Open API requests

GET
/api/myip

Return your client IP address

This method is open to use. There is need for an API key.

Request URL

curl -XGET https://www.onyphe.io/api/myip

Parameters

  • None

Sample response

{
  "error": 0,
  "myip": "127.0.0.1",
  "status": "ok"
}

GET
/api/geoloc/{IP}

Return geolocation information for the given IPv{4,6} address

This method is open to use. There is need for an API key.

Request URL

curl -XGET https://www.onyphe.io/api/geoloc/{IP}

Parameters

  • None

Sample response

{
  "count": 1,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "geoloc",
      "@timestamp": "2017-11-17T14:07:37.000Z",
      "@type": "ip",
      "asn": "AS15133",
      "city": "Norwell",
      "country": "US",
      "country_name": "United States",
      "geolocation": "42.1508,-70.8228",
      "ip": "93.184.216.34",
      "ipv6": "false",
      "latitude": "42.1508",
      "longitude": "-70.8228",
      "organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
      "subnet": "93.184.216.34/32"
    }
  ],
  "status": "ok",
  "took": "0.004668",
  "total": 1
}

Requests requiring an API key

GET
/api/user/

Return information about your user account

This method requires an API key. This will return information about your user account, like the number of query credits remaining.

Request URL

curl -XGET https://www.onyphe.io/api/user/?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 1,
  "error": 0,
  "myip": "<redacted>",
  "results": [
    {
      "@category": "user",
      "@timestamp": "2017-10-24T09:45:44.000Z",
      "@type": "account",
      "apikey": "<redacted>",
      "credits": 0,
      "license": 2,
      "seen_date": "2017-10-24"
    }
  ],
  "status": "ok",
  "took": "0.002",
  "total": 1
}

GET
/api/ip/{IP}

Return a summary of all information

This method requires an API key. This will return a summary of all information we have for the given IPv{4,6} address. History of changes will not be shown, only latest results.

Request URL

curl -XGET https://www.onyphe.io/api/ip/{IP}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 6,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "geoloc",
      "@timestamp": "2017-11-17T14:10:36.000Z",
      "@type": "ip",
      "asn": "AS15133",
      "city": "Norwell",
      "country": "US",
      "country_name": "United States",
      "geolocation": "42.1508,-70.8228",
      "ip": "93.184.216.34",
      "ipv6": "false",
      "latitude": "42.1508",
      "longitude": "-70.8228",
      "organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
      "subnet": "93.184.216.34/32"
    },
    {
      "@category": "inetnum",
      "@timestamp": "2017-11-12T02:40:09.000Z",
      "@type": "ip",
      "country": "EU",
      "information": [
        "NETBLK-03-EU-93-184-216-0-24"
      ],
      "ipv6": "0",
      "netname": "EDGECAST-NETBLK-03",
      "seen_date": "2017-11-12",
      "source": "RIPE",
      "subnet": "93.184.216.0/24"
    },
    {
      "@category": "pastries",
      "@timestamp": "2017-10-18T02:23:54.000Z",
      "@type": "pastebin",
      "domain": [
        "example.com"
      ],
      "hostname": [
        "example.com"
      ],
      "ip": [
        "93.184.216.34",
        "2606:2800:220:1:248:1893:25c8:1946"
      ],
      "key": "u13DKxSM",
      "seen_date": "2017-10-18"
    },
    {
      "@category": "pastries",
      "@timestamp": "2017-10-18T02:23:54.000Z",
      "@type": "pastebin",
      "domain": [
        "example.com"
      ],
      "hostname": [
        "example.com"
      ],
      "ip": [
        "93.184.216.34",
        "2606:2800:220:1:248:1893:25c8:1946"
      ],
      "key": "u13DKxSM",
      "seen_date": "2017-10-18"
    },
    {
      "@category": "resolver",
      "@timestamp": "2017-10-08T19:58:32.000Z",
      "@type": "forward",
      "domain": "example.com",
      "forward": "example.com",
      "ip": "93.184.216.34",
      "ipv6": "0",
      "seen_date": "2017-10-08"
    },
    {
      "@category": "resolver",
      "@timestamp": "2017-10-08T19:58:32.000Z",
      "@type": "forward",
      "domain": "example.com",
      "forward": "example.com",
      "ip": "93.184.216.34",
      "ipv6": "0",
      "seen_date": "2017-10-08"
    },
    {
  ],
  "status": "ok",
  "took": "0.243",
  "total": 5299
}

GET
/api/inetnum/{IP}

Return inetnum information

This method requires an API key. It will return inetnum information we have for the given IPv{4,6} address with history of changes. Multiple subnets may match because of delegation mechanisms. We return all of them.

Request URL

curl -XGET https://www.onyphe.io/api/inetnum/{IP}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 4,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "inetnum",
      "@timestamp": "2017-11-12T02:40:09.000Z",
      "@type": "ip",
      "country": "EU",
      "information": [
        "NETBLK-03-EU-93-184-216-0-24"
      ],
      "ipv6": "0",
      "netname": "EDGECAST-NETBLK-03",
      "seen_date": "2017-11-12",
      "source": "RIPE",
      "subnet": "93.184.216.0/24"
    },
    {
      "@category": "inetnum",
      "@timestamp": "2017-11-12T02:40:09.000Z",
      "@type": "ip",
      "country": "US",
      "ipv6": "0",
      "netname": "EU-EDGECASTEU-20080602",
      "seen_date": "2017-11-12",
      "source": "RIPE",
      "subnet": "93.184.208.0/20"
    },
    {
      "@category": "inetnum",
      "@timestamp": "2017-10-20T06:38:55.000Z",
      "@type": "ip",
      "country": "US",
      "ipv6": "0",
      "netname": "EU-EDGECASTEU-20080602",
      "seen_date": "2017-10-20",
      "source": "RIPE",
      "subnet": "93.184.208.0/20"
    },
    {
      "@category": "inetnum",
      "@timestamp": "2017-10-20T06:38:55.000Z",
      "@type": "ip",
      "country": "EU",
      "information": [
        "NETBLK-03-EU-93-184-216-0-24"
      ],
      "ipv6": "0",
      "netname": "EDGECAST-NETBLK-03",
      "seen_date": "2017-10-20",
      "source": "RIPE",
      "subnet": "93.184.216.0/24"
    }
  ],
  "status": "ok",
  "took": "0.054",
  "total": 4
}

GET
/api/threatlist/{IP}

Return threatlist information

This method requires an API key. It will return threatlist information we have for the given IPv{4,6} address with history of changes. Multiple threatlist may match. We return all of them, but only those matching and not all others.

Request URL

curl -XGET https://www.onyphe.io/api/threatlist/{IP}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 3,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "threatlist",
      "@timestamp": "2017-10-20T07:30:28.000Z",
      "@type": "ip",
      "ipv6": "0",
      "seen_date": "2017-10-20",
      "subnet": "193.107.17.56/32",
      "threatlist": "EmergingThreats - Spamhaus, DShield and Abuse.ch"
    },
    {
      "@category": "threatlist",
      "@timestamp": "2017-10-20T07:30:28.000Z",
      "@type": "ip",
      "ipv6": "0",
      "seen_date": "2017-10-20",
      "subnet": "193.107.17.56/32",
      "threatlist": "Abuse.ch - Zeus IPs"
    },
    {
      "@category": "threatlist",
      "@timestamp": "2017-10-20T07:30:28.000Z",
      "@type": "ip",
      "ipv6": "0",
      "seen_date": "2017-10-20",
      "subnet": "193.107.17.56/32",
      "threatlist": "Abuse.ch - Zeus bad IPs"
    }
  ],
  "status": "ok",
  "took": "0.008",
  "total": 3
}

GET
/api/pastries/{IP}

Return pastries information

This method requires an API key. It will return pastries information we have for the given IPv{4,6} address with history of changes. Multiple pastries may match. We return all of them. Currently, we only return pastries collected from pastebin.com.

Request URL

curl -XGET https://www.onyphe.io/api/pastries/{IP}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 2,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "pastries",
      "@timestamp": "2017-10-18T02:23:54.000Z",
      "@type": "pastebin",
      "domain": [
        "example.com"
      ],
      "hostname": [
        "example.com"
      ],
      "ip": [
        "93.184.216.34",
        "2606:2800:220:1:248:1893:25c8:1946"
      ],
      "key": "u13DKxSM",
      "seen_date": "2017-10-18"
    },
    {
      "@category": "pastries",
      "@timestamp": "2017-10-18T02:23:54.000Z",
      "@type": "pastebin",
      "domain": [
        "example.com"
      ],
      "hostname": [
        "example.com"
      ],
      "ip": [
        "93.184.216.34",
        "2606:2800:220:1:248:1893:25c8:1946"
      ],
      "key": "u13DKxSM",
      "seen_date": "2017-10-18"
    }
  ],
  "status": "ok",
  "took": "0.002",
  "total": 2
}

GET
/api/synscan/{IP}

Return synscan information

This method requires an API key. It will return synscan information we have for the given IPv{4,6} address with history of changes. Multiple synscan entries may match. We return all of them.

Request URL

curl -XGET https://www.onyphe.io/api/synscan/{IP}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 1,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "synscan",
      "@timestamp": "2017-09-23T15:45:31.000Z",
      "@type": "port-80",
      "asn": "AS18779",
      "city": "San Jose",
      "country": "US",
      "country_name": "United States",
      "ip": "107.164.81.7",
      "location": "37.3387,-121.8914",
      "organization": "EGIHosting",
      "os": "Linux",
      "port": "80",
      "seen_date": "2017-09-23"
    }
  ],
  "status": "ok",
  "took": "0.002",
  "total": 1
}

GET
/api/datascan/{IP,string}

Return datascan information

This method requires an API key. It will return datascan information we have for the given IPv{4,6} address or string with history of changes. Multiple datascan entries may match. We return all of them.

Request URL

curl -XGET https://www.onyphe.io/api/datascan/{IP,string}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 1,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "datascan",
      "@timestamp": "2017-11-12T19:52:05.000Z",
      "@type": "http",
      "asn": "AS8075",
      "city": "Redmond",
      "country": "US",
      "data": "HTTP/1.0 200 OK\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-length: 327\r\n\r\n{\n  \"name\" : \"hXSGxzz\",\n  \"cluster_name\" : \"elasticsearch\",\n  \"cluster_uuid\" : \"5IVvGtKTThaDd9mex2IYQw\",\n  \"version\" : {\n    \"number\" : \"5.6.0\",\n    \"build_hash\" : \"781a835\",\n    \"build_date\" : \"2017-09-07T03:09:58.087Z\",\n    \"build_snapshot\" : false,\n    \"lucene_version\" : \"6.6.0\"\n  },\n  \"tagline\" : \"You Know, for Search\"\n}\n",
      "ip": "52.191.160.14",
      "ipv6": "false",
      "location": "47.6801,-122.1206",
      "organization": "Microsoft Corporation",
      "port": "9200",
      "protocol": "http",
      "seen_date": "2017-11-12"
    }
  ],
  "status": "ok",
  "took": "0.002",
  "total": 1
}

GET
/api/reverse/{IP}

Return reverse information

This method requires an API key. It will return reverse DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple reverse DNS entries may match. We return all of them.

Request URL

curl -XGET https://www.onyphe.io/api/reverse/{IP}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 1,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2017-11-07T10:11:21.000Z",
      "@type": "reverse",
      "domain": "net.in",
      "ip": "182.59.164.193",
      "ipv6": 0,
      "reverse": "static-mum-182.59.164.193.mtnl.net.in",
      "seen_date": "2017-11-07"
    }
  ],
  "status": "ok",
  "took": "0.019",
  "total": 1
}

GET
/api/forward/{IP}

Return forward information

This method requires an API key. It will return forward DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple forward DNS entries may match. We return all of them.

Request URL

curl -XGET https://www.onyphe.io/api/forward/{IP}?apikey={apikey}

Parameters

  • apikey: your personal key.

Sample response

{
  "count": 1,
  "error": 0,
  "myip": "127.0.0.1",
  "results": [
    {
      "@category": "resolver",
      "@timestamp": "2017-10-08T21:57:25.000Z",
      "@type": "forward",
      "domain": "com.br",
      "forward": "www.otvfoco.com.br",
      "ip": "2.22.52.73",
      "ipv6": "0",
      "seen_date": "2017-10-08"
    }
  ],
  "status": "ok",
  "took": "0.027",
  "total": 1
}

Error handling

A response will be returned with a 200 HTTP code. A non-zero positive error code will be returned along with a descriptive message.

Sample response

{
  "error": 3,
  "message": "invalid apikey given",
  "myip": "127.0.0.1",
  "status": "nok"
}

Rate limiting

If rate limiting is triggered, a response will be returned with a 429 HTTP code.