4.1 IP Reputation

Request

Value

Method

GET

URL

https://api.metadefender.com/v3/ip/:observable

Summary

Retrieve information about given observable (IPv4 + IPv6, in future: URL, etc.) from CIF server.

Request

URL Parameters

 

Description

Example

:observable

The observable that user wants to scan

109.229.210.250

Header Parameters

 

Description

Allowed Values

Required

Authorization

Give rights to use the endpoint (API Authentication Mechanisms)

apikey

YES

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of successful scan request:

{
"success": true,
"data": {
"start_time": "2018-11-13T11:44:55.165Z",
"scan_results": [
{
"source": "zeustracker.abuse.ch",
"results": [
{
"alternativeid": "https://zeustracker.abuse.ch/monitor.php?search=109.229.210.250",
"assessment": "zeus, botnet",
"confident": 65,
"detecttime": "2018-11-13T00:13:19Z",
"updatetime": "2018-11-13T00:14:12Z",
"result": "blacklisted"
}
]
},
{
"source": "danger.rulez.sk",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2018-11-13T11:44:55.797Z",
"result": "unknown"
}
]
},
{
"source": "www.chaosreigns.com",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2018-11-13T11:44:55.797Z",
"result": "unknown"
}
]
},
{
"source": "dragonresearchgroup.org",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2018-11-13T11:44:55.797Z",
"result": "unknown"
}
]
},
{
"source": "malc0de.com",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2018-11-13T11:44:55.797Z",
"result": "unknown"
}
]
},
{
"source": "www.us.openbl.org",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2018-11-13T11:44:55.797Z",
"result": "unknown"
}
]
}
],
"detected_by": 1,
"address": "109.229.210.250",
"geo_info": {
"continent": {
"code": "EU",
"geoname_id": 6255148,
"names": {
"de": "Europa",
"en": "Europe",
"es": "Europa",
"fr": "Europe",
"ja": "ヨーロッパ",
"pt-BR": "Europa",
"ru": "Европа",
"zh-CN": "欧洲"
}
},
"country": {
"geoname_id": 458258,
"iso_code": "LV",
"names": {
"de": "Lettland",
"en": "Latvia",
"es": "Letonia",
"fr": "Lettonie",
"ja": "ラトビア共和国",
"pt-BR": "Letônia",
"ru": "Латвия",
"zh-CN": "拉脱维亚"
}
},
"location": {
"latitude": 57,
"longitude": 25,
"time_zone": "Europe/Riga"
},
"registered_country": {
"geoname_id": 458258,
"iso_code": "LV",
"names": {
"de": "Lettland",
"en": "Latvia",
"es": "Letonia",
"fr": "Lettonie",
"ja": "ラトビア共和国",
"pt-BR": "Letônia",
"ru": "Латвия",
"zh-CN": "拉脱维亚"
}
}
}
}
}

Example of the parameter being empty:

{
"err" : "Invalid format of input. Provide IPv4 or IPv6"
}

Descriptions of response:

data

The information from database.

success

Boolean value representing wheter request was succesfully resolved or not.

address

This is usually an IP address, URI that is found in feeds of data but is not limited to those data types.

geo_info

Geolocation of address.

detected_by

Number of blacklisted sources.

source

Source of the feed, usually the domain where the feed is from (e.g., example.com).

alternativeid

Usually a URL pointing to the original data point (as a reference id).

detecttime

When the event was detected, most common timestamp formats are valid.

result

blacklisted, whitelisted, unknown

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": [
"api",
"metadefender",
"com"
],
"path": [
"v3",
"ip",
"177.140.22.150"
],
"headers": {
"Authorization": "apikey " + process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
https://api.metadefender.com/v3/ip/177.140.22.150 \
-H 'Authorization: apikey ${APIKEY}'