Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Getting Started Actions Artifact Articles Data Card Enrichment Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Cookies Components Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Actions

 

What It Looks Like

Add Tags

Adds tags to a given artifact.

JSON Request

{
    "query": "04zyp.trudemocracy.com",
    "tags": [
    "crimeware",
    "exploit kit",
    "rig"
    ]
}
        

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags' -XPOST -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "tags": ["rig", "crimeware", "exploit kit"]}'

Response

{
   "tags": [
   "crimeware",
   "exploit kit",
   "rig"
   ]
}
			

Delete Tags

Removes tags from an artifact.

JSON Request

{
    "query": "04zyp.trudemocracy.com",
    "tags": [
    "exploit kit",
    "rig"
   ]
}
            

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags' -XDELETE -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "tags": ["rig", "exploit kit"]}'

Response

{
   "tags": [
   "crimeware"
   ]
}
           

Get Bulk Classification Status

Retrieve classification statuses for given domains.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/bulk/classification?query=04zyp.trudemocracy.com,riskiq.net'

Response

{
    "success": true,
    "results": {
    "04zyp.trudemocracy.com": {
        "classification": "malicious"
        }
        "riskiq.net": {
        "classification": ""
        }
    }
}
			

Get Classification Status

Retrieve classification status for a given domain.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/classification?query=04zyp.trudemocracy.com'

Response

{
    "classification": "malicious"
}
			

Get Compromised Status

Indicates whether or not a given domain has ever been compromised.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/ever-compromised?query=riskiq.net'

Response

{
    "everCompromised": false
}
			

Get Dynamic DNS Status

Indicates whether or not a domain's DNS records are updated via dynamic DNS.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/dynamic-dns?query=riskiq.net'

Response

{
    "dynamicDns": false
}
			

Get Monitor Status

Indicates whether or not a domain is monitored.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/monitor?query=riskiq.net'

Response

{
    "monitor": true
}
			

Get Sinkhole Status

Indicates whether or not an IP address is a sinkhole.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/sinkhole?query=52.8.228.23'

Response

{
    "sinkhole": false
}
			

Get Tags

Retrieves tags for a given artifact.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags?query=04zyp.trudemocracy.com'

Response

{
    "tags": [
        "crimeware",
        "exploit kit",
        "rig"
    ]
}
			

Search Tags

Retrieve artifacts for a given tag.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags/search?query=rig'

Response

{
    "results": [
        {
            "focus": "hmknfv.top",
            "user_tags": [
                "crimeware",
                "exploit kit",
                "rig"
            ],
            "system_tags": [
                "known_compromise",
                "registered"
            ],
            "tags": [
                "crimeware",
                "exploit kit",
                "known_compromise",
                "registered",
                "rig"
            ],
            "tag_meta": {},
            "username": "lou.manousos@riskiq.net"
        },
        ...
    ]
}
			

Set Bulk Classification Status

Set classification statuses for given domains.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/bulk/classification?queries=04zyp.trudemocracy.com,bad.net&classification=malicious'

Response

{
    "classification": "malicious",
}
			

Set Classification Status

Sets the classification status for a given domain.

JSON Request

{
    "query": "04zyp.trudemocracy.com",
    "classification": "malicious"
}
            

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/classification' -XPOST -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "classification": "malicious"}'

Response

{
    "classification": "malicious"
}
			

Set Compromised Status

Sets status for a domain to indicate if it has ever been compromised.

Curl Example

$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/actions/ever-compromised?query=riskiq.net

Response

{
    "everCompromised": false
}
			

Set Dynamic DNS Status

Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.

JSON Request

{
    "query": "riskiq.net",
    "status": false
}
            

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/dynamic-dns' -XPOST -H "Content-Type: application/json" --data '{"query": "riskiq.net", "status": false}'

Response

{
    "dynamicDns": false
}
			

Set Sinkhole Status

Sets status for an IP address to indicate whether or not it is a sinkhole.

JSON Request

{
    "query": "52.8.228.23",
    "status": true
}
            

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/sinkhole' -XPOST -H "Content-Type: application/json" --data '{"query": "52.8.228.23", "status": true}'

Response

{
    "sinkhole": false
}
			

Set Tags

Adds tags to a given artifact.

JSON Request

{
    "query": "04zyp.trudemocracy.com",
    "tags": [
        "crimeware",
        "exploit kit",
        "rig"
    ]
}
        

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags' -XPUT -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "tags": ["rig", "crimeware", "exploit kit"]}'

Response

{
    "tags": [
        "crimeware",
        "exploit kit",
        "rig"
    ]
}