/ips

Uncover security risks hidden in IP addresses


Use this endpoint to uncover more information about an IP address. Sqreen has an extensive database of known attackers, as well as analysis on who or what an IP address belongs to. Discover whether this IP address is a Tor exit point or was used in an attack, and use this data to make policy decisions based on how risky we assess the IP address to be.

Response

Field Type Description
ip string The IP address queried.
ip_version number The version of the IP address queried. Either 4 or 6.
risk_score number The assessed risk that this IP address is being used by a malevolent actor.
Values range from 0 to 100. Anything greater than 80 is really bad and should be dropped; anything greater than about 40 is worth flagging and keeping an eye on.
is_known_attacker boolean Was this IP address used as part of a security attack?
high_risk_security_events_count number The number of high-risk security events (e.g. SQL injection attacks) originating from this IP address.
security_events_count number The number of all security events (both high-risk and low-risk) originating from this IP address.
ip_geo object The geographical location associated with this IP address.
ip_geo.latitude number The latititude of the location.
ip_geo.longitude number The longitude of the location.
ip_geo.country_code string The ISO ALPHA-3 Code for the country that this location exists within.
is_datacenter boolean Does this IP address belong to a known datacenter, such as AWS or Google Cloud?
is_vpn boolean Does this IP address belong to a known VPN?
is_proxy boolean Does this IP address belong to a known proxy server?
is_tor boolean Is this IP address a known Tor exit point?