Want to skip the docs? Use the MCP Server
Endpoint availability: Free and aboveLearn more
{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
IP Reputation
curl --request GET \
--url https://greipapi.com/lookup/ip/threats \
--header 'Authorization: Bearer <token>'{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
Risk Scoring
IP Reputation
Access comprehensive threat intelligence data linked to a specific IP address. This endpoint provides insights into malicious activity, reputation scoring, and potential security risks associated with the IP address.
Want to skip the docs? Use the MCP Server
Endpoint availability: Free and aboveLearn more
{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
GET
/
lookup
/
ip
/
threats
IP Reputation
curl --request GET \
--url https://greipapi.com/lookup/ip/threats \
--header 'Authorization: Bearer <token>'{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
Query Parameters
The ip parameter is used to specify the IP address you want to retrieve it’s threat intelligence information.Expected values: an IP address (IPv4 or IPv6)Sample value:
1.1.1.1The format command is used to get a response in a specific format.Expected values:
JSON, XML, CSV, or NewlineFor more information please refer to Response Format.The mode command is used to in the development stage to simulate the integration process before releasing it to the production environment.Expected values:
live, or test.For more information please refer to Development Environment.The userID command can be used to identify requests sent by specific users to monitor in the Events Page.Expected values: email address, phone number, user id, name, etc.For more information please refer to User Identifier.
The callback command can help you make the response as a JSONP format.Expected values: any name that can be used as a function name in Javascript, e.g:
myFunctionName.For more information please refer to JSONP Callback.Response properties
Hide properties
Hide properties
IP address you’re looking up.
Show details
Show details
Indicates if the IP address is a proxy service.
Type of proxy used.
Indicates if accessed through Tor network.
Indicates if the user is a bot.
Indicates if it’s a Apple’s Private Relay connection.
Indicates if the IP address belong to a hosting provider.
Indicates if the IP address is blacklisted due to applying custom
rules or were found in one of
your blacklists.
The custom rules applied to this request, learn
more.
Hide properties
Hide properties
The total number of custom rules applied to this request.
The custom rules applied to this request, learn
more.
Response status (success/error).
Time taken to process the data (in milliseconds).
Was this page helpful?
⌘I