Search infected-machine records by IP or CIDR range

curl --request POST \ --url https://api.vantaprism.me/v1/search/ip-cidr \ --header 'Content-Type: application/json' \ --header 'api-key: <api-key>' \ --data ' { "cidr": "203.0.113.0/24", "limit": 25 } '

{ "data": [ { "stealer_id": "<string>", "victim_id": "<string>", "ip": "<string>", "country": "<string>", "operating_system": "<string>", "computer_name": "<string>", "stealer_family": "<string>", "stealer_version": "<string>", "anti_viruses": [ "<string>" ], "infection_date": "2023-11-07T05:31:56Z" } ], "meta": { "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE", "took_ms": 42.7, "tier": "pro", "masked_fields": [ "password", "ip" ], "freshness_at": "2023-11-07T05:31:56Z" }, "nextCursor": "<string>" }

Authorizations

api-key

string

header

required

Static API key, format vp_<env>_<8-hex-prefix>.<40-hex-secret>. Preferred header for server-to-server integrations.

Body

application/json

Provide ips OR cidr — at least one is required.

ips

string<ipv4>[]

Exact IPv4 addresses, e.g. ["203.0.113.42"].

cidr

string | null

IPv4 CIDR range, e.g. "203.0.113.0/24".

start_date

string<date-time> | null

end_date

string<date-time> | null

sort_direction

enum<string>

default:desc

Sort order applied to inserted_at. Must stay constant across paginated requests using the same cursor.

Available options:

asc,

desc

cursor

string | null

limit

integer

default:25

Required range: 1 <= x <= 500

Response

Matching infection records

data

object[]

required

Show child attributes