IP Address Geolocation with Confidence Area and Hazard Report API
Introduction
An extension of the IP Address Geolocation with Confidence Area API, this API endpoint is designed to help fight spammers and other fraudulent activities with additional hazard reporting, by presenting crucial security insight parameters.
Our hazard report, a cybersecurity metrics set, provides both reactive and our highly innovative proprietary proactive approaches.
In the reactive part, we continuously check the IP addresses in the most popular and trusted blacklist sites like blocklist.de, uceprotect.net and Spamhaus.
In addition, we also use our threat detection algorithms and third party sources to detect anonymisers like VPN and Proxy.
However, the reactive approach cannot detect all the malicious services and is limited to identifying only services that are listed on these websites. It takes a substantial amount of time to detect any newly established malicious services and put them into blacklists, till then they present a high risk to businesses.
However, noticeable, the vast majority of cyber-attacks come from hosting environments. As not many are risking their own private or corporate networks to mount attacks.
A data centre or widely speaking a hosting IP address originated activities should always be dealt with great caution, for example, when placing an e-commerce order or leaving a comment on a blog.
This is where our proactive approach plays an important role.
We utilise our proprietary algorithm to examine every IP address globally to estimate a likelihood of the network assigned to a hosting environment.
We provide the outcome of that assessment as 'hostingLikelihood' data field in the range of 0 to 10.
Moreover, we also provide a metric to detect if the Autonomous System, which announced the network, is likely to be a hosting provider or not.
Unprecedented Update Rate
- Geolocation data partially updated every 2 hours and fully updated at least once a day
- BGP data updated every 2 hours
- Registry data updated at least once a day
- Country object data usually updates at least once in a month
- Hazard report data updated every hour
Get started
This API is part of the IP Geolocation package and is available in free and paid plans. Please visit the IP Geolocation package page for limits and pricing information.
Endpoint
Request
Responses
Example query
https://api.bigdatacloud.net/data/ip-geolocation-full?ip=193.114.112.1&localityLanguage=en&key=[YOUR API KEY]
Example response
- 1{
- 2"ip": "193.114.112.1",
- 3"localityLanguageRequested": "en",
- 4"isReachableGlobally": true,
- 5"country": {...}
- 48"location": {...}
- 140"lastUpdated": "2022-07-02T23:42:04.4522984Z",
- 141"network": {...}
- 447"confidence": "moderate",
- 448"confidenceArea": [...]
- 618"securityThreat": "unknown",
- 619"hazardReport": {...}
- 636}
Schema
Requested IPv4 IP address in a string format
localityLanguage input parameter received
Indicated whether the IP address is present on the global routing table, hence reachable. If not reachable, the IP address is not in use and therefore cannot be geolocated
country object
location object
Indicates the time of when that particular IP address’s geolocation was assessed the last
network object
Geolocation confidence. Possible values: 'low', 'moderate', 'high'
Closed polygon representing estimated geolocation confidence area
A textual summary of an estimated security threat associated with the IP address
hazardReport object