ipdata changelog
ipdata changelog
ipdata.co

IP Reputation Scores

 

New

  

IP reputation scores provide a solution for a key weakness of blocklists based threat detection. Whereas blocklists are great for identifying repeat malicious actors they are static and cannot possibly contain every single bad IP.

image.png

Using machine learning and millions of datapoints we now provide 4 key scores for every IP address;

  • VPN Score — the probability that an IP address is the exit-node of a commercial VPN service
  • Proxy Score — the probability that an IP address is a proxy of any kind
  • Threat Score — the probability that an IP address is likely to engage in malicious behavior
  • Trust Score — a score that expresses the trustworthiness, standing or reputation of an IP address

Each score can have a value between 0 - 100.

Blocklists, VPN Detection and iCloud Relay Detection

 

New

  

We're excited to announce the following improvements to ipdata's threat data!

TL;DR There are 4 new fields under the threat object;

is_vpn - available on the Business and Enterprise plans

is_icloud_relay - available on all plans

is_datacenter - available on all plans

blocklists - open-source data available on all paid plans, while commercial feeds are available on the Business and Enterprise plans

Here is a sample API response showcasing the new data fields.

image.png

Blocklists

The new blocklists array field tells you what blocklists an IP address has been reported to. It includes the name, website and list type. We have manually reviewed and included 100+ established OSINT threat feeds eg. Rutgers, Abuse.ch, Spamhaus as well as 2 commercial feeds HoneyDB and Bambenek Consulting, a list we will continue to add to.

The OSINT data is available to all paying ipdata subscribers while the Commercial Feeds are only available to users on the Business and Enterprise plans.

VPN Detection and Improved Proxy Detection

The is_vpn field returns true for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only. The existing is_proxy field is now backed by up to 2M+ IP addresses updated daily and is available to all users free and paid.

iCloud Relay Detection

Apple's iCloud relay functionality is supposed to cleave closely to the actual city and region the end-user is in, meaning geolocation accuracy will not be affected. As a convenience we will mark the IP addresses belonging to the service by setting is_icloud_relay to true.

Bonus:

The new boolean is_datacenter field returns true for any IP addresses that belong to a datacenter including all cloud providers. This is useful for detecting bots.

Company Data

 

New

  

We're excited to officially launch our new company dataset! This new dataset answers the question "Who is this subnet assigned to?".

TL:DR

There are 4 new attributes under the company object;

  • name - the name of the company
  • domain - the domain of the company
  • network - the subnet assigned to the company
  • type - the usage type of the network

This is available to users on the startup plan and above.

Here is a sample API response showcasing the new data.

image.png

Note that we are able to get more detailed information as to the end-user of an IP block — "Rumble On" in this case — as opposed to just the ASN owner — "Charter Communications Inc".

You can recreate the above request with either the ipdata CLI

ipdata 72.128.138.224 --fields ip,city,region,country_name,country_code,asn,company

or curl

curl https://api.ipdata.co?api-key=<your-key>&fields=ip,city,region,country_name,country_code,asn,company

API Keys in Documentation Examples

 

New

  

You can now see your API key in the documentation code examples if you are logged in!

To log in click on the "Account" dropdown at the top-right and Log in to your ipdata account.

image.png

Improved Threat Data

 

New

  

ipdata now provides 4 new threat fields;

  1. is_vpn - available on the Business and Enterprise plans

  2. is_icloud_relay - available on all plans

  3. is_datacenter - available on all plans

  4. blocklists - open-source data available on all paid plans, while commercial feeds are available on the Business and Enterprise plans

carbon (4).png

New Command Line Interface for ipdata

 

New

 

 

Easily make requests from your terminal with ipdata's CLI.

See the documentation to install the cli and get started using it!

Also see how to easily bulk process millions of IPs with the CLI.

asciicast

New Official Libraries for Go, C#, Java, PHP

Redesigned Homepage

 

Improvement

 

 

We've redesigned our homepage!

Screenshot from 2020-04-27 20-48-49.png

Detailed ASN Data

 

New

 

 

We now provide the AS Number, the AS Route, AS Name, AS Domain and the AS Type which can be one of "hosting", "isp", "business", "government", "military" or "education" eg.

"asn": {
    "asn": "AS15169",
    "name": "Google LLC",
    "domain": "google.com",
    "route": "8.8.8.0/24",
    "type": "hosting"
}

Improved Python Client

 

New

 

 

We've made several improvements to the current Python client, including; fixing bugs, adding support for customizing the response and bulk lookups. Install with pip3 install ipdata. See the package on PyPi for more information and the updated Python Examples and Documentation.