> ## Documentation Index
> Fetch the complete documentation index at: https://docs.greip.io/llms.txt
> Use this file to discover all available pages before exploring further.

# IP Reputation

> Access comprehensive threat intelligence data linked to a specific IP address. This endpoint provides insights into malicious activity, reputation scoring, and potential security risks associated with the IP address.

export const MCPCallout = () => {
  return <div class="callout my-4 px-5 py-4 overflow-hidden rounded-2xl flex gap-3 border border-[rgba(192, 132, 252, 0.2)] bg-[rgba(192, 132, 252, 0.1)] dark:border-[#c084fc4d] dark:bg-[#c084fc1a] text-[#6005BB] dark:text-[#FFFFFF]" data-callout-type="callout">
      <div class="mt-0.5 w-4" data-component-part="callout-icon">
        <svg class="h-4 w-4 !m-0 shrink-0 bg-[#c084fc] [mask-image:url('https://d3gk2c5xim1je2.cloudfront.net/v7.1.0/duotone/fire.svg')] [-webkit-mask-image:url('https://d3gk2c5xim1je2.cloudfront.net/v7.1.0/duotone/fire.svg')] [mask-repeat:no-repeat] [-webkit-mask-repeat:no-repeat] [mask-position:center] [-webkit-mask-position:center]"></svg>
      </div>
      <div class="text-sm prose dark:prose-invert min-w-0 w-full [&_kbd]:bg-background-light dark:[&_kbd]:bg-background-dark text-[#6005BB] dark:text-[#FFFFFF]" data-component-part="callout-content">
        <span data-as="p">
          Want to skip the docs? Use the{" "}
          <a class="link mint-text-xs border-[#C792FC]" href="/docs-mcp-server">
            <b>MCP Server</b>
          </a>
        </span>
      </div>
    </div>;
};

export const Availability = ({plan, color}) => {
  const colorMap = {
    green: "text-green-700 dark:text-green-400",
    blue: "text-blue-700 dark:text-blue-400",
    purple: "text-purple-700 dark:text-purple-400"
  };
  return <div dir="ltr" data-orientation="horizontal" class="p-4 px-5 mt-0 md:mt-4 flex flex-col sm:flex-row flex-wrap gap-2 relative overflow-hidden rounded-2xl border border-gray-950/10 dark:border-white/10 my-0 bg-gray-50 dark:bg-white/5 dark:codeblock-dark text-gray-950 dark:text-gray-50 codeblock-light text-sm prose prose-gray dark:prose-invert font-semibold no-wrap-words">
      Endpoint availability:{" "}
      <span class={` ${colorMap[color]} flex-1`}>{plan}</span>
      <a class="custom-link text-xs" href="https://greip.io/detailed-pricing">
        Learn more
      </a>
    </div>;
};

### Query Parameters

<ParamField query="ip" type="string" placeholder="IP address" required>
  The ip parameter is used to specify the IP address you want to retrieve it's threat intelligence information.

  Expected values: an IP address (IPv4 or IPv6)

  Sample value: `1.1.1.1`
</ParamField>

<ParamField query="format" type="string" default="JSON" placeholder="Response format">
  The format command is used to get a response in a specific format.

  Expected values: `JSON`, `XML`, `CSV`, or `Newline`

  For more information please refer to [Response Format](/options/response-format).
</ParamField>

<ParamField query="mode" type="string" default="live" placeholder="Environment">
  The mode command is used to in the development stage to simulate the integration process before releasing it to the production environment.

  Expected values: `live`, or `test`.

  For more information please refer to [Development Environment](/options/development-environment).
</ParamField>

<ParamField query="userID" type="string" placeholder="User Identifier">
  The userID command can be used to identify requests sent by specific users to monitor in the [Events Page](/dashboard-guides/monitoring-capabilities/real-time-threat-monitoring).

  Expected values: email address, phone number, user id, name, etc.

  For more information please refer to [User Identifier](/options/user-identifier).
</ParamField>

<ParamField query="callback" type="string" placeholder="JSONP callback">
  The callback command can help you make the response as a JSONP format.

  Expected values: any name that can be used as a function name in Javascript, e.g: `myFunctionName`.

  For more information please refer to [JSONP Callback](/options/jsonp-callback).
</ParamField>

<Panel>
  <MCPCallout />

  <Availability plan="Free and above" color="green" />

  <ResponseExample>
    ```json Success theme={null}
    {
      "status": "success",
      "data": {
        "ip": "12.12.12.12",
        "threats": {
          "isProxy": true,
          "proxyType": "Socks",
          "isTor": false,
          "isBot": false,
          "isRelay": false,
          "isHosting": true,
          "blacklisted": false
        },
        "custom_rules_applied": {
          "total": 0,
          "rules": []
        }
      },
      "executionTime": 90
    }
    ```

    ```json Error theme={null}
    {
      "status": "error",
      "code": 101,
      "type": "invalid_key",
      "description": "The API Key is missing or invalid."
    }
    ```
  </ResponseExample>
</Panel>

### Response properties

<ResponseField name="data" type="object" required>
  <Expandable title="properties" defaultOpen={true}>
    <ResponseField name="ip" type="string" required>
      IP address you're looking up.
    </ResponseField>

    <ResponseField name="threats" type="object" required>
      <Expandable title="details">
        <ResponseField name="isProxy" type="boolean" required>
          Indicates if the IP address is a proxy service.
        </ResponseField>

        <ResponseField name="proxyType" type="string" required>
          Type of proxy used.
        </ResponseField>

        <ResponseField name="isTor" type="boolean" required>
          Indicates if accessed through Tor network.
        </ResponseField>

        <ResponseField name="isBot" type="boolean" required>
          Indicates if the user is a bot.
        </ResponseField>

        <ResponseField name="isRelay" type="boolean" required>
          Indicates if it's a Apple's Private Relay connection.
        </ResponseField>

        <ResponseField name="isHosting" type="boolean" required>
          Indicates if the IP address belong to a hosting provider.
        </ResponseField>

        <ResponseField name="blacklisted" type="boolean" required>
          Indicates if the IP address is blacklisted due to applying [custom
          rules](/knowledge-base/custom-rules/overview) or were found in one of
          your blacklists.
        </ResponseField>
      </Expandable>

      <ResponseField name="custom_rules_applied" type="object">
        The custom rules applied to this request, [learn
        more](/knowledge-base/custom-rules/overview).

        <Expandable title="properties" defaultOpen={true}>
          <ResponseField name="total" type="integer" required>
            The total number of custom rules applied to this request.
          </ResponseField>

          <ResponseField name="rules" type="object" required>
            The custom rules applied to this request, [learn
            more](/knowledge-base/custom-rules/overview).

            <Expandable title="properties" defaultOpen={true}>
              <ResponseField name="id" type="string" required>
                The rule ID as shown in the dashboard (e.g: `CR104`).
              </ResponseField>

              <ResponseField name="title" type="string" required>
                The rule title you set when creating the rule.
              </ResponseField>
            </Expandable>
          </ResponseField>
        </Expandable>
      </ResponseField>
    </ResponseField>
  </Expandable>

  <ResponseField name="status" type="string" required>
    Response status (success/error).
  </ResponseField>

  <ResponseField name="executionTime" type="integer" required>
    Time taken to process the data (in milliseconds).
  </ResponseField>
</ResponseField>