
"modification_date": 1779337592,
"names": [
"VirusShare_f65ef442e711637cb952e36a55270dd3"
],
"packers": null,
"reputation": -1,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 2,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 14,
"undetected": 59
},
"sha1": "7c9395103485b281466636a97194626825d6a477",
"sha256": "000001c3351e7fd50ce5500c79a0021ad5f9e2c5bbef41301253e6931a41f790",
"size": 31900,
"ssdeep": "768:X11pKVAqnd+qq9oxoB2meRleHeAQIj+xD2SqU:X1/KVhnd+xmoB3eRleHeAQICxz",
"submission_count": 4,
"submitted_date": 1745387906,
"tags": [
"html",
"contains-embedded-js"
],
"tlsh": "T1DAE26CA3BD74641CFB5AC9ACBC17BA19F9499B26C401A0A4D4FD8F1E06C6F97803539C",
"type_description": "HTML",
"type_tag": "html",
"type_tags": [
"internet",
"html"
],
"votes_result": {
"harmless": 0,
"malicious": 1
}
},
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "dccccec175b74b267330c30f0711b811",
"modification_date": 1778304355,
"names": [
"idle.exe"
],
"packers": null,
"reputation": -56,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 64,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 8
},
"sha1": "93e2d5b1e72252bb7e1ce8c38b8c67bd5d922330",
"sha256": "000001e41599558a88da7cf4549285f6bab7bc348f4fd780aaaf27df8552fb02",
"size": 276451,
"ssdeep": "6144:ztvBPnU1b7e9SQii1EkoNlhlrQ2ZrM2x8FNjtO+y+x51:Zv1nWdQP1EDhZPxkjtO+5f1",
"submission_count": 1,
"submitted_date": 1665060364,
"tags": [
"peexe",
"overlay",
"direct-cpu-clock-access",
"persistence",
"upx",
"detect-debug-environment",
"spreader",
"runtime-modules"
],
"tlsh": "T1AE44F11FB1ED1F41C23A9DBB32724E36D81DCC75B80C54E9E7AD7664A9F8AA1016063C",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 0,
"malicious": 2
}
},
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "e9aaa45159dacbc596ebefb6311eae54",
"modification_date": 1779170977,
"names": [
"nsMi.exe"
],
"packers": null,
"reputation": -55,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 66,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 6
},
"sha1": "63d59d09f942caaf635f80d5c8df69e5db0261d6",
"sha256": "000001e7a228b2a7abdf7f7e404bc8522df32b725e86907dde32176bccbbbb27",
"size": 669184,
"ssdeep": "12288:ntlgpnsDQ1wbmdtrN+1HFbqr8b7DIQiSf+DwnRP4kgr5ZXtmhDN7BrgcGAmhicdS:ntJDQ1cmdtSbqfbaRPTr7BrgcGAmhic0",
"submission_count": 1,
"submitted_date": 1595107319,
"tags": [
"peexe",
"runtime-modules",
"persistence",
"spreader",
"direct-cpu-clock-access",
"detect-debug-environment",
"checks-user-input",
"long-sleeps"
],
"tlsh": "T1C0E4E0B3845858DDDAC6F4F11FDE7DB205ACDC3E93A79C882152BC6004E96A432FA15E",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 0,
"malicious": 1
}
},
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "f2920f79fdaba16992898520c718f47b",
"modification_date": 1777703362,
"names": [
"mxgy4oe0q.exe",
"ewcq.exe"
],
"packers": null,
"reputation": -55,
"security_vendor_analysis_stats": {
"confirmedtimeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 64,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 6
},
"sha1": "7ea365c37233ddf17e9630479a4d1947299ec946",
"sha256": "0000037207f3e7a827998846d7a9c65b8de3e64069fad82c4e46f3236d7f9130",
"size": 497152,
"ssdeep": "12288:pRON45judSblzg4uQhQ+81L2JPKY11GTmoiXdMFeng:pcugdyRgzKgSPz1GTleieng",
"submission_count": 1,
"submitted_date": 1610388876,
"tags": [
"detect-debug-environment",
"peexe",
"runtime-modules",
"direct-cpu-clock-access",
"persistence",
"long-sleeps",
"spreader"
],
"tlsh": "T1F1B4BECCD2367428EA2B0C3C6D607D3D264B62C855EDE67A2F1ED745AAD317C0B0B1A1",
"type_description": "Win32 EXE",
"type_tag": "peexe",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"votes_result": {
"harmless": 0,
"malicious": 1
}
},
{
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
"md5": "bf22577720d623893c32bccefee3ea22",
"modification_date": 1776243719,
"names": [
"bMMY.exe"
],
"packers": null,
"reputation": -56,
"security_vendor_analysis_stats": {
"confirmedtimeout": 1,
"failure": 0,
"harmless": 0,
"malicious": 61,
"suspicious": 0,
"timeout": 0,
"typeunsupported": 4,
"undetected": 10
},
"sha1": "87f68048c885cc6dee1ebbff6adbe2c711e29077",
"sha256": "0000037593b2616d896205f0dc4166ab83b87b3dab3db142f6bd8a465f837d80",
"size": 875008,
"ssdeep": "12288:1YJuwtBNaaMcJ1f8CIg4b7pipg9uaGVX8s3y463HWkFFFFNzDztxAjauKRR6D:msw9f/e9NGVMsCVHnAjauuQD",
"submission_count": 1,
"submitted_date": 1647669037}]},"_note":"Response truncated for documentation purposes"}
curl --location --request GET 'https://zylalabs.com/api/12660/real+time+ioc+scan+api/24492/escaneo+de+dominio?query=google.com' --header 'Authorization: Bearer YOUR_API_KEY'
After signing up, every developer is assigned a personal API access key, a unique combination of letters and digits provided to access to our API endpoint. To authenticate with the Real Time IOC Scan API simply include your bearer token in the Authorization header.
| Header | Description |
|---|---|
Authorization
|
Required
Should be Bearer access_key. See "Your API Access Key" above when you are subscribed.
|
No long-term commitment. Upgrade, downgrade, or cancel anytime. Free Trial includes up to 50 requests.
(Save 2 months with annual billing 🎉)
Trusted by leading companies
Real-time threat intelligence for URLs, file hashes, IPv4 addresses, and domains by Crawland. Send any of four indicator types and get back a consolidated reputation score plus the underlying verdicts from 70+ security vendors (BitDefender, Sophos, Forcepoint, Cisco, ESET, Kaspersky, Fortinet, McAfee and more), along with type-specific context: WHOIS for domains, ASN/network/country for IPs, file metadata for hashes, and content categories for URLs. Status code contract: this API returns HTTP 200 for every authenticated, in-quota request - including invalid inputs and 'no data found' responses. Always inspect the `is_success` boolean and the `response_code` field in the body (200 = data found, 400 = invalid input, 404 = no intelligence found). HTTP 401/403/429/5xx are reserved for authentication, rate-limit, and server-error scenarios.
Each endpoint returns specific threat intelligence data: the URL Scan provides reputation, vendor analysis, and content classification; the Hash Scan offers vendor verdicts and file metadata; the IP Address Scan includes reputation, network ownership, and historical WHOIS; and the Domain Scan delivers reputation, WHOIS, registrar details, and content categories.
Key fields include `reputation_score`, `vendor_verdicts`, `file_metadata`, `WHOIS_info`, and `content_categories`. Each endpoint has unique fields relevant to the data type, such as `size` and `type` for hashes or `DNS_records` for domains.
Response data is structured in JSON format, with a top-level object containing an `is_success` boolean, `response_code`, and a `data` object that varies by endpoint. Each `data` object includes relevant fields specific to the scanned indicator type.
The URL Scan provides threat names and content classification; the Hash Scan includes file size and signing details; the IP Address Scan offers ASN and network ownership; and the Domain Scan presents WHOIS data and popularity ranks.
Users can customize requests by providing specific parameters such as the full URL for the URL Scan, the file hash in MD5/SHA formats for the Hash Scan, the dotted-quad format for IPv4 addresses, and the domain name for the Domain Scan.
Data is aggregated from over 70 security vendors, including BitDefender, Sophos, and Kaspersky. This diverse sourcing enhances the reliability and comprehensiveness of the threat intelligence provided.
Common use cases include phishing detection and link safety for URLs, malware classification for file hashes, fraud signal detection for IP addresses, and brand protection for domains. Each endpoint supports specific scenarios relevant to its data type.
Users can leverage the `reputation_score` and `vendor_verdicts` to assess threat levels, use `WHOIS_info` for domain ownership verification, and analyze `file_metadata` for security assessments. Understanding the `response_code` helps interpret the results accurately.
To obtain your API key, first sign in to your account and navigate to the API you want to use. From the API's Pricing section, choose a plan and complete the subscription process. Once subscribed, return to the API page and you will see your API Access Key displayed at the top of the documentation page. You can use this key to authenticate your requests.
You can’t switch APIs during the free trial. If you subscribe to a different API, your trial will end and the new subscription will start as a paid plan.
The free trial lasts for 7 days and allows you to make up to 50 API requests.
No, the free trial is available only once, so we recommend using it on the API that interests you the most. Most of our APIs offer a free trial, but some may not include this option.
Yes. If the API offers a free trial, you will see a "Free 7-Day Trial" option in its Pricing section. The trial lasts for 7 days and allows up to 50 API requests, enabling you to evaluate the API before subscribing to a paid plan.
Zyla API Hub is like a big store for APIs, where you can find thousands of them all in one place. We also offer dedicated support and real-time monitoring of all APIs. Once you sign up, you can pick and choose which APIs you want to use. Just remember, each API needs its own subscription. But if you subscribe to multiple ones, you'll use the same key for all of them, making things easier for you.
You can monitor your API usage through the response headers included with every request:
x-zyla-api-calls-monthly-used: Shows the total number of API requests you have used during the current billing period.
x-zyla-api-calls-monthly-remaining: Shows the number of API requests you have remaining for the current billing period.
Yes, you can cancel your subscription at any time. Simply go to the Pricing section of the API you're subscribed to and click the "Unsubscribe" button.
Please note that upgrades, downgrades, and cancellations take effect immediately. Once your subscription is canceled, access to the service will end immediately, regardless of any remaining API calls in your quota.
Please have a look at our Refund Policy: https://zylalabs.com/terms#refund