Getting started

The Vxcube Beta API allows you to quickly get the malware, domain,IP Addresses analysis result.

In order to use the API you must sign up to Vxcube.com.

Once you have a valid account you will find your personal openid in your personal profile section.

This openid is use to get access token.

With the API you can search for:

  • Domains
  • IP Addreses
  • Filehashes

Limits

The API provides a limited of access(150 records/day), for non-commercial use.

Advanced search calls are available via the private API, which requires special privileges. Contact us for the private API.

API Responses

  • 400 - domain name format error.

  • 401 - domain not found.

  • 402 - invalid token.

  • 403 - invalid openid.

  • 404 - hashcode format error.

  • 405 - permission denied.


Response

{
    "token": "0c9dc1ed96885951679c04507d5388913136c9f7a3a4c72bef78229dbfe2531a", 
    "expires_in": 21587
}

token

get access token and expiry time

get
/api/v1/token/{openid}

URI Parameters

openid

string ( required)

Example:  a8c152e0720e66b8a95ccbdd3ba4cfd5d31bd192bc69482024333c5018b82165

The encrypted string provided by vxcube.com.


Response

{
    "token": "0c9dc1ed96885951679c04507d5388913136c9f7a3a4c72bef78229dbfe2531a", 
    "expires_in": 21587
}

token reset

reset access token and expiry time

get
/api/v1/token/reset/{openid}

URI Parameters

openid

string ( required)

Example:  a8c152e0720e66b8a95ccbdd3ba4cfd5d31bd192bc69482024333c5018b82165

The encrypted string provided by vxcube.com.


Response

{
    "telephone": "861059928888", 
    "dates": {
        "updated": "2015-09-10 00:00:00 UTC", 
        "expires": "2017-10-11 00:00:00 UTC", 
        "created": "1999-10-11 00:00:00 UTC"
    }, 
    "registrar": "Domain Admin", 
    "whois_server": "whois.markmonitor.com", 
    "name_servers": [
        "ns3.baidu.com", 
        "dns.baidu.com", 
        "ns7.baidu.com", 
        "ns4.baidu.com", 
        "ns2.baidu.com"
    ], 
    "ip_address": [
        "180.149.132.47", 
        "220.181.57.217", 
        "111.13.101.208", 
        "123.125.114.144"
    ], 
    "domain": "baidu.com", 
    "registrar_status": "clientDeleteProhibited clientTransferProhibited clientUpdateProhibited serverDeleteProhibited serverTransferProhibited serverUpdateProhibited", 
    "email": "domainmaster@baidu.com"
}

domain whois

get domain whois info

get
/api/v1/domain/whois/{domain}?token={token}

URI Parameters

domain

string ( required)

Example:  baidu.com

The domain to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "domain": "baidu.com", 
    "domain_history": [
        {
            "registrar": "domain admin", 
            "email": "domainmaster@baidu.com", 
            "modify_date": "2017-08-28 10:16:17", 
            "telephone": "+86.1059928888"
        }, 
        {
            "registrar": "domain admin", 
            "email": "domainmaster@baidu.com", 
            "modify_date": "2017-07-29 19:43:22", 
            "telephone": "+86.1059928888"
        }, 
        {
            "registrar": "domain admin", 
            "email": "domainmaster@baidu.com", 
            "modify_date": "2017-07-29 07:34:49", 
            "telephone": "+86.1059928888"
        }, 
        {
            "registrar": "zhiyong duan", 
            "email": "domainmaster@baidu.com", 
            "modify_date": "2014-03-31 12:53:46", 
            "telephone": "+86.1059924216"
        }
    ]
}

domain history

get domain history info

This is a private API

get
/api/v1/domain/history/{domain}?token={token}

URI Parameters

domain

string ( required)

Example:  baidu.com

The domain to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "category": "Internet_and_Telecom/Search_Engine", 
    "domain": "baidu.com", 
    "description": "", 
    "title": "\\u767e\\u5ea6\\u4e00\\u4e0b\\uff0c\\u4f60\\u5c31\\u77e5\\u9053", 
    "similar_sites": [
        "youku.com", 
        "hao123.com", 
        "sogou.com", 
        "google.cn", 
        "taobao.com", 
        "163.com", 
        "baigoogledu.com", 
        "zhongsou.com", 
        "yisou.com", 
        "qq.com"
    ], 
    "also_visited": [
        "bilibili.com", 
        "so.com", 
        "weibo.com", 
        "douyu.com", 
        "hao.360.cn"
    ]
}

domain info

get domain website info

get
/api/v1/domain/info/{domain}?token={token}

URI Parameters

domain

string ( required)

Example:  baidu.com

The domain to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "report": [
        "https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cyberespionage-group.pdf", 
        "https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf"
    ], 
    "domain": "militaryreviews.net"
}

threat report

get threat report info

get
/api/v1/threat/report/{domain}?token={token}

URI Parameters

domain

string ( required)

Example:  militaryreviews.net

The domain to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "domain": "militaryreviews.net", 
    "ioc": [
        {
            "indicator": "bdarmy.news", 
            "type": "domain"
        }, 
        {
            "indicator": "0c09c662699c507c553317a909665952562bd7e2434c4a719470f672bdada700", 
            "type": "FileHash-SHA256"
        }, 
        {
            "indicator": "CVE-2012-1856", 
            "type": "CVE"
        }
    ]
}

threat ioc

get threat ioc info

get
/api/v1/threat/ioc/{domain}?token={token}

URI Parameters

domain

string ( required)

Example:  militaryreviews.net

The domain to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "domain": "baidu.com", 
    "ip_history": [
        {
            "action": "New", 
            "change_date": "2005-04-02", 
            "change_from": "", 
            "change_to": "202.108.249.156"
        }, 
        {
            "action": "Change", 
            "change_date": "2017-04-23", 
            "change_from": "183.232.231.172", 
            "change_to": "103.235.46.39"
        }
    ]
}

ip history

get ip history info

This is a private API

get
/api/v1/ip/history/{domain}?token={token}

URI Parameters

domain

string ( required)

Example:  baidu.com

The domain to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "sha256": "b84bed5c2c639dc68a20ba3a3f4aee6b4ee143249e2883399b6450888cb50f2a", 
    "sha1": "a84f8ddad371c0dc399a4c48eb5aeba99fb8ee93", 
    "file_class": "PEXE", 
    "ai_result": "malicious", 
    "file_type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", 
    "ssdeep": "49152:0GKIgIh3iB73dqLInrlc5ENTwDsTeNDfNRGZrs8FuRlyT/BIvgutmasnGTr1ESOZ:O", 
    "md5": "d9a2cd869152f24b1a5294a1c82b7e85", 
    "analysis_date": "2017-11-01T12:04:43", 
    "filesize": 24262712
}

file report

get file ai report info

get
/api/v1/file/{hashcode}?token={token}

URI Parameters

hashcode

string ( required)

Example:  a84f8ddad371c0dc399a4c48eb5aeba99fb8ee93

The file md5/sha1/sha256 to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "file_class": "PEXE", 
    "ai_result": "malicious", 
    "file_type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", 
    "antivirus": {
        "ALYac": {
            "detected": "true", 
            "version": "1.1.1.2", 
            "result": "Trojan.Banker.CryptoShuffler.gen", 
            "update": "20171101"
        }, 
        "AVG": {
            "detected": "true", 
            "version": "17.7.3660.0", 
            "result": "Win32:DangerousSig [Trj]", 
            "update": "20171101"
        }
    }, 
    "ssdeep": "49152:0GKIgIh3iB73dqLInrlc5ENTwDsTeNDfNRGZrs8FuRlyT/BIvgutmasnGTr1ESOZ:O", 
    "ioc": {
        "iocs": []
    }, 
    "md5": "d9a2cd869152f24b1a5294a1c82b7e85", 
    "sha1": "a84f8ddad371c0dc399a4c48eb5aeba99fb8ee93", 
    "exif": {
        "EXE:OSVersion": 5.1, 
        "EXE:PEType": "PE32", 
        "EXE:TimeStamp": "2017:08:04 08:56:29+00:00", 
        "EXE:InitializedDataSize": 24130048, 
        "EXE:LinkerVersion": 14.0, 
        "EXE:EntryPoint": "0xbace", 
        "EXE:SubsystemVersion": 5.1, 
        "EXE:CodeSize": 127488, 
        "EXE:UninitializedDataSize": 0, 
        "EXE:Subsystem": "Windows GUI", 
        "EXE:MachineType": "Intel 386 or later, and compatibles", 
        "EXE:ImageVersion": 0.0
    }, 
    "analysis_date": "2017-11-01T12:04:43", 
    "filesize": 24262712, 
    "sha256": "b84bed5c2c639dc68a20ba3a3f4aee6b4ee143249e2883399b6450888cb50f2a"
}

file report detail

get file ai report detail

This is a private API

get
/api/v1/file/{hashcode}/detail?token={token}

URI Parameters

hashcode

string ( required)

Example:  a84f8ddad371c0dc399a4c48eb5aeba99fb8ee93

The file md5/sha1/sha256 to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "antivirus": {
        "ALYac": {
            "detected": "true", 
            "version": "1.1.1.2", 
            "result": "Trojan.Banker.CryptoShuffler.gen", 
            "update": "20171101"
        }, 
        "AVG": {
            "detected": "true", 
            "version": "17.7.3660.0", 
            "result": "Win32:DangerousSig [Trj]", 
            "update": "20171101"
        }
    }
}

file report antivirus

get file ai report antivirus info

get
/api/v1/file/antivirus/{hashcode}?token={token}

URI Parameters

hashcode

string ( required)

Example:  a84f8ddad371c0dc399a4c48eb5aeba99fb8ee93

The file md5/sha1/sha256 to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.


Response

{
    "ioc": {
        "iocs": [
            {
                "description": "", 
                "access_reason": "", 
                "is_active": 1, 
                "access_type": "public", 
                "id": 995461, 
                "content": "", 
                "indicator": "df72a289d535ccf264a04696adb573f48fe5cf27014affe65da8fd98750029db", 
                "created": "2016-10-14T17:24:50", 
                "title": "", 
                "access_groups": [], 
                "role": "null", 
                "observations": 2, 
                "type": "FileHash-SHA256", 
                "expiration": "null"
            }
        ]
    }
}

file report ioc

get file ai report ioc info

get
/api/v1/file/ioc/{hashcode}?token={token}

URI Parameters

hashcode

string ( required)

Example:  a84f8ddad371c0dc399a4c48eb5aeba99fb8ee93

The file md5/sha1/sha256 to search for.

token

string ( required)

Example:  89f4a3246667e1553e0f1d9bfc26192806b76c28c37a2ec5f41b2014a1016279

The access token generated by openid.