User API

GET
/api/v2/user

Return information about your user account

For instance, it will return which API endpoints you have access to, the complete list of filters you are allowed to user as per your license, or how many credits are remaining.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/user'

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 1,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "user",
      "@timestamp": "2019-05-08T12:29:22.000Z",
      "apikey": "<redacted>",
      "apis": [
        "user",
        "bulk/ip",
        "bulk/domain",
        "bulk/hostname",
        "simple/ctl",
        "simple/datascan",
        "simple/geoloc",
        "simple/inetnum",
        "simple/pastries",
        "simple/resolver",
        "simple/sniffer",
        "simple/synscan",
        "simple/threatlist",
        "simple/datascan/datamd5",
        "simple/resolver/reverse",
        "simple/resolver/forward",
        "simple/datashot",
        "simple/onionscan",
        "simple/onionshot",
        "simple/topsite",
        "simple/vulnscan",
        "search",
        "search/ctl",
        "search/datascan",
        "search/geoloc",
        "search/inetnum",
        "search/pastries",
        "search/resolver",
        "search/sniffer",
        "search/synscan",
        "search/threatlist",
        "search/datashot",
        "search/onionscan",
        "search/onionshot",
        "search/topsite",
        "alert/list",
        "alert/add",
        "alert/del",
        "search/vulnscan",
        "summary/ip",
        "summary/domain",
        "summary/hostname",
        "export"
      ],
      "categories": [
        "ctl",
        "datascan",
        "geoloc",
        "inetnum",
        "pastries",
        "resolver",
        "sniffer",
        "synscan",
        "threatlist",
        "datashot",
        "onionscan",
        "onionshot",
        "topsite",
        "vulnscan"
      ],
      "credits": 999990,
      "duration": 0,
      "enddate": 0,
      "filters": [
        "app.browse.type",
        "app.browse.name",
        "app.browse.file",
        "app.dns.versionbind",
        "app.elasticsearch.clustername",
        "app.elasticsearch.luceneversion",
        "app.extract.domain",
        "app.extract.file",
        "app.extract.hostname",
        "app.extract.ip",
        "app.extract.url",
        "app.http.bodymd5",
        "app.http.component.product",
        "app.http.component.productvendor",
        "app.http.component.productversion",
        "app.http.component.productversionpatch",
        "app.http.copyright",
        "app.http.copyright.keyword",
        "app.http.description",
        "app.http.description.keyword",
        "app.http.headermd5",
        "app.http.header.name",
        "app.http.header.value",
        "app.http.keywords",
        "app.http.keywords.keyword",
        "app.http.realm",
        "app.http.title",
        "app.http.title.keyword",
        "app.length",
        "app.modbus.code",
        "app.modbus.function",
        "app.modbus.information",
        "app.modbus.product",
        "app.modbus.productvendor",
        "app.modbus.productversion",
        "app.modbus.productversionpatch",
        "app.mongodb.name",
        "app.ntp.leap",
        "app.ntp.mode",
        "app.ntp.stratum",
        "app.ntp.version",
        "app.rtsp.realm",
        "app.screenshot.format",
        "app.screenshot.image",
        "app.screenshot.imagemd5",
        "app.smb.nullsession",
        "app.smb.servername",
        "app.smb.share",
        "app.smb.workgroup",
        "app.snmp.community",
        "app.snmp.sysdescr",
        "app.vnc.authentication",
        "app.vnc.desktopname",
        "app.vnc.screensize",
        "app.vnc.version",
        "abuse",
        "asn",
        "basicconstraints",
        "botnet",
        "ca",
        "city",
        "count",
        "country",
        "data",
        "datamd5",
        "destport",
        "distinct",
        "domain",
        "extkeyusage",
        "file",
        "fingerprint.md5",
        "fingerprint.sha1",
        "fingerprint.sha256",
        "forward",
        "host",
        "hostname",
        "information",
        "ip",
        "ipv6",
        "issuer.commonname",
        "issuer.country",
        "issuer.organization",
        "issuer.organizationalunit",
        "issuer.serial",
        "key",
        "keyusage",
        "location",
        "netname",
        "organization",
        "os",
        "osbits",
        "osdistribution",
        "osdistributionversion",
        "osvendor",
        "osversion",
        "osversionpatch",
        "port",
        "product",
        "productvendor",
        "productversion",
        "productversionpatch",
        "protocol",
        "protocolversion",
        "publickey.algorithm",
        "publickey.exponent",
        "publickey.length",
        "reason",
        "reverse",
        "scheme",
        "serial",
        "signature.algorithm",
        "since",
        "size",
        "source",
        "srcport",
        "status",
        "subdomains",
        "subject.altname",
        "subject.country",
        "subject.commonname",
        "subject.organization",
        "subject.organizationalunit",
        "subject.serial",
        "subnet",
        "syntax",
        "threatlist",
        "title",
        "tld",
        "tls",
        "total",
        "transport",
        "type",
        "url",
        "user",
        "validity.notafter",
        "validity.notbefore",
        "version",
        "wildcard",
        "classification",
        "content",
        "cpe",
        "cpecount",
        "cve",
        "cvecount",
        "device.class",
        "device.product",
        "device.productvendor",
        "device.productversion",
        "device.productversionpatch",
        "onion",
        "tag"
      ],
      "functions": [
        "-hourago",
        "-dayago",
        "-weekago",
        "-monthago",
        "-exists",
        "-wildcard",
        "-fields"
      ],
      "history": "7M",
      "seen_date": "2019-05-08",
      "startdate": "2019-05-08T12:36:37.000Z",
      "view": "Eagle View"
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": "0.000",
  "total": 1
}

Summary API - starting from Free View

GET
/api/v2/summary/ip/{IP}

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Note: all fields are returned except data and content and those not allowed by your subscription.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/summary/ip/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 52,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "ctl",
      "@timestamp": "2020-03-28T00:43:31.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.137,
  "total": 2956
}

GET
/api/v2/summary/domain/{DOMAIN}

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Note: all fields are returned except data and content and those not allowed by your subscription.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/summary/domain/{DOMAIN}'

Parameters

  • apikey: your personal key.

Arguments

  • {DOMAIN}: argument must be a domain name.

Sample response

{
  "count": 81,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "ctl",
      "@timestamp": "2020-03-26T03:00:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 1.361,
  "total": 472746
}

GET
/api/v2/summary/hostname/{HOSTNAME}

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Note: all fields are returned except data and content and those not allowed by your subscription.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/summary/hostname/{HOSTNAME}'

Parameters

  • apikey: your personal key.

Arguments

  • {HOSTNAME}: argument must be a fully qualified domain name.

Sample response

{
  "count": 34,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "ctl",
      "@timestamp": "2020-03-15T16:22:47.000Z",
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.054,
  "total": 12262
}

Simple API - starting from Free View

GET
/api/v2/simple/geoloc/{IP}

Return results about geoloc category of information

This method requires an API key. It will return results about geoloc category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/geoloc/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "geoloc",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/inetnum/{IP}

Return results about inetnum category of information

This method requires an API key. It will return results about inetnum category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/inetnum/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "inetnum",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/pastries/{IP}

Return results about pastries category of information

This method requires an API key. It will return results about pastries category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/pastries/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "pastries",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/resolver/{IP}

Return results about resolver category of information

This method requires an API key. It will return results about resolver category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/resolver/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/sniffer/{IP}

Return results about sniffer category of information

This method requires an API key. It will return results about sniffer category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/sniffer/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "sniffer",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/synscan/{IP}

Return results about synscan category of information

This method requires an API key. It will return results about synscan category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/synscan/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "synscan",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/threatlist/{IP}

Return results about threatlist category of information

This method requires an API key. It will return results about threatlist category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/threatlist/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "threatlist",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/topsite/{IP}

Return results about topsite category of information

This method requires an API key. It will return results about topsite category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/topsite/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "topsite",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/vulnscan/{IP}

Return results about vulnscan category of information

This method requires an API key. It will return results about vulnscan category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/vulnscan/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "vulnscan",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/onionshot/{IP}

Return results about onionshot category of information

This method requires an API key. It will return results about onionshot category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/onionshot/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "onionshot",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/datashot/{IP}

Return results about datashot category of information

This method requires an API key. It will return results about datashot category of information we have for the given IPv{4,6} address with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/datashot/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 4,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "datashot",
      "@timestamp": "2020-02-25T15:50:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.014,
  "total": 4
}

GET
/api/v2/simple/ctl/{DOMAIN,HOSTNAME}

Return results about ctl category of information

This method requires an API key. It will return results about ctl category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/ctl/{DOMAIN,HOSTNAME}'

Parameters

  • apikey: your personal key.

Arguments

  • {DOMAIN,HOSTNAME}: argument must be a domain or a hostname.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 4,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.006,
  "total": 39
}

GET
/api/v2/simple/onionscan/{DOMAIN,HOSTNAME}

Return results about onionscan category of information

This method requires an API key. It will return results about onionscan category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/onionscan/{DOMAIN,HOSTNAME}'

Parameters

  • apikey: your personal key.

Arguments

  • {DOMAIN,HOSTNAME}: argument must be a domain or a hostname.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 4,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
  ],
  "status": "ok",
  "text": "Success",
  "took": 0.006,
  "total": 39
}

GET
/api/v2/simple/datascan/{IP,STRING}

Return results about datascan category of information

This method requires an API key. It will return results about datascan category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/datascan/{IP,STRING}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP,STRING}: argument must be either an IP{v4,v6} or a string to search for.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "datascan",
      "@timestamp": "2020-03-03T11:11:00.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.505,
  "total": 218539367
}

GET
/api/v2/simple/datascan/datamd5/{MD5}

Return results about datascan/datamd5 category of information

This method requires an API key. It will return results about datascan/datamd5 category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/datascan/datamd5/{MD5}'

Parameters

  • apikey: your personal key.

Arguments

  • {MD5}: argument must a lowercase md5 string to search for against the datamd5 field.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "datascan/datamd5",
      "@timestamp": "2020-03-03T11:17:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.244,
  "total": 218538292
}

GET
/api/v2/simple/resolver/forward/{IP}

Return results about resolver category of information

This method requires an API key. It will return results about resolver category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/resolver/forward/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2020-03-03T11:17:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.244,
  "total": 218538292
}

GET
/api/v2/simple/resolver/reverse/{IP}

Return results about resolver category of information

This method requires an API key. It will return results about resolver category of information we have for the given domain or hostname with history of changes, if any.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/simple/resolver/reverse/{IP}'

Parameters

  • apikey: your personal key.

Arguments

  • {IP}: argument must be an IPv{4,6} address.

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2020-03-03T11:17:17.000Z",
[..]
    }
  ],
  "status": "ok",
  "text": "Success",
  "took": 3.244,
  "total": 218538292
}

Search API - starting from Dragonfly View

GET
/api/v2/search/{OQL}

Alert API - starting from Dragonfly View

GET
/api/v2/alert/list

Return list of configured alerts

Here is an example of an alert string: category:datascan domain:example.com -exists:cve.

Request URL

curl -H 'Authorization: apikey {apikey}' -XGET 'https://www.onyphe.io/api/v2/alert/list'

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 9,
  "error": 0,
  "myip": "<redacted>",
  "results": [
    {
      "email": "<redacted>",
      "id": 0,
      "name": "New phishing detected",
      "query": "category:ctl tag:phishing::google -dayago:1",
      "threshold": ">0"
    },
[..]
  ],
  "status": "ok",
  "took": "0.000",
  "total": 9
}

POST
/api/v2/alert/add

Add an alert

Here is an example of an alert string: category:datascan domain:example.com -exists:cve.

Request URL

curl -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' -XPOST 'https://www.onyphe.io/api/v2/alert/add' -d '{"name":"My alert","query":"category:datascan domain:example.com -exists:cve","email":"destination@example.com"}'

Parameters

  • apikey: your personal key.
  • name: name of the alert (or a description).
  • query: ONYPHE query to execute (daily basis).
  • email: destination address to use.

Sample response

{
  "error": 0,
  "text": "Success",
  "myip": "<redacted>",
  "status": "ok"
}

POST
/api/v2/alert/del/{ID}

Add an alert

Here is an example of an alert string: category:datascan domain:example.com -exists:cve.

Request URL

curl -H 'Authorization: apikey {apikey}' -XPOST 'https://www.onyphe.io/api/v2/alert/del/{ID}'

Parameters

  • apikey: your personal key.
  • id: id of the alert to delete.

Sample response

{
  "error": 0,
  "text": "Success",
  "myip": "<redacted>",
  "status": "ok"
}

Bulk Summary API - starting from Entreprise Views

POST
/api/v2/bulk/summary/ip

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given IPv{4,6} address. Only the 10 latest results per category will be returned. Results are rendered as one JSON entry per line for easier integration in external tools.

Request URL

echo '1.1.1.1' > /tmp/list.txt
echo '2.2.2.2' >> /tmp/list.txt
echo '3.3.3.3' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/summary/ip'

Parameters

  • apikey: your personal key.

Sample response

[..]
{"@category":"resolver","@timestamp":"2020-02-08T00:41:03.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"totilaz.com","forward":"totilaz.com","hostname":"totilaz.com","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-08","source":"ctl","subnet":"3.2.0.0\/15","tld":"com","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T15:41:33.000Z","asn":"AS0","country":"US","domain":"sand88.me","forward":"sand88.me","hostname":"sand88.me","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"urlscan","subnet":"3.2.0.0\/15","tld":"me","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T10:17:39.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"2020s.vip","forward":"www.2020s.vip","host":"www","hostname":"www.2020s.vip","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-04","source":"ctl","subnet":"3.2.0.0\/15","tld":"vip","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T10:17:39.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"syn20.com","forward":"syn20.com","hostname":"syn20.com","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-04","source":"ctl","subnet":"3.2.0.0\/15","tld":"com","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-04T10:17:38.000Z","asn":"AS0","city":"Seattle","country":"US","domain":"syn20.net","forward":"syn20.net","hostname":"syn20.net","ip":"3.3.3.3","ipv6":"false","latitude":"47.6348","location":"47.6348,-122.3451","longitude":"-122.3451","seen_date":"2020-02-04","source":"ctl","subnet":"3.2.0.0\/15","tld":"net","type":"forward"}
{"@category":"topsite","@timestamp":"2020-02-04T10:13:54.000Z","asn":"AS0","country":"US","domain":"sbiepay.com","forward":"sbiepay.com","hostname":"sbiepay.com","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"umbrella","subnet":"3.2.0.0\/15","tag":["top1m","umbrella"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:06:36.000Z","asn":"AS0","country":"US","domain":"onlinepg.net","forward":"is.onlinepg.net","host":"is","hostname":"is.onlinepg.net","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"umbrella","subnet":"3.2.0.0\/15","tag":["top1m","umbrella"],"tld":"net"}
{"@category":"topsite","@timestamp":"2020-02-04T09:48:20.000Z","asn":"AS0","country":"US","domain":"sbiepay.com","forward":"sbiepay.com","hostname":"sbiepay.com","ip":"3.3.3.3","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"alexa","subnet":"3.2.0.0\/15","tag":["alexa","top1m"],"tld":"com"}

POST
/api/v2/bulk/summary/domain

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given domain name. Only the 10 latest results per category will be returned. Results are rendered as one JSON e ntry per line for easier integration in external tools.

Request URL

echo 'google.com' > /tmp/list.txt
echo 'yahoo.fr' >> /tmp/list.txt
echo 'verizon.com' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/summary/domain'

Parameters

  • apikey: your personal key.

Sample response

[..]
{"@category":"resolver","@timestamp":"2020-03-03T11:23:56.000Z","asn":"AS0","country":"US","domain":"verizon.com","forward":"forums.verizon.com","host":"forums","hostname":"forums.verizon.com","ip":"143.204.229.20","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-03-03","source":"urlscan","subnet":"143.204.0.0\/16","tld":"com","type":"forward"}
{"@category":"topsite","@timestamp":"2020-02-04T10:23:49.000Z","asn":"AS0","city":"Culver City","country":"US","domain":"verizon.com","forward":"verizon.com","hostname":"verizon.com","ip":"192.16.31.23","ipv6":"false","latitude":"33.9924","location":"33.9924,-118.3991","longitude":"-118.3991","seen_date":"2020-02-04","source":"majestic","subnet":"192.16.30.0\/23","tag":["majestic","top1m"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:22:03.000Z","asn":"AS0","country":"US","domain":"verizon.com","forward":"enterpriseportal.verizon.com","host":"enterpriseportal","hostname":"enterpriseportal.verizon.com","ip":"192.30.31.191","ipv6":"false","latitude":"37.7510","location":"37.7510,-97.8220","longitude":"-97.8220","seen_date":"2020-02-04","source":"umbrella","subnet":"192.30.30.0\/23","tag":["top1m","umbrella"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:21:11.000Z","asn":"AS12079","country":"US","domain":"verizon.com","forward":"gismapssdc.verizon.com","host":"gismapssdc","hostname":"gismapssdc.verizon.com","ip":"162.115.35.43","ipv6":"false","latitude":"40.7592","location":"40.7592,-111.8875","longitude":"-111.8875","organization":"CELLCO-PART","seen_date":"2020-02-04","source":"umbrella","subnet":"162.115.32.0\/21","tag":["top1m","umbrella"],"tld":"com"}
{"@category":"topsite","@timestamp":"2020-02-04T10:20:25.000Z","asn":"AS33052","city":"Winter Springs","country":"US","domain":"verizon.com","forward":"fldsmtpe02.verizon.com","host":"fldsmtpe02","hostname":"fldsmtpe02.verizon.com","ip":"140.108.26.141","ipv6":"false","latitude":"39.0680","location":"39.0680,-76.9933","longitude":"-76.9933","organization":"VZUNET","seen_date":"2020-02-04","source":"umbrella","subnet":"140.108.24.0\/22","tag":["top1m","umbrella"],"tld":"com"}
[..]

POST
/api/v2/bulk/summary/hostname

Return results about all categories of information

This method requires an API key. It will return results about all categories of information we have for the given fully qualified hostname. Only the 10 latest results per category will be returned. Results are rendered as one JSON e ntry per line for easier integration in external tools.

Request URL

echo 'www.google.com' > /tmp/list.txt
echo 'www.bing.com' >> /tmp/list.txt
echo 'www.yahoo.fr' >> /tmp/list.txt

curl -XPOST -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' --data-binary @/tmp/list.txt 'https://www.onyphe.io/api/v2/bulk/summary/hostname'

Parameters

  • apikey: your personal key.

Sample response

[..]
{"@category":"pastries","@timestamp":"2020-03-03T02:55:32.000Z","domain":["secureserver.net","yahoo.com","milcatstore.com","zakral.net","okok.fr","yahoo.fr"],"host":["w2","ip-184-168-131-241","www","ns4"],"hostname":["ip-184-168-131-241.ip.secureserver.net","w2.src1.vip.bf1.yahoo.com","w2.src1.vip.ir2.yahoo.com","w2.src1.vip.sg3.yahoo.com","ns4.zakral.net","www.milcatstore.com","w2.src1.vip.tw1.yahoo.com","w2.src1.vip.gq1.yahoo.com","www.okok.fr","www.yahoo.fr"],"ip":["74.6.136.151","176.31.126.150","124.108.115.101","184.168.131.241","106.10.248.151","212.82.100.151","98.136.103.24"],"key":"t24xRQVk","scheme":["http"],"seen_date":"2020-03-03","size":"644","source":"pastebin","subdomains":["src1.vip.bf1.yahoo.com","tw1.yahoo.com","vip.ir2.yahoo.com","src1.vip.sg3.yahoo.com","ip.secureserver.net","gq1.yahoo.com","ir2.yahoo.com","src1.vip.ir2.yahoo.com","src1.vip.gq1.yahoo.com","vip.gq1.yahoo.com","src1.vip.tw1.yahoo.com","bf1.yahoo.com","vip.bf1.yahoo.com","vip.tw1.yahoo.com","vip.sg3.yahoo.com","sg3.yahoo.com"],"syntax":"text","tld":["net","fr","com"],"url":["http:\/\/www.milcatstore.com","http:\/\/www.okok.fr\/affichage\/a4d4c1dd-9a40-453d-9033-88057affa474.jpg","http:\/\/www.yahoo.fr?"]}
{"@category":"pastries","@timestamp":"2020-03-03T01:59:50.000Z","domain":["yahoo.fr","okok.fr","yahoo.com","secureserver.net","coffbio.com","zakral.net"],"host":["ip-184-168-131-241","w2","ns4","www"],"hostname":["www.okok.fr","www.yahoo.fr","w2.src1.vip.tw1.yahoo.com","w2.src1.vip.gq1.yahoo.com","w2.src1.vip.ir2.yahoo.com","w2.src1.vip.sg3.yahoo.com","ns4.zakral.net","ip-184-168-131-241.ip.secureserver.net","w2.src1.vip.bf1.yahoo.com","www.coffbio.com"],"ip":["98.136.103.24","212.82.100.151","124.108.115.101","184.168.131.241","106.10.248.151","176.31.126.150","74.6.136.151"],"key":"52U52yPw","scheme":["http"],"seen_date":"2020-03-03","size":"643","source":"pastebin","subdomains":["tw1.yahoo.com","src1.vip.bf1.yahoo.com","ip.secureserver.net","gq1.yahoo.com","src1.vip.sg3.yahoo.com","vip.ir2.yahoo.com","src1.vip.gq1.yahoo.com","src1.vip.ir2.yahoo.com","ir2.yahoo.com","bf1.yahoo.com","src1.vip.tw1.yahoo.com","vip.gq1.yahoo.com","vip.bf1.yahoo.com","vip.tw1.yahoo.com","sg3.yahoo.com","vip.sg3.yahoo.com"],"syntax":"text","tld":["fr","net","com"],"url":["http:\/\/www.yahoo.fr?","http:\/\/www.coffbio.com?","http:\/\/www.okok.fr\/affichage\/a4d4c1dd-9a40-453d-9033-88057affa474.jpg"]}
{"@category":"resolver","@timestamp":"2020-03-03T02:55:33.000Z","asn":"AS34010","country":"GB","domain":"yahoo.fr","forward":"www.yahoo.fr","host":"www","hostname":"www.yahoo.fr","ip":"212.82.100.151","ipv6":"false","latitude":"51.4964","location":"51.4964,-0.1224","longitude":"-0.1224","organization":"Yahoo! UK Services Limited","seen_date":"2020-03-03","source":"pastries","subnet":"212.82.100.0\/22","tld":"fr","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-29T05:22:07.000Z","asn":"AS34010","country":"CH","domain":"yahoo.fr","forward":"www.yahoo.fr","host":"www","hostname":"www.yahoo.fr","ip":"212.82.100.151","ipv6":"false","latitude":"47.1449","location":"47.1449,8.1551","longitude":"8.1551","organization":"Yahoo! UK Services Limited","seen_date":"2020-02-29","source":"urlscan","subnet":"212.82.100.0\/22","tld":"fr","type":"forward"}
{"@category":"resolver","@timestamp":"2020-02-22T13:56:40.000Z","asn":"AS34010","country":"CH","domain":"yahoo.fr","forward":"www.yahoo.fr","host":"www","hostname":"www.yahoo.fr","ip":"212.82.100.151","ipv6":"false","latitude":"47.1449","location":"47.1449,8.1551","longitude":"8.1551","organization":"Yahoo! UK Services Limited","seen_date":"2020-02-22","source":"urlscan","subnet":"212.82.100.0\/22","tld":"fr","type":"forward"}
[..]

Export API - starting from Eagle View

GET
/api/v2/export/{OQL}

Return results about all categories of information

This method requires an API key and an Eagle View subscription. It allows to export all information we have using the ONYPHE Query Language (OQL). Multiple entries may match so we return all of them with history of changes. It will auto-scroll through all results. Results are rendered as one JSON entry per line for easier integration in external tools. The last 30 days of data are queried.

Here is an example of a OQL query string: category:datascan product:Nginx protocol:http os:Windows tls:true.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/export/category:datascan%20product:Nginx%20protocol:http%20os:Windows%20tls:true'

Parameters

  • apikey: your personal key.

Sample response

[..]
{"@timestamp":"2020-02-16T19:33:22.000Z","@version":1,"app":{"extract":{"domain":["bingolink.biz"],"hostname":["www.bingolink.biz"],"url":["https:\/\/www.bingolink.biz\/sso\/oauth2\/authorize?response_type=code+id_token&client_id=Y5hettT5dK7eQB7C77KE&redirect_uri=https"]},"http":{"bodymd5":"d41d8cd98f00b204e9800998ecf8427e","headermd5":"904e765d1e9e9fe47aa4f97f0aab1a83"},"length":"338"},"asn":"AS58466","ca":"false","city":"Guangzhou","country":"CN","cpe":["cpe:\/a:nginx:nginx:1.3.13"],"cpecount":1,"cve":["CVE-2013-4547"],"cvecount":1,"data":"HTTP\/1.1 302 \r\nServer: nginx\/1.3.13-win64\r\nDate: Sun, 16 Feb 2020 19:33:01 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https:\/\/www.bingolink.biz\/sso\/oauth2\/authorize?response_type=code+id_token&client_id=Y5hettT5dK7eQB7C77KE&redirect_uri=https%3A%2F%2F<ip>gt;%2F%3Foauth2_redirect%3D1&logout_uri=https%3A%2F%2F<ip>gt;%2Flogout\r\n\r\n","datamd5":"0c3f92039aac38bd6152d56a60c99c5d","device":{"class":"Web Server"},"domain":["bingosoft.net","cloudmtr.com","gz-mstc.com","zyuntech.net"],"extkeyusage":["serverAuth"],"fingerprint":{"md5":"ec2b7dc99cc892eabb4f9e7bb35523fc","sha1":"1a739b18408af7be65af02231de46829d1325307","sha256":"8bb8fa0d9a2ff30a9c902082df572d93c664d88760a7a92a9730c483b8556ea8"},"ip":"114.67.22.116","ipv6":"false","issuer":{"commonname":"bingosoft-CA"},"keyusage":["digitalSignature","keyEncipherment"],"location":"23.1167,113.2500","organization":"CHINANET Guangdong province network","os":"Windows","osbits":"64","osvendor":"Microsoft","port":"443","product":"Nginx","productvendor":"Nginx","productversion":"1.3.13","protocol":"http","protocolversion":"1.1","publickey":{"algorithm":"rsaEncryption","length":"1024"},"serial":"49:46:26:ca:00:00:00:00:37:d2","signature":{"algorithm":"sha512WithRSAEncryption"},"source":"datascan","status":"302","subject":{"altname":["*.bingosoft.net","*.cloudmtr.com","*.gz-mstc.com","*.zyuntech.net"],"commonname":"*.bingosoft.net","country":"CN","organizationalunit":"Bingosoft"},"subnet":"114.67.0.0\/18","tld":["com","net"],"tls":"true","transport":"tcp","url":"\/","validity":{"notafter":"2020-06-27T06:24:58Z","notbefore":"2018-06-28T06:24:58Z"},"version":"v3","wildcard":"true"}
{"@timestamp":"2020-02-03T15:10:40.000Z","@version":1,"app":{"http":{"bodymd5":"454c1e637802adcf4f3af455565fcb80","headermd5":"e17199cef388a63240ad76ecd9fac1ae","title":"Welcome to nginx!"},"length":"656"},"asn":"AS24940","ca":"true","country":"DE","cpe":["cpe:\/a:igor_sysoev:nginx:7.5"],"cpecount":1,"data":"HTTP\/1.1 200 OK\r\nServer: Microsoft-IIS\/7.5\r\nDate: Mon, 03 Feb 2020 15:10:29 GMT\r\nContent-Type: text\/html\r\nContent-Length: 435\r\nLast-Modified: Wed, 12 Jul 2017 11:29:51 GMT\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>gt;\n<html>gt;\n<head>gt;\n<title>gt;Welcome to nginx!<\/title>gt;\n<style>gt;\n    body {\n        width: 35em;\n        margin: 0 auto;\n        font-family: Tahoma, Verdana, Arial, sans-serif;\n    }\n<\/style>gt;\n<\/head>gt;\n<body>gt;\n<h1>gt;Welcome <\/h1>gt;\n\n<pre>gt;\n\n           ****\n         **    **\n        *  O   O *\n       *     L    *\n       *          *\n        * \\____\/ *\n         **    **\n           ****\n\n\n\n\n<\/pre>gt;\n\n<small>gt; TAO <\/small>gt;\n<\/body>gt;\n<\/html>gt;\n","datamd5":"b9a40bb37b4c7195d7982740e732f965","device":{"class":"Web Server"},"domain":"funcns.net","fingerprint":{"md5":"6882f5eb3525d285fcd6a40007d60905","sha1":"b13763cf3b014ca492fcd4123019d03a3b94206e","sha256":"fdce9f3b732634042d9b0dc01ef82674da20ceb3516820539562079a89653ec4"},"host":"6-tao","hostname":["6-tao.funcns.net"],"ip":"136.243.150.89","ipv6":"false","issuer":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"location":"51.2993,9.4910","organization":"Hetzner Online GmbH","os":"Windows","osvendor":"Microsoft","osversion":["Server 2008","7"],"port":"443","product":"NGINX","productvendor":"Igor Sysoev","productversion":"7.5","protocol":"http","protocolversion":"1.1","publickey":{"algorithm":"rsaEncryption","length":"4096"},"reason":"OK","reverse":"6-tao.funcns.net","serial":"ae:3c:ce:c2:b2:39:c5:5f","signature":{"algorithm":"sha256WithRSAEncryption"},"source":"datascan","status":"200","subject":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"subnet":"136.243.144.0\/21","tag":["default"],"tld":"net","tls":"true","transport":"tcp","url":"\/","validity":{"notafter":"2116-12-26T14:12:28Z","notbefore":"2017-01-19T14:12:28Z"},"version":"v3","wildcard":"false"}
{"@timestamp":"2020-02-04T13:26:20.000Z","@version":1,"app":{"http":{"bodymd5":"454c1e637802adcf4f3af455565fcb80","headermd5":"e17199cef388a63240ad76ecd9fac1ae","title":"Welcome to nginx!"},"length":"656"},"asn":"AS24940","ca":"true","country":"DE","cpe":["cpe:\/a:igor_sysoev:nginx:7.5"],"cpecount":1,"data":"HTTP\/1.1 200 OK\r\nServer: Microsoft-IIS\/7.5\r\nDate: Tue, 04 Feb 2020 13:26:09 GMT\r\nContent-Type: text\/html\r\nContent-Length: 435\r\nLast-Modified: Thu, 21 Jan 2016 13:09:39 GMT\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>gt;\n<html>gt;\n<head>gt;\n<title>gt;Welcome to nginx!<\/title>gt;\n<style>gt;\n    body {\n        width: 35em;\n        margin: 0 auto;\n        font-family: Tahoma, Verdana, Arial, sans-serif;\n    }\n<\/style>gt;\n<\/head>gt;\n<body>gt;\n<h1>gt;Welcome <\/h1>gt;\n\n<pre>gt;\n\n           ****\n         **    **\n        *  O   O *\n       *     L    *\n       *          *\n        * \\____\/ *\n         **    **\n           ****\n\n\n\n\n<\/pre>gt;\n\n<small>gt; TAO <\/small>gt;\n<\/body>gt;\n<\/html>gt;\n","datamd5":"b9a40bb37b4c7195d7982740e732f965","device":{"class":"Web Server"},"domain":"funcns.net","fingerprint":{"md5":"6882f5eb3525d285fcd6a40007d60905","sha1":"b13763cf3b014ca492fcd4123019d03a3b94206e","sha256":"fdce9f3b732634042d9b0dc01ef82674da20ceb3516820539562079a89653ec4"},"host":"8-tao","hostname":["8-tao.funcns.net"],"ip":"136.243.150.92","ipv6":"false","issuer":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"location":"51.2993,9.4910","organization":"Hetzner Online GmbH","os":"Windows","osvendor":"Microsoft","osversion":["Server 2008","7"],"port":"443","product":"NGINX","productvendor":"Igor Sysoev","productversion":"7.5","protocol":"http","protocolversion":"1.1","publickey":{"algorithm":"rsaEncryption","length":"4096"},"reason":"OK","reverse":"8-tao.funcns.net","serial":"ae:3c:ce:c2:b2:39:c5:5f","signature":{"algorithm":"sha256WithRSAEncryption"},"source":"datascan","status":"200","subject":{"country":"PL","organization":"Internet Widgits Pty Ltd"},"subnet":"136.243.144.0\/21","tag":["default"],"tld":"net","tls":"true","transport":"tcp","url":"\/","validity":{"notafter":"2116-12-26T14:12:28Z","notbefore":"2017-01-19T14:12:28Z"},"version":"v3","wildcard":"false"}

Paging through results

When there are more than 10 results and you have a subscription to a View, you can page through available results (up to 10000 results). To do so, you just have to add the page parameter to your HTTP request.

Request URL

curl -XGET -H 'Authorization: apikey {apikey}' -H 'Content-Type: application/json' 'https://www.onyphe.io/api/v2/search/category:pastries%20domain:amazonaws.com?page=2'

Sample response

{
  "count": 10,
  "error": 0,
  "max_page": 1000,
  "myip": "<redacted>",
  "page": "2",
  "results": [
[..]
  ],
  "status": "ok",
  "took": "0.027",
  "total": 15457
}

Error handling

A response will be returned with a 400 HTTP code. A non-zero positive error code will be returned along with a descriptive message.

Sample response

{
  "error": 3,
  "text": "Invalid API key format",
  "myip": "<redacted>",
  "status": "nok"
}

Rate limiting

If rate limiting is triggered, a response will be returned with a 429 HTTP code. Currently, the limit is set to 30 requests per minute from a given IP address.