Phishing Domain Search

  • Url: https://services.normshield.com/api/v1/phishing/domain
  • Method: POST
  • Description: NormShield Potential Phishing Domain Search generates possible words from your domain name with specific algorithms and searches these generated names among all domain name databases. With this service, you can identify the possible phishing domain names registered for cyber attacks

Request-Example Json

{
        "domain": "normshield.com"
}

Response-Example Json

{  
   "status":"success",
   "results":{  
      "DomainList":[  
         {  
              "ContactEmail": "[email protected]", 
              "CreatedDate": "2011-03-06", 
              "ExpireDate": "2018-03-06", 
              "FraudDomain": "oceabank.com", 
              "FraudScore": 56.5, 
              "RegistrantName": "Contact Privacy Inc. Customer 0130186334", 
              "RegistrantOrg": "96 Mowat Ave", 
              "RegistrarName": "TUCOWS DOMAINS INC."
         }
         [...]
      ],
      "DomainListSize":1
   }
}

Example usage

curl -H "Content-Type: application/json" -X POST -d '{"domain": "normshield.com"}' https://services.normshield.com/api/v1/phishing/domain

Errors

  • IpLimitError Rate limit error
  • MissingDictKey Raising when recieved json data hasnt any "domain" key.
  • MalformedJson Requests must have valid json otherwise this error will be raised
  • ApiFailed Temporary api error message
  • InvalidDomainName Raising when recieved domain name field is not valid

Error Example

HTTP/1.1 400 Invalid Domain Name

{
        "status": False,
        "msg": "given domain is not valid"
}

IP Blacklist Search

  • Url: https://services.normshield.com/api/v1/blacklist/searchip
  • Method: POST
  • Description Search your ip asset at NormShield Blacklist Service to see if your ip address is in any blacklist. Our data is collected from various resources on the net plus NormShield own honeypot systems spread all over the world.

Request-Example Json

{
  "ip": "1.1.1.1"
}

Response-Example Json

{
    "status": "success",
    "results": {
        "blacklistSize": 2,
        "blacklistData": [
            {
                "Category": "organizations",
                "Data": "1.1.1.1",
                "Description": " [BitNodes] (https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.",
                "FileSource": "bitcoin_nodes",
                "FirstListingDate": "2017-05-31 02:47:45",
                "LastUpdatedDate": "2017-06-15 11:23:41",
                "ListSourceUrl": "https://getaddr.bitnodes.io/api/v1/snapshots/latest/",
                "Maintainer": "BitNodes",
                "MaintainerUrl": "https://getaddr.bitnodes.io/",
                "ReputationCount": 2,
                "UpdateFrequency": "10 mins"
            },
            {
                "Category": "abuse",
                "Data": "1.1.1.1",
                "Description": " Cymon.io ip abuse list",
                "FileSource": "cymon-ip-phishing",
                "FirstListingDate": "2017-05-18 04:00:02",
                "LastUpdatedDate": "2017-06-15 04:00:01",
                "ListSourceUrl": "https://cymon.io/api/nexus/v1/blacklist/ip/phishing/?days=1&format=json&limit=5000",
                "Maintainer": "Cymon",
                "MaintainerUrl": "https://cymon.io/",
                "ReputationCount": 2,
                "UpdateFrequency": "1 day"
            }
        ]
    }
}

Example usage

curl -H "Content-Type: application/json" -X POST -d '{"ip": "1.1.1.1"}' https://services.normshield.com/api/v1/blacklist/searchip

Errors

  • IpLimitError Rate limit error
  • MissingDictKey Raising when recieved json data hasnt any "domain" key.
  • MalformedJson Requests must have valid json otherwise this error will be raised
  • ApiFailed Temporary api error message
  • InvalidIpAddress Raising when recieved domain name field is not valid

Error Example

HTTP/1.1 400 Invalid Ip Address

{
        "status": False,
        "msg": "given input is not an ip address or it is local ip"
}

Breach Email Search

  • Url: https://services.normshield.com/api/v1/breach/email
  • Method: POST
  • Description: NormShield Breach Service helps you to identify your account has been compromised before. Search your email address in our huge data. Having information about your leaked accounts allows you to quickly notify any privacy violation.

Request-Example Json

      {
        "email": "[email protected]"
      }

Response-Example Json

{
    "status": "success",
    "results": {
        "breachSize": 5,
        "breachList": [
            {
                "Email": "(youraddress)@gmail.com",
                "LeakTime": "2016-07-18 04:40:26",
                "Tags": "R2GAMES"
            },
            {
                "Email": "(youraddress)@gmail.com",
                "LeakTime": "2013-04-13 20:23:34",
                "Tags": "TUMBLR"
            },
            {
                "Email": "(youraddress)@gmail.com",
                "LeakTime": "2016-11-08 00:11:51",
                "Tags": "NULLED"
            },
            {
                "Email": "(youraddress)@gmail.com",
                "LeakTime": "2015-04-24 02:26:31",
                "Tags": "MPGH.NET"
            },
            {
                "Email": "(youraddress)@gmail.com",
                "LeakTime": "2016-03-22 02:26:42",
                "Tags": "NULLED.IO"
            }
        ]
    }
}

Example usage

curl -H "Content-Type: application/json" -X POST -d '{"email": "[email protected]"}' https://services.normshield.com/api/v1/breach/email

Errors

  • IpLimitError Rate limit error
  • MissingDictKey Raising when recieved json data hasnt any "domain" key.
  • MalformedJson Requests must have valid json otherwise this error will be raised
  • ApiFailed Temporary api error message
  • InvalidEmailAddress Raising when recieved Email field is not valid

Error Example

HTTP/1.1 400 Invalid Email Address

{
        "status": False,
        "msg": "given input is not an email address"
}

Breach Domain Search

  • Url: https://services.normshield.com/api/v1/breach/domain
  • Method: POST
  • Description: NormShield Breach Service helps you to identify your account has been compromised before. Search your email address in our huge data. Having information about your leaked accounts allows you to quickly notify any privacy violation.

Request-Example Json

 {
        "domain": "normshield.com"
 }

Response-Example Json

{
    "status": "success",
    "results": {
        "breachSize": 6,
        "breachList": [
            {
                "Email": "si****[email protected]",
                "LeakTime": "2016-05-18 02:26:25",
                "Tags": "JAX"
            },
            {
                "Email": "la****[email protected]",
                "LeakTime": "2016-10-20 16:19:20",
                "Tags": "TOR"
            },
            {
                "Email": "se****[email protected]",
                "LeakTime": "2016-10-05 05:50:26",
                "Tags": "TOR"
            },
            {
                "Email": "lo****[email protected]",
                "LeakTime": "2016-10-18 05:39:41",
                "Tags": "TOR"
            },
            {
                "Email": "an****[email protected]",
                "LeakTime": "2016-10-15 01:24:04",
                "Tags": "TOR"
            },
            {
                "Email": "ra****[email protected]",
                "LeakTime": "2016-10-08 21:00:27",
                "Tags": "TOR"
            }
        ]
    }
}

Example usage

curl -H "Content-Type: application/json" -X POST -d '{"domain": "normshield.com"}' https://services.normshield.com/api/v1/breach/domain

Errors

  • IpLimitError Rate limit error
  • MissingDictKey Raising when recieved json data hasnt any "domain" key.
  • MalformedJson Requests must have valid json otherwise this error will be raised
  • ApiFailed Temporary api error message
  • InvalidDomainAddress Raising when recieved Domain field is not valid

Error Example

HTTP/1.1 400 Invalid Domain Name

{
  "status": False,
  "msg": "given domain is not valid"
}

Threat Intelligence Downloads

  • Url: https://services.normshield.com/api/v1/threatfeed/downloadintel
  • Method: GET
  • Description: Users with verified ip have the opportunity to download all the information in a format with this API

Params

  • date: formatted %Y%m%d
  • category: one of the following: frauddomains, honeypotfeeds, dailymaldomain
  • format: one of the following: "STIX" and "CSV"

Params Example

?date=20170512&format=csv&category=frauddomains

Example usage

curl "https://services.normshield.com/api/v1/threatfeed/downloadintel?date=20170720&format=csv&category=frauddomains" > reportfile

Error Example

HTTP/1.1 400 ApiFailed

{
  "status": False,
  "msg": "api query failed. please try again later"
}