Looking up an IP address
Expand all | Collapse all
Kaspersky Threat Intelligence Portal provides an API for looking up an IP address.
Request
Request method: GET
Endpoint: https://opentip.kaspersky.com/api/v1/search/ip
Query parameter: request—IP address that you want to investigate.
cURL command sample:
curl --request GET 'https://opentip.kaspersky.com/api/v1/search/ip?request=<IP address>' --header 'x-api-key: <API token>'
Here:
|
Responses
200 OK
Request processed successfully.
Endpoint returns a JSON object that contains lookup results for the specified IP address.
200 OK response parameters
Parameter
|
Type
|
Description
|
Zone
|
string
|
Color of the zone that an IP address belongs to. Available values:
Red—The IP address can be classified as Dangerous.
Orange—The IP address can be classified as Not trusted and may host malicious objects.
Yellow—The IP address is classified as Adware and other (Adware, Pornware, and other programs).
Grey—No data or not enough information is available for the IP address.
Green—The IP address has the Good or No threats detected status. The No threats detected status is applied if the IP address was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.
|
IpGeneralInfo
|
object
|
General information about the requested IP address.
|
Status
|
string
|
Status of the IP address (known if the country is detected, reserved for reserved special-purpose IP addresses (see RFC 6890), and NoInfo for IP addresses that do not belong to any country and are not reserved).
|
CountryCode
|
string
|
Two-letter country code (ISO 3166-1 alpha-2 standard) of the country to which the IP address belongs.
|
HitsCount
|
integer
|
Hits number (popularity) of the requested IP address.
|
FirstSeen
|
string <date-time>
|
Date and time when the requested IP address appeared in Kaspersky expert systems statistics for the first time.
|
Ip
|
string
|
Requested IP address.
|
Categories
|
Array of strings
|
Category of the requested IP address.
|
CategoriesWithZone
|
Array of objects
|
Categories of the requested IP address and zones that the category belongs to:
Name—Category name.
Zone—Color of the category's zone (Red or Yellow).
|
IpWhoIs
|
object
|
WHOIS information about the requested IP address.
|
Asn
|
Array of objects
|
Autonomous system number:
Number—Number of the autonomous system, according to RFC 1771 and RFC 4893.
Description—Autonomous system description.
|
Net
|
object
|
Information about the network that the requested IP address belongs to:
RangeStart—Start IP address in the network that the IP address belongs to.
RangeEnd—End IP address in the network that the IP address belongs to.
Created—Date when the IP address was registered.
Changed—Date when information about the IP address was last updated.
Name—Name of the network that the IP address belongs to.
Description—Description of the network that the IP address belongs to.
|
400 Bad Request
Request not processed: incorrect query.
Make sure you enter the correct parameter, and then try to run the query again.
401 Unauthorized
Request not processed: user authentication failed.
Make sure you enter the correct credentials, and then try to run the query again.
403 Forbidden
Request not processed: quota or request limit exceeded.
Check your quota and limitations, and try to run the query again later.
[Topic IPLookupAPI]