Related Articles
API (TIP)
IP-API
IP-API
Description
This API endpoint provides detailed information about a given IP address, including its network provider, geolocation data, threat intelligence, and user analytics.
Endpoint
1GET https://api.cybercheck360.com/v1/search/ip/{ip_address}Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ip | string | Yes | The IP address to retrieve details for (e.g., 165.166.221.197). |
user_analytics | boolean | No | Set to True to include user analytics data in the response. Defaults to False. |
cybercheck360 | boolean | No | Set to True to include Cybercheck360's verdict. Defaults to False. |
Authentication
This API requires an API key to be passed in the request header.
| Header Name | Type | Required | Description |
|---|---|---|---|
X-API-KEY | string | Yes | Api key token |
Sample Request
1GET https://api.cybercheck360.com/v1/search/ip/100.42.29.170/?user_analytics=True&cybercheck360=trueSample Response
1{
2 "ip": "100.42.29.170",
3 "hostname": "100.42.29.170",
4 "type": "ipv4",
5 "asn": 46841,
6 "isp": "Fork Networking LLC",
7 "carrier": "fork networking llc",
8 "tor": true,
9 "proxy": false,
10 "crawler": false,
11 "proxy_type": null,
12 "location": {
13 "country_code": "US",
14 "country_name": "United States",
15 "region_code": "OR",
16 "region_name": "Oregon",
17 "city": "Portland",
18 "zip": "97204",
19 "latitude": 45.518150329589844,
20 "longitude": -122.67415618896484,
21 "timezone": "America/Los_Angeles",
22 "is_eu": false
23 },
24 "threat_intel": {
25 "listings": {
26 "summary": {
27 "Malware": 1,
28 "Anonymizer": 2
29 },
30 "tags": [
31 "spam",
32 "Tor Nodes"
33 ],
34 "listed_feeds": [
35 {
36 "name": "et_tor",
37 "category": "Malware",
38 "sub_category": "Tor rules"
39 },
40 {
41 "name": "All TOR Nodes",
42 "category": "Anonymizer",
43 "sub_category": "All TOR Nodes"
44 },
45 {
46 "name": "Tor Exit Nodes",
47 "category": "Anonymizer",
48 "sub_category": "Tor Exit Nodes"
49 }
50 ]
51 },
52 "overall_feeds": {
53 "Spam": 48,
54 "Botnet": 14,
55 "Exploit": 15,
56 "Malware": 17,
57 "Anonymizer": 16
58 }
59 },
60 "user_analytics": {
61 "search_count": 2,
62 "fp_reports_count": 0,
63 "malicious_reports_count": 0,
64 "user_blacklist_count": 0,
65 "user whitelist_count": 0
66 },
67 "cybercheck360": {
68 "confidence": "low",
69 "verdict": "malicious"
70 }
71}Response
The API response includes multiple sections depending on the parameters enabled.
Full Response (With All Parameters Enabled)
1{
2 "ip": "165.166.221.197",
3 "hostname": "example.com",
4 "type": "IPv4",
5 "asn": 12345,
6 "isp": "Example ISP",
7 "carrier": "Example Carrier",
8 "location": { ... },
9 "threat_intel": { ... },
10 "user_analytics": { ... }
11}Response Fields
General Information
| Field | Type | Description |
|---|---|---|
ip | string | The queried IP address. |
hostname | string | The resolved hostname of the IP address. |
type | string | The IP version (ipv4 or ipv6). |
asn | integer | Autonomous System Number associated with the IP. |
isp | string | Internet Service Provider (ISP) of the IP address. |
carrier | string | The carrier/network provider associated with the IP. |
tor | boolean | Whether the IP is part of the Tor network. |
proxy | boolean | Whether the IP is using a proxy. |
crawler | boolean | Whether the IP is identified as a web crawler. |
proxy_type | string/null | The type of proxy, if applicable. |
Location Information
| Field | Type | Description |
|---|---|---|
country_code | string | ISO country code (e.g., DE for Germany). |
country_name | string | Full country name. |
region_code | string | ISO region code. |
region_name | string | Full region name. |
city | string | City name. |
zip | string | Postal code (ZIP code). |
latitude | float | Latitude coordinate. |
longitude | float | Longitude coordinate. |
timezone | string | Timezone information. |
is_eu | boolean | Whether the country is part of the European Union. |
Threat Intelligence Data (Listed last 90 days)
| Field | Type | Description |
|---|---|---|
listings.summary | object | Summary of threat listings. |
listings.tags | object | List of tags from the listings for the searche dindicator.Details of specific threat listings. |
listings.listed_feeds | object | Details of specific threat listings. |
overall_feeds | object | Summary of all enabled feeds the check was performed against. |
Cybercheck360 OSINT Categories
CyberCheck360 aggregates intelligence information from multiple threat intelligence feeds and categorizes them into six key categories:
- Malware
- Anonymizer
- Spam
- Botnet
- Phishing
- Exploit
Each IP is analyzed and classified based on the number of threat feeds it appears in. If a ip is listed under a specific category, it means that multiple intelligence sources have flagged it under that classification.
For example, if a response shows "Malware": 5, it indicates that the IP appears in 5 independent threat intelligence feeds that categorize it as malware.
1"threat_intel": {
2 "listings": {
3 "summary": {
4 "Malware": 5,
5 "Anonymizer": 2
6 },
7 "tags": [
8 "spam",
9 "Tor Nodes"
10 ],
11 "listed_feeds": [
12 {
13 "name": "et_tor",
14 "category": "Malware",
15 "sub_category": "Tor rules"
16 },
17 {
18 "name": "All TOR Nodes",
19 "category": "Anonymizer",
20 "sub_category": "All TOR Nodes"
21 },
22 {
23 "name": "Tor Exit Nodes",
24 "category": "Anonymizer",
25 "sub_category": "Tor Exit Nodes"
26 }
27 ]
28 },
29 "overall_feeds": {
30 "Spam": 48,
31 "Botnet": 14,
32 "Exploit": 15,
33 "Malware": 17,
34 "Anonymizer": 16
35 }
36 }User Analytics
CyberCheck360 collects intelligence information from multiple user analytics sources to provide insights into how an IP is perceived and interacted with across various security platforms.
Field Descriptions
| Field | Description |
|---|---|
search_count | Number of times the IP has been searched in the last 90 days for the given indicator. |
fp_reports_count | Total number of false positive reports submitted for the indicator. |
malicious_reports_count | Total number of malicious reports submitted for the indicator. |
user_blacklist_count | Number of lists managed on this platform where this IP has been blacklisted. |
user_whitelist_count | Number of lists managed on this platform where this IP has been whitelisted. |
Example Response:
1{
2 "user_analytics": {
3 "search_count": 2,
4 "fp_reports_count": 0,
5 "malicious_reports_count": 0,
6 "user_blacklist_count": 0,
7 "user whitelist_count": 0
8 },
9}
10CyberCheck360 Verdict
At CyberCheck360, we provide robust threat intelligence by aggregating data from open-source feeds and multiple commercial providers. What sets us apart is the added layer of manual verification from our team of dedicated experts. This comprehensive intelligence is presently accessible via all API requests, but will soon become an exclusive feature of our commercial plans.
Field Descriptions
| Field | Description |
|---|---|
cybercheck360.confidence | The level of certainty CyberCheck360 has in its verdict. Possible values include high, medium, low and unknown . |
cybercheck360.verdict | The determination of the nature of the analyzed entity (e.g., IP address, URL, domain) as assessed by CyberCheck360. Possible values include malicious, suspicious, benign, or unknown |
Example Response:
CyberCheck360 Verdict
1{
2 "cybercheck360": {
3 "confidence": "low",
4 "verdict": "malicious"
5 },
6}Error Responses
| Status Code | Description |
|---|---|
400 | Bad request. Ensure required parameters are correctly formatted. |
401 | Unauthorized. Invalid or missing API key. |
403 | Forbidden. Access to the requested resource is denied. |
404 | IP not found. The requested IP does not exist. |
500 | Internal Server Error. An unexpected error occurred on the server. |
Notes
- The
threat_intelsection provides insight into potential security risks associated with the IP. user_analyticshelps track how often the IP is searched and whether users classify it as safe or malicious.- Values in
nullindicate missing or unavailable data.
This API is useful for cybersecurity research, fraud detection, and threat intelligence monitoring.