Extended IP Lookup
GET/extended/:ip
Retrieves detailed information about an IP address, including targeted ports, spoofability, targeted continents, event volume over the last 30 days, and GeoIP details.
Request
Path Parameters
IP address to lookup (currently supports IPv4).
Query Parameters
API key required. Developers can contact [email protected] or use the provided test key (GLTqgI1J0LRJcw5YQ4b859fF8h5a0C9c). For commercial use, visit our pricing page or contact [email protected].
Responses
- 200
- 400
- 401
- 429
Request processed successfully.
- application/json
- Schema
- Example (from schema)
Schema
Queried IP address.
Indicates if the IP address was observed within the last 30 days. If not observed, this field is the only guaranteed response.
Indicates if activity from this IP could be spoofed due to incomplete 3-way handshakes.
List of ports targeted by the IP address.
Ports targeted by the IP address without a single full 3-way handshake completed.
target
object
Information about regions targeted by the IP address.
List of continents targeted by the IP address in two-letter continent codes.
fingerprints
object
Fingerprints associated with an IP address. This field is available if you have subscription to the Fingerprints plan.
List of JA3 hashes associated with the IP.
List of JA4 hashes associated with the IP.
Volume of events associated with the IP address over the last 30 days.
last_seen
object
Details of the last observation of the IP address by ELLIO's Cyberdeception network.
UTC timestamp in seconds of the last observation.
Human-readable UTC time of the last observation.
Indicates if the IP was observed in the last 5 minutes.
Indicates if the IP was observed in the last hour.
Indicates if the IP was observed in the last 24 hours.
Indicates if the IP was observed in the last 14 days.
Indicates if the IP was observed in the last 30 days.
geo
object
GeoIP information for the queried IP address.
asn
object
company
object
domains
object
services
object
List of services detected on the queried IP address.
Indicates if the queried IP address is associated with a VPN service.
Indicates if the queried IP address runs a proxy service.
Indicates if the queried IP address is associated with the TOR network.
Indicates if the queried IP address is part of the Apple Private Relay.
Indicates if the queried IP address is used for hosting or cloud services.
Name of any specific service associated with the queried IP address, if applicable.
{
"ip": "190.53.43.178",
"seen": true,
"spoofable": false,
"ports": [
"22"
],
"spoofable_ports": [],
"target": {
"continents-2": [
"AS",
"EU"
]
},
"fingerprints": {
"ja3": [
"cba7f34191ef2379c1325641f6c6c4f4"
],
"ja4": [
"t12i130500_2d7513195f68_e51b7354d87f"
]
},
"volume": 4313,
"last_seen": {
"ts": 1720632298,
"tsHuman": "2024-07-10 17:24:58",
"last5Minutes": false,
"lastHour": false,
"last24Hours": false,
"last14Days": true,
"last30Days": true
},
"geo": {
"city": "Managua",
"region": "Managua Department",
"country": "NI",
"asn": {
"asn": "AS27742",
"name": "Amnet Telecomunicaciones S.A.",
"domain": "amnet.com.ni",
"route": "190.53.43.0/24",
"type": "ISP"
},
"company": {
"name": "Amnet Datos Nicaragua",
"domain": "amnetdatos.net",
"type": "Business"
},
"domains": {
"total": 0,
"domains": []
}
},
"services": {
"vpn": false,
"proxy": false,
"tor": false,
"relay": false,
"hosting": false,
"service": ""
}
}
Bad request, verify the IP address format.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Invalid IP address."
}
Unauthorized access, API key required.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "No API key found in request.",
"request_id": "744c9a3a4bbe9e1d5720ef0c31999c38"
}
Rate limit exceeded.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "API usage limit exceeded.",
"request_id": "744c9a3a4bbe9e1d5720ef0c31999c38"
}