This API endpoint provides detailed information about a given IP address, including its network provider, geolocation data, threat intelligence, and user analytics.
GET https://api.cybercheck360.com/v1/search/ip/{ip_address}
| Parameter | Type | Required | Description |
|---|---|---|---|
ip |
string | Yes | The IP address to retrieve details for (e.g., 165.166.221.197). |
user_analytics |
boolean | No | Set to True to include user analytics data in the response. Defaults to False. |
cybercheck360 |
boolean | No | Set to True to include Cybercheck360's verdict. Defaults to False. |
This API requires an API key to be passed in the request header.
| Header Name | Type | Required | Description |
|---|---|---|---|
X-API-KEY |
string | Yes | Api key token |
GET https://api.cybercheck360.com/v1/search/ip/100.42.29.170/?user_analytics=True&cybercheck360=true
{
"ip": "100.42.29.170",
"hostname": "100.42.29.170",
"type": "ipv4",
"asn": 46841,
"isp": "Fork Networking LLC",
"carrier": "fork networking llc",
"tor": true,
"proxy": false,
"crawler": false,
"proxy_type": null,
"location": {
"country_code": "US",
"country_name": "United States",
"region_code": "OR",
"region_name": "Oregon",
"city": "Portland",
"zip": "97204",
"latitude": 45.518150329589844,
"longitude": -122.67415618896484,
"timezone": "America/Los_Angeles",
"is_eu": false
},
"threat_intel": {
"listings": {
"summary": {
"Malware": 1,
"Anonymizer": 2
},
"tags": [
"spam",
"Tor Nodes"
],
"listed_feeds": [
{
"name": "et_tor",
"category": "Malware",
"sub_category": "Tor rules"
},
{
"name": "All TOR Nodes",
"category": "Anonymizer",
"sub_category": "All TOR Nodes"
},
{
"name": "Tor Exit Nodes",
"category": "Anonymizer",
"sub_category": "Tor Exit Nodes"
}
]
},
"overall_feeds": {
"Spam": 48,
"Botnet": 14,
"Exploit": 15,
"Malware": 17,
"Anonymizer": 16
}
},
"user_analytics": {
"search_count": 2,
"fp_reports_count": 0,
"malicious_reports_count": 0,
"user_blacklist_count": 0,
"user whitelist_count": 0
},
"cybercheck360": {
"confidence": "low",
"verdict": "malicious"
}
}
The API response includes multiple sections depending on the parameters enabled.
{
"ip": "165.166.221.197",
"hostname": "example.com",
"type": "IPv4",
"asn": 12345,
"isp": "Example ISP",
"carrier": "Example Carrier",
"location": { ... },
"threat_intel": { ... },
"user_analytics": { ... }
}
| Field | Type | Description |
|---|---|---|
ip |
string | The queried IP address. |
hostname |
string | The resolved hostname of the IP address. |
type |
string | The IP version (ipv4 or ipv6). |
asn |
integer | Autonomous System Number associated with the IP. |
isp |
string | Internet Service Provider (ISP) of the IP address. |
carrier |
string | The carrier/network provider associated with the IP. |
tor |
boolean | Whether the IP is part of the Tor network. |
proxy |
boolean | Whether the IP is using a proxy. |
crawler |
boolean | Whether the IP is identified as a web crawler. |
proxy_type |
string/null | The type of proxy, if applicable. |
| Field | Type | Description |
|---|---|---|
country_code |
string | ISO country code (e.g., DE for Germany). |
country_name |
string | Full country name. |
region_code |
string | ISO region code. |
region_name |
string | Full region name. |
city |
string | City name. |
zip |
string | Postal code (ZIP code). |
latitude |
float | Latitude coordinate. |
longitude |
float | Longitude coordinate. |
timezone |
string | Timezone information. |
is_eu |
boolean | Whether the country is part of the European Union. |
| Field | Type | Description |
|---|---|---|
listings.summary |
object | Summary of threat listings. |
listings.tags |
object | List of tags from the listings for the searche dindicator.Details of specific threat listings. |
listings.listed_feeds |
object | Details of specific threat listings. |
overall_feeds |
object | Summary of all enabled feeds the check was performed against. |
CyberCheck360 aggregates intelligence information from multiple threat intelligence feeds and categorizes them into six key categories:
Each IP is analyzed and classified based on the number of threat feeds it appears in. If a ip is listed under a specific category, it means that multiple intelligence sources have flagged it under that classification.
For example, if a response shows "Malware": 5, it indicates that the IP appears in 5 independent threat intelligence feeds that categorize it as malware.
"threat_intel": {
"listings": {
"summary": {
"Malware": 5,
"Anonymizer": 2
},
"tags": [
"spam",
"Tor Nodes"
],
"listed_feeds": [
{
"name": "et_tor",
"category": "Malware",
"sub_category": "Tor rules"
},
{
"name": "All TOR Nodes",
"category": "Anonymizer",
"sub_category": "All TOR Nodes"
},
{
"name": "Tor Exit Nodes",
"category": "Anonymizer",
"sub_category": "Tor Exit Nodes"
}
]
},
"overall_feeds": {
"Spam": 48,
"Botnet": 14,
"Exploit": 15,
"Malware": 17,
"Anonymizer": 16
}
}
CyberCheck360 collects intelligence information from multiple user analytics sources to provide insights into how an IP is perceived and interacted with across various security platforms.
| Field | Description |
|---|---|
search_count |
Number of times the IP has been searched in the last 90 days for the given indicator. |
fp_reports_count |
Total number of false positive reports submitted for the indicator. |
malicious_reports_count |
Total number of malicious reports submitted for the indicator. |
user_blacklist_count |
Number of lists managed on this platform where this IP has been blacklisted. |
user_whitelist_count |
Number of lists managed on this platform where this IP has been whitelisted. |
{
"user_analytics": {
"search_count": 2,
"fp_reports_count": 0,
"malicious_reports_count": 0,
"user_blacklist_count": 0,
"user whitelist_count": 0
},
}
At CyberCheck360, we provide robust threat intelligence by aggregating data from open-source feeds and multiple commercial providers. What sets us apart is the added layer of manual verification from our team of dedicated experts. This comprehensive intelligence is presently accessible via all API requests, but will soon become an exclusive feature of our commercial plans.
| Field | Description |
|---|---|
cybercheck360.confidence |
The level of certainty CyberCheck360 has in its verdict. Possible values include high, medium, low and unknown . |
cybercheck360.verdict |
The determination of the nature of the analyzed entity (e.g., IP address, URL, domain) as assessed by CyberCheck360. Possible values include malicious, suspicious, benign, or unknown |
{
"cybercheck360": {
"confidence": "low",
"verdict": "malicious"
},
}
| Status Code | Description |
|---|---|
400 |
Bad request. Ensure required parameters are correctly formatted. |
401 |
Unauthorized. Invalid or missing API key. |
403 |
Forbidden. Access to the requested resource is denied. |
404 |
IP not found. The requested IP does not exist. |
500 |
Internal Server Error. An unexpected error occurred on the server. |
threat_intel section provides insight into potential security risks associated with the IP.user_analytics helps track how often the IP is searched and whether users classify it as safe or malicious.null indicate missing or unavailable data.This API is useful for cybersecurity research, fraud detection, and threat intelligence monitoring.