Get the risk score of all IP address uploaded and other data signals.

POST {{baseUrl}}/v1/assess/ip/csv?strict_parse=false

What

Obtain a numerical score and a risk assessment of all the IP addresses uploaded with a text file.

Parameters

  • A text file with a list of public IPv4 or IPv6 addresses.
  • A header Content-Type: multipart/form-data is required.
  • (optional) in the query string the parameeter strict_parse: If set to true, no malformed IP addresses allowed, returning an error. If set to false, malformed IP addresses will be ignored.

Example: curl -X 'POST' \ 'https://dublin.api.threatjammer.com/v1/asses/ip/csv[?strict_parse=true|false]' \ -H 'accept: application/json' \ -H 'Authorization: Bearer YOUR_API_KEY' \ -H 'Content-Type: multipart/form-data' \ -F 'csv_file=@YOUR_TEXT_FILE;type=text/csv'

Result

The result contains a list of the result for each IP address, with two main sets of data: - The score is a number between 0 and 99 describing the probability of the IP address being a malicious one, being 0 means that the IP address is not malicious and is not a threat. Being 99 means that the service behind the IP address is probably malicious an certainly a threat.

  • The list of information gathered from the IP address to obtain the score.

The result is a JSON object with the following structure: - self: the URI of the API call - score: The score of the IP address. It ranges from 0 to 99. - risk: The risk of the IP address. The allowed values are: LOW, MEDIUM, HIGH. It's a human readable representation of the score. - reason: It's a human readable representation of the reason of the risk. - datasets: The IP address was found in the these lists of datasets used to obtain the risk score. Datasets are described as a list of URIs. - sources: The IP address was found in the these source lists at an specific time with a specific risk score. Sources are described as a list of URIs. - log: The activity of the IP address in the different datasets used to obtain the risk score. The log is a URI reference. - asn: The information about the Autonomous System (AS) of the IP address. The AS is described as an URI. - asn_prefix: The information about the Autonomous System (AS) network prefix of the IP address. The prefix is described as an URI. - datacenter: If the IP address is part of a datacenter pool, the information about the datacenter is described as an URI. - datacenter_prefix: The information about the Datacenter network prefix of the IP address. The asn_prefix and datacenter_prefix can be the same, but it is not mandatory. The prefix is described as an URI. - denylisted: If the IP address was denylisted by the user, the information about the denylisted IP address is described as an URI. - first_appearence: URI to the first appearance of the IP address in the different datasets used to obtain the risk score. - last_appearence: URI to the last appearance of the IP address in the different datasets used to obtain the risk score.

Errors

The endpoint will return the following errors: - a 422 Unprocessable Entity error if the IP address is malformed.

The private IP addresses will be ignored, if any.

When the strict_parse parameter is set to true, the endpoint will return the following errors: - a 400 Bad Request.

It will also return the API Global errors described in the API description.

Request Params

KeyDatatypeRequiredDescription
strict_parsebooleanWhen true, if any IP address entry in the file is malformed, the assessment is canceled. If false, the malformed IP addresses are ignored. Default is false.

Request Body

[{"name"=>"csv_file", "value"=>"dolore", "datatype"=>"string"}]

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: OK

{"self":"consectetur nulla irure e","results":[{"risk":"LOW","datasets":["dolore magna sunt cupidatat","est voluptate dolore occaecat"],"sources":["magna ut","deserunt"],"first_appearance":["in proident cillum","aliqua velit"],"last_appearance":["eu mollit","Excepteur deserunt mollit"],"asn":"eu velit dolore","asn_prefix":"aliquip laborum","reason":"elit in","denylisted":"Duis culpa velit","allowlisted":"laboris culpa qui","datacenter":"ame","datacenter_prefix":"laboris","self":"enim quis fugiat anim","score":-79106260},{"risk":"UNKNOWN","datasets":["cupidatat","aliquip minim incididunt"],"sources":["dolor est adipisicing elit","qui deserunt sint officia consequat"],"first_appearance":["nisi culpa incididunt in quis","in sint"],"last_appearance":["dolor labore dolore","o"],"asn":"in tempor","asn_prefix":"magna veniam eu id","reason":"sint","denylisted":"exercitation","allowlisted":"aute","datacenter":"occaecat non magna","datacenter_prefix":"qui quis in","self":"aute enim ipsum esse","score":-52265346}]}