Get a risk score of the IP address and different data signals.
GET {{baseUrl}}/v1/assess/ip/:ip_address
What
Obtain a numerical score and a risk assessment of the IP address passed as argument.
Parameters
The only argument accepted in the query string is a public IPv4 or IPv6 addresses.
Result
The result contains two main sets of data: - The score is a number between 0 and 99 describing the probability of the IP address being a malicious one, being 0 means that the IP address is not malicious and is not a threat. Being 99 means that the service behind the IP address is probably malicious an certainly a threat.
- The list of information gathered from the IP address to obtain the score.
The result is a JSON object with the following structure:
- self
: the URI of the API call
- score
: The score of the IP address. It ranges from 0 to 99.
- risk
: The risk of the IP address. The allowed values are: LOW, MEDIUM, HIGH. It's a human readable representation of the score.
- reason
: It's a human readable representation of the reason of the risk.
- datasets
: The IP address was found in the these lists of datasets used to obtain the risk score. Datasets are described as a list of URIs.
- sources
: The IP address was found in the these source lists at an specific time with a specific risk score. Sources are described as a list of URIs.
- log
: The activity of the IP address in the different datasets used to obtain the risk score. The log is a URI reference.
- asn
: The information about the Autonomous System (AS) of the IP address. The AS is described as an URI.
- asn_prefix
: The information about the Autonomous System (AS) network prefix of the IP address. The prefix is described as an URI.
- datacenter
: If the IP address is part of a datacenter pool, the information about the datacenter is described as an URI.
- datacenter_prefix
: The information about the Datacenter network prefix of the IP address. The asn_prefix
and datacenter_prefix
can be the same, but it is not mandatory. The prefix is described as an URI.
- denylisted
: If the IP address was denylisted by the user, the information about the denylisted IP address is described as an URI.
- first_appearence
: URI to the first appearance of the IP address in the different datasets used to obtain the risk score.
- last_appearence
: URI to the last appearance of the IP address in the different datasets used to obtain the risk score.
Errors
The endpoint will return the following errors:
- a 400 Bad Request
error if the IP address is not public.
- a 422 Unprocessable Entity
error if the IP address is malformed.
It will also return the API Global errors described in the API description.
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Accept | string |
RESPONSES
status: OK
{"risk":"LOW","datasets":["ad voluptate","velit eiusmod ut aute"],"sources":["laboris irure","labore culpa incididunt consequat"],"first_appearance":["mollit","quis"],"last_appearance":["esse mollit amet occaecat","adipisicing dolor quis enim"],"asn":"consectetur eu aliquip","asn_prefix":"in anim sed","reason":"minim amet Lorem","denylisted":"voluptate consequat exercitation Ut","allowlisted":"sunt eu veniam","datacenter":"ipsum tempor aliquip commodo","datacenter_prefix":"ani","self":"velit ut ut dolore","score":-62831011}