4.1 IP Reputation
Request |
Value |
Method |
GET |
URL |
https://api.metadefender.com/v4/ip/:observable |
Summary
Retrieve information about given observable (IPv4 + IPv6, in future: URL, etc.) from CIF server.
Request
URL Parameters
|
Description |
Example |
:observable |
The observable that the user wants to scan |
109.229.210.250 |
Header Parameters
|
Description |
Allowed Values |
Required |
apikey |
Gives rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Response
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of a successful request:
{
"address"
:
"109.229.210.250"
,
"lookup_results"
: {
"start_time"
:
"2019-02-28T11:59:13.989Z"
,
"detected_by"
:
1
,
"sources"
: [
{
"provider"
:
"zeustracker.abuse.ch"
,
"assessment"
:
"botnet, zeus"
,
"detect_time"
:
"2019-02-20T11:39:49.612487Z"
,
"update_time"
:
"2019-02-20T11:39:49.764370"
,
"status"
:
1
},
{
"provider"
:
"reputation.alienvault.com"
,
"assessment"
:
""
,
"detect_time"
:
""
,
"update_time"
:
"2019-02-28T11:59:14.105Z"
,
"status"
:
0
},
{
"provider"
:
"danger.rulez.sk"
,
"assessment"
:
""
,
"detect_time"
:
""
,
"update_time"
:
"2019-02-28T11:59:14.105Z"
,
"status"
:
0
},
{
"provider"
:
"feodotracker.abuse.ch"
,
"assessment"
:
""
,
"detect_time"
:
""
,
"update_time"
:
"2019-02-28T11:59:14.105Z"
,
"status"
:
0
},
{
"provider"
:
"malc0de.com"
,
"assessment"
:
""
,
"detect_time"
:
""
,
"update_time"
:
"2019-02-28T11:59:14.105Z"
,
"status"
:
0
},
{
"provider"
:
"malwaredomainlist.com"
,
"assessment"
:
""
,
"detect_time"
:
""
,
"update_time"
:
"2019-02-28T11:59:14.105Z"
,
"status"
:
0
},
{
"provider"
:
"phishtank.com"
,
"assessment"
:
""
,
"detect_time"
:
""
,
"update_time"
:
"2019-02-28T11:59:14.105Z"
,
"status"
:
0
},
{
"provider"
:
"spamhaus.org"
,
"assessment"
:
""
,
"detect_time"
:
""
,
"update_time"
:
"2019-02-28T11:59:14.105Z"
,
"status"
:
0
}
]
},
"geo_info"
: {
"continent"
: {
"code"
:
"EU"
,
"name"
:
"Europe"
},
"country"
: {
"code"
:
"LV"
,
"name"
:
"Latvia"
},
"city"
: {
"code"
:
""
,
"name"
:
""
},
"location"
: {
"latitude"
:
57
,
"longitude"
:
25
},
"registered_country"
: {
"code"
:
"LV"
,
"name"
:
"Latvia"
},
"subdivisions"
: []
}
}
Example of the parameter being empty:
{
"error"
: {
"code"
:
400180
,
"messages"
: [
"Invalid format of input. Provide IPv4 or IPv6"
]
}
}
Descriptions of response:
success |
A boolean value representing whether the request was successfully resolved or not. |
address |
This is usually an IP address, URI that is found in feeds of data but is not limited to those data types. |
geo_info |
Geolocation of address. |
detected_by |
The number of blacklisted sources. |
sources |
Source of the feed, usually the domain where the feed is from (e.g., example.com). |
Sample code (Node.js)
var http = require(
"https"
);
var options = {
"method"
:
"GET"
,
"hostname"
: [
"api"
,
"metadefender"
,
"com"
],
"path"
: [
"v4"
,
"ip"
,
"109.229.210.250"
],
"headers"
: {
"apikey"
: process.env.APIKEY
}
};
var req = http.request(options, function (res) {
var chunks = [];
res.on(
"data"
, function (chunk) {
chunks.push(chunk);
});
res.on(
"end"
, function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
Sample code (cURL)
curl -X GET \
https:
//api.metadefender.com/v4/ip/109.229.210.250 \
-H
"apikey: ${APIKEY}"