Connectors
...
Actions
Get IPV4 Indicators
6 min
description get ipv4 indicators endpoint url api/v1/indicators/ipv4/{{ip}}/{{section}} method get inputs path parameters (object) – required ip (string) – required section (string) – required output example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "646", "connection" "keep alive", "date" "mon, 09 jan 2023 23 41 34 gmt", "server" "gunicorn", "cache control" "max age=0", "x frame options" "sameorigin", "x remote user name" "swimlane dev", "x otx active" "1", "content encoding" "gzip", "access control allow origin" " ", "vary" "accept encoding", "x cache" "miss from cloudfront", "via" "1 1 804a8375579a9f838ab10ed130908180 cloudfront net (cloudfront)", "x amz cf pop" "for50 p3", "x amz cf id" "sjmiw6z8irm 7bqeajt3wyglf9zrt8bsyu oh5iwzha2qrrj fn1ba==" }, "reason" "ok", "json body" { "whois" "http //whois domaintools com/8 8 8 8", "reputation" 0, "indicator" "8 8 8 8", "type" "ipv4", "type title" "ipv4", "base indicator" { "id" 11911, "indicator" "8 8 8 8", "type" "ipv4", "title" "", "description" "", "content" "", "access type" "public", "access reason" "" }, "pulse info" { "count" 0, "pulses" \[], "references" \[], "related" { "alienvault" { "adversary" \[], "malware families" \[], "industries" \[] }, "other" { "adversary" \[], "malware families" \[], "industries" \[] } } }, "false positive" \[ { "assessment" "accepted", "assessment date" "2021 05 19t15 36 44 966000", "report date" "2021 03 16t14 46 19 003000" } ], "validation" \[ { "source" "false positive", "message" "known false positive", "name" "known false positive" }, { "source" "whitelist", "message" "contained in whitelisted prefix", "name" "whitelisted ip" } ], "asn" "as15169 google llc", "city data" true, "city" null, "region" null, "continent code" "na", "country code3" "usa", "country code2" "us", "subdivision" null, "latitude" 37 751, "postal code" null, "longitude" 97 822, "accuracy radius" 1000, "country code" "us", "country name" "united states of america", "dma code" 0, "charset" 0, "area code" 0, "flag url" "/assets/images/flags/us png", "flag title" "united states of america", "sections" \[ "general", "geo", "reputation", "url list", "passive dns", "malware", "nids list", "http scans" ] } } ] output parameters status code (number) reason (string) json body (object) whois (string) reputation (number) indicator (string) type (string) type title (string) base indicator (object) id (number) indicator (string) type (string) title (string) description (string) content (string) access type (string) access reason (string) pulse info (object) count (number) pulses (array) file name (string) – required file (string) – required references (array) file name (string) – required file (string) – required related (object) alienvault (object) adversary (array) file name (string) – required file (string) – required malware families (array) file name (string) – required file (string) – required industries (array) file name (string) – required file (string) – required other (object) adversary (array) file name (string) – required file (string) – required malware families (array) file name (string) – required file (string) – required industries (array) file name (string) – required file (string) – required false positive (array) assessment (string) assessment date (string) report date (string) validation (array) source (string) message (string) name (string) asn (string) city data (boolean) city (object) region (object) continent code (string) country code3 (string) country code2 (string) subdivision (object) latitude (number) postal code (object) longitude (number) accuracy radius (number) country code (string) country name (string) dma code (number) charset (number) area code (number) flag url (string) flag title (string) sections (array) response headers header type content type string content length string connection string date string server string cache control string x frame options string x remote user name string x otx active string content encoding string access control allow origin string vary string x cache string via string x amz cf pop string x amz cf id string