Hazard report

The Hazard Report API provides a consolidated, machine-readable assessment of IP address risk, combining reactive signals (evidence of past malicious behaviour such as blacklist appearances and known anonymiser detections) with proactive indicators (the likelihood that an IP belongs to a hosting or data-centre environment with no eyeball behind the device).

This dual approach helps you identify threats before they act — a critical advantage for zero-day defence — while still leveraging historical evidence where available. Key outputs include hostingLikelihood (0–10), AS/provider context, anonymiser indicators, and related hazard flags. For background on the model and concepts, see What is Hosting Likelihood? and the Hazard Report overview.

If you need geolocation with polygonal confidence areas in the same response, use IP Geolocation with Confidence Area & Hazard Report API. For a simplified risk verdict (low / moderate / high), see the User Risk API.

GEThttps://api-bdc.net/data/hazard-report

Parameters

ParameterTypeRequiredDescription
ipstringOptionalIPv4 IP address in a string or numeric format or IPv6 IP address in a string format. If omitted, the caller’s IP address is assumed
keystringOptionalYour API key

Responses

200OK

Sample Request

https://api-bdc.net/data/hazard-report?ip=54.196.58.110&key=[YOUR API KEY]

Sample Response

JSON View

Response Schema

isKnownAsTorServerbooleanDetermines whether the requested ip address is known as utilised by a TOR server
isKnownAsVpnbooleanDetermines whether the requested ip address is known as utilised by a VPN server
isKnownAsProxybooleanDetermines whether the requested ip address is known as utilised by a proxy server
isSpamhausDropbooleanDetermines whether the requested ip address is listed on the spamhause drop all traffic list. The spamhaus drop (don't route or peer) lists are advisory 'drop all traffic' lists, consisting of netblocks that are 'hijacked' or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers)
isSpamhausEdropbooleanDetermines whether the requested ip address is listed on the spamhause edrop list According to spamhaus, edrop is an extension of the drop list that includes sub-allocated netblocks controlled by spammers or cyber criminals
isSpamhausAsnDropbooleandetermines whether the requested ip address is listed on the spamhause asn-drop list. According to spamhaus, asn-drop contains a list of autonomous system numbers controlled by spammers or cyber criminals, as well as hijacked asns
isBlacklistedUceprotectbooleanDetermines whether the requested ip address is blacklisted at uceprotect.net or backscatterer.org
isBlacklistedBlocklistDebooleanDetermines whether the requested ip address is blacklisted at blocklist.de
isKnownAsMailServerbooleanDetermines whether the requested ip address is known as utilised by an SMTP mail server
mailServerDomainstringThe last detected SMTP domain name making use of this ip address
isKnownAsPublicRouterbooleanDetermines whether the requested ip address is known as utilised by a public router
isBogonbooleanIndicates whether the IP address is excluded from public Internet use by the authorities but announced into the global routing table via BGP
isUnreachablebooleanDetermines whether the requested ip address is not reachable via the public Internet
hostingLikelihoodintegerThe likelihood 0-10 of a hosting origin
isHostingAsnbooleanDetermines whether the requested ip address was announced by an autonomous system which is likely to publish hosting networks
isCellularbooleanDetermines whether the requested ip address was detected as utilised within a cellular network
iCloudPrivateRelaybooleanDetermines whether the requested ip address was detected as Apple iCloud Private Relay address
403Access denied, or your quota limit has exceeded

Sample Response

JSON View
405The requested IP address is not valid

Sample Response

JSON View
500An error has occurred and did not complete your request. Please try again

Sample Response

JSON View