๐Ÿ”€ related_ip_addresses

Threat actor's related IP addresses

The related_ip_addresses relationship returns the list of all IP addresses related to the threat actor.

This relationship can be retrieved using the relationships API endpoint. The response contains a list of IP addresses objects.

{
    "meta": {
        "count": <int>
    },
    "data": [
        {
            "attributes": {
								...
            },
            "type": "ip_address",
            "id": <string>,
            "context_attributes": {
                "related_from": [
                    {
                        "type": <string>,
                        "id": <string>
                    }
                ]
            }
        },
        {
            "attributes": {
                ...
            },
            "type": "ip_address",
            "id": <string>,
            "context_attributes": {
                "related_from": [
                    {
                        "type": <string>,
                        "id": <string>
                    }
                ]
            }
        }
    ],
}
{
	"data": [
		{
			"attributes": {
				"as_owner": "Strato AG",
				"asn": 6724,
				"continent": "EU",
				"country": "DE",
				"last_analysis_results": {
					"ADMINUSLabs": {
						"category": "harmless",
						"engine_name": "ADMINUSLabs",
						"method": "blacklist",
						"result": "clean"
					},
					"AegisLab WebGuard": {
						"category": "harmless",
						"engine_name": "AegisLab WebGuard",
						"method": "blacklist",
						"result": "clean"
					},
					"AlienVault": {
						"category": "harmless",
						"engine_name": "AlienVault",
						"method": "blacklist",
						"result": "clean"
					},
					"Antiy-AVL": {
						"category": "harmless",
						"engine_name": "Antiy-AVL",
						"method": "blacklist",
						"result": "clean"
					},
					"AutoShun": {
						"category": "harmless",
						"engine_name": "AutoShun",
						"method": "blacklist",
						"result": "clean"
					},
				},
				"last_analysis_stats": {
					"harmless": 5,
					"malicious": 0,
					"suspicious": 0,
					"timeout": 0,
					"undetected": 0
				},
				"last_https_certificate": {
					"cert_signature": {
						"signature": "97ef5af5e6e898ba4ec4b04644954ed60ba16b82e6f9c56967b90b5abc9a559bc3a912af382a1073c4793d75749035597b341efec1073c17bd8b5e03714781c6e9f11b1ce39ecc74afcb8319b9f6f1d9f6c484400bd58374fc0addf7d05f743cdba94a21ebee3d4ea074282a7662eec26171092a69fd60158cd72dd647146de7eb8ae2b5db6257588acc98429eb40f6b393fcbad71139ba11671370d41cbb5f6ca6a18506fccf26d05c3c555377d03946d9e01cdefedbd55c66f34276113885a77babb64ccea9fe16bfac6f2be823bce6d698aed09c3cc02c2c39127d6418c21dbacd723d8f5fa465ce72a8778eee58bf5603a8f42d4afc4c10b0470cef4b244",
						"signature_algorithm": "sha256RSA"
					},
					"extensions": {
						"1.3.6.1.4.1.11129.2.4.2": "0481f300f1007700e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f",
						"CA": true,
						"authority_key_identifier": {
							"keyid": "a84a6a63047dddbae6d139b7a64565eff3a8eca1"
						},
						"ca_information_access": {
							"CA Issuers": "http://cert.int-x3.letsencrypt.org/",
							"OCSP": "http://ocsp.int-x3.letsencrypt.org"
						},
						"certificate_policies": [
							"2.23.140.1.2.1",
							"1.3.6.1.4.1.44947.1.1.1"
						],
						"extended_key_usage": [
							"serverAuth",
							"clientAuth"
						],
						"key_usage": [
							"ff"
						],
						"subject_alternative_name": [
							"www.ufos-hosting.de"
						],
						"subject_key_identifier": "f522cd9c9a4ccdf5d1ec3f925013bf1185e0bc0c"
					},
					"issuer": {
						"C": "US",
						"CN": "Let's Encrypt Authority X3",
						"O": "Let's Encrypt"
					},
					"public_key": {
						"algorithm": "RSA",
						"rsa": {
							"exponent": "010001",
							"key_size": 2048,
							"modulus": "00d1722efe2a2605072f27013b4f9371f1926464dc1c4285f38138a523dc09f0b9ae8578aa70934141bf14893921a2b754a5747a7c71ef9a29501f839a2fe3d052b1434a2fbd0d3149eb1bbe4eef14583791ea7cde3bee2babc5f7114a0fe1ab0c5c5f07701330056b510e020154cca0385a93955684d4d99b74904a44e1ad93f035ebe02bd6e9721285855cbe8f6ce4aaf83ade044b6bc8bd8424ce41f21cf72a1d4ce42ae539fb202efcc791ef810fa49e1c791d4edf4fb83f468cc78b76b5f70333280681f034b80613438f1b0a387e3bdb0dd324e63905d96d1dc810498d5d157d12fc87d4dee9b2abc264b5b6bd7b1e00b838735270e614e15c2c72babb99"
						}
					},
					"serial_number": "36feb381e87e4ed9b5ee53c76bdaccfabc0",
					"signature_algorithm": "sha256RSA",
					"size": 1379,
					"subject": {
						"CN": "www.ufos-hosting.de"
					},
					"thumbprint": "b796e1d3210edcf97290e147d1245cfc9a78132c",
					"thumbprint_sha256": "988858e7387a90af438c9d1edad64fa01e0e85666ebf88ae458b1ceb553c5760",
					"validity": {
						"not_after": "2019-10-10 14:36:27",
						"not_before": "2019-07-12 14:36:27"
					},
					"version": "V3"
				},
				"last_https_certificate_date": 1566463571,
				"last_modification_date": 1591890478,
				"network": "81.169.128.0/17",
				"regional_internet_registry": "RIPE NCC",
				"reputation": 0,
				"tags": [],
				"total_votes": {
					"harmless": 0,
					"malicious": 0
				},
				"whois": "NetRange: 31.0.0.0 - 31.255.255.255\nCIDR: 31.0.0.0/8\nNetName: 31-RIPE\nNetHandle: NET-31-0-0-0-1\nParent: ()\nNetType: Allocated to RIPE NCC\nOriginAS: \nOrganization: RIPE Network Coordination Centre (RIPE)\nRegDate: \nUpdated: 2009-03-25\nComment: These addresses have been further assigned to users in\nComment: the RIPE NCC region. Contact information can be found in\nComment: the RIPE database at http://www.ripe.net/whois\nRef: https://rdap.arin.net/registry/ip/31.0.0.0\nResourceLink: https://apps.db.ripe.net/search/query.html\nResourceLink: whois.ripe.net\nOrgName: RIPE Network Coordination Centre\nOrgId: RIPE\nAddress: P.O. Box 10096\nCity: Amsterdam\nStateProv: \nPostalCode: 1001EB\nCountry: NL\nRegDate: \nUpdated: 2013-07-29\nRef: https://rdap.arin.net/registry/entity/RIPE\nReferralServer: whois://whois.ripe.net\nResourceLink: https://apps.db.ripe.net/search/query.html\nOrgTechHandle: RNO29-ARIN\nOrgTechName: RIPE NCC Operations\nOrgTechPhone: +31 20 535 4444 \nOrgTechEmail: [email protected]\nOrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN\nOrgAbuseHandle: ABUSE3850-ARIN\nOrgAbuseName: Abuse Contact\nOrgAbusePhone: +31205354444 \nOrgAbuseEmail: [email protected]\nOrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN\ninetnum: 31.139.365.0 - 31.139.365.255\nnetname: STRATO-RZG-DED\norg: ORG-SRA1-RIPE\ndescr: Strato Rechenzentrum, Berlin\ncountry: DE\nadmin-c: SRDS-RIPE\ntech-c: SRDS-RIPE\nremarks: ************************************************************\nremarks: * Please send abuse complaints to [email protected] *\nremarks: * or fax +49-30-88615-755 ONLY. *\nremarks: * Abuse reports to other e-mail addresses will be ignored. *\nremarks: ************************************************************\nstatus: ASSIGNED PA\nmnt-by: STRATO-RZG-MNT\ncreated: 2004-02-03T18:37:52Z\nlast-modified: 2013-07-06T09:34:25Z\nsource: RIPE\norganisation: ORG-SRA1-RIPE\norg-name: Strato AG\norg-type: LIR\naddress: Pascalstrasse 10\naddress: 10587\naddress: Berlin\naddress: GERMANY\nphone: +4930398020\nfax-no: +493039802222\nadmin-c: CM265-RIPE\nabuse-c: SRAC-RIPE\nmnt-ref: RIPE-NCC-HM-MNT\nmnt-ref: STRATO-RZG-MNT\nmnt-by: RIPE-NCC-HM-MNT\nmnt-by: STRATO-RZG-MNT\ncreated: 2004-04-17T11:12:39Z\nlast-modified: 2019-02-06T12:46:35Z\nsource: RIPE # Filtered\nrole: RIPE contact Dedicated Server\naddress: STRATO AG\naddress: Pascalstr. 10\naddress: D-10587 Berlin\naddress: Germany\nphone: +49 30 39802-0\norg: ORG-SRA1-RIPE\nabuse-mailbox: [email protected]\nadmin-c: XX1-RIPE\ntech-c: XX1-RIPE\nnic-hdl: SRDS-RIPE\nremarks: ************************************************************\nremarks: * Please send abuse complaints to [email protected] *\nremarks: * or fax +49-30-88615-755 ONLY. *\nremarks: * Abuse reports to other e-mail addresses will be ignored. *\nremarks: * *\nremarks: * For peering requests or operational issues please look *\nremarks: * at the information in the AS6724 RIPE database object. *\nremarks: ************************************************************\nmnt-by: STRATO-RZG-MNT\ncreated: 2010-01-15T08:35:31Z\nlast-modified: 2019-02-06T12:47:52Z\nsource: RIPE # Filtered\nroute: 81.169.165.0/24\ndescr: STRATO AG\ndescr: prefix only advertised in case of DDoS\norigin: AS6724\nmnt-by: STRATO-RZG-MNT\ncreated: 2014-02-18T16:19:05Z\nlast-modified: 2014-02-18T16:19:05Z\nsource: RIPE\n",
				"whois_date": 1565760528
			},
			"id": "31.139.365.245",
      "context_attributes": {
				"related_from": [
					{
						"attributes": {
							"name": "Emotet"
						},
						"type": "collection",
						"id": "malpedia_win_emotet"
					}
				]
			},
			"links": {
				"self": "https://www.virustotal.com/api/v3/ip_addresses/31.139.365.245"
			},
			"type": "ip_address"
		}
	],
	"links": {
    "self": "https://www.virustotal.com/api/v3/threat_actors/1cb7e1cc-d695-42b1-92f4-fd0112a3c9be/related_ip_addresses?limit=1",
    "next": "https://www.virustotal.com/api/v3/threat_actors/1cb7e1cc-d695-42b1-92f4-fd0112a3c9be/related_ip_addresses?cursor=eyJsaW1pdCI6IDEsICJvZmZzZXQiOiAxfQ%3D%3D&limit=1"
  },
	"meta": {
    "count": 2,
    "cursor": "eyJsaW1pdCI6IDEsICJvZmZzZXQiOiAxfQ=="
  }
}