4.1 IP Reputation
|
Request |
Value |
|
Method |
GET |
|
URL |
https://api.metadefender.com/v3/ip/:observable |
Summary
Retrieve information about given observable (IPv4 + IPv6, in future: URL, etc.) from CIF server.
Request
URL Parameters
|
|
Description |
Example |
|
:observable |
The observable that user wants to scan |
109.229.210.250 |
Header Parameters
|
|
Description |
Allowed Values |
Required |
|
Authorization |
Give rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Response
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of successful scan request:
{ "success": true, "data": { "start_time": "2018-11-13T11:44:55.165Z", "scan_results": [ { "source": "zeustracker.abuse.ch", "results": [ { "alternativeid": "https://zeustracker.abuse.ch/monitor.php?search=109.229.210.250", "assessment": "zeus, botnet", "confident": 65, "detecttime": "2018-11-13T00:13:19Z", "updatetime": "2018-11-13T00:14:12Z", "result": "blacklisted" } ] }, { "source": "danger.rulez.sk", "results": [ { "alternativeid": "", "assessment": "", "confident": "", "detecttime": "", "updatetime": "2018-11-13T11:44:55.797Z", "result": "unknown" } ] }, { "source": "www.chaosreigns.com", "results": [ { "alternativeid": "", "assessment": "", "confident": "", "detecttime": "", "updatetime": "2018-11-13T11:44:55.797Z", "result": "unknown" } ] }, { "source": "dragonresearchgroup.org", "results": [ { "alternativeid": "", "assessment": "", "confident": "", "detecttime": "", "updatetime": "2018-11-13T11:44:55.797Z", "result": "unknown" } ] }, { "source": "malc0de.com", "results": [ { "alternativeid": "", "assessment": "", "confident": "", "detecttime": "", "updatetime": "2018-11-13T11:44:55.797Z", "result": "unknown" } ] }, { "source": "www.us.openbl.org", "results": [ { "alternativeid": "", "assessment": "", "confident": "", "detecttime": "", "updatetime": "2018-11-13T11:44:55.797Z", "result": "unknown" } ] } ], "detected_by": 1, "address": "109.229.210.250", "geo_info": { "continent": { "code": "EU", "geoname_id": 6255148, "names": { "de": "Europa", "en": "Europe", "es": "Europa", "fr": "Europe", "ja": "ヨーロッパ", "pt-BR": "Europa", "ru": "Европа", "zh-CN": "欧洲" } }, "country": { "geoname_id": 458258, "iso_code": "LV", "names": { "de": "Lettland", "en": "Latvia", "es": "Letonia", "fr": "Lettonie", "ja": "ラトビア共和国", "pt-BR": "Letônia", "ru": "Латвия", "zh-CN": "拉脱维亚" } }, "location": { "latitude": 57, "longitude": 25, "time_zone": "Europe/Riga" }, "registered_country": { "geoname_id": 458258, "iso_code": "LV", "names": { "de": "Lettland", "en": "Latvia", "es": "Letonia", "fr": "Lettonie", "ja": "ラトビア共和国", "pt-BR": "Letônia", "ru": "Латвия", "zh-CN": "拉脱维亚" } } } }}Example of the parameter being empty:
{ "err" : "Invalid format of input. Provide IPv4 or IPv6" }Descriptions of response:
|
data |
The information from database. |
|
success |
Boolean value representing wheter request was succesfully resolved or not. |
|
address |
This is usually an IP address, URI that is found in feeds of data but is not limited to those data types. |
|
geo_info |
Geolocation of address. |
|
detected_by |
Number of blacklisted sources. |
|
source |
Source of the feed, usually the domain where the feed is from (e.g., example.com). |
|
alternativeid |
Usually a URL pointing to the original data point (as a reference id). |
|
detecttime |
When the event was detected, most common timestamp formats are valid. |
|
result |
blacklisted, whitelisted, unknown |
Sample code (Node.js)
var http = require("https");var options = { "method": "GET", "hostname": [ "api", "metadefender", "com" ], "path": [ "v3", "ip", "177.140.22.150" ], "headers": { "Authorization": "apikey " + process.env.APIKEY }};var req = http.request(options, function (res) { var chunks = []; res.on("data", function (chunk) { chunks.push(chunk); }); res.on("end", function () { var body = Buffer.concat(chunks); console.log(body.toString()); });});req.end();Sample code (cURL)
curl -X GET \ https://api.metadefender.com/v3/ip/177.140.22.150 \ -H 'Authorization: apikey ${APIKEY}'