Skip to main content
Zondex
login
Browse Stats Pricing Blog Dorks How-To Docs
api

API v1 Documentation

Full-featured REST API for IP enrichment, JARM fingerprints, favicon search, certificate lookup, and threat intelligence. 53M+ IPs indexed, updated daily.

Get Free API Key View Endpoints

rocket_launch Quick Start

# Base URL https://zondex.io/api/v1/ # Authentication: pass your API key via header curl -H "X-Api-Key: YOUR_API_KEY" "https://zondex.io/api/v1/ip/8.8.8.8/" # Or via query parameter curl "https://zondex.io/api/v1/ip/8.8.8.8/?api_key=YOUR_API_KEY"

Get your free API key at Account → Profile. All responses are JSON with consistent {"ok": true, "data": {...}} envelope.

GET

/api/v1/ip/{ip}/

Full enrichment for an IP address: all open ports, services, banners, CVEs, JARM, SSL certs, WAF, RDAP, geolocation, threat intelligence, and more.

Example

curl -H "X-Api-Key: YOUR_KEY" "https://zondex.io/api/v1/ip/8.8.8.8/"

Response

{ "ok": true, "data": { "ip": "8.8.8.8", "total_services": 4, "ports": [53, 443], "cve_count": 0, "geo": { "country_code": "US", "city": "" }, "asn": { "number": 15169, "org": "Google LLC" }, "reverse_dns": "dns.google", "services": [ { "port": 443, "service": "http", "product": "gws", "tls": { "enabled": true, "jarm": "27d40d...", "cert_subject": "dns.google" }, "http": { "title": "Google Public DNS", "status_code": 200 }, "vulnerabilities": { "cve_ids": [], "cve_count": 0 }, "threat": { "type": "" }, "waf": "Cloudflare", // ... 40+ fields per service } ] } }
GET

/api/v1/jarm/{hash}/

UNIQUE

Look up all hosts matching a JARM TLS fingerprint. 30M+ JARM hashes indexed. Use for C2 infrastructure tracking, threat hunting, and TLS fingerprinting. No other standalone JARM API exists.

Example

# Find all hosts with a specific JARM fingerprint curl -H "X-Api-Key: YOUR_KEY" \ "https://zondex.io/api/v1/jarm/29d29d00029d29d21c41d41d00041d0fc7ac8335432249e8becb757baaacec/" # Search JARM hashes by partial match curl -H "X-Api-Key: YOUR_KEY" \ "https://zondex.io/api/v1/jarm/search/?q=29d29d"

Search Response

{ "ok": true, "data": [ { "jarm_hash": "29d29d00029d29d21c...", "host_count": 996695 }, { "jarm_hash": "29d29d00029d29d00...", "host_count": 258010 } ] }
GET

/api/v1/favicon/{hash}/

Find all hosts serving a specific favicon by its hash. 11M+ favicons indexed. Essential for OSINT, bug bounties, and asset discovery.

Example

# Find hosts by favicon hash curl -H "X-Api-Key: YOUR_KEY" \ "https://zondex.io/api/v1/favicon/-1151348033/"
GET

/api/v1/cert/{sha256}/

Find hosts sharing an SSL/TLS certificate by its SHA256 fingerprint. Search certificates by issuer or subject name.

Endpoints

# Lookup by certificate SHA256 curl -H "X-Api-Key: YOUR_KEY" \ "https://zondex.io/api/v1/cert/c3eb99d168069e737ea70f3f6d8f17a3.../" # Search by issuer/subject curl -H "X-Api-Key: YOUR_KEY" \ "https://zondex.io/api/v1/cert/search/?q=Let%27s+Encrypt"
GET

/api/v1/threats/

BUSINESS+

Threat intelligence feed: C2 servers, botnets, miners, RATs, malware, tor exit nodes. 1.3M+ threat records updated daily. Available on Business and Enterprise plans.

Parameters

NameTypeRequiredDescription
typestringNoc2, miner, botnet, rat, malware, tor_exit
countrystringNo2-letter country code
limitintNoMax results (default: 100, max: 10,000)

Example

curl -H "X-Api-Key: YOUR_KEY" \ "https://zondex.io/api/v1/threats/?type=c2&country=RU&limit=500"
GET

/api/v1/stats/

PUBLIC

Database statistics. No authentication required.

curl "https://zondex.io/api/v1/stats/"
GET

/api/v1/account/usage/

Check your current API usage, remaining quota, and plan details.

curl -H "X-Api-Key: YOUR_KEY" "https://zondex.io/api/v1/account/usage/"
{ "ok": true, "data": { "plan": "Free", "daily_limit": 100, "used_today": 12, "remaining": 88 } }

speed Rate Limits & Pricing

Every response includes X-RateLimit-Limit and X-RateLimit-Remaining headers.

PlanPriceAPI Requests/DayThreat FeedJARM/Favicon/Cert
Free$0100cancelcheck_circle
Pro$49/mo5,000cancelcheck_circle
Business$149/mo25,000check_circlecheck_circle
EnterpriseCustomUnlimitedcheck_circlecheck_circle

error_outline Error Responses

StatusMeaning
400Bad Request — missing or invalid parameters
401Unauthorized — missing API key
403Forbidden — invalid key or feature not in plan
429Rate limit exceeded
503Service unavailable — database error

More Documentation

search Search Syntax code Python code Go terminal Bash / cURL
support_agent
Zondex Support
Usually replies within minutes
Hi there!
Send us a message and we'll reply as soon as possible.