This method is open to use. There is need for an API key.
curl -XGET https://www.onyphe.io/api/myip
{
"error": 0,
"myip": "127.0.0.1",
"status": "ok"
}
This method is open to use. There is need for an API key.
curl -XGET https://www.onyphe.io/api/geoloc/{IP}
{
"count": 1,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "geoloc",
"@timestamp": "2017-11-17T14:07:37.000Z",
"@type": "ip",
"asn": "AS15133",
"city": "Norwell",
"country": "US",
"country_name": "United States",
"geolocation": "42.1508,-70.8228",
"ip": "93.184.216.34",
"ipv6": "false",
"latitude": "42.1508",
"longitude": "-70.8228",
"organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
"subnet": "93.184.216.34/32"
}
],
"status": "ok",
"took": "0.004668",
"total": 1
}
This method requires an API key. This will return information about your user account, like the number of query credits remaining.
curl -XGET https://www.onyphe.io/api/user/?apikey={apikey}
{
"count": 1,
"error": 0,
"myip": "<redacted>",
"results": [
{
"@category": "user",
"@timestamp": "2017-10-24T09:45:44.000Z",
"@type": "account",
"apikey": "<redacted>",
"credits": 0,
"license": 2,
"seen_date": "2017-10-24"
}
],
"status": "ok",
"took": "0.002",
"total": 1
}
This method requires an API key. This will return a summary of all information we have for the given IPv{4,6} address. History of changes will not be shown, only latest results.
curl -XGET https://www.onyphe.io/api/ip/{IP}?apikey={apikey}
{
"count": 6,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "geoloc",
"@timestamp": "2017-11-17T14:10:36.000Z",
"@type": "ip",
"asn": "AS15133",
"city": "Norwell",
"country": "US",
"country_name": "United States",
"geolocation": "42.1508,-70.8228",
"ip": "93.184.216.34",
"ipv6": "false",
"latitude": "42.1508",
"longitude": "-70.8228",
"organization": "MCI Communications Services, Inc. d/b/a Verizon Business",
"subnet": "93.184.216.34/32"
},
{
"@category": "inetnum",
"@timestamp": "2017-11-12T02:40:09.000Z",
"@type": "ip",
"country": "EU",
"information": [
"NETBLK-03-EU-93-184-216-0-24"
],
"ipv6": "0",
"netname": "EDGECAST-NETBLK-03",
"seen_date": "2017-11-12",
"source": "RIPE",
"subnet": "93.184.216.0/24"
},
{
"@category": "pastries",
"@timestamp": "2017-10-18T02:23:54.000Z",
"@type": "pastebin",
"domain": [
"example.com"
],
"hostname": [
"example.com"
],
"ip": [
"93.184.216.34",
"2606:2800:220:1:248:1893:25c8:1946"
],
"key": "u13DKxSM",
"seen_date": "2017-10-18"
},
{
"@category": "pastries",
"@timestamp": "2017-10-18T02:23:54.000Z",
"@type": "pastebin",
"domain": [
"example.com"
],
"hostname": [
"example.com"
],
"ip": [
"93.184.216.34",
"2606:2800:220:1:248:1893:25c8:1946"
],
"key": "u13DKxSM",
"seen_date": "2017-10-18"
},
{
"@category": "resolver",
"@timestamp": "2017-10-08T19:58:32.000Z",
"@type": "forward",
"domain": "example.com",
"forward": "example.com",
"ip": "93.184.216.34",
"ipv6": "0",
"seen_date": "2017-10-08"
},
{
"@category": "resolver",
"@timestamp": "2017-10-08T19:58:32.000Z",
"@type": "forward",
"domain": "example.com",
"forward": "example.com",
"ip": "93.184.216.34",
"ipv6": "0",
"seen_date": "2017-10-08"
},
{
],
"status": "ok",
"took": "0.243",
"total": 5299
}
This method requires an API key. It will return inetnum information we have for the given IPv{4,6} address with history of changes. Multiple subnets may match because of delegation mechanisms. We return all of them.
curl -XGET https://www.onyphe.io/api/inetnum/{IP}?apikey={apikey}
{
"count": 4,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "inetnum",
"@timestamp": "2017-11-12T02:40:09.000Z",
"@type": "ip",
"country": "EU",
"information": [
"NETBLK-03-EU-93-184-216-0-24"
],
"ipv6": "0",
"netname": "EDGECAST-NETBLK-03",
"seen_date": "2017-11-12",
"source": "RIPE",
"subnet": "93.184.216.0/24"
},
{
"@category": "inetnum",
"@timestamp": "2017-11-12T02:40:09.000Z",
"@type": "ip",
"country": "US",
"ipv6": "0",
"netname": "EU-EDGECASTEU-20080602",
"seen_date": "2017-11-12",
"source": "RIPE",
"subnet": "93.184.208.0/20"
},
{
"@category": "inetnum",
"@timestamp": "2017-10-20T06:38:55.000Z",
"@type": "ip",
"country": "US",
"ipv6": "0",
"netname": "EU-EDGECASTEU-20080602",
"seen_date": "2017-10-20",
"source": "RIPE",
"subnet": "93.184.208.0/20"
},
{
"@category": "inetnum",
"@timestamp": "2017-10-20T06:38:55.000Z",
"@type": "ip",
"country": "EU",
"information": [
"NETBLK-03-EU-93-184-216-0-24"
],
"ipv6": "0",
"netname": "EDGECAST-NETBLK-03",
"seen_date": "2017-10-20",
"source": "RIPE",
"subnet": "93.184.216.0/24"
}
],
"status": "ok",
"took": "0.054",
"total": 4
}
This method requires an API key. It will return threatlist information we have for the given IPv{4,6} address with history of changes. Multiple threatlist may match. We return all of them, but only those matching and not all others.
curl -XGET https://www.onyphe.io/api/threatlist/{IP}?apikey={apikey}
{
"count": 3,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "threatlist",
"@timestamp": "2017-10-20T07:30:28.000Z",
"@type": "ip",
"ipv6": "0",
"seen_date": "2017-10-20",
"subnet": "193.107.17.56/32",
"threatlist": "EmergingThreats - Spamhaus, DShield and Abuse.ch"
},
{
"@category": "threatlist",
"@timestamp": "2017-10-20T07:30:28.000Z",
"@type": "ip",
"ipv6": "0",
"seen_date": "2017-10-20",
"subnet": "193.107.17.56/32",
"threatlist": "Abuse.ch - Zeus IPs"
},
{
"@category": "threatlist",
"@timestamp": "2017-10-20T07:30:28.000Z",
"@type": "ip",
"ipv6": "0",
"seen_date": "2017-10-20",
"subnet": "193.107.17.56/32",
"threatlist": "Abuse.ch - Zeus bad IPs"
}
],
"status": "ok",
"took": "0.008",
"total": 3
}
This method requires an API key. It will return pastries information we have for the given IPv{4,6} address with history of changes. Multiple pastries may match. We return all of them. Currently, we only return pastries collected from pastebin.com.
curl -XGET https://www.onyphe.io/api/pastries/{IP}?apikey={apikey}
{
"count": 2,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "pastries",
"@timestamp": "2017-10-18T02:23:54.000Z",
"@type": "pastebin",
"domain": [
"example.com"
],
"hostname": [
"example.com"
],
"ip": [
"93.184.216.34",
"2606:2800:220:1:248:1893:25c8:1946"
],
"key": "u13DKxSM",
"seen_date": "2017-10-18"
},
{
"@category": "pastries",
"@timestamp": "2017-10-18T02:23:54.000Z",
"@type": "pastebin",
"domain": [
"example.com"
],
"hostname": [
"example.com"
],
"ip": [
"93.184.216.34",
"2606:2800:220:1:248:1893:25c8:1946"
],
"key": "u13DKxSM",
"seen_date": "2017-10-18"
}
],
"status": "ok",
"took": "0.002",
"total": 2
}
This method requires an API key. It will return synscan information we have for the given IPv{4,6} address with history of changes. Multiple synscan entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/synscan/{IP}?apikey={apikey}
{
"count": 1,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "synscan",
"@timestamp": "2017-09-23T15:45:31.000Z",
"@type": "port-80",
"asn": "AS18779",
"city": "San Jose",
"country": "US",
"country_name": "United States",
"ip": "107.164.81.7",
"location": "37.3387,-121.8914",
"organization": "EGIHosting",
"os": "Linux",
"port": "80",
"seen_date": "2017-09-23"
}
],
"status": "ok",
"took": "0.002",
"total": 1
}
This method requires an API key. It will return datascan information we have for the given IPv{4,6} address or string with history of changes. Multiple datascan entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/datascan/{IP,string}?apikey={apikey}
{
"count": 1,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "datascan",
"@timestamp": "2017-11-12T19:52:05.000Z",
"@type": "http",
"asn": "AS8075",
"city": "Redmond",
"country": "US",
"data": "HTTP/1.0 200 OK\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-length: 327\r\n\r\n{\n \"name\" : \"hXSGxzz\",\n \"cluster_name\" : \"elasticsearch\",\n \"cluster_uuid\" : \"5IVvGtKTThaDd9mex2IYQw\",\n \"version\" : {\n \"number\" : \"5.6.0\",\n \"build_hash\" : \"781a835\",\n \"build_date\" : \"2017-09-07T03:09:58.087Z\",\n \"build_snapshot\" : false,\n \"lucene_version\" : \"6.6.0\"\n },\n \"tagline\" : \"You Know, for Search\"\n}\n",
"ip": "52.191.160.14",
"ipv6": "false",
"location": "47.6801,-122.1206",
"organization": "Microsoft Corporation",
"port": "9200",
"protocol": "http",
"seen_date": "2017-11-12"
}
],
"status": "ok",
"took": "0.002",
"total": 1
}
This method requires an API key. It will return reverse DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple reverse DNS entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/reverse/{IP}?apikey={apikey}
{
"count": 1,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "resolver",
"@timestamp": "2017-11-07T10:11:21.000Z",
"@type": "reverse",
"domain": "net.in",
"ip": "182.59.164.193",
"ipv6": 0,
"reverse": "static-mum-182.59.164.193.mtnl.net.in",
"seen_date": "2017-11-07"
}
],
"status": "ok",
"took": "0.019",
"total": 1
}
This method requires an API key. It will return forward DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple forward DNS entries may match. We return all of them.
curl -XGET https://www.onyphe.io/api/forward/{IP}?apikey={apikey}
{
"count": 1,
"error": 0,
"myip": "127.0.0.1",
"results": [
{
"@category": "resolver",
"@timestamp": "2017-10-08T21:57:25.000Z",
"@type": "forward",
"domain": "com.br",
"forward": "www.otvfoco.com.br",
"ip": "2.22.52.73",
"ipv6": "0",
"seen_date": "2017-10-08"
}
],
"status": "ok",
"took": "0.027",
"total": 1
}
A response will be returned with a 200 HTTP code. A non-zero positive error code will be returned along with a descriptive message.
{
"error": 3,
"message": "invalid apikey given",
"myip": "127.0.0.1",
"status": "nok"
}
If rate limiting is triggered, a response will be returned with a 429 HTTP code.