Output format
{
"createdAt": 1679875200,
"firstSeen": 1679875200,
"lastSeen": 1719187200,
"ioc": "101.132.168.206",
"iocType": "IPv4",
"verdict": "Threat",
"score": 10,
"threatDescription": [
{
"name": "Attack",
"description": "Malicious activity detected from the host.",
"firstSeen": 1679875200,
"lastSeen": 1719187200,
"references": [
"https://github.com/stamparm/ipsum/archive/refs/heads/master.zip"
]
}
],
"findings": [
{
"name": "Malicious activity",
"count": 37,
"signatures": [
{
"name": "Malicious traffic",
"severity": "Medium",
"count": 37,
"cve": [],
"protocol": "redis",
"dates": [
{
"date": 1716940800,
"count": 5
},
{
"date": 1717027200,
"count": 0
},
{
"date": 1717113600,
"count": 0
},
{
"date": 1717200000,
"count": 3
},
{
"date": 1717286400,
"count": 6
},
{
"date": 1717372800,
"count": 0
},
{
"date": 1717459200,
"count": 0
},
{
"date": 1717545600,
"count": 0
},
{
"date": 1717632000,
"count": 3
},
{
"date": 1717718400,
"count": 0
},
{
"date": 1717804800,
"count": 0
},
{
"date": 1717891200,
"count": 5
},
{
"date": 1717977600,
"count": 0
},
{
"date": 1718064000,
"count": 3
},
{
"date": 1718150400,
"count": 0
},
{
"date": 1718236800,
"count": 0
},
{
"date": 1718323200,
"count": 0
},
{
"date": 1718409600,
"count": 6
},
{
"date": 1718496000,
"count": 0
},
{
"date": 1718582400,
"count": 0
},
{
"date": 1718668800,
"count": 0
},
{
"date": 1718755200,
"count": 0
},
{
"date": 1718841600,
"count": 3
},
{
"date": 1718928000,
"count": 3
},
{
"date": 1719014400,
"count": 0
},
{
"date": 1719100800,
"count": 0
},
{
"date": 1719187200,
"count": 0
}
]
}
]
}
],
"location": {
"country": "China",
"region": "Shanghai",
"city": "Shanghai",
"timezone": null
},
"netblock": {
"inetnum": "101.132.0.0 - 101.133.255.255",
"source": "apnic",
"netname": "ALISOFT",
"modified": "2023-11-28T00:51:48Z",
"country": "CN",
"score": 0.7,
"adminContact": {
"id": "ZM1015-AP",
"role": "Li Jia",
"email": "jiali.jl@alibaba-inc.com",
"phone": "+86-0571-85022088",
"address": [
"NO.969 West Wen Yi Road, Yu Hang District, Hangzhou"
]
},
"techContact": {
"id": "ZM875-AP",
"role": "Guoxin Gao",
"email": "anti-spam@list.alibaba-inc.com",
"phone": "+86-0571-85022600",
"address": [
"5F, Builing D, the West Lake International Plaza of S&T",
"No.391 Wen'er Road, Hangzhou City",
"Zhejiang, China, 310099"
]
},
"abuseContact": {
"id": "IRT-ALISOFT-CN",
"role": "IRT-ALISOFT-CN",
"email": "didong.jc@alibaba-inc.com",
"phone": "",
"address": [
"No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099"
]
}
},
"asn": {
"asn": 37963,
"name": "Alibaba (China)",
"route": "",
"domain": "http://alibabagroup.com/",
"connectionType": "Content"
},
"proxy": {
"type": null,
"torExitNode": false
},
"dns": {
"value": "",
"reverseMatch": false
}
}Output parameters
| Name | Type | Description |
|---|
| firstSeen | Integer | Date when the IoC was first seen by our scanners. 9 March 2023 is the earliest date available, as we started collecting data on that date. |
| lastSeen | Integer | Date when the IoC was last seen by our scanners. |
| ioc | String | Target IoC value. |
| iocType | String | Target IoC type: IPv4, IPv6. |
| verdict | String | Classification or assessment of the IoC's threat level. Example: “Threat”, “Suspicious”, “Benign”, “Unknown”. |
| score | Float | Numerical score indicating the threat level or confidence level of the IoC. Ranges from 0 to 10. |
| threatDescription | Array | Detailed descriptions of the threats associated with the IoC. Absent if not found. |
| threatDescription[].name | String | Name of the threat type. Example: “Malware”, “Phishing”, “Botnet”, “C&C”, “Spam”. |
| threatDescription[].description | String | Detailed description of the threat. |
| threatDescription[].firstSeen | Integer | Timestamp when this description of the threat was first observed. |
| threatDescription[].lastSeen | Integer | Timestamp when this description of the threat was last observed. |
| threatDescription[].references | String[] | List of sources for the information provided. |
| findings | Array | Categorized findings related to the IoC. Absent if not found. |
| findings[].name | String | Name of the category. |
| findings[].count | Integer | Number of findings in this category. |
| findings[].signatures | Array | Array of detailing signatures related to the threat category. |
| findings[].signatures[].name | String | Name of the signature. |
| findings[].signatures[].severity | String | Severity level of the signature. Possible values: Critical, Major, Medium, Minor). |
| findings[].signatures[].count | Integer | Number of appearances. |
| findings[].signatures[].cve | String[] | List of Common Vulnerabilities and Exposures (CVE) associated with this signature. |
| findings[].signatures[].protocol | String | Protocol associated with the signature (e.g., HTTP, TCP). |
| findings[].signatures[].dates | Array | Array providing dates related to the signature's detection or activity. |
| findings[].signatures[].dates[].date | Integer | Malicious activity date. |
| findings[].signatures[].dates[].count | Integer | Malicious activity count. |
| location | Object | Geographical information associated with the IoC. Absent if not found. |
| location.country | String | Country where the threat source is located. |
| location.region | String | Region within the country where the threat source is located. |
| location.city | String | City where the threat source is located. |
| location.timezone | String | Time zone of the threat source location. |
| netblock | Object | Information about the netblock (range of IP addresses) where the IoC was found. Absent if not found. |
| netblock.inetnum | String | Internet number (IP range) associated with the threat. |
| netblock.parent | String | Parent netblock, if applicable. |
| netblock.source | String | Source of the netblock information. |
| netblock.netname | String | Name of the network. |
| netblock.modified | String | Last modification date of the netblock information. |
| netblock.country | String | Country where the netblock is registered. |
| netblock.score | Float | Score indicating the threat level associated with the netblock. |
| netblock.organization | Object | Organization associated with the netblock, containing fields like Org, Name, Email, Phone, and Address. Absent if not found. |
| netblock.adminContact | Object | Administrative contact for the netblock, containing fields like ID, Role, Email, Phone, and Address. Absent if not found. |
| netblock.techContact | Object | Technical contact for the netblock, containing fields like ID, Role, Email, Phone, and Address. Absent if not found. |
| netblock.abuseContact | Object | Abuse contact for the netblock, containing fields like ID, Role, Person, Email, Phone, and Address. Absent if not found. |
| asn | Object | Autonomous System Number (ASN) information related to the IoC. Absent if not found. |
| asn.asn | Integer | Autonomous System Number (ASN) associated with the threat. |
| asn.name | String | Name of the organization or entity that owns the ASN. |
| asn.route | String | Route associated with the ASN. Empty if not found. |
| asn.domain | String | Domain name associated with the ASN. Empty if not found. |
| asn.connectionType | String | Type of network connection (e.g., DSL, Cable). |
| proxy | Object | Proxy information if the IoC involves or is associated with a proxy server. |
| proxy.type | String | Type of proxy. Empty if not found. |
| proxy.torExitNode | Boolean | Indicates whether the proxy is a Tor exit node. |
| dns | String | DNS information related to the IoC. |
| dns.value | String | DNS PTR Record of the IoC. Empty if PTR Record not found. |
| dns.reverseMatch | Boolean | Indicates whether an IP of a PTR Record matches the IoC. |
Error codes
| 400 | Invalid parameters. |
| 429 | Too many requests. Try your call again later. |
| 500 | Internal server error. Try your call again or contact us. |
