Want to skip the docs? Use the MCP Server
Endpoint availability: Free and aboveLearn more
{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
{
"status": "error",
"code": 101,
"type": "invalid_key",
"description": "The API Key is missing or invalid."
}
IP Reputation
curl --request GET \
--url https://greipapi.com/lookup/ip/threats \
--header 'Authorization: Bearer <token>'import requests
url = "https://greipapi.com/lookup/ip/threats"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://greipapi.com/lookup/ip/threats', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://greipapi.com/lookup/ip/threats",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://greipapi.com/lookup/ip/threats"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer <token>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://greipapi.com/lookup/ip/threats")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://greipapi.com/lookup/ip/threats")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
{
"status": "error",
"code": 101,
"type": "invalid_key",
"description": "The API Key is missing or invalid."
}
Risk Scoring
IP Reputation
Access comprehensive threat intelligence data linked to a specific IP address. This endpoint provides insights into malicious activity, reputation scoring, and potential security risks associated with the IP address.
Want to skip the docs? Use the MCP Server
Endpoint availability: Free and aboveLearn more
{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
{
"status": "error",
"code": 101,
"type": "invalid_key",
"description": "The API Key is missing or invalid."
}
GET
/
lookup
/
ip
/
threats
IP Reputation
curl --request GET \
--url https://greipapi.com/lookup/ip/threats \
--header 'Authorization: Bearer <token>'import requests
url = "https://greipapi.com/lookup/ip/threats"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://greipapi.com/lookup/ip/threats', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://greipapi.com/lookup/ip/threats",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://greipapi.com/lookup/ip/threats"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer <token>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://greipapi.com/lookup/ip/threats")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://greipapi.com/lookup/ip/threats")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"status": "success",
"data": {
"ip": "12.12.12.12",
"threats": {
"isProxy": true,
"proxyType": "Socks",
"isTor": false,
"isBot": false,
"isRelay": false,
"isHosting": true,
"blacklisted": false
},
"custom_rules_applied": {
"total": 0,
"rules": []
}
},
"executionTime": 90
}
{
"status": "error",
"code": 101,
"type": "invalid_key",
"description": "The API Key is missing or invalid."
}
Query Parameters
The ip parameter is used to specify the IP address you want to retrieve it’s threat intelligence information.Expected values: an IP address (IPv4 or IPv6)Sample value:
1.1.1.1The format command is used to get a response in a specific format.Expected values:
JSON, XML, CSV, or NewlineFor more information please refer to Response Format.The mode command is used to in the development stage to simulate the integration process before releasing it to the production environment.Expected values:
live, or test.For more information please refer to Development Environment.The userID command can be used to identify requests sent by specific users to monitor in the Events Page.Expected values: email address, phone number, user id, name, etc.For more information please refer to User Identifier.
The callback command can help you make the response as a JSONP format.Expected values: any name that can be used as a function name in Javascript, e.g:
myFunctionName.For more information please refer to JSONP Callback.Response properties
Hide properties
Hide properties
IP address you’re looking up.
Show details
Show details
Indicates if the IP address is a proxy service.
Type of proxy used.
Indicates if accessed through Tor network.
Indicates if the user is a bot.
Indicates if it’s a Apple’s Private Relay connection.
Indicates if the IP address belong to a hosting provider.
Indicates if the IP address is blacklisted due to applying custom
rules or were found in one of
your blacklists.
The custom rules applied to this request, learn
more.
Hide properties
Hide properties
The total number of custom rules applied to this request.
The custom rules applied to this request, learn
more.
Response status (success/error).
Time taken to process the data (in milliseconds).
Was this page helpful?
⌘I