REST API Documentation#

Attention

An API key is required to access our REST API. If you have not yet received credentials, please request access.

Endpoint: IPv4 Information Lookup#

Overview#

The IPv4 Information Lookup endpoint provides detailed information about a specified IPv4 address, including associated security threats, sample detections, and passive DNS data.

URL#

https://api.precisionsec.com/ipv4/{ipv4_address}

Method#

GET

URL Params#

Required:

  • ipv4_address : string - The IPv4 address for which information is being requested.

Headers#

Required:

  • API-Key : string - Your personal API key for accessing the PrecisionSec API.

Success Response#

Code: 200 OK

Content:

A JSON object containing the following fields:

  • communicating_samples : array of objects - List of malware samples that have communicated with the given IP, each object includes:

    • detection_date : integer (Unix timestamp) - The date and time when the sample was detected.

    • md5 : string - The MD5 hash of the malware sample.

    • sha256 : string - The SHA-256 hash of the malware sample.

    • tag : string - The tag or classification of the malware.

  • confidence : string - The confidence level of the information provided.

  • first_seen : integer (Unix timestamp) - The first recorded date and time when the IP was seen in the network.

  • ip : string - The IPv4 address that was queried.

  • passive_dns : array of objects - Historical DNS data associated with the IP, each object includes:

    • domain : string - The domain name associated with the IP.

    • first_seen : integer (Unix timestamp) - The first date and time when the domain was seen with the IP.

    • last_seen : integer (Unix timestamp) - The most recent date and time when the domain was seen with the IP.

  • tag : string - The most frequent tag/classification of malware associated with the IP.

Example Call#

curl -H "API-Key:<API_KEY>" https://api.precisionsec.com/ipv4/193.161.193.99

Endpoint: Domain Information Lookup#

Overview#

The Domain Information Lookup endpoint provides comprehensive details about a specified domain, including associated security threats, sample detections, and resolution history.

URL#

https://api.precisionsec.com/domain/{domain_name}

Method#

GET

URL Params#

Required:

  • domain_name : string - The domain name for which information is being requested.

Headers#

Required:

  • API-Key : string - Your personal API key for accessing the PrecisionSec API.

Success Response#

Code: 200 OK

Content:

A JSON object containing the following fields:

  • communicating_samples : array of objects - List of malware samples that have communicated with the given domain, each object includes:

    • detection_date : integer (Unix timestamp) - The date and time when the sample was detected.

    • md5 : string - The MD5 hash of the malware sample.

    • sha256 : string - The SHA-256 hash of the malware sample.

    • tag : string - The tag or classification of the malware.

  • domain : string - The domain name that was queried.

  • first_seen : integer (Unix timestamp) - The first recorded date and time when the domain was seen.

  • resolutions : array of objects - The IP resolution history of the domain, each object includes:

    • first_seen : integer (Unix timestamp) - The first date and time when the IP was seen resolving for the domain.

    • ip : string - The IP address to which the domain resolved.

    • last_seen : integer (Unix timestamp) - The most recent date and time when the IP was seen resolving for the domain.

  • tag : string - The most frequent tag/classification of malware associated with the domain.

Example Call#

curl -H "API-Key:<API_KEY>" https://api.precisionsec.com/domain/windowsupdate2024.duckdns.org

Endpoint: MD5 Information Lookup#

Overview#

The MD5 Information Lookup endpoint is designed to provide detailed information about a specific malware sample identified by the MD5 hash of a file, including its association with any botnets, campaigns, and distribution methods.

URL#

https://api.precisionsec.com/md5/{md5_hash}

Method#

GET

URL Params#

Required:

  • md5_hash : string - The MD5 hash of the file for which information is being requested.

Headers#

Required:

  • API-Key : string - Your personal API key for accessing the PrecisionSec API.

Success Response#

Code: 200 OK

Content:

A JSON object containing the following fields:

  • botnet_id : string - Identifier of the botnet associated with the MD5 hash, if any.

  • c2_urls : array of strings - Command and control URLs associated with the hash.

  • campaign_id : string - Identifier of the campaign associated with the hash, if any.

  • distribution_urls : array of strings - URLs from which the malware was distributed, if available.

  • first_seen : integer (Unix timestamp) - The first recorded date and time when the hash was seen.

  • magic : string - The magic number associated with the file, if available.

  • md5 : string - The MD5 hash of the file.

  • sha256 : string - The SHA-256 hash of the file.

  • tag : string - The tag or classification of the malware associated with the hash.

Example Call#

curl -H "API-Key:<API_KEY>" https://api.precisionsec.com/md5/97a688b9e67f6f69d9117df6be85045c