IP Address Geolocation with Confidence Area and Hazard Report API

Introduction

An extension of the IP Address Geolocation with Confidence Area API, this API endpoint is designed to help fight spammers and other fraudulent activities with additional hazard reporting, by presenting crucial security insight parameters.

Our hazard report, a cybersecurity metrics set, provides both reactive and our highly innovative proprietary proactive approaches. 

In the reactive part, we continuously check the IP addresses in the most popular and trusted blacklist sites like blocklist.de, uceprotect.net and Spamhaus

In addition, we also use our threat detection algorithms and third party sources to detect anonymisers like VPN and Proxy. 

However, the reactive approach cannot detect all the malicious services and is limited to identifying only services that are listed on these websites. It takes a substantial amount of time to detect any newly established malicious services and put them into blacklists, till then they present a high risk to businesses.

However, noticeable, the vast majority of cyber-attacks come from hosting environments. As not many are risking their own private or corporate networks to mount attacks.

A data centre or widely speaking a hosting IP address originated activities should always be dealt with great caution, for example, when placing an e-commerce order or leaving a comment on a blog.

This is where our proactive approach plays an important role.

We utilise our proprietary AI-based technology to examine every IP address globally to estimate a likelihood of the network assigned to a hosting environment. 

We provide the outcome of that assessment as 'hostingLikelihood' data field in the range of 0 to 10.

Moreover, we also provide a metric to detect if the Autonomous System, which announced the network, is likely to be a hosting provider or not.

Unprecedented Update Rate

  • Geolocation data partially updated every 2 hours and fully updated at least once a day
  • BGP data updated every 2 hours
  • Registry data updated at least once a day
  • Country object data usually updates at least once in a month
  • Hazard report data updated every hour

Example Response

The response is only available in JSON format. The below response should be expected for the following request:


https://api.bigdatacloud.net/data/ip-geolocation-full


Awaiting request submission...

API Pricing

  1. Monthly Subscription
    FREE 10,000 queries/month
    Additional 10,000 queries US$3.00/month
  2. Annual Subscription
    FREE 10,000 queries/month
    Additional 10,000 queries US$2.40/month

Request Format

NEW! Payload compression is supported, simply add Accept-Encoding: gzip header.
Use the form below to try out this API.

Parameter Your Input Value Description
ip IPv4 IP address in a string or numeric format. If omitted, the caller’s IP address is assumed
localityLanguage

Preferred language for locality names in ISO 639-1 format, such as 'en' for English, 'es' for Spanish etc. Please note: 147 common world languages are supported, full list here, but not all languages are available for every location. If requested language is not available for a requested location it will default to English, if no English is available, the native, local names will be provided
key Your API key

Don't have an API Key? Click here to register and get your free API Key

If you already have a BigDataCloud account, to automatically fill this field with your Api Key.

The live query

https://api.bigdatacloud.net/data/ip-geolocation-full


CURL Example

curl -X GET --header 'Accept: application/json' 'https://api.bigdatacloud.net/data/ip-geolocation-full'


Visit our SDK page to access API clients in specific languages like Javascript, Python + PHP.


Response

Awaiting request submission...

Response Format

Field Data type Description
ip string Requested IPv4 IP address in a string format
localityLanguageRequested string localityLanguage input parameter received
country <Country> object Geolocated Country
location <Location> object Geolocation
lastUpdated string Indicates the time of when that particular IP address’s geolocation was assessed the last
network <Network> object Network it belongs
confidence string Geolocation confidence, possible values:
  • "low"
  • "moderate"
  • "high"
confidenceArea Array of <point> objects Closed polygon representing estimated geolocation confidence area
hazardReport <HazardReport> object Detailed hazard report for the requested IP address

API Endpoint

Endpoint: /data/ip-geolocation-full
Full URL: https://api.bigdatacloud.net/data/ip-geolocation-full

Data Objects

Point object

Field

Data type

Description

latitude

float

Latitudein in EPSG:4326 projection, as used in GPS

longitude

float

Longitude in EPSG:4326 projection, as used in GPS

Country object

Field

Data type

Description

isoAlpha2

string

ISO 3166-1 Alpha-2 code

isoAlpha3

string

ISO 3166-1 Alpha-3 code

m49Code

16 bit integer

United Nations M.49 code

name

string

Country name localised to the language as defined by ‘localityLanguage’ request parameter

isoName

string

ISO 3166-1 Country name

isoAdminLanguages

Array of <Language> objects

Administrative languages as defined by ISO 3166-1 standard

unRegion

string

Region name as defined by the United Nations

currency

<Currency> object

Currency as defined by ISO 4217 standard

wbRegion

<WbNode> object

Region name as defined by the World Bank

wbIncomeLevel

<WbNode> object

Income level as defined by the World Bank

callingCode

string

Calling code

countryFlagEmoji

string

Country emoji

wikidataId

string

Wikidata item identifier, if available

geonameId

integer

A unique identifier as is given by GeoNames.org

continents

Array of <Continent> object

The list of Continents the Country is located at

Language object

Field

Data type

Description

isoAlpha2

string

ISO 3166-1 Alpha-2 code

isoAlpha3

string

ISO 3166-1 Alpha-3 code

isoName

string

ISO 3166-1 Language name

nativeName

string

Language native name

Currency object

Field

Data type

Description

numericCode

string

ISO 4217 standard numeric code

code

string

ISO 4217 standard code

Name

string

ISO 4217 English name

minorUnits

byte

ISO 4217 minor units as the currency exponent  (e.g. 2 = 1/100)

WbNode object

Field

Data type

Description

id

string

Identification number

iso2Code

string

ISO 2 letters code

value

string

Value

Location object

Field

Data type

Description

continent

string

Localised Continent name in the requested language, if available

continentCode

string

Continent code

isoPrincipalSubdivision

string

Principal subdivision name as defined by ISO 3166-2 standard

isoPrincipalSubdivisionCode

string

Principal subdivision code as defined by ISO 3166-2 standard

city

string

City name. The language, if available, is as defined by ‘localityLanguage’ request parameter

localityName

string

Represents the smallest geographic area recognised to which the target belongs. The language, if available, is as defined by ‘localityLanguage’ request parameter

postcode

string

Postcode, if available

latitude

float

Estimated Latitude

longitude

float

Estimated Longitude

plusCode

string

Open Location Code (read more here plus codes)

timeZone

<Timezone> object

Time Zone information

localityInfo

<LocalityInfo> object

Detailed reverse geocoded locality information localised to the language as defined by ‘localityLanguage’ request parameter

 

Locality Info object

Field

Data type

Description

administrative

Aray of <LocalityProperty> objects

Administrative boundarires ordered by area (largest first). Omitted if no administrative boundaries are available

informative

Aray of <LocalityProperty> objects

Non-administrative boundarires ordered by area (largest first). Omitted if not available

Locality Property object

Field

Data type

Description

order

integer

Order value consistent across all entities in the Locality Info parent object. Ordered by geographic area (largest first)

adminLevel

integer

An administrative level as defined by OpenStreetMaps project

name

string

Localised name of the place in the requested language, if available. The language is as defined by ‘localityLanguage’ request parameter

description

string

Localised description of the place in the requested language, if available. The language is as defined by ‘localityLanguage’ request parameter

isoName

string

ISO 3166-2 standard name, if available

isoCode

string

ISO 3166-2 standard code, if available

wikidataId

string

Wikidata item identifier, if available

geonameId

integer

Unique identifier given by GeoNames.org

chinaAdminCode

string

China Administrative division code. This is available only for locations based in China, and is omitted for others.

Timezone Object

Field

Data type

Description

ianaTimeId

string

Time Zone name in IANA format

displayName

string

Display name

effectiveTimeZoneFull

string

Effective time zone full name (adjusted to the daylight saving status)

effectiveTimeZoneShort

string

Effective time zone short name (adjusted to the daylight saving status)

UtcOffsetSeconds

32 bit integer

Effective offset from UTC time in seconds

UtcOffset

string

Effective offset from UTC time

isDaylightSavingTime

boolean

Indicates if the daylight saving is on

localTime

string

Local time in ISO 8601 format

Network object

Field

Data type

Description

registry

string

The Regional Internet Registry (RIR) the network is registered with

registryStatus

string

Registration status

registeredCountry

string

Registered Country ISO 3166-1 Alpha-2 code

registeredCountryName

string

Registered Country name localised to the language is as defined by ‘localityLanguage’ request parameter

organisation

string

Registered for

isReachableGlobally

boolean

Indicates if the network was announced on BGP and reachable globally or not

isBogon

boolean

Indicates if the network in bogon

bgpPrefix

string

The latest BGP prefix announcement for the current network

bgpPrefixNetworkAddress

string

BGP prefix network (the first) address

bgpPrefixLastAddress

string

BGP prefix last address

totalAddresses

32 bit unsigned integer

Total number of IP addresses in the Network

carriers

Array of <Carrier> objects

List of Autonomous Systems (AS) announcing this network on BGP

viaCarriers

Array of <Carrier> objects

List of Autonomous Systems (AS) detected at the last hop before the announced parties

Carrier object

Field

Data type

Description

asn

string

Autonomous System Number string

asnNumeric

32 bit unsigned integer

Autonomous System Number

organisation

string

Registered Organisation

name

string

Registered name

registry

string

The Regional Internet Registry (RIR) the AS is registered with

registeredCountry

string

Registered Country ISO 3166-1 Alpha-2 code

registeredCountryName

string

Registered Country localised name. The language is as defined by 'localityLanguage' request parameter

registrationDate

string

Registration date in “yyyy-mm-dd” format

registrationLastChange

string

Registration modification date in “yyyy-mm-dd” format

totalIpv4Addresses

32 bit unsigned integer

Total number of IP addresses announced by the AS

totalIpv4Prefixes

32 bit unsigned integer

Total number of BGP prefixes announced by the AS

totalIpv4BogonPrefixes

32 bit unsigned integer

Total number of bogon prefixes announced by the AS

rank

32 bit unsigned integer

World rank by total number of IP addresses announced

rankText

string

World rank by total number of IP addresses announced including total

HazardReport object

Field

Data type

Description

isKnownAsTorServer

boolean

Determines whether the requested IP address is known as utilised by a TOR server

isKnownAsProxy

boolean

Determines whether the requested IP address is known as utilised by a proxy server

isKnownAsMailServer

boolean

Determines whether the requested IP address is known as utilised by an SMTP mail server

mailServerDomain

string

The last detected SMTP domain name

isKnownAsPublicRouter

boolean

Determines whether the requested IP address is known as utilised by a public router

isBogon

boolean

Indicates if the IP address is on the bogon address space

isUnreachable

boolean

Determines whether the requested IP address is not reachable via the public Internet

Related APIs

  1. Time Zone by IP Address API
    FREE 10,000 queries/month
    Additional 10,000 queries
    US$2.00
    /month

    Returns detailed time-zone information when provided with an IPV4 IP address.

    • Lightning fast (sub-millisecond response time)
    • Daylight saving
    • Local time
    • Past/future time
    • Next Generation IP Geolocation Technology
    Read More
  2. Country by IP Address API
    FREE 10,000 queries/month
    Additional 10,000 queries
    US$2.00
    /month

    Returns detailed information about World Countries by utilising IPv4 IP address geolocation

    • Lightning fast (sub-millisecond response time)
    • ISO 3166-1
    • UN data
    • World Bank data
    • Next Generation IP Geolocation Technology
    Read More
  3. IP Address Geolocation API
    FREE 10,000 queries/month
    Additional 10,000 queries
    US$2.00
    /month

    Returns detailed geolocation for a provided IPv4 IP address

    • Lightning fast (sub-millisecond response time)
    • Country data
    • Detailed locality data
    • Estimated location coordinates
    • Network data
    • Registration data
    • BGP prefix and status data
    • Next Generation IP Geolocation Technology
    Read More
  4. IP Address Geolocation with Confidence Area API
    FREE 10,000 queries/month
    Additional 10,000 queries
    US$2.00
    /month

    Returns detailed geolocation for an IPv4 IP address including confidence and area estimation

    • Lightning fast (sub-millisecond response time)
    • Country data
    • Detailed locality data
    • Estimated location coordinates
    • Network data
    • Registration data
    • BGP prefix and status data
    • Next Generation IP Geolocation Technology
    • Confidence and area estimation
    Read More

Sidebar