Looking up an IP address

Working with the API > Looking up an IP address

Looking up an IP address

Expand all | Collapse all

Kaspersky Threat Intelligence Portal provides an API for looking up an IP address.

Request

Request method: GET

Endpoint: https://opentip.kaspersky.com/api/v1/search/ip

Query parameter: request—IP address that you want to investigate.

cURL command sample:

curl --request GET 'https://opentip.kaspersky.com/api/v1/search/ip?request=<IP address>' --header 'x-api-key: <API token>'

Here:

<IP address>—The IP address that you want to investigate.
<API token>—The API token that you requested in the web interface.

Responses

200 OK

Request processed successfully.

Endpoint returns a JSON object that contains lookup results for the specified IP address.

200 OK response parameters

Parameter	Type	Description
`Zone`	string	Color of the zone that an IP address belongs to. Available values: `Red`—The IP address can be classified as Dangerous. `Orange`—The IP address can be classified as Not trusted and may host malicious objects. `Yellow`—The IP address is classified as Adware and other (Adware, Pornware, and other programs). `Grey`—No data or not enough information is available for the IP address. `Green`—The IP address has the Good or No threats detected status. The No threats detected status is applied if the IP address was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.
`IpGeneralInfo`	object	General information about the requested IP address.
`Status`	string	Status of the IP address (`known` if the country is detected, `reserved` for reserved special-purpose IP addresses (see RFC 6890), and `NoInfo` for IP addresses that do not belong to any country and are not reserved).
`CountryCode`	string	Two-letter country code (ISO 3166-1 alpha-2 standard) of the country to which the IP address belongs.
`HitsCount`	integer	Hits number (popularity) of the requested IP address.
`FirstSeen`	string <date-time>	Date and time when the requested IP address appeared in Kaspersky expert systems statistics for the first time.
`Ip`	string	Requested IP address.
`Categories`	Array of strings	Category of the requested IP address.
`CategoriesWithZone`	Array of objects	Categories of the requested IP address and zones that the category belongs to: `Name`—Category name. `Zone`—Color of the category's zone (Red or Yellow).
`IpWhoIs`	object	WHOIS information about the requested IP address.
`Asn`	Array of objects	Autonomous system number: `Number`—Number of the autonomous system, according to RFC 1771 and RFC 4893. `Description`—Autonomous system description.
`Net`	object	Information about the network that the requested IP address belongs to: `RangeStart`—Start IP address in the network that the IP address belongs to. `RangeEnd`—End IP address in the network that the IP address belongs to. `Created`—Date when the IP address was registered. `Changed`—Date when information about the IP address was last updated. `Name`—Name of the network that the IP address belongs to. `Description`—Description of the network that the IP address belongs to.

400 Bad Request

401 Unauthorized

403 Forbidden

Article ID: IPLookupAPI, Last review: Feb 5, 2025

Page top