Skip to content

Torrent API

The Torrent API exposes monitored torrent events and peer observations for automation and analysis. Use it to understand torrent-monitoring coverage, inspect peer observations for one event, pivot on an IP address, or retrieve parsed torrent metadata files.

The API supports:

  • listing monitored torrent events
  • retrieving aggregate torrent statistics
  • viewing one event’s monitoring runs and peers
  • searching observations for one IP address
  • aggregating peer IPs by leak site
  • retrieving parsed torrent metadata files for an event
GET /api/v1/torrent/list/
GET /api/v1/torrent/list/status/{status}/
GET /api/v1/torrent/list/leaksite/{leak_site}/
GET /api/v1/torrent/list/active/
GET /api/v1/torrent/view/{id}/
GET /api/v1/torrent/stats/
GET /api/v1/torrent/searchByIp/{ip}/
GET /api/v1/torrent/listIpByLeaksite/{leak_site}/
GET /api/v1/torrent/listIpByLeaksite/{leak_site}/seeders/
GET /api/v1/torrent/getFilesForEvent/{id}/
  • status filters event summaries by monitoring status.
  • leak_site limits results to one leak-site family.
  • active_only returns currently active torrent observations.
  • seeders_only limits leak-site IP aggregation to seeder observations.
  • exclude_monitor_ip excludes eCrime.ch monitoring infrastructure from peer results. This is enabled by default for normal analysis.
  • Start with aggregate stats to understand coverage before investigating one event.
  • Pivot from a recurring seeder IP to related events and leak sites.
  • Use event-level runs to distinguish historical torrent metadata from current peer activity.
  • Treat peer IP observations as infrastructure intelligence, not attribution by themselves.
Terminal window
curl -X GET "https://ecrime.ch/api/v1/torrent/stats/" \
-H "X-API-Key: YOUR_API_KEY_HERE"
Terminal window
curl -X GET "https://ecrime.ch/api/v1/torrent/view/15152/" \
-H "X-API-Key: YOUR_API_KEY_HERE"
Terminal window
curl -X GET "https://ecrime.ch/api/v1/torrent/searchByIp/185.16.215.140/" \
-H "X-API-Key: YOUR_API_KEY_HERE"
{
"status": "200",
"message": "OK",
"date": 1781681060,
"results": 2,
"data": [
{
"peer_id": 80935,
"run_id": 82967,
"event_id": 36294,
"victim_name": "Madesmart",
"leak_site": "Akira",
"event_first_seen": "2026-03-20 13:26:32",
"ip_address": "185.16.215.140",
"port": 31864,
"first_seen": "2026-06-17 06:32:11",
"last_seen": "2026-06-17 06:32:14",
"client_software": "Transmission 2.2.1",
"country": "RU",
"progress": "1.0000",
"is_seeder": 1,
"discovery_source": "dht,pex,tracker,lsd",
"run_status": "success"
},
{
"peer_id": 80892,
"run_id": 82877,
"event_id": 30549,
"victim_name": "About Ross, Brittain & Schonberg Co., Lpa",
"leak_site": "Akira",
"event_first_seen": "2025-10-21 15:40:52",
"ip_address": "185.16.215.140",
"port": 31757,
"first_seen": "2026-06-17 05:33:58",
"last_seen": "2026-06-17 05:33:59",
"client_software": "Transmission 2.2.1",
"country": "RU",
"progress": "1.0000",
"is_seeder": 1,
"discovery_source": "dht,pex,tracker,lsd",
"run_status": "success"
}
]
}

IP pivot responses can return many observations. Use event_id, leak_site, first_seen, last_seen, progress, and is_seeder to decide which observations are relevant for your investigation.