Get a risk score of the IP address and different data signals.

GET {{baseUrl}}/v1/assess/ip/:ip_address

What

Obtain a numerical score and a risk assessment of the IP address passed as argument.

Parameters

The only argument accepted in the query string is a public IPv4 or IPv6 addresses.

Result

The result contains two main sets of data: - The score is a number between 0 and 99 describing the probability of the IP address being a malicious one, being 0 means that the IP address is not malicious and is not a threat. Being 99 means that the service behind the IP address is probably malicious an certainly a threat.

The list of information gathered from the IP address to obtain the score.

The result is a JSON object with the following structure: - self: the URI of the API call - score: The score of the IP address. It ranges from 0 to 99. - risk: The risk of the IP address. The allowed values are: LOW, MEDIUM, HIGH. It's a human readable representation of the score. - reason: It's a human readable representation of the reason of the risk. - datasets: The IP address was found in the these lists of datasets used to obtain the risk score. Datasets are described as a list of URIs. - sources: The IP address was found in the these source lists at an specific time with a specific risk score. Sources are described as a list of URIs. - log: The activity of the IP address in the different datasets used to obtain the risk score. The log is a URI reference. - asn: The information about the Autonomous System (AS) of the IP address. The AS is described as an URI. - asn_prefix: The information about the Autonomous System (AS) network prefix of the IP address. The prefix is described as an URI. - datacenter: If the IP address is part of a datacenter pool, the information about the datacenter is described as an URI. - datacenter_prefix: The information about the Datacenter network prefix of the IP address. The asn_prefix and datacenter_prefix can be the same, but it is not mandatory. The prefix is described as an URI. - denylisted: If the IP address was denylisted by the user, the information about the denylisted IP address is described as an URI. - first_appearence: URI to the first appearance of the IP address in the different datasets used to obtain the risk score. - last_appearence: URI to the last appearance of the IP address in the different datasets used to obtain the risk score.

Errors

The endpoint will return the following errors: - a 400 Bad Request error if the IP address is not public. - a 422 Unprocessable Entity error if the IP address is malformed.

It will also return the API Global errors described in the API description.

HEADERS

Key	Datatype	Required	Description
`Accept`	string

RESPONSES

status: OK

{&quot;risk&quot;:&quot;LOW&quot;,&quot;datasets&quot;:[&quot;ad voluptate&quot;,&quot;velit eiusmod ut aute&quot;],&quot;sources&quot;:[&quot;laboris irure&quot;,&quot;labore culpa incididunt consequat&quot;],&quot;first_appearance&quot;:[&quot;mollit&quot;,&quot;quis&quot;],&quot;last_appearance&quot;:[&quot;esse mollit amet occaecat&quot;,&quot;adipisicing dolor quis enim&quot;],&quot;asn&quot;:&quot;consectetur eu aliquip&quot;,&quot;asn_prefix&quot;:&quot;in anim sed&quot;,&quot;reason&quot;:&quot;minim amet Lorem&quot;,&quot;denylisted&quot;:&quot;voluptate consequat exercitation Ut&quot;,&quot;allowlisted&quot;:&quot;sunt eu veniam&quot;,&quot;datacenter&quot;:&quot;ipsum tempor aliquip commodo&quot;,&quot;datacenter_prefix&quot;:&quot;ani&quot;,&quot;self&quot;:&quot;velit ut ut dolore&quot;,&quot;score&quot;:-62831011}