Kaspersky Threat Intelligence Portal

Looking up an IP address

Expand all | Collapse all

Kaspersky Threat Intelligence Portal provides an API for looking up an IP address.

Request

Request method: GET

Endpoint: https://opentip.kaspersky.com/api/v1/search/ip

Query parameter: request—IP address that you want to investigate.

cURL command sample:

curl --request GET 'https://opentip.kaspersky.com/api/v1/search/ip?request=<IP address>' --header 'x-api-key: <API token>'

Here:

Responses

200 OK

Request processed successfully.

Endpoint returns a JSON object that contains lookup results for the specified IP address.

200 OK response parameters

Parameter

Type

Description

Zone

string

Color of the zone that an IP address belongs to. Available values:

Red—The IP address can be classified as Dangerous.

Orange—The IP address can be classified as Not trusted and may host malicious objects.

Yellow—The IP address is classified as Adware and other (Adware, Pornware, and other programs).

Grey—No data or not enough information is available for the IP address.

Green—The IP address has the Good or No threats detected status. The No threats detected status is applied if the IP address was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.

IpGeneralInfo

object

General information about the requested IP address.

Status

string

Status of the IP address (known if the country is detected, reserved for reserved special-purpose IP addresses (see RFC 6890), and NoInfo for IP addresses that do not belong to any country and are not reserved).

CountryCode

string

Two-letter country code (ISO 3166-1 alpha-2 standard) of the country to which the IP address belongs.

HitsCount

integer

Hits number (popularity) of the requested IP address.

FirstSeen

string <date-time>

Date and time when the requested IP address appeared in Kaspersky expert systems statistics for the first time.

Ip

string

Requested IP address.

Categories

Array of strings

Category of the requested IP address.

CategoriesWithZone

Array of objects

Categories of the requested IP address and zones that the category belongs to:

Name—Category name.

Zone—Color of the category's zone (Red or Yellow).

IpWhoIs

object

WHOIS information about the requested IP address.

Asn

Array of objects

Autonomous system number:

Number—Number of the autonomous system, according to RFC 1771 and RFC 4893.

Description—Autonomous system description.

Net

object

Information about the network that the requested IP address belongs to:

RangeStart—Start IP address in the network that the IP address belongs to.

RangeEnd—End IP address in the network that the IP address belongs to.

Created—Date when the IP address was registered.

Changed—Date when information about the IP address was last updated.

Name—Name of the network that the IP address belongs to.

Description—Description of the network that the IP address belongs to.

400 Bad Request

Request not processed: incorrect query.

Make sure you enter the correct parameter, and then try to run the query again.

401 Unauthorized

Request not processed: user authentication failed.

Make sure you enter the correct credentials, and then try to run the query again.

403 Forbidden

Request not processed: quota or request limit exceeded.

Check your quota and limitations, and try to run the query again later.

Page top
[Topic IPLookupAPI]