4.1 IP Reputation

Request

Value

Method

GET

URL

https://api.metadefender.com/v4/ip/:observable

Summary

Retrieve information about given observable (IPv4 + IPv6, in future: URL, etc.) from CIF server.

Request

URL Parameters

 

Description

Example

:observable

The observable that the user wants to scan

109.229.210.250

Header Parameters

 

Description

Allowed Values

Required

apikey

Gives rights to use the endpoint (API Authentication Mechanisms)

apikey

YES

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful request:

{
"address": "109.229.210.250",
"lookup_results": {
"start_time": "2019-02-28T11:59:13.989Z",
"detected_by": 1,
"sources": [
{
"provider": "zeustracker.abuse.ch",
"assessment": "botnet, zeus",
"detect_time": "2019-02-20T11:39:49.612487Z",
"update_time": "2019-02-20T11:39:49.764370",
"status": 3
},
{
"provider": "reputation.alienvault.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-02-28T11:59:14.105Z",
"status": 0
},
{
"provider": "danger.rulez.sk",
"assessment": "",
"detect_time": "",
"update_time": "2019-02-28T11:59:14.105Z",
"status": 0
},
{
"provider": "feodotracker.abuse.ch",
"assessment": "",
"detect_time": "",
"update_time": "2019-02-28T11:59:14.105Z",
"status": 0
},
{
"provider": "malc0de.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-02-28T11:59:14.105Z",
"status": 0
},
{
"provider": "malwaredomainlist.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-02-28T11:59:14.105Z",
"status": 0
},
{
"provider": "phishtank.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-02-28T11:59:14.105Z",
"status": 0
},
{
"provider": "spamhaus.org",
"assessment": "",
"detect_time": "",
"update_time": "2019-02-28T11:59:14.105Z",
"status": 0
}
]
},
"geo_info": {
"continent": {
"code": "EU",
"name": "Europe"
},
"country": {
"code": "LV",
"name": "Latvia"
},
"city": {
"code": "",
"name": ""
},
"location": {
"latitude": 57,
"longitude": 25
},
"registered_country": {
"code": "LV",
"name": "Latvia"
},
"subdivisions": []
}
}

Example of the parameter being empty:

{
"success": false,
"error": {
"code": 400180,
"messages": [
"Invalid format of input. Provide IPv4 or IPv6"
]
}
}

Descriptions of response:

success

A boolean value representing whether the request was successfully resolved or not.

address

This is usually an IP address, URI that is found in feeds of data but is not limited to those data types.

geo_info

Geolocation of address.

detected_by

The number of blacklisted sources.

sources

Source of the feed, usually the domain where the feed is from (e.g., example.com).

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": [
"api",
"metadefender",
"com"
],
"path": [
"v4",
"ip",
"109.229.210.250"
],
"headers": {
"apikey": process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
https://api.metadefender.com/v4/ip/109.229.210.250 \
-H "apikey: ${APIKEY}"