This API endpoint provides detailed information about a given IP address, including its network provider, geolocation data, threat intelligence, and user analytics.
GET https://api.cybercheck360.com/v1/search/ip/{ip_address}
| Parameter | Type | Required | Description |
|---|---|---|---|
ip |
string | Yes | The IP address to retrieve details for (e.g., 165.166.221.197). |
user_analytics |
boolean | No | Set to True to include user analytics data in the response. Defaults to False. |
This API requires an API key to be passed in the request header.
| Header Name | Type | Required | Description |
|---|---|---|---|
X-API-KEY |
string | Yes | Api key token |
GET https://api.cybercheck360.com/v1/search/ip/5.5.5.5/?user_analytics=True
{
"ip": "5.5.5.5",
"hostname": "dynamic-005-005-005-005.5.5.pool.telefonica.de",
"type": "ipv4",
"asn": 6805,
"isp": "Telefonica Germany Gmbh & co.ohg",
"carrier": "telefonica germany gmbh & co.ohg",
"location": {
"country_code": "DE",
"country_name": "Germany",
"region_code": "NW",
"region_name": "North Rhine-Westphalia",
"city": "Düsseldorf",
"zip": "40213",
"latitude": 51.227699279785156,
"longitude": 6.773499965667725,
"timezone": "Europe/Berlin",
"is_eu": true
},
"threat_intel": {
"listings": {},
"overall_feeds": {
"Botnet": 13,
"Exploit": 16,
"Anonymizer": 16,
"Malware": 17,
"Phishing": 2,
"Spam": 77,
"Whitelist": 7
},
"tags": [],
"tor": false,
"proxy": false,
"crawler": false,
"proxy_type": null
},
"user_analytics": {
"search_count": {
"fp_reports_count": 0,
"malicious_reports_count": 0
},
"fp_reports_count": null,
"malicious_reports_count": null,
"user_blacklist_count": null,
"user whitelist_count": null
},
}
The API response includes multiple sections depending on the parameters enabled.
{
"ip": "165.166.221.197",
"hostname": "example.com",
"type": "IPv4",
"asn": 12345,
"isp": "Example ISP",
"carrier": "Example Carrier",
"location": { ... },
"threat_intel": { ... },
"user_analytics": { ... }
}
| Field | Type | Description |
|---|---|---|
ip |
string | The queried IP address. |
hostname |
string | The resolved hostname of the IP address. |
type |
string | The IP version (ipv4 or ipv6). |
asn |
integer | Autonomous System Number associated with the IP. |
isp |
string | Internet Service Provider (ISP) of the IP address. |
carrier |
string | The carrier/network provider associated with the IP. |
| Field | Type | Description |
|---|---|---|
country_code |
string | ISO country code (e.g., DE for Germany). |
country_name |
string | Full country name. |
region_code |
string | ISO region code. |
region_name |
string | Full region name. |
city |
string | City name. |
zip |
string | Postal code (ZIP code). |
latitude |
float | Latitude coordinate. |
longitude |
float | Longitude coordinate. |
timezone |
string | Timezone information. |
is_eu |
boolean | Whether the country is part of the European Union. |
| Field | Type | Description |
|---|---|---|
listings |
object | Details of specific threat listings. |
overall_feeds |
object | Summary of security threats and malicious activity detected. |
tags |
array | Additional classification tags. |
tor |
boolean | Whether the IP is part of the Tor network. |
proxy |
boolean | Whether the IP is using a proxy. |
crawler |
boolean | Whether the IP is identified as a web crawler. |
proxy_type |
string/null | The type of proxy, if applicable. |
CyberCheck360 aggregates intelligence information from multiple threat intelligence feeds and categorizes them into six key categories:
Each IP is analyzed and classified based on the number of threat feeds it appears in. If a ip is listed under a specific category, it means that multiple intelligence sources have flagged it under that classification.
For example, if a response shows "Malware": 5, it indicates that the IP appears in 5 independent threat intelligence feeds that categorize it as malware.
{
"threat_intel": {
"listings": {
"Malware": 5,
"Spam": 10,
"Exploit": 3,
"Botnet": 2,
"Anonymizer": 1
},
"tags": ["malware", "botnet"],
"tor": false,
"proxy": true,
"crawler": false
}
}
CyberCheck360 collects intelligence information from multiple user analytics sources to provide insights into how an IP is perceived and interacted with across various security platforms.
| Field | Description |
|---|---|
search_count |
Number of times the IP has been searched in the last 90 days for the given indicator. |
fp_reports_count |
Total number of false positive reports submitted for the indicator. |
malicious_reports_count |
Total number of malicious reports submitted for the indicator. |
user_blacklist_count |
Number of lists managed on this platform where this IP has been blacklisted. |
user_whitelist_count |
Number of lists managed on this platform where this IP has been whitelisted. |
{
"user_analytics": {
"search_count": {
"fp_reports_count": 0,
"malicious_reports_count": 0
},
"fp_reports_count": null,
"malicious_reports_count": null,
"user_blacklist_count": null,
"user whitelist_count": null
},
}
| Status Code | Description |
|---|---|
400 |
Bad request. Ensure required parameters are correctly formatted. |
401 |
Unauthorized. Invalid or missing API key. |
403 |
Forbidden. Access to the requested resource is denied. |
404 |
IP not found. The requested IP does not exist. |
500 |
Internal Server Error. An unexpected error occurred on the server. |
threat_intel section provides insight into potential security risks associated with the IP.user_analytics helps track how often the IP is searched and whether users classify it as safe or malicious.null indicate missing or unavailable data.This API is useful for cybersecurity research, fraud detection, and threat intelligence monitoring.