Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Actions Artifact Enrichment Exposed Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Host Attributes

 

What It Looks Like

Get Components

Retrieves the host attribute components of a query.

Curl Example

 $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/components?query=passivetotal.org'
				
# With start parameter, restrict time to start at 2017-04-01
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/components?query=passivetotal.org&start=2017-04-01 00:00:00'

Parameters

Field Field Type Description
query String the domain or IP being queried
start (optional)Datetime the start datetime
end (optional)Datetime the end datetime
page (optional)Number page number for paging through results, defaults to 0

Sample Response

{
    "totalRecords": 376,
    "success": true,
    "results": [
        {
            "label": "BootStrap CDN",
            "category": "CDN",
            "lastSeen": null,
            "firstSeen": null,
            "version": null,
            "hostname": "blog.passivetotal.org"
        },
        {
            "label": "blog.passivetotal.org",
            "category": "Tracking Pixel",
            "lastSeen": null,
            "firstSeen": null,
            "version": null,
            "hostname": "blog.passivetotal.org"
        }
    ]
}
			

Get Pairs

Retrieves the host attribute pairs related to the query.

Curl Example

 $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/pairs?query=passivetotal.org&direction=children'
				
# With start parameter, restrict time to start at 2017-04-01
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/pairs?query=passivetotal.org&direction=parents&start=2017-04-01 00:00:00'

Parameters

Field Field Type Description
query String the domain or IP being queried
direction String the domain or IP being queried. Allowed values: "children", "parents"
start (optional)Datetime the start datetime
end (optional)Datetime the end datetime
page (optional)Number page number for paging through results, defaults to 0

Sample Response

{
  "success": true,
  "totalRecords": 1000,
  "results": [
    {
      "cause": "redirect",
      "lastSeen": "2017-01-16 22:49:49",
      "child": "www.riskiq.com",
      "firstSeen": "2016-12-02 01:49:05",
      "parent": "cpcphwjpgf.riskiq.net"
    },
    ...
    {
      "cause": "redirect",
      "lastSeen": "2017-01-19 14:55:38",
      "child": "www.riskiq.com",
      "firstSeen": "2016-12-02 13:08:45",
      "parent": "ghhykuoxef.riskiq.net"
    }
  ]
}
			

Get Trackers

Retrieves the host attribute trackers

Curl Example

 $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/trackers?query=passivetotal.org'
				
# With start parameter, restrict time to start at 2017-04-01
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/trackers?query=passivetotal.org&start=2017-04-01 00:00:00'

Parameters

Field Field Type Description
query String the domain or IP being queried
start (optional)Datetime the start datetime
end (optional)Datetime the end datetime
page (optional)Number page number for paging through results, defaults to 0

Sample Response

{
    "success": true,
    "totalRecords": 3,
    "results": [
        {
            "lastSeen": "2016-12-25 16:04:51",
            "attributeValue": "121115074576192",
            "firstSeen": "2016-11-18 10:03:38",
            "attributeType": "FacebookId",
            "hostname": "adtags.riskiq.net"
        },
        {
            "lastSeen": "2017-01-19 18:40:12",
            "attributeValue": "121704674506485",
            "firstSeen": "2017-01-11 21:18:17",
            "attributeType": "FacebookId",
            "hostname": "adtags.riskiq.net"
        },
        {
            "lastSeen": "2016-09-19 13:04:34",
            "attributeValue": "1439828989613328",
            "firstSeen": "2016-09-19 13:04:16",
            "attributeType": "FacebookId",
            "hostname": "adtags.riskiq.net"
        }
    ]
}
			

Get Cookies

Retrieves the host attribute cookies related to the query

Curl Example

 $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/cookies?query=passivetotal.org'
				
# With start parameter, restrict time to start at 2017-04-01
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/host-attributes/cookies?query=passivetotal.org&start=2017-04-01 00:00:00'

Parameters

Field Field Type Description
query String the domain or IP being queried
start (optional)Datetime the start datetime
end (optional)Datetime the end datetime
page (optional)Number page number for paging through results, defaults to 0

Sample Response

{
	"totalRecords": 50,
	"success": true,
	"results": [
		{
			"cookieDomain": "help.passivetotal.org",
			"cookieName": "gitbook:sess",
			"lastSeen": "2020-06-21",
			"firstSeen": "2016-11-01",
			"hostname": "help.passivetotal.org"
		},
		{
			"cookieDomain": "www.passivetotal.org",
			"cookieName": "AWSALB",
			"lastSeen": "2020-01-08",
			"firstSeen": "2016-11-17",
			"hostname": "www.passivetotal.org"
		},
		...
		{
			"cookieDomain": ".youtube.com",
			"cookieName": "YTC",
			"lastSeen": "2020-03-24",
			"firstSeen": "2018-01-13",
			"hostname": "blog.passivetotal.org"
		}
	]
}