Get the risk score of all IP address passed in the body and other data signals.
POST {{baseUrl}}/v1/assess/ip
What
Obtain a numerical score and a risk assessment of all the IP addresses passed as argument.
Parameters
A list of public IPv4 or IPv6 addresses is required in the body of the request.
Result
The result contains a list of the result for each IP address, with two main sets of data: - The score is a number between 0 and 99 describing the probability of the IP address being a malicious one, being 0 means that the IP address is not malicious and is not a threat. Being 99 means that the service behind the IP address is probably malicious an certainly a threat.
- The list of information gathered from the IP address to obtain the score.
The result is a JSON object with the following structure:
- self: the URI of the API call
- score: The score of the IP address. It ranges from 0 to 99.
- risk: The risk of the IP address. The allowed values are: LOW, MEDIUM, HIGH. It's a human readable representation of the score.
- reason: It's a human readable representation of the reason of the risk.
- datasets: The IP address was found in the these lists of datasets used to obtain the risk score. Datasets are described as a list of URIs.
- sources: The IP address was found in the these source lists at an specific time with a specific risk score. Sources are described as a list of URIs.
- log: The activity of the IP address in the different datasets used to obtain the risk score. The log is a URI reference.
- asn: The information about the Autonomous System (AS) of the IP address. The AS is described as an URI.
- asn_prefix: The information about the Autonomous System (AS) network prefix of the IP address. The prefix is described as an URI.
- datacenter: If the IP address is part of a datacenter pool, the information about the datacenter is described as an URI.
- datacenter_prefix: The information about the Datacenter network prefix of the IP address. The asn_prefix and datacenter_prefix can be the same, but it is not mandatory. The prefix is described as an URI.
- denylisted: If the IP address was denylisted by the user, the information about the denylisted IP address is described as an URI.
- first_appearence: URI to the first appearance of the IP address in the different datasets used to obtain the risk score.
- last_appearence: URI to the last appearance of the IP address in the different datasets used to obtain the risk score.
Errors
The endpoint will return the following errors:
- a 422 Unprocessable Entity error if the IP address is malformed.
The private IP addresses will be ignored, if any.
It will also return the API Global errors described in the API description.
Request Body
["aliqua Excepteur ci"]
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"self":"proident in amet Lorem Dui","results":[{"risk":"MEDIUM","datasets":["velit mollit","aliqua voluptate ut"],"sources":["id","adipisicing aliqua"],"first_appearance":["cillum in pariatur ex deserunt","dolore pariatur sit"],"last_appearance":["anim cupidatat in ei","nostrud in adipisicing nulla"],"asn":"ad cupidatat fugiat non","asn_prefix":"sunt","reason":"fugiat","denylisted":"consequat eu incididunt est","allowlisted":"deserunt","datacenter":"nostrud","datacenter_prefix":"dolore nisi laborum ea","self":"veniam ad deserunt","score":73366537},{"risk":"MEDIUM","datasets":["irure","aliquip L"],"sources":["ipsum anim sunt do","in qui adipisicing dolor"],"first_appearance":["velit esse consectetur et Ut","do aliquip Ut nulla"],"last_appearance":["tempor esse labore","enim dolore in nulla aliqua"],"asn":"nulla sed in","asn_prefix":"cillum laboris","reason":"anim ","denylisted":"in consectetu","allowlisted":"cillum aliquip in","datacenter":"aute mollit non nostrud consequat","datacenter_prefix":"eius","self":"officia ex","score":-9347908}]}