Hazard report
Introduction
The Hazard report API is a dedicated IPv4 address intelligence endpoint for our most comprehensive security-related outline of an IP address.
Conventionally, the IP address potential threat assessment is predominantly reactive. Such as many reliable organisations like blocklist.de, uceprotect.net or Spamhaus provide frequently updated, toxic IP address lists. These lists are paramountly helpful in building a cyber defence against well-known abusers. However, these essentially cannot help much against a first-time-seen scenario known as a ‘zero-day attack’.
Noticeably, most cyber-attacks come from remote environments, as not many would risk their private or corporate networks to mount malicious activities. Therefore, a datacentre or, widely speaking, a remote-operated IP address-originated activity should always be dealt with great caution, for example, when accepting an e-commerce order or a comment on a blog post. It is precisely where our uniquely proactive approach comes into play.
We utilise our proprietary algorithm to closely examine every IP address globally to estimate the likelihood it belongs to a hosting or another remote and unattended environment. The assessment provides a scoring outcome ranging from 0 to 10.
We also offer our proprietary detection for known anonymisers such as TOR, VPN and proxies. And in addition, we detect and report IP addresses as servicing mail servers, public network routers, bogon blocks and cellular networks.
All this info combined provides a solid foundation for most cyber defence scenarios such as fraud protection or access control.
For example, if you're running an e-commerce store and assessing an order placed from a VPN IP address, you should obviously consider it with great suspicion. The same applies to orders from a bogon address space or likely hosting environment. However, being detected as a cellular network is a good sign unless there is a high hosting probability. A cellular network with a high hosting likelihood is a strong indicator of a leased-out network block, often utilised by a highly dangerous hidden VPN or residential proxy networks.
Get started
This API is part of the IP Geolocation package and is available in free and paid plans. Please visit the IP Geolocation package page for limits and pricing information.
Endpoint
Request
Responses
Example query
https://api.bigdatacloud.net/data/hazard-report?ip=193.114.112.1&key=[YOUR API KEY]
Example response
Schema
Determines whether the requested ip address is known as utilised by a TOR server
Determines whether the requested ip address is known as utilised by a VPN server
Determines whether the requested ip address is known as utilised by a proxy server
Determines whether the requested ip address is listed on the spamhause drop all traffic list. The spamhaus drop (don't route or peer) lists are advisory 'drop all traffic' lists, consisting of netblocks that are 'hijacked' or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers)
Determines whether the requested ip address is listed on the spamhause edrop list According to spamhaus, edrop is an extension of the drop list that includes sub-allocated netblocks controlled by spammers or cyber criminals
determines whether the requested ip address is listed on the spamhause asn-drop list. According to spamhaus, asn-drop contains a list of autonomous system numbers controlled by spammers or cyber criminals, as well as hijacked asns
Determines whether the requested ip address is blacklisted at uceprotect.net or backscatterer.org
Determines whether the requested ip address is blacklisted at blocklist.de
Determines whether the requested ip address is known as utilised by an SMTP mail server
The last detected SMTP domain name making use of this ip address
Determines whether the requested ip address is known as utilised by a public router
Indicates whether the IP address is excluded from public Internet use by the authorities but announced into the global routing table via BGP
Determines whether the requested ip address is not reachable via the public Internet
The likelihood 0-10 of a hosting origin
Determines whether the requested ip address was announced by an autonomous system which is likely to publish hosting networks
Determines whether the requested ip address was detected as utilised within a cellular network
Determines whether the requested ip address was detected as Apple iCloud Private Relay address