On this page

Hazard report

Introduction

The Hazard report API is a dedicated IPv4 address intelligence endpoint for our most comprehensive security-related outline of an IP address.

Conventionally, the IP address potential threat assessment is predominantly reactive. Such as many reliable organisations like blocklist.de, uceprotect.net or Spamhaus provide frequently updated, toxic IP address lists. These lists are paramountly helpful in building a cyber defence against well-known abusers. However, these essentially cannot help much against a first-time-seen scenario known as a ‘zero-day attack’. 

Noticeably, most cyber-attacks come from remote environments, as not many would risk their private or corporate networks to mount malicious activities. Therefore, a datacentre or, widely speaking, a remote-operated IP address-originated activity should always be dealt with great caution, for example, when accepting an e-commerce order or a comment on a blog post. It is precisely where our uniquely proactive approach comes into play.

We utilise our proprietary algorithm to closely examine every IP address globally to estimate the likelihood it belongs to a hosting or another remote and unattended environment. The assessment provides a scoring outcome ranging from 0 to 10.

We also offer our proprietary detection for known anonymisers such as TOR, VPN and proxies. And in addition, we detect and report IP addresses as servicing mail servers, public network routers, bogon blocks and cellular networks. 

All this info combined provides a solid foundation for most cyber defence scenarios such as fraud protection or access control. 

For example, if you're running an e-commerce store and assessing an order placed from a VPN IP address, you should obviously consider it with great suspicion. The same applies to orders from a bogon address space or likely hosting environment. However, being detected as a cellular network is a good sign unless there is a high hosting probability. A cellular network with a high hosting likelihood is a strong indicator of a leased-out network block, often utilised by a highly dangerous hidden VPN or residential proxy networks. 

Get started

This API is part of the IP Geolocation package and is available in free and paid plans. Please visit the IP Geolocation package page for limits and pricing information.

Endpoint

GET
https://api.bigdatacloud.net/data/hazard-report

Request

Parameter
Type
Required
Description
Parameter
ip
Type
string
Required
Optional, default value: [Caller's IP]
Description
IPv4 IP address in a string or numeric format. If omitted, the caller’s IP address is assumed
Parameter
key
Type
string
Required
Yes
Description
Your API key

Responses

Example query

https://api.bigdatacloud.net/data/hazard-report?ip=193.114.112.1&key=[YOUR API KEY]
  

Example response

Schema

application/json