User API

GET
/api/v2/user

Return information about your user account

For instance, it will return which API endpoints you have access to, the complete list of filters you are allowed to user as per your license, or how many credits are remaining.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/user'

Parameters

  • {apikey}: your personal key.

Sample response

{
  "count": 1,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "user",
      "@timestamp": "2019-05-08T12:29:22.000Z",
      "apikey": "<redacted>",
      "apis": [
        "user",
        "bulk/ip",
        "bulk/domain",
        "bulk/hostname",
        "simple/ctl",
        "simple/datascan",
        "simple/geoloc",
        "simple/inetnum",
        "simple/pastries",
        "simple/resolver",
        "simple/sniffer",
        "simple/synscan",
        "simple/threatlist",
        "simple/datascan/datamd5",
        "simple/resolver/reverse",
        "simple/resolver/forward",
        "simple/datashot",
        "simple/onionscan",
        "simple/onionshot",
        "simple/topsite",
        "simple/vulnscan",
        "search",
        "search/ctl",
        "search/datascan",
        "search/geoloc",
        "search/inetnum",
        "search/pastries",
        "search/resolver",
        "search/sniffer",
        "search/synscan",
        "search/threatlist",
        "search/datashot",
        "search/onionscan",
        "search/onionshot",
        "search/topsite",
        "alert/list",
        "alert/add",
        "alert/del",
        "search/vulnscan",
        "summary/ip",
        "summary/domain",
        "summary/hostname",
        "export"
      ],
      "categories": [
        "ctl",
        "datascan",
        "geoloc",
        "inetnum",
        "pastries",
        "resolver",
        "sniffer",
        "synscan",
        "threatlist",
        "datashot",
        "onionscan",
        "onionshot",
        "topsite",
        "vulnscan"
      ],
      "credits": 999990,
      "duration": 0,
      "enddate": 0,
      "filters": [
        "app.browse.type",
        "app.browse.name",
        "app.browse.file",
        "app.dns.versionbind",
        "app.elasticsearch.clustername",
        "app.elasticsearch.luceneversion",
        "app.extract.domain",
        "app.extract.file",
        "app.extract.hostname",
        "app.extract.ip",
        "app.extract.url",
        "app.http.bodymd5",
        "app.http.component.product",
        "app.http.component.productvendor",
        "app.http.component.productversion",
        "app.http.component.productversionpatch",
        "app.http.copyright",
        "app.http.copyright.keyword",
        "app.http.description",
        "app.http.description.keyword",
        "app.http.headermd5",
        "app.http.header.name",
        "app.http.header.value",
        "app.http.keywords",
        "app.http.keywords.keyword",
        "app.http.realm",
        "app.http.title",
        "app.http.title.keyword",
        "app.length",
        "app.modbus.code",
        "app.modbus.function",
        "app.modbus.information",
        "app.modbus.product",
        "app.modbus.productvendor",
        "app.modbus.productversion",
        "app.modbus.productversionpatch",
        "app.mongodb.name",
        "app.ntp.leap",
        "app.ntp.mode",
        "app.ntp.stratum",
        "app.ntp.version",
        "app.rtsp.realm",
        "app.screenshot.format",
        "app.screenshot.image",
        "app.screenshot.imagemd5",
        "app.smb.nullsession",
        "app.smb.servername",
        "app.smb.share",
        "app.smb.workgroup",
        "app.snmp.community",
        "app.snmp.sysdescr",
        "app.vnc.authentication",
        "app.vnc.desktopname",
        "app.vnc.screensize",
        "app.vnc.version",
        "abuse",
        "asn",
        "basicconstraints",
        "botnet",
        "ca",
        "city",
        "count",
        "country",
        "data",
        "datamd5",
        "destport",
        "distinct",
        "domain",
        "extkeyusage",
        "file",
        "fingerprint.md5",
        "fingerprint.sha1",
        "fingerprint.sha256",
        "forward",
        "host",
        "hostname",
        "information",
        "ip",
        "ipv6",
        "issuer.commonname",
        "issuer.country",
        "issuer.organization",
        "issuer.organizationalunit",
        "issuer.serial",
        "key",
        "keyusage",
        "location",
        "netname",
        "organization",
        "os",
        "osbits",
        "osdistribution",
        "osdistributionversion",
        "osvendor",
        "osversion",
        "osversionpatch",
        "port",
        "product",
        "productvendor",
        "productversion",
        "productversionpatch",
        "protocol",
        "protocolversion",
        "publickey.algorithm",
        "publickey.exponent",
        "publickey.length",
        "reason",
        "reverse",
        "scheme",
        "serial",
        "signature.algorithm",
        "since",
        "size",
        "source",
        "srcport",
        "status",
        "subdomains",
        "subject.altname",
        "subject.country",
        "subject.commonname",
        "subject.organization",
        "subject.organizationalunit",
        "subject.serial",
        "subnet",
        "syntax",
        "threatlist",
        "title",
        "tld",
        "tls",
        "total",
        "transport",
        "type",
        "url",
        "user",
        "validity.notafter",
        "validity.notbefore",
        "version",
        "wildcard",
        "classification",
        "content",
        "cpe",
        "cpecount",
        "cve",
        "cvecount",
        "device.class",
        "device.product",
        "device.productvendor",
        "device.productversion",
        "device.productversionpatch",
        "onion",
        "tag"
      ],
      "functions": [
        "-hourago",
        "-dayago",
        "-weekago",
        "-monthago",
        "-exists",
        "-wildcard",
        "-fields"
      ],
      "history": "7M",
      "seen_date": "2019-05-08",
      "startdate": "2019-05-08T12:36:37.000Z",
      "view": "Eagle View"
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": "0.000",
  "total": 1
}

Summary API - starting from Free View

GET
/api/v2/summary/ip/{IP}

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Note: all fields are returned except data and content and those not allowed by your subscription.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/summary/ip/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 52,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "ctl",
      "@timestamp": "2020-03-28T00:43:31.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.137,
  "total": 2956
}

GET
/api/v2/summary/domain/{DOMAIN}

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Note: all fields are returned except data and content and those not allowed by your subscription.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/summary/domain/{DOMAIN}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {DOMAIN}: argument must be a domain name.

Sample response

{
  "count": 81,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "ctl",
      "@timestamp": "2020-03-26T03:00:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 1.361,
  "total": 472746
}

GET
/api/v2/summary/hostname/{HOSTNAME}

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Note: all fields are returned except data and content and those not allowed by your subscription.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/summary/hostname/{HOSTNAME}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {HOSTNAME}: argument must be a fully qualified domain name.

Sample response

{
  "count": 34,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "ctl",
      "@timestamp": "2020-03-15T16:22:47.000Z",
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.054,
  "total": 12262
}

Simple API - starting from Free View

GET
/api/v2/simple/geoloc/{IP}

Return results about geoloc category of information

This method requires an API key. It will return results about geoloc category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/geoloc/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "geoloc",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/inetnum/{IP}

Return results about inetnum category of information

This method requires an API key. It will return results about inetnum category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/inetnum/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "inetnum",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/pastries/{IP}

Return results about pastries category of information

This method requires an API key. It will return results about pastries category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/pastries/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "pastries",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/resolver/{IP}

Return results about resolver category of information

This method requires an API key. It will return results about resolver category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/resolver/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/sniffer/{IP}

Return results about sniffer category of information

This method requires an API key. It will return results about sniffer category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/sniffer/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "sniffer",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/synscan/{IP}

Return results about synscan category of information

This method requires an API key. It will return results about synscan category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/synscan/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "synscan",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/threatlist/{IP}

Return results about threatlist category of information

This method requires an API key. It will return results about threatlist category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/threatlist/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "threatlist",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/ctl/{DOMAIN,HOSTNAME}

Return results about ctl category of information

This method requires an API key. It will return results about ctl category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/ctl/{DOMAIN,HOSTNAME}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {DOMAIN,HOSTNAME}: argument must be a domain or a hostname.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 4,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.006,
  "total": 39
}

GET
/api/v2/simple/datascan/{IP,STRING}

Return results about datascan category of information

This method requires an API key. It will return results about datascan category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/datascan/{IP,STRING}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP,STRING}: argument must be either an IP{v4,v6} or a string to search for.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "datascan",
      "@timestamp": "2020-03-03T11:11:00.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.505,
  "total": 218539367
}

GET
/api/v2/simple/datascan/datamd5/{MD5}

Return results about datascan/datamd5 category of information

This method requires an API key. It will return results about datascan/datamd5 category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/datascan/datamd5/{MD5}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {MD5}: argument must a lowercase md5 string to search for against the datamd5 field.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "datascan/datamd5",
      "@timestamp": "2020-03-03T11:17:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.244,
  "total": 218538292
}

GET
/api/v2/simple/resolver/forward/{IP}

Return results about resolver category of information

This method requires an API key. It will return results about resolver category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/resolver/forward/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2020-03-03T11:17:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.244,
  "total": 218538292
}

GET
/api/v2/simple/resolver/reverse/{IP}

Return results about resolver category of information

This method requires an API key. It will return results about resolver category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/resolver/reverse/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2020-03-03T11:17:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.244,
  "total": 218538292
}

Simple API - starting from Entreprise Views

GET
/api/v2/simple/datashot/{IP}

Return results about datashot category of information

This method requires an API key. It will return results about datashot category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/datashot/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "datashot",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/onionshot/{IP}

Return results about onionshot category of information

This method requires an API key. It will return results about onionshot category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/onionshot/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "onionshot",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/topsite/{IP}

Return results about topsite category of information

This method requires an API key. It will return results about topsite category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/topsite/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "topsite",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/vulnscan/{IP}

Return results about vulnscan category of information

This method requires an API key. It will return results about vulnscan category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/vulnscan/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "vulnscan",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/whois/{IP}

Return results about whois category of information

This method requires an API key. It will return results about whois category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/whois/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "whois",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/onionscan/{DOMAIN,HOSTNAME}

Return results about onionscan category of information

This method requires an API key. It will return results about onionscan category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/onionscan/{DOMAIN,HOSTNAME}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {DOMAIN,HOSTNAME}: argument must be a domain or a hostname.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 4,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.006,
  "total": 39
}

Simple Best API - starting from Free View

GET
/api/v2/simple/geoloc/best/{IP}

Return results about geoloc category of information

This method requires an API key. It will return one result about geoloc category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return the best matching subnet regarding the given address. Best matching subnet means the one with the smallest CIDR mask.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/geoloc/best/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 1,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "geoloc",
      "@timestamp": "2021-09-04T01:06:12.000Z",
      "asn": "AS12735",
      "city": "Istanbul",
      "country": "TR",
      "domain": "turk.net",
      "host": "1",
      "hostname": "1.128.70.95.dsl.dynamic.turk.net",
      "ip": "95.70.128.1",
      "ipv6": "false",
      "latitude": "41.0247",
      "location": "41.0247,28.9252",
      "longitude": "28.9252",
      "organization": "TurkNet Iletisim Hizmetleri A.S.",
      "reverse": "1.128.70.95.dsl.dynamic.turk.net",
      "seen_date": "2021-09-04",
      "source": "geolite2",
      "subdomains": [
        "70.95.dsl.dynamic.turk.net",
        "dsl.dynamic.turk.net",
        "dynamic.turk.net",
        "128.70.95.dsl.dynamic.turk.net",
        "95.dsl.dynamic.turk.net"
      ],
      "subnet": "95.70.128.0/25",
      "tld": "net"
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.013,
  "total": 1
}

GET
/api/v2/simple/inetnum/best/{IP}

Return results about inetnum category of information

This method requires an API key. It will return one result about inetnum category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return the best matching subnet regarding the given address. Best matching subnet means the one with the smallest CIDR mask.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/inetnum/best/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 1,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "inetnum",
      "@timestamp": "2021-09-12T01:36:21.000Z",
      "asn": "AS12735",
      "city": "Istanbul",
      "country": "TR",
      "domain": "turk.net",
      "host": "1",
      "hostname": "1.128.70.95.dsl.dynamic.turk.net",
      "information": [
        "TurkNet-DSL"
      ],
      "ip": "95.70.128.1",
      "ipv6": "false",
      "latitude": "41.0247",
      "location": "41.0247,28.9252",
      "longitude": "28.9252",
      "netname": "GayrettepePOP_XdslDynamic",
      "organization": "TurkNet Iletisim Hizmetleri A.S.",
      "reverse": "1.128.70.95.dsl.dynamic.turk.net",
      "seen_date": "2021-09-12",
      "source": "RIPE",
      "subdomains": [
        "95.dsl.dynamic.turk.net",
        "dynamic.turk.net",
        "70.95.dsl.dynamic.turk.net",
        "dsl.dynamic.turk.net",
        "128.70.95.dsl.dynamic.turk.net"
      ],
      "subnet": "95.70.128.0/21",
      "tld": "net"
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.013,
  "total": 1
}

GET
/api/v2/simple/threatlist/best/{IP}

Return results about threatlist category of information

This method requires an API key. It will return 10 latest results about threatlist category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return latest malicious events for the given address that occured during the last 2-days.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/threatlist/best/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 1,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "threatlist",
      "@timestamp": "2021-09-15T23:59:58.000Z",
      "asn": "AS37006",
      "city": "Kigali",
      "country": "RW",
      "ip": "41.216.102.178",
      "ipv6": "false",
      "latitude": "-1.9507",
      "location": "-1.9507,30.0663",
      "longitude": "30.0663",
      "organization": "Liquid Telecommunication Rwanda",
      "seen_date": "2021-09-15",
      "source": "dataplane",
      "subnet": "41.216.102.178/32",
      "tag": "threatlist",
      "threatlist": "Dataplane - SSH pwauth",
      "type": "ip"
   },
   {
      "@category": "threatlist",
      "@timestamp": "2021-09-15T23:59:57.000Z",
      "asn": "AS37006",
      "city": "Kigali",
      "country": "RW",
      "ip": "41.216.102.178",
      "ipv6": "false",
      "latitude": "-1.9507",
      "location": "-1.9507,30.0663",
      "longitude": "30.0663",
      "organization": "Liquid Telecommunication Rwanda",
      "seen_date": "2021-09-15",
      "source": "dataplane",
      "subnet": "41.216.102.178/32",
      "tag": "threatlist",
      "threatlist": "Dataplane - SSH client",
      "type": "ip"
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.013,
  "total": 1
}

Simple Best API - starting from Entreprise Views

GET
/api/v2/simple/whois/best/{IP}

Return results about whois category of information

This method requires an API key. It will return one result about whois category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return the best matching subnet regarding the given address. Best matching subnet means the one with the smallest CIDR mask.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/whois/best/{IP}'

Parameters

  • {apikey}: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 1,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "whois",
      "@timestamp": "2021-09-14T09:02:29.000Z",
      "abuse": [
        "lir@turknet.net.tr"
      ],
      "asn": "AS12735",
      "continent": "AS",
      "continentname": "Asia",
      "country": "TR",
      "countryname": "Turkey",
      "data": "inetnum:        95.70.128.0 - 95.70.135.255\nnetname:        GayrettepePOP_XdslDynamic\ndescr:          TurkNet-DSL\nremarks:        INFRA-AW\ncountry:        TR\nadmin-c:        TL143-RIPE\ntech-c:         TL143-RIPE\nstatus:         ASSIGNED PA\nmnt-by:         MNT-TURKNET-MNT\ncreated:        2008-12-04T20:26:51Z\nlast-modified:  2011-08-17T12:52:56Z\nsource:         RIPE\n\nperson-gdpr:         e108106b0d3bcc39f7e0915fe9d0c3dc\naddress-gdpr:        c1b0e50b795d6a0a666fd678a2c4242b\naddress-gdpr:        f36536738d5750596846e099c231dcae\naddress-gdpr:        ee8df60881f740b0a593432f76199f29\nphone-gdpr:          b81582ac9508a2aaeb0d2b2043645d20\nnic-hdl:        TL143-RIPE\ncreated:        2009-03-05T10:03:41Z\nlast-modified:  2011-08-24T12:18:33Z\nsource:         RIPE\nmnt-by:         MNT-TURKNET-MNT\n\nroute:          95.70.128.0/17\ndescr:          TurkNet Iletisim Hizmetleri A.S\norigin:         AS12735\nmnt-by:         MNT-TURKNET-MNT\ncreated:        2008-11-28T08:22:59Z\nlast-modified:  2009-03-25T08:31:08Z\nsource:         RIPE",
      "domain": [
        "turk.net",
        "turknet.net.tr"
      ],
      "host": "1",
      "ip": "95.70.128.1",
      "ipv6": "false",
      "isineu": "false",
      "latitude": "38.963745",
      "location": "38.963745,35.243322",
      "longitude": "35.243322",
      "netname": "GayrettepePOP_XdslDynamic",
      "organization": "TurkNet Iletisim Hizmetleri A.S",
      "reverse": "1.128.70.95.dsl.dynamic.turk.net",
      "route": "95.70.128.0/17",
      "seen_date": "2021-09-14",
      "source": "ripe",
      "subdomains": [
        "95.dsl.dynamic.turk.net",
        "dynamic.turk.net",
        "70.95.dsl.dynamic.turk.net",
        "128.70.95.dsl.dynamic.turk.net",
        "dsl.dynamic.turk.net"
      ],
      "subnet": "95.70.128.0/21",
      "tag": [
        "full::whois"
      ],
      "tld": [
        "net",
        "net.tr"
      ],
      "type": "ip"
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.013,
  "total": 1
}

Search API - starting from Dragonfly View

GET
/api/v2/search/{OQL}

Alert API - starting from Dragonfly View

GET
/api/v2/alert/list

Return list of configured alerts

Here is an example of an alert string: category:datascan domain:example.com -exists:cve.

Request URL

curl -H 'Authorization: apikey {apikey}' -XGET 'https://www.onyphe.io/api/v2/alert/list'

Parameters

  • {apikey}: your personal key.

Sample response

{
  "count": 9,
  "error": 0,
  "myip": "<redacted>",
  "results": [
    {
      "email": "<redacted>",
      "id": 0,
      "name": "New phishing detected",
      "query": "category:ctl tag:phishing::google -dayago:1",
      "threshold": ">0"
    },
[..]
  ],
  "status": "ok",
  "took": "0.000",
  "total": 9
}

POST
/api/v2/alert/add

Add an alert

Here is an example of an alert string: category:datascan domain:example.com -exists:cve.

Request URL

curl -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' -XPOST 'https://www.onyphe.io/api/v2/alert/add' -d '{"name":"My alert","query":"category:datascan domain:example.com -exists:cve","email":"destination@example.com"}'

Parameters

  • {apikey}: your personal key.
  • name: name of the alert (or a description).
  • query: ONYPHE query to execute (daily basis).
  • email: destination address to use.

Sample response

{
  "error": 0,
  "text": "Success",
  "myip": "<redacted>",
  "status": "ok"
}

POST
/api/v2/alert/del/{ID}

Add an alert

Here is an example of an alert string: category:datascan domain:example.com -exists:cve.

Request URL

curl -H 'Authorization: apikey {apikey}' -XPOST 'https://www.onyphe.io/api/v2/alert/del/{ID}'

Parameters

  • {apikey}: your personal key.
  • id: id of the alert to delete.

Sample response

{
  "error": 0,
  "text": "Success",
  "myip": "<redacted>",
  "status": "ok"
}

Bulk Summary API - starting from Entreprise Views

POST
/api/v2/bulk/summary/ip

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/summary/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category":"resolver","@timestamp":"2020-02-08T00:41:03.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"totilaz.com","forward":"totilaz.com","hostname":"totilaz.com","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-08","source":"ctl","subnet":"3.2.0.0\/15","tld":"com","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T15:41:33.000Z","asn":"AS0","country":"US","domain":"sand88.me","forward":"sand88.me","hostname":"sand88.me","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"urlscan","subnet":"3.2.0.0\/15","tld":"me","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T10:17:39.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"2020s.vip","forward":"www.2020s.vip","host":"www","hostname":"www.2020s.vip","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-04","source":"ctl","subnet":"3.2.0.0\/15","tld":"vip","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T10:17:39.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"syn20.com","forward":"syn20.com","hostname":"syn20.com","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-04","source":"ctl","subnet":"3.2.0.0\/15","tld":"com","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T10:17:38.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"syn20.net","forward":"syn20.net","hostname":"syn20.net","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-04","source":"ctl","subnet":"3.2.0.0\/15","tld":"net","type":"forward"}
{"@category":"topsite","@timestamp":"2020-02-04T10:13:54.000Z","asn":"AS0","country":"US","domain":"sbiepay.com","forward":"sbiepay.com","hostname":"sbiepay.com","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"umbrella","subnet":"3.2.0.0\/15","tag":["top1m","umbrella"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:06:36.000Z","asn":"AS0","country":"US","domain":"onlinepg.net","forward":"is.onlinepg.net","host":"is","hostname":"is.onlinepg.net","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"umbrella","subnet":"3.2.0.0\/15","tag":["top1m","umbrella"],"tld":"net"}
{"@category":"topsite","@timestamp":"2020-02-04T09:48:20.000Z","asn":"AS0","country":"US","domain":"sbiepay.com","forward":"sbiepay.com","hostname":"sbiepay.com","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"alexa","subnet":"3.2.0.0\/15","tag":["alexa","top1m"],"tld":"com"}

POST
/api/v2/bulk/summary/domain

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given domain name. Only the 10 latest results per category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo 'google.com' > /tmp/list.txt
echo 'yahoo.fr' >> /tmp/list.txt
echo 'verizon.com' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/summary/domain'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category":"resolver","@timestamp":"2020-03-03T11:23:56.000Z","asn":"AS0","country":"US","domain":"verizon.com","forward":"forums.verizon.com","host":"forums","hostname":"forums.verizon.com","ip":"143.204.229.20","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-03-03","source":"urlscan","subnet":"143.204.0.0\/16","tld":"com","type":"forward"}
{"@category":"topsite","@timestamp":"2020-02-04T10:23:49.000Z","asn":"AS0","city":"Culver City","country":"US","domain":"verizon.com","forward":"verizon.com","hostname":"verizon.com","ip":"192.16.31.23","ipv6":"false","latitude":"33.9924","location":"33.9924,-118.3991","longitude":"-118.3991","seen_date":"2020-02-04","source":"majestic","subnet":"192.16.30.0\/23","tag":["majestic","top1m"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:22:03.000Z","asn":"AS0","country":"US","domain":"verizon.com","forward":"enterpriseportal.verizon.com","host":"enterpriseportal","hostname":"enterpriseportal.verizon.com","ip":"192.30.31.191","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"umbrella","subnet":"192.30.30.0\/23","tag":["top1m","umbrella"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:21:11.000Z","asn":"AS12079","country":"US","domain":"verizon.com","forward":"gismapssdc.verizon.com","host":"gismapssdc","hostname":"gismapssdc.verizon.com","ip":"162.115.35.43","ipv6":"false","latitude":"40.7592","location":"40.7592,-111.8875","longitude":"-111.8875","organization":"CELLCO-PART","seen_date":"2020-02-04","source":"umbrella","subnet":"162.115.32.0\/21","tag":["top1m","umbrella"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:20:25.000Z","asn":"AS33052","city":"Winter Springs","country":"US","domain":"verizon.com","forward":"fldsmtpe02.verizon.com","host":"fldsmtpe02","hostname":"fldsmtpe02.verizon.com","ip":"140.108.26.141","ipv6":"false","latitude":"39.0680","location":"39.0680,-76.9933","longitude":"-76.9933","organization":"VZUNET","seen_date":"2020-02-04","source":"umbrella","subnet":"140.108.24.0\/22","tag":["top1m","umbrella"],"tld":"com"}
[..]

POST
/api/v2/bulk/summary/hostname

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given fully qualified hostname. Only the 10 latest results per category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo 'www.google.com' > /tmp/list.txt
echo 'www.bing.com' >> /tmp/list.txt
echo 'www.yahoo.fr' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/summary/hostname'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category":"pastries","@timestamp":"2020-03-03T02:55:32.000Z","domain":["secureserver.net","yahoo.com","milcatstore.com","zakral.net","okok.fr","yahoo.fr"],"host":["w2","ip-184-168-131-241","www","ns4"],"hostname":["ip-184-168-131-241.ip.secureserver.net","w2.src1.vip.bf1.yahoo.com","w2.src1.vip.ir2.yahoo.com","w2.src1.vip.sg3.yahoo.com","ns4.zakral.net","www.milcatstore.com","w2.src1.vip.tw1.yahoo.com","w2.src1.vip.gq1.yahoo.com","www.okok.fr","www.yahoo.fr"],"ip":["74.6.136.151","176.31.126.150","124.108.115.101","184.168.131.241","106.10.248.151","212.82.100.151","98.136.103.24"],"key":"t24xRQVk","scheme":["http"],"seen_date":"2020-03-03","size":"644","source":"pastebin","subdomains":["src1.vip.bf1.yahoo.com","tw1.yahoo.com","vip.ir2.yahoo.com","src1.vip.sg3.yahoo.com","ip.secureserver.net","gq1.yahoo.com","ir2.yahoo.com","src1.vip.ir2.yahoo.com","src1.vip.gq1.yahoo.com","vip.gq1.yahoo.com","src1.vip.tw1.yahoo.com","bf1.yahoo.com","vip.bf1.yahoo.com","vip.tw1.yahoo.com","vip.sg3.yahoo.com","sg3.yahoo.com"],"syntax":"text","tld":["net","fr","com"],"url":["http:\/\/www.milcatstore.com","http:\/\/www.okok.fr\/affichage\/a4d4c1dd-9a40-453d-9033-88057affa474.jpg","http:\/\/www.yahoo.fr?"]}
{"@category":"pastries","@timestamp":"2020-03-03T01:59:50.000Z","domain":["yahoo.fr","okok.fr","yahoo.com","secureserver.net","coffbio.com","zakral.net"],"host":["ip-184-168-131-241","w2","ns4","www"],"hostname":["www.okok.fr","www.yahoo.fr","w2.src1.vip.tw1.yahoo.com","w2.src1.vip.gq1.yahoo.com","w2.src1.vip.ir2.yahoo.com","w2.src1.vip.sg3.yahoo.com","ns4.zakral.net","ip-184-168-131-241.ip.secureserver.net","w2.src1.vip.bf1.yahoo.com","www.coffbio.com"],"ip":["98.136.103.24","212.82.100.151","124.108.115.101","184.168.131.241","106.10.248.151","176.31.126.150","74.6.136.151"],"key":"52U52yPw","scheme":["http"],"seen_date":"2020-03-03","size":"643","source":"pastebin","subdomains":["tw1.yahoo.com","src1.vip.bf1.yahoo.com","ip.secureserver.net","gq1.yahoo.com","src1.vip.sg3.yahoo.com","vip.ir2.yahoo.com","src1.vip.gq1.yahoo.com","src1.vip.ir2.yahoo.com","ir2.yahoo.com","bf1.yahoo.com","src1.vip.tw1.yahoo.com","vip.gq1.yahoo.com","vip.bf1.yahoo.com","vip.tw1.yahoo.com","sg3.yahoo.com","vip.sg3.yahoo.com"],"syntax":"text","tld":["fr","net","com"],"url":["http:\/\/www.yahoo.fr?","http:\/\/www.coffbio.com?","http:\/\/www.okok.fr\/affichage\/a4d4c1dd-9a40-453d-9033-88057affa474.jpg"]}
{"@category":"resolver","@timestamp":"2020-03-03T02:55:33.000Z","asn":"AS34010","country":"GB","domain":"yahoo.fr","forward":"www.yahoo.fr","host":"www","hostname":"www.yahoo.fr","ip":"212.82.100.151","ipv6":"false","latitude":"51.4964","location":"51.4964,-0.1224","longitude":"-0.1224","organization":"Yahoo! UK Services Limited","seen_date":"2020-03-03","source":"pastries","subnet":"212.82.100.0\/22","tld":"fr","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-29T05:22:07.000Z","asn":"AS34010","country":"CH","domain":"yahoo.fr","forward":"www.yahoo.fr","host":"www","hostname":"www.yahoo.fr","ip":"212.82.100.151","ipv6":"false","latitude":"47.1449","location":"47.1449,8.1551","longitude":"8.1551","organization":"Yahoo! UK Services Limited","seen_date":"2020-02-29","source":"urlscan","subnet":"212.82.100.0\/22","tld":"fr","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-22T13:56:40.000Z","asn":"AS34010","country":"CH","domain":"yahoo.fr","forward":"www.yahoo.fr","host":"www","hostname":"www.yahoo.fr","ip":"212.82.100.151","ipv6":"false","latitude":"47.1449","location":"47.1449,8.1551","longitude":"8.1551","organization":"Yahoo! UK Services Limited","seen_date":"2020-02-22","source":"urlscan","subnet":"212.82.100.0\/22","tld":"fr","type":"forward"}
[..]

Bulk Simple API - starting from Entreprise Views

POST
/api/v2/bulk/simple/ctl/ip

Return results about ctl category of information

This method requires an API key. It will return results about ctl category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/ctl/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "ctl","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "ctl","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/datascan/ip

Return results about datascan category of information

This method requires an API key. It will return results about datascan category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/datascan/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "datascan","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "datascan","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/datashot/ip

Return results about datashot category of information

This method requires an API key. It will return results about datashot category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/datashot/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "datashot","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "datashot","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/geoloc/ip

Return results about geoloc category of information

This method requires an API key. It will return results about geoloc category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/geoloc/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "geoloc","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "geoloc","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/inetnum/ip

Return results about inetnum category of information

This method requires an API key. It will return results about inetnum category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/inetnum/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "inetnum","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "inetnum","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/pastries/ip

Return results about pastries category of information

This method requires an API key. It will return results about pastries category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/pastries/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "pastries","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "pastries","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/resolver/ip

Return results about resolver category of information

This method requires an API key. It will return results about resolver category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/resolver/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "resolver","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "resolver","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/sniffer/ip

Return results about sniffer category of information

This method requires an API key. It will return results about sniffer category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/sniffer/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "sniffer","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "sniffer","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/synscan/ip

Return results about synscan category of information

This method requires an API key. It will return results about synscan category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/synscan/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "synscan","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "synscan","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/threatlist/ip

Return results about threatlist category of information

This method requires an API key. It will return results about threatlist category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/threatlist/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "threatlist","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "threatlist","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/topsite/ip

Return results about topsite category of information

This method requires an API key. It will return results about topsite category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/topsite/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "topsite","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "topsite","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/vulnscan/ip

Return results about vulnscan category of information

This method requires an API key. It will return results about vulnscan category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/vulnscan/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "vulnscan","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "vulnscan","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

POST
/api/v2/bulk/simple/whois/ip

Return results about whois category of information

This method requires an API key. It will return results about whois category of information we have for the given IPv{4,6} address. Only the 10 latest results for the queried category will be returned. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/whois/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[..]
{"@category": "whois","@timestamp":"2021-09-16T19:33:22.000Z","@version":1,[..]
{"@category": "whois","@timestamp":"2021-09-16T19:33:24.000Z","@version":1,[..]
[..]

Bulk Simple Best API - starting from Entreprise Views

POST
/api/v2/bulk/simple/geoloc/best/ip

Return results about geoloc category of information

This method requires an API key. It will return one result about geoloc category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return the best matching subnet regarding each given addresses. Best matching subnet means the one with the smallest CIDR mask. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/geoloc/best/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

{"@category":"geoloc","@timestamp":"2021-09-16T13:36:58.000Z","asn":"AS13335","country":"AU","domain":"one.one","host":"one","hostname":"one.one.one.one","ip":"1.1.1.1","ipv6":"false","latitude":"-33.4940","location":"-33.4940,143.2104","longitude":"143.2104","organization":"CLOUDFLARENET","reverse":"one.one.one.one","seen_date":"2021-09-16","source":"geolite2","subdomains":"one.one.one","subnet":"1.1.1.0\/24","tld":"one"}
{"@category":"geoloc","@timestamp":"2021-09-16T13:37:55.000Z","asn":"AS3215","country":"FR","ipv6":"false","latitude":"48.8582","location":"48.8582,2.3387","longitude":"2.3387","organization":"Orange","seen_date":"2021-09-16","source":"geolite2","subnet":"2.2.0.0\/18"}
{"@category":"geoloc","@timestamp":"2021-09-16T13:40:15.000Z","country":"US","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2021-09-16","source":"geolite2","subnet":"3.3.3.0\/24"}

POST
/api/v2/bulk/simple/inetnum/best/ip

Return results about inetnum category of information

This method requires an API key. It will return one result about inetnum category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return the best matching subnet regarding each given addresses. Best matching subnet means the one with the smallest CIDR mask. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/inetnum/best/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

{"@category":"inetnum","@timestamp":"2021-09-12T01:36:21.000Z","asn":"AS13335","country":"AU","domain":"one.one","host":"one","hostname":"one.one.one.one","information":["APNIC and Cloudflare DNS Resolver project","Routed globally by AS13335\/Cloudflare","Research prefix for APNIC Labs"],"ip":"1.1.1.1","ipv6":"false","latitude":"-33.4940","location":"-33.4940,143.2104","longitude":"143.2104","netname":"APNIC-LABS","organization":"CLOUDFLARENET","reverse":"one.one.one.one","seen_date":"2021-09-12","source":"APNIC","subdomains":"one.one.one","subnet":"1.1.1.0\/24","tld":"one"}
{"@category":"inetnum","@timestamp":"2021-09-12T01:36:21.000Z","asn":"AS3215","city":"Mamers","country":"FR","ipv6":"false","latitude":"48.3533","location":"48.3533,0.3868","longitude":"0.3868","netname":"FR-TELECOM-20100712","organization":"Orange","seen_date":"2021-09-12","source":"RIPE","subnet":"2.0.0.0\/12"}

POST
/api/v2/bulk/simple/threatlist/best/ip

Return results about threatlist category of information

This method requires an API key. It will return 10 latest results about threatlist category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return latest malicious events for each given addresses that occured during the last 2-days.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/threatlist/best/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

{"@category":"threatlist","@timestamp":"2021-09-15T23:59:58.000Z","asn":"AS37006","city":"Kigali","country":"RW","ip":"41.216.102.178","ipv6":"false","latitude":"-1.9507","location":"-1.9507,30.0663","longitude":"30.0663","organization":"Liquid Telecommunication Rwanda","seen_date":"2021-09-15","source":"dataplane","subnet":"41.216.102.178\/32","tag":"threatlist","threatlist":"Dataplane - SSH pwauth","type":"ip"}
{"@category":"threatlist","@timestamp":"2021-09-15T23:59:57.000Z","asn":"AS37006","city":"Kigali","country":"RW","ip":"41.216.102.178","ipv6":"false","latitude":"-1.9507","location":"-1.9507,30.0663","longitude":"30.0663","organization":"Liquid Telecommunication Rwanda","seen_date":"2021-09-15","source":"dataplane","subnet":"41.216.102.178\/32","tag":"threatlist","threatlist":"Dataplane - SSH client","type":"ip"}

POST
/api/v2/bulk/simple/whois/best/ip

Return results about whois category of information

This method requires an API key. It will return one result about whois category of information we have for the given IPv{4,6} address. There will be no history of changes, the goal of this API is to return the best matching subnet regarding each given addresses. Best matching subnet means the one with the smallest CIDR mask. Results are rendered as one JSON entry per line for easier integration with external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/simple/whois/best/ip'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

{"@category":"whois","@timestamp":"2021-09-07T10:22:33.000Z","abuse":["helpdesk@apnic.net","research@apnic.net","resolver-abuse@cloudflare.com"],"asn":"AS13335","bgproute":"1.1.1.119\/32","continent":"OC","continentname":"Oceania","country":"AU","countryname":"Australia","data":"inetnum:        1.1.1.0 - 1.1.1.255\nnetname:        APNIC-LABS\ndescr:          APNIC and Cloudflare DNS Resolver project\ndescr:          Routed globally by AS13335\/Cloudflare\ndescr:          Research prefix for APNIC Labs\ncountry:        AU\norg:            ORG-ARAD1-AP\nadmin-c:        AR302-AP\ntech-c:         AR302-AP\nabuse-c:        AA1412-AP\nstatus:         ASSIGNED PORTABLE\nremarks:        ---------------\nremarks:        All Cloudflare abuse reporting can be done via\nremarks:        resolver-abuse@cloudflare.com\nremarks:        ---------------\nmnt-by:         APNIC-HM\nmnt-routes:     MAINT-AU-APNIC-GM85-AP\nmnt-irt:        IRT-APNICRANDNET-AU\nlast-modified:  2020-07-15T13:10:57Z\nsource:         APNIC\n\nirt:            IRT-APNICRANDNET-AU\naddress:        PO Box 3646\naddress:        South Brisbane, QLD 4101\naddress:        Australia\ne-mail:         helpdesk@apnic.net\nabuse-mailbox:  helpdesk@apnic.net\nadmin-c:        AR302-AP\ntech-c:         AR302-AP\nauth:\nremarks:        helpdesk@apnic.net was validated on 2021-02-09\nmnt-by:         MAINT-AU-APNIC-GM85-AP\nlast-modified:  2021-03-09T01:10:21Z\nsource:         APNIC\n\norganisation:   ORG-ARAD1-AP\norg-name:       APNIC Research and Development\ncountry:        AU\naddress:        6 Cordelia St\nphone:          +61-7-38583100\nfax-no:         +61-7-38583199\ne-mail:         helpdesk@apnic.net\nmnt-ref:        APNIC-HM\nmnt-by:         APNIC-HM\nlast-modified:  2017-10-11T01:28:39Z\nsource:         APNIC\n\nrole:           ABUSE APNICRANDNETAU\naddress:        PO Box 3646\naddress:        South Brisbane, QLD 4101\naddress:        Australia\ncountry:        ZZ\nphone:          +000000000\ne-mail:         helpdesk@apnic.net\nadmin-c:        AR302-AP\ntech-c:         AR302-AP\nnic-hdl:        AA1412-AP\nremarks:        Generated from irt object IRT-APNICRANDNET-AU\nabuse-mailbox:  helpdesk@apnic.net\nmnt-by:         APNIC-ABUSE\nlast-modified:  2021-03-09T01:10:22Z\nsource:         APNIC\n\nrole:           APNIC RESEARCH\naddress:        PO Box 3646\naddress:        South Brisbane, QLD 4101\naddress:        Australia\ncountry:        AU\nphone:          +61-7-3858-3188\nfax-no:         +61-7-3858-3199\ne-mail:         research@apnic.net\nnic-hdl:        AR302-AP\ntech-c:         AH256-AP\nadmin-c:        AH256-AP\nmnt-by:         MAINT-APNIC-AP\nlast-modified:  2018-04-04T04:26:04Z\nsource:         APNIC\n\nroute:          1.1.1.0\/24\norigin:         AS13335\ndescr:          APNIC Research and Development\n                6 Cordelia St\nmnt-by:         MAINT-AU-APNIC-GM85-AP\nlast-modified:  2018-03-16T16:58:06Z\nsource:         APNIC","domain":["apnic.net","cloudflare.com","one.one"],"host":"one","ip":"1.1.1.1","ipv6":"false","isineu":"false","latitude":"-25.274398","location":"-25.274398,133.775136","longitude":"133.775136","netname":"APNIC-LABS","organization":"APNIC Research and Development","reverse":"one.one.one.one","route":"1.1.1.0\/24","seen_date":"2021-09-07","source":"apnic","subdomains":"one.one.one","subnet":"1.1.1.0\/24","tag":["sniffer::whois"],"tld":["com","net","one"],"type":"ip"}
{"@category":"whois","@timestamp":"2021-09-04T05:02:24.000Z","abuse":["gestionip.ft@orange.com"],"asn":"AS3215","continent":"EU","continentname":"Europe","country":"FR","countryname":"France","data":"inetnum:        2.0.0.0 - 2.15.255.255\nnetname:        FR-TELECOM-20100712\ncountry:        FR\norg:            ORG-FT2-RIPE\nadmin-c:        HC5303-RIPE\ntech-c:         PG5119-RIPE\ntech-c:         ML2808-RIPE\nstatus:         ALLOCATED PA\nmnt-by:         RIPE-NCC-HM-MNT\nmnt-by:         FT-BRX\nmnt-lower:      RAIN-TRANSPAC\nmnt-lower:      FT-BRX\nmnt-routes:     FT-BRX\nmnt-routes:     RAIN-TRANSPAC\nmnt-domains:    RAIN-TRANSPAC\nmnt-domains:    FT-BRX\ncreated:        2010-07-12T13:54:34Z\nlast-modified:  2017-04-10T14:16:37Z\nsource:         RIPE\n\norganisation:   ORG-FT2-RIPE\norg-name:       Orange S.A.\ncountry:        FR\norg-type:       LIR\naddress-gdpr:        067e374d83542132732e7a9fcbdb8a28\naddress-gdpr:        0668840d55e1534544f5b37a8503f4fb\naddress-gdpr:        c67246268fc3918506bab46a11fa982f\naddress-gdpr:        fd0ff296819dc61da4c30a3ed57fcce6\nphone-gdpr:          6971a614b748ba9a3771bf1a1b268c63\nadmin-c:        HC5303-RIPE\nadmin-c:        ML2808-RIPE\nadmin-c:        PG5119-RIPE\nadmin-c:        BRX1-RIPE\nmnt-ref:        OLEANE-NOC\nmnt-ref:        FT-BRX\nmnt-ref:        RAIN-TRANSPAC\nmnt-ref:        RIPE-NCC-HM-MNT\nmnt-by:         RIPE-NCC-HM-MNT\nmnt-by:         FT-BRX\nabuse-c:        BRX1-RIPE\ncreated:        2004-04-17T11:23:51Z\nlast-modified:  2020-12-16T13:17:33Z\nsource:         RIPE\n\nperson-gdpr:         d7ae898d89f80f523cc4b6671ac74ca4\naddress-gdpr:        909cea0c97058cfe2e3ea8d675cb08e1\naddress-gdpr:        2fdf297a40ff2697d0c48887a29cd68f\naddress-gdpr:        f58814b4968ce67d7e6d89a11ab4fcd5\naddress-gdpr:        3c52b8c0e222567f6e482efefc6c4ae4\naddress-gdpr:        0309a6c666a7a803fdb9db95de71cf01\nphone-gdpr:          3444f5a00013e309ff4901b047d449b9\nnic-hdl:        HC5303-RIPE\nmnt-by:         FT-BRX\ncreated:        2016-10-19T13:10:14Z\nlast-modified:  2016-10-19T13:10:14Z\nsource:         RIPE\n\nperson-gdpr:         f16c7b5ddd9fbcd6d152c171ff93e384\naddress-gdpr:        c14b5862deadda040828ebaf72f0f803\naddress-gdpr:        692b8a1315041d4e527ef3293e3463ff\naddress-gdpr:        74862daf434d62dd86758e378c650bc1\naddress-gdpr:        c2c60de6160e0ced8fdc80259a8cce76\nphone-gdpr:          3ef07e7ff7ed6101822fe91676a0ebb9\nnic-hdl:        ML2808-RIPE\nmnt-by:         FT-BRX\ncreated:        1970-01-01T00:00:00Z\nlast-modified:  2020-10-05T08:56:52Z\nsource:         RIPE\n\nperson-gdpr:         11875de78e985e2ca99eaa5bf10b0b4d\naddress-gdpr:        c14b5862deadda040828ebaf72f0f803\naddress-gdpr:        692b8a1315041d4e527ef3293e3463ff\naddress-gdpr:        74862daf434d62dd86758e378c650bc1\naddress-gdpr:        c2c60de6160e0ced8fdc80259a8cce76\nphone-gdpr:          2877e8c0fdba282bc9fef3361b20af91\nnic-hdl:        PG5119-RIPE\nmnt-by:         FT-BRX\ncreated:        2002-05-03T08:06:49Z\nlast-modified:  2020-10-05T08:56:53Z\nsource:         RIPE\n\nroute:          2.0.0.0\/16\ndescr:          France Telecom Orange\norigin:         AS3215\nmnt-by:         RAIN-TRANSPAC\nmnt-by:         FT-BRX\ncreated:        2012-11-22T09:31:56Z\nlast-modified:  2012-11-22T09:31:56Z\nsource:         RIPE","domain":["orange.com"],"ip":"2.0.0.1","ipv6":"false","isineu":"true","latitude":"46.227638","location":"46.227638,2.213749","longitude":"2.213749","netname":"FR-TELECOM-20100712","organization":"Orange S.A.","route":"2.0.0.0\/16","seen_date":"2021-09-04","source":"ripe","subnet":"2.0.0.0\/12","tag":["full::whois"],"tld":["com"],"type":"ip"}
{"@category":"whois","@timestamp":"2021-09-14T14:11:12.000Z","abuse":["abuse@amazonaws.com","amzn-noc-contact@amazon.com","aws-routing-poc@amazon.com","aws-rpki-routing-poc@amazon.com"],"asn":"AS16509","bgproute":"3.2.11.0\/24","continent":"NA","continentname":"North America","country":"US","countryname":"United States","data":"NetRange:       3.0.0.0 - 3.127.255.255\nCIDR:           3.0.0.0\/9\nNetName:        AT-88-Z\nNetHandle:      NET-3-0-0-0-1\nParent:         NET3 (NET-3-0-0-0-0)\nNetType:        Direct Allocation\nOriginAS:       \nOrganization:   Amazon Technologies Inc. (AT-88-Z)\nRegDate:        2017-12-20\nUpdated:        2021-07-22\nComment:        -----BEGIN CERTIFICATE-----MIIDXTCCAkWgAwIBAgIJAP8\/PKf0V0YgMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTkwNjA3MTIwOTE0WhcNMjAwNjA2MTIwOTE0WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaDSbngAXoQh51PFKIjK0c9yqCz6Dr+71QfBIYW5yYGZH2jy1FVCEhYeISnvtPCdOYeyvgukDIlbUI9k5uCjJfllPOYV27WHdVCosmGEW5X3\/hEofbIfUOSNkptayKpxcXUX+oZWOR4CY6d5Dg9Lz+INClH+3tkIq1yxpzaY0gS5wLLj\/4x3Mc\/VJ6HAE+qA5fgKILvwycDBjF57F7zpbsYsqhYuipYYa1tRNiyxl0dAah1SEH5FuzR2YIAU\/JK+orBS7YsTxMkaufosKQIhCbHE3C+KjEY1AVBwZlCzvfFKeiU2Gb81PPM3reHDH\/H7EibjxemDuIVMom3rFETktQIDAQABo1AwTjAdBgNVHQ4EFgQU7ae6kVQwhI35+wq2z63EIWKhrRAwHwYDVR0jBBgwFoAU7ae6kVQwhI35+wq2z63EIWKhrRAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQsFAAOCAQEAMU9Hae07KXMlqrkBuJYGTS4oXy6lB9N12OVJjfgapwxsQiYjn9YDJqEJv\/V8IIuxdHGE6z1tRxVfygWb+OE8cBkgE2jJZ2RqK5990MqwIFrfnBBR\/PhureveIZjQPS1CjOQGtPoIXiHqst8EUUx0O4AJ41VXVhvjmzDHv4VeGySlFCcDof1ydU1fk9Ejb61gW+VzEgvylvSXEUFwK1U1jNWBZr06B2RlpK6fJdeGHRPpcp1A0bOUiOpXiTYzLscKJW\/SSM8\/SP5vptE6pgPHiRRvZWGRoAY2ZDiuJKI+MCN1IZnf\/8fgMug5xD7BbnPrhCR4UOVqzHI60bJQY5BBIg==-----END CERTIFICATE-----\nComment:        \nComment:        \nComment:        \nComment:        -----BEGIN CERTIFICATE-----MIIERTCCAy2gAwIBAgIUEeCFhDCQYHQsvVxHEmV6UUzi3RowDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMRwwGgYDVQQKDBNBbWF6b24gV2ViIFNlcnZpY2VzMRgwFgYDVQQLDA9BV1NDb25zb2xlUHJveHkxHzAdBgNVBAMMFmNvbnNvbGUuYXdzLmFtYXpvbi5jb20xKDAmBgkqhkiG9w0BCQEWGWF3c2Mtc3BhY2ViaXJkQGFtYXpvbi5jb20wHhcNMjEwNDIwMjIyNDQwWhcNMjIwNDIwMjIyNDQwWjCBsTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRIwEAYDVQQHDAlQYWxvIEFsdG8xHDAaBgNVBAoME0FtYXpvbiBXZWIgU2VydmljZXMxGDAWBgNVBAsMD0FXU0NvbnNvbGVQcm94eTEfMB0GA1UEAwwWY29uc29sZS5hd3MuYW1hem9uLmNvbTEoMCYGCSqGSIb3DQEJARYZYXdzYy1zcGFjZWJpcmRAYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANjUl6VR0FtnbX6ABKgTBHvTdbkrnF7fPE8LP1RRsKIPkvLneDHG9+KCgH4zcfq5Aqq05B4FR0ZP1jbiygIUIwD64Gj1IGlXbr\/JNqpMq52RqlJW056vgDcyUvkw\/A9vVKcCbqoshNH+85MDzseiHI\/zX8x1rLqzpzYppTLZW6giM+ygGeiUjMvo5jRUtEjje70CfU2uXW0fdVGmt53hATpDkc1+GdZoGQpEbTUV99tSvNCR99JuA8HmA1I+NvdUMZ\/6HE8mMQcGURZ7aN+CDc\/+NL+4yIbRizLHiaP4BuMqGkXSQdaE8TuWybhj3SvetG+gRqa3xk7ndPm+XVThktUCAwEAAaNTMFEwHQYDVR0OBBYEFIFqtfJBKfjDnl9ScLX7EwAcSItxMB8GA1UdIwQYMBaAFIFqtfJBKfjDnl9ScLX7EwAcSItxMA8GA1UdEwEB\/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACkshh33TuGcr1I9D9wTCNFHpyF50IrexUl6SKspOqpZ+o1OdTeZFGpkZerHQgjqUShhauG01VfRoKZmPyEhv8L3XB2ZmF7laE5jgFMwSuV\/U4uc50zVBoRvYJ0v5UF\/QVWLvdRVK3TKNcYnJcgSy8ntG\/SposSryZCdstcYOxHUIC69m7pDrylggbWkqQVJfO\/10RKGjNFikKYkeFYHrrjK1n07p9tsuAqe8WafgSyPhZiFGWaGJgOMihdxg72FDMwFhkKbfs\/LusRbs82gnGjJ\/IMEOEZaYHDXpN0LzXhFsi115HcDOoSpsj\/jsD3knSi+OIZ+pHJ+ntjfK1gInnM=-----END CERTIFICATE-----\nRef:            https:\/\/rdap.arin.net\/registry\/ip\/3.0.0.0\n\nOrgName:        Amazon Technologies Inc.\nOrgId:          AT-88-Z\nAddress:        410 Terry Ave N.\nCity:           Seattle\nStateProv:      WA\nPostalCode:     98109\nCountry:        US\nRegDate:        2011-12-08\nUpdated:        2021-07-28\nComment:        All abuse reports MUST include:\nComment:        * src IP\nComment:        * dest IP (your IP)\nComment:        * dest port\nComment:        * Accurate date\/timestamp and timezone of activity\nComment:        * Intensity\/frequency (short log extracts)\nComment:        * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.\nRef:            https:\/\/rdap.arin.net\/registry\/entity\/AT-88-Z\n\nOrgAbuseHandle: AEA8-ARIN\nOrgAbuseName:   Amazon EC2 Abuse\nOrgAbusePhone:  +1-206-266-4064 \nOrgAbuseEmail:  abuse@amazonaws.com\nOrgAbuseRef:    https:\/\/rdap.arin.net\/registry\/entity\/AEA8-ARIN\n\nOrgRoutingHandle: IPROU3-ARIN\nOrgRoutingName:   IP Routing\nOrgRoutingPhone:  +1-206-266-4064 \nOrgRoutingEmail:  aws-routing-poc@amazon.com\nOrgRoutingRef:    https:\/\/rdap.arin.net\/registry\/entity\/IPROU3-ARIN\n\nOrgNOCHandle: AANO1-ARIN\nOrgNOCName:   Amazon AWS Network Operations\nOrgNOCPhone:  +1-206-266-4064 \nOrgNOCEmail:  amzn-noc-contact@amazon.com\nOrgNOCRef:    https:\/\/rdap.arin.net\/registry\/entity\/AANO1-ARIN\n\nOrgRoutingHandle: ARMP-ARIN\nOrgRoutingName:   AWS RPKI Management POC\nOrgRoutingPhone:  +1-206-266-4064 \nOrgRoutingEmail:  aws-rpki-routing-poc@amazon.com\nOrgRoutingRef:    https:\/\/rdap.arin.net\/registry\/entity\/ARMP-ARIN\n\nOrgTechHandle: ANO24-ARIN\nOrgTechName:   Amazon EC2 Network Operations\nOrgTechPhone:  +1-206-266-4064 \nOrgTechEmail:  amzn-noc-contact@amazon.com\nOrgTechRef:    https:\/\/rdap.arin.net\/registry\/entity\/ANO24-ARIN\n","domain":["amazon.com","amazonaws.com"],"host":"ec2-3-0-0-1","ip":"3.0.0.1","ipv6":"false","isineu":"false","latitude":"37.09024","location":"37.09024,-95.712891","longitude":"-95.712891","netname":"AT-88-Z","organization":"Amazon Technologies Inc.","reverse":"ec2-3-0-0-1.ap-southeast-1.compute.amazonaws.com","route":"3.0.0.0\/9","seen_date":"2021-09-14","source":"arin","subdomains":["compute.amazonaws.com","ap-southeast-1.compute.amazonaws.com"],"subnet":"3.0.0.0\/9","tag":["bgpmon::whois"],"tld":["com"],"type":"ip"}

Bulk Discovery Asset API - starting from Griffin Views New API

POST
/api/v2/bulk/discovery/ctl/asset

Return results about ctl category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/ctl/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/datascan/asset

Return results about datascan category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/datascan/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/datashot/asset

Return results about datashot category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/datashot/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/geoloc/asset

Return results about geoloc category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/geoloc/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/inetnum/asset

Return results about inetnum category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/inetnum/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/onionscan/asset

Return results about onionscan category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/onionscan/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/onionshot/asset

Return results about onionshot category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/onionshot/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/pastries/asset

Return results about pastries category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/pastries/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/resolver/asset

Return results about resolver category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/resolver/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/sniffer/asset

Return results about sniffer category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/sniffer/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/synscan/asset

Return results about synscan category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/synscan/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/threatlist/asset

Return results about threatlist category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/threatlist/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/topsite/asset

Return results about topsite category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/topsite/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/vulnscan/asset

Return results about vulnscan category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/vulnscan/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

POST
/api/v2/bulk/discovery/whois/asset

Return results about whois category of information

This method requires an API key and a Griffin View subscription. It allows to execute bulk searches by leveraging the best from ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried by default, but you can use the -since function to fetch more.

Request URL

echo 'domain:example.com -since:7M' > /tmp/list.txt
echo 'ip:8.8.8.0/24 -since:7M' >> /tmp/list.txt
echo 'organization:"OVH SAS" -since:7M' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/discovery/whois/asset'

Parameters

  • {apikey}: your personal key.

Limitation

  • You can only send a file with at most 100,000 lines.

Sample response

[results]

Export API - starting from Eagle View

GET
/api/v2/export/{OQL}

Return results about all categories of information

This method requires an API key and an Eagle View subscription. It allows to export all information we have using the ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration with external tools. The last 30 days of data are queried.

Here is an example of a OQL query string: category:datascan product:Nginx protocol:http os:Windows tls:true.

Request URL

perl -MURI::Escape -e 'print uri_escape("category:datascan product:Nginx protocol:http os:Windows tls:true")."\n"'
category%3Adatascan%20product%3ANginx%20protocol%3Ahttp%20os%3AWindows%20tls%3Atrue

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/export/category%3Adatascan%20product%3ANginx%20protocol%3Ahttp%20os%3AWindows%20tls%3Atrue'

Parameters

  • {apikey}: your personal key.

Sample response

[..]
{"@timestamp":"2020-02-16T19:33:22.000Z","@version":1,"app":{"extract":{"domain":["bingolink.biz"],"hostname":["www.bingolink.biz"],"url":["https:\/\/www.bingolink.biz\/sso\/oauth2\/authorize?response_type=code+id_token&client_id=Y5hettT5dK7eQB7C77KE&redirect_uri=https"]},"http":{"bodymd5":"d41d8cd98f00b204e9800998ecf8427e","headermd5":"904e765d1e9e9fe47aa4f97f0aab1a83"},"length":"338"},"asn":"AS58466","ca":"false","city":"Guangzhou","country":"CN","cpe":["cpe:\/a:nginx:nginx:1.3.13"],"cpecount":1,"cve":["CVE-2013-4547"],"cvecount":1,"data":"HTTP\/1.1 302 \r\nServer: nginx\/1.3.13-win64\r\nDate: Sun, 16 Feb 2020 19:33:01 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https:\/\/www.bingolink.biz\/sso\/oauth2\/authorize?response_type=code+id_token&client_id=Y5hettT5dK7eQB7C77KE&redirect_uri=https%3A%2F%2F<ip>gt;%2F%3Foauth2_redirect%3D1&logout_uri=https%3A%2F%2F<ip>gt;%2Flogout\r\n\r\n","datamd5":"0c3f92039aac38bd6152d56a60c99c5d","device":{"class":"Web Server"},"domain":["bingosoft.net","cloudmtr.com","gz-mstc.com","zyuntech.net"],"extkeyusage":["serverAuth"],"fingerprint":{"md5":"ec2b7dc99cc892eabb4f9e7bb35523fc","sha1":"1a739b18408af7be65af02231de46829d1325307","sha256":"8bb8fa0d9a2ff30a9c902082df572d93c664d88760a7a92a9730c483b8556ea8"},"ip":"114.67.22.116","ipv6":"false","issuer":{"commonname":"bingosoft-CA"},"keyusage":["digitalSignature","keyEncipherment"],"location":"23.1167,113.2500","organization":"CHINANET Guangdong province network","os":"Windows","osbits":"64","osvendor":"Microsoft","port":"443","product":"Nginx","productvendor":"Nginx","productversion":"1.3.13","protocol":"http","protocolversion":"1.1","publickey":{"algorithm":"rsaEncryption","length":"1024"},"serial":"49:46:26:ca:00:00:00:00:37:d2","signature":{"algorithm":"sha512WithRSAEncryption"},"source":"datascan","status":"302","subject":{"altname":["*.bingosoft.net","*.cloudmtr.com","*.gz-mstc.com","*.zyuntech.net"],"commonname":"*.bingosoft.net","country":"CN","organizationalunit":"Bingosoft"},"subnet":"114.67.0.0\/18","tld":["com","net"],"tls":"true","transport":"tcp","url":"\/","validity":{"notafter":"2020-06-27T06:24:58Z","notbefore":"2018-06-28T06:24:58Z"},"version":"v3","wildcard":"true"}
{"@timestamp":"2020-02-03T15:10:40.000Z","@version":1,"app":{"http":{"bodymd5":"454c1e637802adcf4f3af455565fcb80","headermd5":"e17199cef388a63240ad76ecd9fac1ae","title":"Welcome to nginx!"},"length":"656"},"asn":"AS24940","ca":"true","country":"DE","cpe":["cpe:\/a:igor_sysoev:nginx:7.5"],"cpecount":1,"data":"HTTP\/1.1 200 OK\r\nServer: Microsoft-IIS\/7.5\r\nDate: Mon, 03 Feb 2020 15:10:29 GMT\r\nContent-Type: text\/html\r\nContent-Length: 435\r\nLast-Modified: Wed, 12 Jul 2017 11:29:51 GMT\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>gt;\n<html>gt;\n<head>gt;\n<title>gt;Welcome to nginx!<\/title>gt;\n<style>gt;\n    body {\n        width: 35em;\n        margin: 0 auto;\n        font-family: Tahoma, Verdana, Arial, sans-serif;\n    }\n<\/style>gt;\n<\/head>gt;\n<body>gt;\n<h1>gt;Welcome <\/h1>gt;\n\n<pre>gt;\n\n           ****\n         **    **\n        *  O   O *\n       *     L    *\n       *          *\n        * \\____\/ *\n         **    **\n           ****\n\n\n\n\n<\/pre>gt;\n\n<small>gt; TAO <\/small>gt;\n<\/body>gt;\n<\/html>gt;\n","datamd5":"b9a40bb37b4c7195d7982740e732f965","device":{"class":"Web Server"},"domain":"funcns.net","fingerprint":{"md5":"6882f5eb3525d285fcd6a40007d60905","sha1":"b13763cf3b014ca492fcd4123019d03a3b94206e","sha256":"fdce9f3b732634042d9b0dc01ef82674da20ceb3516820539562079a89653ec4"},"host":"6-tao","hostname":["6-tao.funcns.net"],"ip":"136.243.150.89","ipv6":"false","issuer":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"location":"51.2993,9.4910","organization":"Hetzner Online GmbH","os":"Windows","osvendor":"Microsoft","osversion":["Server 2008","7"],"port":"443","product":"NGINX","productvendor":"Igor Sysoev","productversion":"7.5","protocol":"http","protocolversion":"1.1","publickey":{"algorithm":"rsaEncryption","length":"4096"},"reason":"OK","reverse":"6-tao.funcns.net","serial":"ae:3c:ce:c2:b2:39:c5:5f","signature":{"algorithm":"sha256WithRSAEncryption"},"source":"datascan","status":"200","subject":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"subnet":"136.243.144.0\/21","tag":["default"],"tld":"net","tls":"true","transport":"tcp","url":"\/","validity":{"notafter":"2116-12-26T14:12:28Z","notbefore":"2017-01-19T14:12:28Z"},"version":"v3","wildcard":"false"}
{"@timestamp":"2020-02-04T13:26:20.000Z","@version":1,"app":{"http":{"bodymd5":"454c1e637802adcf4f3af455565fcb80","headermd5":"e17199cef388a63240ad76ecd9fac1ae","title":"Welcome to nginx!"},"length":"656"},"asn":"AS24940","ca":"true","country":"DE","cpe":["cpe:\/a:igor_sysoev:nginx:7.5"],"cpecount":1,"data":"HTTP\/1.1 200 OK\r\nServer: Microsoft-IIS\/7.5\r\nDate: Tue, 04 Feb 2020 13:26:09 GMT\r\nContent-Type: text\/html\r\nContent-Length: 435\r\nLast-Modified: Thu, 21 Jan 2016 13:09:39 GMT\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>gt;\n<html>gt;\n<head>gt;\n<title>gt;Welcome to nginx!<\/title>gt;\n<style>gt;\n    body {\n        width: 35em;\n        margin: 0 auto;\n        font-family: Tahoma, Verdana, Arial, sans-serif;\n    }\n<\/style>gt;\n<\/head>gt;\n<body>gt;\n<h1>gt;Welcome <\/h1>gt;\n\n<pre>gt;\n\n           ****\n         **    **\n        *  O   O *\n       *     L    *\n       *          *\n        * \\____\/ *\n         **    **\n           ****\n\n\n\n\n<\/pre>gt;\n\n<small>gt; TAO <\/small>gt;\n<\/body>gt;\n<\/html>gt;\n","datamd5":"b9a40bb37b4c7195d7982740e732f965","device":{"class":"Web Server"},"domain":"funcns.net","fingerprint":{"md5":"6882f5eb3525d285fcd6a40007d60905","sha1":"b13763cf3b014ca492fcd4123019d03a3b94206e","sha256":"fdce9f3b732634042d9b0dc01ef82674da20ceb3516820539562079a89653ec4"},"host":"8-tao","hostname":["8-tao.funcns.net"],"ip":"136.243.150.92","ipv6":"false","issuer":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"location":"51.2993,9.4910","organization":"Hetzner Online GmbH","os":"Windows","osvendor":"Microsoft","osversion":["Server 2008","7"],"port":"443","product":"NGINX","productvendor":"Igor Sysoev","productversion":"7.5","protocol":"http","protocolversion":"1.1","publickey":{"algorithm":"rsaEncryption","length":"4096"},"reason":"OK","reverse":"8-tao.funcns.net","serial":"ae:3c:ce:c2:b2:39:c5:5f","signature":{"algorithm":"sha256WithRSAEncryption"},"source":"datascan","status":"200","subject":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"subnet":"136.243.144.0\/21","tag":["default"],"tld":"net","tls":"true","transport":"tcp","url":"\/","validity":{"notafter":"2116-12-26T14:12:28Z","notbefore":"2017-01-19T14:12:28Z"},"version":"v3","wildcard":"false"}

Paging through results

When there are more than 10 results and you have a subscription to a View, you can page through available results (up to 10000 results). To do so, you just have to add the page parameter to your HTTP request.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/search/category:pastries%20domain:amazonaws.com?page=2'

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": "2",
  "results": [
[..]
  ],
  "status": "ok",
  "took": "0.027",
  "total": 15457
}

Error handling

A response will be returned with a 400 HTTP code. A non-zero positive error code will be returned along with a descriptive message.

Sample response

{
  "error": 3,
  "text": "Invalid API key format",
  "myip": "<redacted>",
  "status": "nok"
}

Rate limiting

If rate limiting is triggered, a response will be returned with a 429 HTTP code. Currently, the limit is set to 1 request per second from a given IP address.