New

IP reputation scores provide a solution for a key weakness of blocklists based threat detection. Whereas blocklists are great for identifying repeat malicious actors they are static and cannot possibly contain every single bad IP.

Using machine learning and millions of datapoints we now provide 4 key scores for every IP address;

• VPN Score — the probability that an IP address is the exit-node of a commercial VPN service
• Proxy Score — the probability that an IP address is a proxy of any kind
• Threat Score — the probability that an IP address is likely to engage in malicious behavior
• Trust Score — a score that expresses the trustworthiness, standing or reputation of an IP address

Each score can have a value between 0 - 100.

New

We're excited to announce the following improvements to ipdata's threat data!

TL;DR There are 4 new fields under the threat object;

is_vpn - available on the Business and Enterprise plans

is_icloud_relay - available on all plans

is_datacenter - available on all plans

blocklists - open-source data available on all paid plans, while commercial feeds are available on the Business and Enterprise plans

Here is a sample API response showcasing the new data fields.

Blocklists

The new blocklists array field tells you what blocklists an IP address has been reported to. It includes the name, website and list type. We have manually reviewed and included 100+ established OSINT threat feeds eg. Rutgers, Abuse.ch, Spamhaus as well as 2 commercial feeds HoneyDB and Bambenek Consulting, a list we will continue to add to.

The OSINT data is available to all paying ipdata subscribers while the Commercial Feeds are only available to users on the Business and Enterprise plans.

VPN Detection and Improved Proxy Detection

The is_vpn field returns true for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only. The existing is_proxy field is now backed by up to 2M+ IP addresses updated daily and is available to all users free and paid.

iCloud Relay Detection

Apple's iCloud relay functionality is supposed to cleave closely to the actual city and region the end-user is in, meaning geolocation accuracy will not be affected. As a convenience we will mark the IP addresses belonging to the service by setting is_icloud_relay to true.

Bonus:

The new boolean is_datacenter field returns true for any IP addresses that belong to a datacenter including all cloud providers. This is useful for detecting bots.

New

We're excited to officially launch our new company dataset! This new dataset answers the question "Who is this subnet assigned to?".

TL:DR

There are 4 new attributes under the company object;

• name - the name of the company
• domain - the domain of the company
• network - the subnet assigned to the company
• type - the usage type of the network

This is available to users on the startup plan and above.

Here is a sample API response showcasing the new data.

Note that we are able to get more detailed information as to the end-user of an IP block — "Rumble On" in this case — as opposed to just the ASN owner — "Charter Communications Inc".

You can recreate the above request with either the ipdata CLI

ipdata 72.128.138.224 --fields ip,city,region,country_name,country_code,asn,company

or curl

curl https://api.ipdata.co?api-key=<your-key>&fields=ip,city,region,country_name,country_code,asn,company

New

You can now see your API key in the documentation code examples if you are logged in!

To log in click on the "Account" dropdown at the top-right and Log in to your ipdata account.

New

ipdata now provides 4 new threat fields;

1. is_vpn - available on the Business and Enterprise plans

2. is_icloud_relay - available on all plans

3. is_datacenter - available on all plans

4. blocklists - open-source data available on all paid plans, while commercial feeds are available on the Business and Enterprise plans

New

Easily make requests from your terminal with ipdata's CLI.

See the documentation to install the cli and get started using it!

Also see how to easily bulk process millions of IPs with the CLI.

New

We have launched official libraries for;

• Go - https://github.com/ipdata/go
• C# - https://github.com/ipdata/dotnet
• Java - https://github.com/ipdata/java
• PHP - https://github.com/ipdata/php

Improvement

We've redesigned our homepage!

New

We now provide the AS Number, the AS Route, AS Name, AS Domain and the AS Type which can be one of "hosting", "isp", "business", "government", "military" or "education" eg.

"asn": {
    "asn": "AS15169",
    "name": "Google LLC",
    "domain": "google.com",
    "route": "8.8.8.0/24",
    "type": "hosting"
}

New

We've made several improvements to the current Python client, including; fixing bugs, adding support for customizing the response and bulk lookups. Install with pip3 install ipdata. See the package on PyPi for more information and the updated Python Examples and Documentation.