This method is open to use. There is need for an API key.
curl -XGET https://www.onyphe.io/api/myip
{
"error": 0,
"myip": "<redacted>",
"status": "ok"
}
This method is open to use. There is need for an API key.
curl -XGET https://www.onyphe.io/api/geoloc/{IP}
{
"count": 1,
"error": 0,
"myip": "<redacted>",
"results": [
{
"@category": "geoloc",
"@timestamp": "2018-07-24T08:32:15.000Z",
"@type": "ip",
"asn": "AS15133",
"city": "Norwell",
"country": "US",
"country_name": "United States",
"ip": "93.184.216.34",
"ipv6": "false",
"latitude": "42.1508",
"location": "42.1508,-70.8228",
"longitude": "-70.8228",
"organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
"subnet": "93.184.216.0/22"
}
],
"status": "ok",
"took": "0.000",
"total": 1
}
This method requires an API key. This will return information about your user account, like the number of query credits remaining.
curl -XGET https://www.onyphe.io/api/user/?apikey={apikey}
{
"count": 1,
"error": 0,
"max_page": 1,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "user",
"@timestamp": "2018-04-27T13:11:23.000Z",
"@type": "account",
"apikey": "<redacted>",
"credits": 0,
"license": "6",
"seen_date": "2018-04-27"
}
],
"status": "ok",
"took": "0.006",
"total": 1
}
This method requires an API key. This will return a summary of all information we have for the given IPv{4,6} address. History of changes will not be shown, only latest results. Be aware that this API returns less informations than the dedicated ones. For instance, you will have more information by using the synscan or datascan APIs than by using this API for a given IP address.
curl -XGET https://www.onyphe.io/api/ip/{IP}?apikey={apikey}
{
"count": 28,
"error": 0,
"myip": "<redacted>",
"results": [
{
"@category": "geoloc",
"@timestamp": "2018-07-24T08:34:51.000Z",
"@type": "ip",
"asn": "AS15133",
"city": "Norwell",
"country": "US",
"country_name": "United States",
"ip": "93.184.216.34",
"ipv6": "false",
"latitude": "42.1508",
"location": "42.1508,-70.8228",
"longitude": "-70.8228",
"organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
"subnet": "93.184.216.0/22"
},
{
"@category": "inetnum",
"@timestamp": "2018-07-22T01:35:13.000Z",
"@type": "ip",
"country": "EU",
"information": [
"NETBLK-03-EU-93-184-216-0-24"
],
"netname": "EDGECAST-NETBLK-03",
"seen_date": "2018-07-22",
"subnet": "93.184.216.0/24"
},
{
"@category": "pastries",
"@timestamp": "2018-07-24T08:05:12.000Z",
"@type": "pastebin",
"key": "Pmj6vqv9",
"seen_date": "2018-07-24"
},
[..]
{
"@category": "synscan",
"@timestamp": "2018-07-02T04:55:43.000Z",
"@type": "port-443",
"asn": "AS15133",
"city": "Norwell",
"country": "US",
"organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
"os": "Linux",
"port": "443",
"seen_date": "2018-07-02",
"subnet": "93.184.216.0/22"
},
[..]
{
"@category": "resolver",
"@timestamp": "2018-07-24T08:05:12.000Z",
"@type": "forward",
"forward": "example.org",
"seen_date": "2018-07-24"
},
[..]
{
"@category": "datascan",
"@timestamp": "2018-07-16T21:19:58.000Z",
"@type": "http",
"asn": "AS15133",
"city": "Norwell",
"country": "US",
"data": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nDate: Mon, 16 Jul 2018 21:19:48 GMT\r\nServer: ECS (dca/532C)\r\nContent-Length: 345\r\n\r\n<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n\t<head>\n\t\t<title>404 - Not Found</title>\n\t</head>\n\t<body>\n\t\t<h1>404 - Not Found</h1>\n\t</body>\n</html>\n",
"organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
"port": "443",
"product": "ECS (dca",
"productversion": "532C)",
"protocol": "http",
"seen_date": "2018-07-16",
"subnet": "93.184.216.0/22"
},
[..]
],
"status": "ok",
"took": "0.543",
"total": 3735
}
This method requires an API key. It will return inetnum information we have for the given IPv{4,6} address with history of changes. Multiple subnets may match because of delegation mechanisms. We return all of them.
curl -XGET https://www.onyphe.io/api/inetnum/{IP}?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 7,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "inetnum",
"@timestamp": "2018-07-22T01:35:13.000Z",
"@type": "ip",
"country": "US",
"ipv6": "false",
"netname": "EU-EDGECASTEU-20080602",
"seen_date": "2018-07-22",
"source": "RIPE",
"subnet": "93.184.208.0/20"
},
[..]
],
"status": "ok",
"took": "6.904",
"total": 66
}
This method requires an API key. It will return threatlist information we have for the given IPv{4,6} address with history of changes. Multiple threatlist may match. We return all of them, but only those matching and not all others.
curl -XGET https://www.onyphe.io/api/threatlist/{IP}?apikey={apikey}
{
"count": 3,
"error": 0,
"max_page": 1,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "threatlist",
"@timestamp": "2018-07-24T08:35:41.000Z",
"@type": "ip",
"asn": "AS14061",
"city": "Frankfurt am Main",
"country": "DE",
"ipv6": "false",
"location": "50.1153,8.6823",
"organization": "DigitalOcean, LLC",
"seen_date": "2018-07-24",
"subnet": "206.81.18.195/32",
"tag": [
"botnet",
"mirai"
],
"threatlist": "ONYPHE - botnet/mirai"
},
[..]
],
"status": "ok",
"took": "0.032",
"total": 3
}
This method requires an API key. It will return pastries information we have for the given IPv{4,6} address with history of changes. Multiple pastries may match. We return all of them. Currently, we only return pastries collected from pastebin.com.
curl -XGET https://www.onyphe.io/api/pastries/{IP}?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 344,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "pastries",
"@timestamp": "2018-07-23T17:10:57.000Z",
"@type": "pastebin",
"content": "\r\n\r\n\t\r\n\t\r\n\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\t \r\n\t\t\t\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\t\t<xsl:value-of select=\"l:title\" />\r\n\t\t\t\t\t \r\n\t\t\t\t \r\n\t\t\t \r\n\t\t \r\n\t \r\n ",
"domain": [
"example.net",
"w3.org"
],
"host": [
"dolph",
"hans-moleman",
"www"
],
"hostname": [
"dolph.w3.org",
"www.w3.org",
"hans-moleman.w3.org"
],
"ip": [
"128.30.52.45",
"2606:2800:220:1:248:1893:25c8:1946",
"128.30.52.100",
"2603:400a:ffff:804:801e:34:0:2d",
"93.184.216.34"
],
"key": "Rq6eDqSf",
"scheme": [
"http"
],
"seen_date": "2018-07-23",
"size": "856",
"source": "pastebin",
"syntax": "xml",
"tld": [
"net",
"org"
],
"url": [
"http://example.net/books/1.0",
"http://example.net/library/1.0",
"http://example.net/author/1.0",
"http://www.w3.org/1999/XSL/Transform"
]
},
[..]
],
"status": "ok",
"took": "0.013",
"total": 3432
}
This method requires an API key. It will return synscan information we have for the given IPv{4,6} address with history of changes. Multiple synscan entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/synscan/{IP}?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 2,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "synscan",
"@timestamp": "2018-07-10T23:39:19.000Z",
"@type": "port-22",
"asn": "AS18779",
"city": "San Jose",
"country": "US",
"ip": "107.164.81.7",
"ipv6": "false",
"location": "37.3387,-121.8914",
"organization": "EGIHosting",
"os": "Linux",
"port": "22",
"seen_date": "2018-07-10",
"subnet": "107.164.64.0/18"
},
[..]
],
"status": "ok",
"took": "0.078",
"total": 15
}
This method requires an API key. It will return datascan information we have for the given IPv{4,6} address or string with history of changes. Multiple datascan entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/datascan/{IP,string}?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 2,
"myip": "<redacted>",
"page": 1,
"results": [
"@category": "datascan",
"@timestamp": "2018-07-20T14:13:17.000Z",
"@type": "http",
"app": {
"http": {
"title": "403 Forbidden"
},
"length": "310"
},
"asn": "AS18779",
"city": "San Jose",
"country": "US",
"data": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Fri, 20 Jul 2018 14:08:45 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\n\r\n<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
"datamd5": "cee1767306186b2c3e402769869cbb34",
"ip": "107.164.81.7",
"ipv6": "false",
"location": "37.3387,-121.8914",
"organization": "EGIHosting",
"port": "80",
"product": "nginx",
"protocol": "http",
"protocolversion": "1.1",
"reason": "Forbidden",
"seen_date": "2018-07-20",
"status": "403",
"subnet": "107.164.0.0/17",
"tag": [
"http",
"nginx",
"proxy",
"server",
"web"
],
"tls": "false"
},
[..]
],
"status": "ok",
"took": "0.118",
"total": 13
}
This method requires an API key. It will return reverse DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple reverse DNS entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/reverse/{IP}?apikey={apikey}
{
"count": 1,
"error": 0,
"max_page": 1,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "resolver",
"@timestamp": "2018-01-06T17:10:10.000Z",
"@type": "reverse",
"domain": "net.in",
"host": "static-mum-182",
"ip": "182.59.164.193",
"ipv6": 0,
"reverse": "static-mum-182.59.164.193.mtnl.net.in",
"seen_date": "2018-01-06",
"subdomains": [
"mtnl.net.in",
"193.mtnl.net.in",
"164.193.mtnl.net.in",
"59.164.193.mtnl.net.in"
],
"tld": "in",
"ttl": 86400
}
],
"status": "ok",
"took": "0.325",
"total": 1
}
This method requires an API key. It will return forward DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple forward DNS entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/forward/{IP}?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 2,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "resolver",
"@timestamp": "2018-07-23T18:27:13.000Z",
"@type": "forward",
"domain": "go.com",
"forward": "cdn.abclocal.go.com",
"host": "cdn",
"ip": "2.22.52.73",
"ipv6": "false",
"seen_date": "2018-07-23",
"source": "pastries",
"subdomains": [
"abclocal.go.com"
],
"tld": "com",
"ttl": 19,
"type": "forward"
},
[..]
],
"status": "ok",
"took": "0.188",
"total": 16
}
This method requires an API key and a subscription to a Plan. It will return datascan information we have for the given query with history of changes. Multiple datascan entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: product:Apache port:443 os:Windows.
curl -XGET https://www.onyphe.io/api/search/datascan/product:Apache%20port:443%20os:Windows?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 1000,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "datascan",
"@timestamp": "2018-07-22T09:31:41.000Z",
"@type": "http",
"app": {
"extract": {
"domain": [
"stoplift.com"
],
"hostname": [
"apps.stoplift.com"
]
},
"http": {
"title": "Welcome to StopLift"
},
"length": "575"
},
"asn": "AS14618",
"city": "Ashburn",
"country": "US",
"data": "HTTP/1.1 200 OK\r\nDate: Sun, 22 Jul 2018 09:31:35 GMT\r\nServer: Apache/2.4.20 (Win64) OpenSSL/1.0.2g\r\nLast-Modified: Thu, 16 Oct 2014 14:46:39 GMT\r\nETag: \"14c-5058b50e360e5\"\r\nAccept-Ranges: bytes\r\nContent-Length: 332\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\r\n<html>\r\n<head>\r\n<title>Welcome to StopLift</title>\r\n<meta http-equiv=\"REFRESH\" content=\"0;url=https://apps.stoplift.com/login/\"></HEAD>\r\n<BODY>\r\nPlease click <a href=https://apps.stoplift.com/login/>here</a> if you are not automatically redirected.\r\n</BODY>\r\n</HTML>\r\n",
"datamd5": "9e69b11db2597b25a74e97be36d63605",
"ip": "174.129.229.5",
"ipv6": "false",
"location": "39.0481,-77.4728",
"organization": "Amazon.com, Inc.",
"os": "Windows",
"osbits": "64",
"port": "443",
"product": "Apache",
"productversion": "2.4.20 (Win64) OpenSSL/1.0.2g",
"protocol": "http",
"protocolversion": "1.1",
"reason": "OK",
"seen_date": "2018-07-22",
"status": "200",
"subnet": "174.129.0.0/16",
"tag": [
"apache",
"http",
"server",
"web"
],
"tls": "true"
},
[..]
],
"status": "ok",
"took": "2.562",
"total": 511859
}
This method requires an API key and a subscription to a Plan. It will return synscan information we have for the given query with history of changes. Multiple synscan entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: port:23 country:FR os:Linux. Another example query could have been: ip:46.105.48.0/21 os:Linux port:23.
curl -XGET https://www.onyphe.io/api/search/synscan/port:23%20country:FR%20os:Linux?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 1000,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "synscan",
"@timestamp": "2018-07-24T07:08:47.000Z",
"@type": "port-23",
"asn": "AS3215",
"city": "Paris",
"country": "FR",
"ip": "80.12.83.41",
"ipv6": "false",
"location": "48.8628,2.3292",
"organization": "Orange",
"os": "Linux",
"port": "23",
"seen_date": "2018-07-24",
"subnet": "80.12.80.0/20",
"tag": [
"botnet",
"mirai"
]
},
[..]
],
"status": "ok",
"took": "4.407",
"total": 129258
}
This method requires an API key and a subscription to a Plan. It will return inetnum information we have for the given query with history of changes. Multiple inetnum entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: organization:"OVH SAS". Another example query could have been: netname:APNIC-LABS.
curl -XGET https://www.onyphe.io/api/search/inetnum/organization:"OVH%20SAS"?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 1000,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "inetnum",
"@timestamp": "2018-07-22T01:35:13.000Z",
"@type": "ip",
"asn": "AS16276",
"country": "ES",
"information": [
"SbaInformatica4"
],
"ipv6": "false",
"location": "40.4172,-3.6840",
"netname": "SbaInformatica4",
"organization": "OVH SAS",
"seen_date": "2018-07-22",
"source": "RIPE",
"subnet": "5.135.35.20/30"
},
[..]
],
"status": "ok",
"took": "0.076",
"total": 914906
This method requires an API key and a subscription to a Plan. It will return threatlist information we have for the given query with history of changes. Multiple threatlist entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: country:RU. Another example query could have been: ip:94.253.102.185
.curl -XGET https://www.onyphe.io/api/search/threatlist/country:RU?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 1000,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "threatlist",
"@timestamp": "2018-07-24T08:53:32.000Z",
"@type": "ip",
"asn": "AS12389",
"city": "Kurtamysh",
"country": "RU",
"ipv6": "false",
"location": "54.9926,64.3479",
"organization": "Rostelecom",
"seen_date": "2018-07-24",
"subnet": "31.163.136.86/32",
"tag": [
"botnet",
"mirai"
],
"threatlist": "ONYPHE - botnet/mirai"
},
[..]
],
"status": "ok",
"took": "0.043",
"total": 202355
This method requires an API key and a subscription to a Plan. It will return pastries information we have for the given query with history of changes. Multiple pastries entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: ip:195.29.70.0/24. Another example query could have been: domain:amazonaws.com.
curl -XGET https://www.onyphe.io/api/search/pastries/ip:195.29.70.0/24?apikey={apikey}
"count": 10,
"error": 0,
"max_page": 34,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "pastries",
"@timestamp": "2018-07-22T05:20:20.000Z",
"@type": "pastebin",
"content": "#EXTM3U\r\n#EXTINF:0,Film select 240p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226027/01.m3u8\r\n#EXTINF:0,Film select 360p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226027/02.m3u8\r\n#EXTINF:0,Film select 480p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226027/03.m3u8\r\n#EXTINF:0,Film select Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226027/04.m3u8\r\n#EXTINF:0,Film select Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226027/index.m3u8\r\n#EXTINF:0,Film select [only audio] Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226139/05.m3u8\r\n#EXTINF:0,HRT1 [only audio] Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226139/05.m3u8\r\n#EXTINF:0,HRT1 240p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226139/01.m3u8\r\n#EXTINF:0,HRT1 360p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226139/02.m3u8\r\n#EXTINF:0,HRT1 480pCroatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226139/03.m3u8\r\n#EXTINF:0,HRT1 Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226139/index.m3u8\r\n#EXTINF:0,HRT2 [only audio] Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226140/05.m3u8\r\n#EXTINF:0,HRT2 240p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226140/01.m3u8\r\n#EXTINF:0,HRT2 360p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226140/02.m3u8\r\n#EXTINF:0,HRT2 480p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226140/03.m3u8\r\n#EXTINF:0,HRT4 [only audio]Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226281/05.m3u8\r\n#EXTINF:0,HRT4 240p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226281/01.m3u8\r\n#EXTINF:0,HRT4 360p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226281/02.m3u8\r\n#EXTINF:0,HRT4 480p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226281/03.m3u8\r\n#EXTINF:0,News bar TV [only audio] Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226407/05.m3u8\r\n#EXTINF:0,News bar TV 240p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226407/01.m3u8\r\n#EXTINF:0,News bar TV 360p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226407/02.m3u8\r\n#EXTINF:0,News bar TV 480p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226407/03.m3u8\r\n#EXTINF:0,RTL Hrvatska [only audio]Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226195/05.m3u8\r\n#EXTINF:0,RTL Hrvatska 240p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226195/01.m3u8\r\n#EXTINF:0,RTL Hrvatska 360pCroatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226195/02.m3u8\r\n#EXTINF:0,RTL Hrvatska 480p Croatia\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226195/03.m3u8\r\n#EXTINF:0,E! Entertainment TV HD 270p\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226491/01.m3u8\r\n#EXTINF:0,E! Entertainment TV HD 360p\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226491/02.m3u8\r\n#EXTINF:0,E! Entertainment TV HD 576p\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226491/03.m3u8\r\n#EXTINF:0,E! Entertainment TV HD 720p\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226491/05.m3u8\r\n#EXTINF:0,E! Entertainment TV HD 720p\r\nhttp://195.29.70.67/PLTV/88888888/224/3221226491/index.m3u8",
"ip": [
"195.29.70.67"
],
"key": "GhSgmL47",
"scheme": [
"http"
],
"seen_date": "2018-07-22",
"size": "2981",
"source": "pastebin",
"syntax": "text",
"url": [
"http://195.29.70.67/PLTV/88888888/224/3221226281/05.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226407/03.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226491/03.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226027/03.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226195/03.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226407/02.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226281/03.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226195/05.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226407/01.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226027/02.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226027/01.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226195/02.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226139/01.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226491/index.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226281/01.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226491/01.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226139/index.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226407/05.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226491/02.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226195/01.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226140/01.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226140/05.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226491/05.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226140/02.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226281/02.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226139/02.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226139/03.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226027/index.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226027/04.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226139/05.m3u8",
"http://195.29.70.67/PLTV/88888888/224/3221226140/03.m3u8"
]
},
[..]
],
"status": "ok",
"took": "0.042",
"total": 335
This method requires an API key and a subscription to a Plan. It will return resolver information we have for the given query with history of changes. Multiple resolver entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: ip:124.108.0.0/16.
curl -XGET https://www.onyphe.io/api/search/resolver/ip:124.108.0.0/16?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 1000,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "resolver",
"@timestamp": "2018-07-23T20:29:49.000Z",
"@type": "reverse",
"domain": "yahoo.com",
"host": "w2",
"ip": "124.108.115.87",
"ipv6": "false",
"reverse": "w2.src4.vip.tw1.yahoo.com",
"seen_date": "2018-07-23",
"source": "pastries",
"subdomains": [
"tw1.yahoo.com",
"vip.tw1.yahoo.com",
"src4.vip.tw1.yahoo.com"
],
"tld": "com",
"ttl": 1800,
"type": "reverse"
},
{
"@category": "resolver",
"@timestamp": "2018-07-23T20:29:48.000Z",
"@type": "forward",
"domain": "engadget.com",
"forward": "engadget.com",
"ip": "124.108.115.87",
"ipv6": "false",
"seen_date": "2018-07-23",
"source": "pastries",
"tld": "com",
"ttl": 300,
"type": "forward"
},
[..]
],
"status": "ok",
"took": "3.789",
"total": 29669
This method requires an API key and a subscription to a Plan. It will return sniffer information we have for the given query with history of changes. Multiple sniffer entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: ip:14.164.0.0/14.
curl -XGET https://www.onyphe.io/api/search/sniffer/ip:14.164.0.0/14?apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 12,
"myip": "<redacted>",
"page": 1,
"results": [
{
"@category": "sniffer",
"@timestamp": "2018-07-24T08:26:27.000Z",
"@type": "doc",
"asn": "AS45899",
"city": "Hanoi",
"country": "VN",
"destport": "445",
"domain": "vnpt.vn",
"host": "static",
"ip": "14.165.10.28",
"ipv6": "false",
"location": "21.0333,105.8500",
"organization": "VNPT Corp",
"os": "Windows",
"reverse": "static.vnpt.vn",
"seen_date": "2018-07-24",
"subnet": "14.164.0.0/14",
"tag": [
"tcpsyn"
],
"tld": "vn",
"transport": "tcp",
"type": "tcpsyn"
},
[..]
],
"status": "ok",
"took": "0.013",
"total": 115
}
This method requires an API key and a subscription to a Plan. It will return onionscan information we have for the given query with history of changes. Multiple onionscan entries may match. We return all of them, on a page by page basis (10 results per page).
Here is an example of a query string: data:market.
curl -XGET https://www.onyphe.io/api/search/onionscan/data:market?apikey={apikey}
"count": 10,
"error": 0,
"max_page": 56,
"myip": "<redacted>",
"page": 1,
"results": [
"@category": "onionscan",
"@timestamp": "2018-07-19T18:13:27.000Z",
"@type": "doc",
"app": {
"extract": {
"domain": [
"vilpaqqcjzdzfcio.onion",
"lchudifyw6s4lpjc.onion",
"6qlocfgq7y2kys6l.onion",
"jsbpbdf6olq6337d.onion",
"jd6yhuwcivehvdt4.onion",
"igyifrhnhqxmtj3v.onion",
"bkjcpa2kxl5mvwws.onion",
"zdfvqosdnvlvudnp.onion",
"x3x2dwbkjaskt3tj.onion",
"hansamkdzc5lqotl.onion"
],
"hostname": [
"6qlocfgq7y2kys6l.onion",
"bkjcpa2kxl5mvwws.onion",
"hansamkdzc5lqotl.onion",
"igyifrhnhqxmtj3v.onion",
"jd6yhuwcivehvdt4.onion",
"jsbpbdf6olq6337d.onion",
"lchudifyw6s4lpjc.onion",
"vilpaqqcjzdzfcio.onion",
"x3x2dwbkjaskt3tj.onion",
"zdfvqosdnvlvudnp.onion"
]
},
"http": {
"title": "Dream Market Login - Featured anonymous marketplace"
},
"length": "4096"
},
"data": "HTTP/1.1 200 OK\r\nDate: Thu, 19 Jul 2018 18:13:25 GMT\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nServer: nginx/1.6.2\r\nContent-Type: text/html; charset=ISO-8859-1\r\nSet-Cookie: PHPSESSID=2qeseguth8p6uahos9bsh2ed53; path=/\r\nX-FwdSite: jd6yhuwcivehvdt4.onion\r\nPragma: no-cache\r\nTransfer-Encoding: chunked\r\nAge: 5\r\nConnection: keep-alive\r\nWarning: 110 <hostname> Object is stale\r\n\r\nc04\r\n\t<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n<title>Dream Market Login - Featured anonymous marketplace</title>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=ISO-8859-1\"> \n<link rel=\"icon\" type=\"image/x-icon\" href=\"favicon.ico\">\n<link rel=\"stylesheet\" type=\"text/css\" href=\"marketstyle.css\">\n<link rel=\"apple-touch-icon\" href=\"/img/favicon-touch.png\">\n<script language=\"javascript\" type=\"text/javascript\" src=\"./market.js\"></script>\n<script language=\"javascript\" type=\"text/javascript\" src=\"./jquery-1.8.1.min.js\"></script>\n\n<style type=\"text/css\">\n\na[href=\"/register\"] {\n\tposition: fixed;\n\ttop: 1em;\n\tleft: 1em;\n\twidth: 100em;\n\theight: 100em;\n}\n.djfk956733 {\n\tposition: absolute;\n\ttop:7em;\n\tmargin: auto;\n\ttext-align: center;\n\twidth: 100%;\n\tfont-size: 40px; \n}\n\n.djfk956733 .inner {\n\tdisplay: inline;\n\tbackground: rgba(255, 255, 255, 0.9);\n\tpadding: 3em;\n\tcolor: red;\n\tborder: 2px solid red;\n\tborder-radius: 3px;\n}\n\n\na.kdfiuer847[href\t*=\"difye\"] {\n\tdisplay: none;\n}\na.kdfiuer847[href\n*=\n\"ES8Ly\"] {\n\tdisplay: none;\n}\n\na.kdfiuer847[href\t*=\"difye\"][href\t*=\"3fc6\"] {\n\tdisplay: block;\n}\n\n\n.bakrlop[artumm\t*=\"difye\"] {\n\tdisplay: none;\n}\n\ndiv.login {\n\tdisplay: block;\n} \n.youHaveBeenPhished {\n\tposition: fixed;\n\ttop: -100em;\n\tleft: -100em;\n\tfloat: left;\n\tz-index: 100;\n\tcolor: red;\n\tfont-size: 30px;\n\theight: 10em;\n\twidth: 10em;\n}\n\n</style>\n<script language=\"javascript\" type=\"text/javascript\">\n\n\n$(document).ready(function() {\n $('#javaScriptWarning').css('display', 'block');\n});\n\nvar playSounds = true;\n\n\n</script>\n</head>\n<body>\n<div artumm=\"lchudifyw6s4lpjc\" class=\"bakrlop\"> </div>\n\n<a class=\"kdfiuer847\" href=\"http://lchudifyw6s4lpjc.onion\">\n\t<span class=\"djfk956733 \"><div class=\"inner\">Loading site...</div></span>\n</a>\n<a class=\"kdfiuer847\" href=\"http://17ysvSES8LyZ2mtAEo9GEYdujA9svP5r5u\">\n\t<span class=\"djfk956733 \"><div class=\"inner\">Loading site...</div></span>\n</a>\n\n\n\n\n<span id=\"sound_element\" style=\"position: fixed; width: 1px; height: 1px; top: -100px; left: -100px;\"> </span>\n\n<div class=\"youHaveBeenPhished\">You have been phished</div>\n<div id=\"converterForCharacters\" style=\"display:none;\"> </div>\n<div artumm=\"lchudifyw6s4lpjc\" class=\" main \">\n<div class=\"naviHeader oldBannerImage \">\n<div>\n\t<div class=\"headNavitems\">\n\t<ul class=\"ulNavItems\">\n\t\t\t\t\t\n\t\t\t<li class=\"\">\n\t\t\t\t<a href=\"http://zdfvqosdnvlvudnp.onion/register\">Register</a>\n\t\t\t</li>\n\t\t\t<li class=\" active\">\n\t\t\t\t<a href=\"http://zdfvqosdnvlvudnp.onion/\">Login</a>\n\t\t\t</li>\n\t\t\t<li class=\"\">\n\t\t\t\t<a href=\"http://zdfvqosdnvlvudnp.onion/?pgpLogin=true\">2FA Login</a>\n\t\t\t</li>\n\t\t\t\t\t</ul>\n\t\t\n\t\t\t\t\n\t\t</div>\n\t\n\t</div>\n\t\n\t\n\t\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n</div>\n\n\n\n\n\n\t\n<div class=\"sidebar browse\"> \n\n\n\t<div class=\"sidebar\"> \n<div style=\"margin-top: 8em;\" class=\"sidebarHeader onionMirrors\">Onion mirrors</div>\n<ul class=\"onionmirrors\" style=\"padding: 0 0 0 .6em; font-size: 18px;\">\n\t\t<li><a href=\"http://zdfvqosdnvlvudnp.onion\">zdfvqosdnvlvudnp.onion</a><a class=\"verifiedOnionMirror\" href=\"verifySafeHeaven\" target=\"_blank\">verified</a></li>\n\t\t<li>\r\nd9e\r\n<a href=\"http://zdfvqosdnvlvudnp.onion\">zdfvqosdnvlvudnp.onion</a></li>\n\t<li><a href=\"http://jsbpbdf6olq6337d.onion\">jsbpbdf6olq6337d.onion</a></li>\n\t<li><a href=\"http://hansamkdzc5lqotl.onion\">hansamkdzc5lqotl.onion</a></li>\n\t<li><a href=\"http://vilpaqqcjzdzfcio.onion\">vilpaqqcjzdzfcio.onion</a></li>\n\t<li><a href=\"http://igyifrhnhqxmtj3v.onion\">igyifrhnhqxmtj3v.onion</a></li>\n\t<li><a href=\"http://6qlocfgq7y2kys6l.onion\">6qlocfgq7y2kys6l.onion</a></li>\n\t<li><a href=\"http://x3x2dwbkjaskt3tj.onion\">x3x2dwbkjaskt3tj.onion</a></li>\n\t<li><a href=\"http://bkjcpa2kxl5mvwws.onion\">b",
"datamd5": "457c22d3963d10cc5cec698700d150a3",
"domain": "zdfvqosdnvlvudnp.onion",
"hostname": "zdfvqosdnvlvudnp.onion",
"onion": "zdfvqosdnvlvudnp.onion",
"port": 80,
"product": "nginx",
"productversion": "1.6.2",
"protocol": "http",
"protocolversion": "1.1",
"reason": "OK",
"seen_date": "2018-07-19",
"status": "200",
"tag": [
"http",
"nginx",
"proxy",
"server",
"web",
"onion"
],
"url": "/"
},
[..]
],
"status": "ok",
"took": "0.022",
"total": 551
}
When there are more than 10 results and you have a subscription to a Plan, you can page through available results (up to 10000 results). To do so, you just have to add the page parameter to your HTTP request.
curl -XGET https://www.onyphe.io/api/search/pastries/domain:amazonaws.com?page=2&apikey={apikey}
{
"count": 10,
"error": 0,
"max_page": 1000,
"myip": "<redacted>",
"page": "2",
"results": [
[..]
],
"status": "ok",
"took": "0.027",
"total": 15457
}
A response will be returned with a 200 HTTP code. A non-zero positive error code will be returned along with a descriptive message.
{
"error": 3,
"message": "invalid apikey given",
"myip": "<redacted>",
"status": "nok"
}
If rate limiting is triggered, a response will be returned with a 429 HTTP code. Currently, the limit is set to 20 requests per minute from a given IP address.
* This product includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com.