Get a risk score of the IP address and different data signals.

GET {{baseUrl}}/v1/assess/ip/:ip_address

What

Obtain a numerical score and a risk assessment of the IP address passed as argument.

Parameters

The only argument accepted in the query string is a public IPv4 or IPv6 addresses.

Result

The result contains two main sets of data: - The score is a number between 0 and 99 describing the probability of the IP address being a malicious one, being 0 means that the IP address is not malicious and is not a threat. Being 99 means that the service behind the IP address is probably malicious an certainly a threat.

  • The list of information gathered from the IP address to obtain the score.

The result is a JSON object with the following structure: - self: the URI of the API call - score: The score of the IP address. It ranges from 0 to 99. - risk: The risk of the IP address. The allowed values are: LOW, MEDIUM, HIGH. It's a human readable representation of the score. - reason: It's a human readable representation of the reason of the risk. - datasets: The IP address was found in the these lists of datasets used to obtain the risk score. Datasets are described as a list of URIs. - sources: The IP address was found in the these source lists at an specific time with a specific risk score. Sources are described as a list of URIs. - log: The activity of the IP address in the different datasets used to obtain the risk score. The log is a URI reference. - asn: The information about the Autonomous System (AS) of the IP address. The AS is described as an URI. - asn_prefix: The information about the Autonomous System (AS) network prefix of the IP address. The prefix is described as an URI. - datacenter: If the IP address is part of a datacenter pool, the information about the datacenter is described as an URI. - datacenter_prefix: The information about the Datacenter network prefix of the IP address. The asn_prefix and datacenter_prefix can be the same, but it is not mandatory. The prefix is described as an URI. - denylisted: If the IP address was denylisted by the user, the information about the denylisted IP address is described as an URI. - first_appearence: URI to the first appearance of the IP address in the different datasets used to obtain the risk score. - last_appearence: URI to the last appearance of the IP address in the different datasets used to obtain the risk score.

Errors

The endpoint will return the following errors: - a 400 Bad Request error if the IP address is not public. - a 422 Unprocessable Entity error if the IP address is malformed.

It will also return the API Global errors described in the API description.

HEADERS

KeyDatatypeRequiredDescription
Acceptstring

RESPONSES

status: OK

{"risk":"LOW","datasets":["ad voluptate","velit eiusmod ut aute"],"sources":["laboris irure","labore culpa incididunt consequat"],"first_appearance":["mollit","quis"],"last_appearance":["esse mollit amet occaecat","adipisicing dolor quis enim"],"asn":"consectetur eu aliquip","asn_prefix":"in anim sed","reason":"minim amet Lorem","denylisted":"voluptate consequat exercitation Ut","allowlisted":"sunt eu veniam","datacenter":"ipsum tempor aliquip commodo","datacenter_prefix":"ani","self":"velit ut ut dolore","score":-62831011}