FraudGuard.io: Revolutionizing IP Reputation and Threat Intelligence
FraudGuard.io provides cutting-edge APIs for IP reputation and threat intelligence, leveraging vast networks of honeypots and advanced analytics to deliver real-time, actionable insights. Our scalable platform helps businesses combat fraud, mitigate cyber risks, and stay ahead of evolving threats—all without the complexity or cost of building and maintaining massive honeypot networks.
Why Choose FraudGuard.io?
- Comprehensive IP Data: Access accurate, up-to-date threat intelligence across risk levels and threat categories.
- Ease of Integration: Seamlessly integrate with our developer-friendly APIs for real-time decision-making.
- Cost-Effective Security: Gain enterprise-grade threat detection without the need for expensive infrastructure.
- Global Coverage: Benefit from a truly global view of malicious activity, powered by our distributed honeypot network.
FraudGuard.io makes robust cyber defense accessible, empowering your business to operate securely and with confidence.
For inquiries or assistance, please contact us at hello@fraudguard.io.
For a starting point to explore our APIs, check out our Use Guide available on our blog.
Get Specific IP Reputation v1
This API endpoint retrieves IP reputation data for a specified IP address. While it remains available for use, it is our oldest implementation and provides less accuracy and detail compared to our more advanced and feature-rich APIs. For optimal results, we recommend utilizing our latest APIs.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter ISO 3166-1 alpha-2 country code representing the country associated with the IP address.
Example:"KR"
for the Republic of Korea.country
:
The full name of the country where the IP address is located.
Example:"Republic of Korea"
.state
:
The state or region within the country associated with the IP address.
Example:"Seoul"
.city
:
The city associated with the IP address.
Example:"Seoul"
.discover_date
:
The date and time when the IP address was first identified or reported for suspicious activity, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"2018-12-11 07:00:45"
.threat
:
The category of threat detected for the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). This field highlights specific behaviors or associations flagged for the IP:"abuse_tracker"
: Indicates involvement in abusive activities, such as unauthorized access attempts or exploitation."honeypot_tracker"
: Associated with honeypot traps, suggesting the IP has been caught in decoy systems designed to detect malicious behavior."botnet_tracker"
: Part of a botnet network, indicating the IP is likely compromised and under the control of malicious actors."spam_tracker"
: Linked to spamming activities, including the distribution of unsolicited emails or messages."anonymous_tracker"
: Associated with anonymization services like proxies or VPNs, which can be used to mask the true origin of traffic.
Example:"honeypot_tracker"
.
risk_level
:
A numeric value representing the assessed threat level of the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). Therisk_level
reflects not just the nature of malicious activities but also factors in time and recurrence:- Older incidents, especially from IPs that have not repeated their behavior, may have a lower risk level due to the lack of recent activity.
- Recurring offenders or IPs flagged for multiple recent events are assigned a higher risk level.
The scale typically ranges from 1 to 5, with higher numbers indicating greater risk: - Level 1 (Low Risk): Minimal or negligible threat. Likely a benign IP with a clean reputation.
- Level 2: Some indicators of suspicious behavior but not considered actively dangerous.
- Level 3: Moderate risk with signs of suspicious or harmful activity.
- Level 4: High risk with significant evidence of malicious behavior, often repeated or recent.
- Level 5 (Critical Risk): Severe threats, actively engaged in malicious activities and requiring immediate attention.
Example:5
(indicating a critical-risk IP).
curl -X GET -u "username:password" "https://@api.fraudguard.io/ip/1.221.157.205"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/ip/1.221.157.205','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/ip/1.221.157.205', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/ip/1.221.157.205',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/ip/1.221.157.205';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/ip/1.221.157.205' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode": "KR",
"country": "Republic of Korea",
"state": "Seoul",
"city": "Seoul",
"discover_date": "2018-12-11 07:00:45",
"threat": "honeypot_tracker",
"risk_level": "5"
}
HTTP Request
GET https://api.fraudguard.io/ip/<IP>
URL Parameters
Parameter | Description |
---|---|
IP | Any IPv4 or IPv6 address |
Get Specific IP Reputation v2
This API endpoint retrieves IP reputation data for a specific IP. It is vastly more accurate and detailed but requires a paid plan.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter ISO 3166-1 alpha-2 country code representing the country associated with the IP address.
Example:"US"
for the United States.country
:
The full name of the country where the IP address is located.
Example:"United States"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"CA"
for California.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"California"
.city
:
The city associated with the IP address.
Example:"Pomona"
.postal_code
:
The postal or ZIP code for the location.
Example:"91768"
.latitude
:
The geographic latitude of the IP address's location.
Example:34.0662
.longitude
:
The geographic longitude of the IP address's location.
Example:-117.7763
.timezone
:
The IANA time zone identifier for the location.
Example:"America/Los_Angeles"
.connection_type
:
The type of internet connection used. Possible values include:"Corporate"
,"Cable/DSL"
,"Mobile"
.
Example:"Corporate"
.asn
:
The Autonomous System Number associated with the IP address.
Example:7018
.asn_organization
:
The organization that owns the ASN.
Example:"AT&T Services, Inc."
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"AT&T Services"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"AT&T Services"
.discover_date
:
The date and time when the IP address was first identified or reported for suspicious activity, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"2018-12-13 03:03:15"
.threat
:
The category of threat detected for the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). This field highlights specific behaviors or associations flagged for the IP:"abuse_tracker"
: Indicates involvement in abusive activities, such as unauthorized access attempts or exploitation."honeypot_tracker"
: Associated with honeypot traps, suggesting the IP has been caught in decoy systems designed to detect malicious behavior."botnet_tracker"
: Part of a botnet network, indicating the IP is likely compromised and under the control of malicious actors."spam_tracker"
: Linked to spamming activities, including the distribution of unsolicited emails or messages."anonymous_tracker"
: Associated with anonymization services like proxies or VPNs, which can be used to mask the true origin of traffic.
Example:"abuse_tracker"
.
risk_level
:
A numeric value representing the assessed threat level of the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). Therisk_level
reflects not just the nature of malicious activities but also factors in time and recurrence:- Older incidents, especially from IPs that have not repeated their behavior, may have a lower risk level due to the lack of recent activity.
- Recurring offenders or IPs flagged for multiple recent events are assigned a higher risk level.
The scale typically ranges from 1 to 5, with higher numbers indicating greater risk: - Level 1 (Low Risk): Minimal or negligible threat. Likely a benign IP with a clean reputation.
- Level 2: Some indicators of suspicious behavior but not considered actively dangerous.
- Level 3: Moderate risk with signs of suspicious or harmful activity.
- Level 4: High risk with significant evidence of malicious behavior, often repeated or recent.
- Level 5 (Critical Risk): Severe threats, actively engaged in malicious activities and requiring immediate attention.
Example:4
(indicating a high-risk IP).
curl -X GET -u "username:password" "https://@api.fraudguard.io/v2/ip/12.167.53.202"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/v2/ip/12.167.53.202','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/v2/ip/12.167.53.202', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/v2/ip/12.167.53.202',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/v2/ip/12.167.53.202';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/v2/ip/12.167.53.202' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode": "US",
"country": "United States",
"state_code": "CA",
"state": "California",
"city": "Pomona",
"postal_code": "91768",
"latitude": 34.0662,
"longitude": -117.7763,
"timezone": "America/Los_Angeles",
"connection_type": "Corporate",
"asn": 7018,
"asn_organization": "AT&T Services, Inc.",
"isp": "AT&T Services",
"organization": "AT&T Services",
"discover_date": "2018-12-13 03:03:15",
"threat": "abuse_tracker",
"risk_level": "4"
}
HTTP Request
GET https://api.fraudguard.io/v2/ip/<IP>
URL Parameters
Parameter | Description |
---|---|
IP | Any IPv4 or IPv6 address |
Get Specific IP v2 Geographic, ISP and Organizational Lookup Only
This API endpoint retrieves Geographic, ISP and Organizational data for a specific IP. It is vastly more accurate and detailed but requires a paid plan. If only this data is required for your use case then please leverage this endpoint as it's substantially faster than pulling IP reputation data as well.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter country code representing the country associated with the IP address.
Example:"US"
for the United States.country
:
The full name of the country where the IP address is located.
Example:"United States"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"MN"
for Minnesota.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"Minnesota"
.city
:
The city associated with the IP address.
Example:"Winona"
.postal_code
:
The postal or ZIP code for the location.
Example:"55987"
.latitude
:
The geographic latitude of the IP address's location.
Example:44.03
.longitude
:
The geographic longitude of the IP address's location.
Example:-91.7009
.timezone
:
The time zone identifier for the location.
Example:"America/Chicago"
.connection_type
:
The type of internet connection used. Possible values include:"Corporate"
,"Cable/DSL"
,"Mobile"
.
Example:"Cable/DSL"
.asn
:
The Autonomous System Number associated with the IP address.
Example:14828
.asn_organization
:
The organization that owns the ASN.
Example:"Hiawatha Broadband Communications, Inc"
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"Hiawatha Broadband Communications"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"Hiawatha Broadband Communications"
.
curl -X GET -u "username:password" "https://@api.fraudguard.io/v2/ip/geolookup/23.235.13.99"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/v2/ip/geolookup/23.235.13.99','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/v2/ip/geolookup/23.235.13.99', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/v2/ip/geolookup/23.235.13.99',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/v2/ip/geolookup/23.235.13.99';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/v2/ip/geolookup/23.235.13.99' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode": "US",
"country": "United States",
"state_code": "MN",
"state": "Minnesota",
"city": "Winona",
"postal_code": "55987",
"latitude": 44.03,
"longitude": -91.7009,
"timezone": "America/Chicago",
"connection_type": "Cable/DSL",
"asn": 14828,
"asn_organization": "Hiawatha Broadband Communications, Inc",
"isp": "Hiawatha Broadband Communications",
"organization": "Hiawatha Broadband Communications"
}
HTTP Request
GET https://api.fraudguard.io/v2/ip/geolookup/<IP>
URL Parameters
Parameter | Description |
---|---|
IP | Any IPv4 or IPv6 address |
Get Specific Hostname Reputation v2
This API endpoint retrieves IP reputation data for a specific Hostname. It is vastly more accurate and detailed but requires a paid plan.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter country code representing the country associated with the IP address of the hostname.
Example:"US"
for the United States.country
:
The full name of the country where the IP address of the hostname is located.
Example:"United States"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"MD"
for Maryland.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"Maryland"
.city
:
The city associated with the IP address of the hostname.
Example:"Chestertown"
.postal_code
:
The postal or ZIP code for the location.
Example:"21620"
.latitude
:
The geographic latitude of the IP address's location.
Example:39.2125
.longitude
:
The geographic longitude of the IP address's location.
Example:-76.0802
.timezone
:
The time zone identifier for the location.
Example:"America/New_York"
.connection_type
:
The type of internet connection used. Possible values include:"Corporate"
,"Cable/DSL"
,"Mobile"
.
Example:"Corporate"
.asn
:
The Autonomous System Number associated with the IP address.
Example:29802
.asn_organization
:
The organization that owns the ASN.
Example:"HIVELOCITY VENTURES CORP"
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"NOC4Hosts"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"Hivelocity Ventures Corp"
.discover_date
:
The date and time when the hostname was first identified or reported for suspicious activity, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"2020-06-02 03:35:23"
.threat
:
The category of threat detected for the hostname, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). This field highlights specific behaviors or associations flagged for the hostname:"abuse_tracker"
: Indicates involvement in abusive activities, such as unauthorized access attempts or exploitation."honeypot_tracker"
: Associated with honeypot traps, suggesting the hostname has been caught in decoy systems designed to detect malicious behavior."botnet_tracker"
: Part of a botnet network, indicating the hostname is likely compromised and under the control of malicious actors."spam_tracker"
: Linked to spamming activities, including the distribution of unsolicited emails or messages."anonymous_tracker"
: Associated with anonymization services like proxies or VPNs, which can be used to mask the true origin of traffic."unknown"
: No specific threat detected.
Example:"unknown"
.
risk_level
:
A numeric value representing the assessed threat level of the hostname, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). Therisk_level
reflects not just the nature of malicious activities but also factors in time and recurrence:- Older incidents, especially from hostnames that have not repeated their behavior, may have a lower risk level due to the lack of recent activity.
- Recurring offenders or hostnames flagged for multiple recent events are assigned a higher risk level.
The scale typically ranges from 1 to 5, with higher numbers indicating greater risk: - Level 1 (Low Risk): Minimal or negligible threat. Likely a benign hostname with a clean reputation.
- Level 2: Some indicators of suspicious behavior but not considered actively dangerous.
- Level 3: Moderate risk with signs of suspicious or harmful activity.
- Level 4: High risk with significant evidence of malicious behavior, often repeated or recent.
- Level 5 (Critical Risk): Severe threats, actively engaged in malicious activities and requiring immediate attention.
Example:1
(indicating a low-risk hostname).
curl -X GET -u "username:password" "https://@api.fraudguard.io/v2/hostname/fraudguard.io"
require 'net/http'
require 'net/https'
def get_hostname(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_hostname('api.fraudguard.io','/v2/hostname/fraudguard.io','username','password')
import requests
from requests.auth import HTTPBasicAuth
hostname=requests.get('https://api.fraudguard.io/v2/hostname/fraudguard.io', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (hostname.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/v2/hostname/12.167.53.202',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/v2/hostname/fraudguard.io';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/v2/hostname/fraudguard.io' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode":"US",
"country":"United States",
"state_code":"MD",
"state":"Maryland",
"city":"Chestertown",
"postal_code":"21620",
"latitude":39.2125,
"longitude":-76.0802,
"timezone":"America/New_York",
"connection_type":"Corporate",
"asn":29802,
"asn_organization":"HIVELOCITY VENTURES CORP",
"isp":"NOC4Hosts",
"organization":"Hivelocity Ventures Corp",
"discover_date":"2020-06-02 03:35:23",
"threat":"unknown",
"risk_level":"1"
}
HTTP Request
GET https://api.fraudguard.io/v2/hostname/<hostname>
URL Parameters
Parameter | Description |
---|---|
Hostname | Any hostname |
Get Specific IP Reputation v3 by Threat
This API endpoint retrieves all IP reputation data for a specific IP and returns all threat data stored by threat type.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter country code representing the country associated with the IP address.
Example:"NL"
for the Netherlands.country
:
The full name of the country where the IP address is located.
Example:"Netherlands"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"NH"
for North Holland.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"North Holland"
.city
:
The city associated with the IP address.
Example:"Amsterdam"
.postal_code
:
The postal or ZIP code for the location.
Example:"1012"
.latitude
:
The geographic latitude of the IP address's location.
Example:52.3759
.longitude
:
The geographic longitude of the IP address's location.
Example:4.8975
.timezone
:
The time zone identifier for the location.
Example:"Europe/Amsterdam"
.connection_type
:
The type of internet connection used. Possible values include:"Corporate"
,"Cable/DSL"
,"Mobile"
.
Example:"Corporate"
.asn
:
The Autonomous System Number associated with the IP address.
Example:202425
.asn_organization
:
The organization that owns the ASN.
Example:"IP Volume inc"
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"IP Volume inc"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"IP Volume inc"
.anonymous_tracker
:
Indicates whether the IP address is associated with anonymization services like proxies or VPNs.listed
: Boolean value (true
orfalse
) indicating if the IP is flagged.discover_date
: The date and time when this association was first identified, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"listed": false, "discover_date": "2024-04-23 01:49:38"
.
botnet_tracker
:
Indicates whether the IP address is part of a botnet network.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": true, "discover_date": "2024-04-22 03:00:23"
.
honeypot_tracker
:
Indicates whether the IP address has interacted with honeypot traps, suggesting malicious behavior.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": false, "discover_date": "2024-04-23 01:49:38"
.
abuse_tracker
:
Indicates whether the IP address has been involved in abusive activities, such as unauthorized access attempts.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": false, "discover_date": "2024-04-23 01:49:38"
.
spam_tracker
:
Indicates whether the IP address is linked to spamming activities, including the distribution of unsolicited emails.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": false, "discover_date": "2024-04-23 01:49:38"
.
curl -X GET -u "username:password" "https://@api.fraudguard.io/v3/ip-all-threats/89.248.165.0"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/v3/ip-all-threats/89.248.165.0','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/v3/ip-all-threats/89.248.165.0', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/v3/ip-all-threats/89.248.165.0',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/v3/ip-all-threats/89.248.165.0';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/v3/ip-all-threats/89.248.165.0' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode": "NL",
"country": "Netherlands",
"state_code": "NH",
"state": "North Holland",
"city": "Amsterdam",
"postal_code": "1012",
"latitude": 52.3759,
"longitude": 4.8975,
"timezone": "Europe/Amsterdam",
"connection_type": "Corporate",
"asn": 202425,
"asn_organization": "IP Volume inc",
"isp": "IP Volume inc",
"organization": "IP Volume inc",
"anonymous_tracker": {
"listed": false,
"discover_date": "2024-04-23 01:49:38"
},
"botnet_tracker": {
"listed": true,
"discover_date": "2024-04-22 03:00:23"
},
"honeypot_tracker": {
"listed": false,
"discover_date": "2024-04-23 01:49:38"
},
"abuse_tracker": {
"listed": false,
"discover_date": "2024-04-23 01:49:38"
},
"spam_tracker": {
"listed": false,
"discover_date": "2024-04-23 01:49:38"
}
}
HTTP Request
GET https://api.fraudguard.io/v3/ip-all-threats/<IP>
URL Parameters
Parameter | Description |
---|---|
IP | Any IPv4 or IPv6 address |
Get Specific IP Reputation v4
This API endpoint retrieves IP reputation data for a specific IP, nearly identical to IP Reputation v2 API. The only difference is it provides context around blacklists/whitelists in the response.
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter country code representing the country associated with the IP address.
Example:"RU"
for Russia.country
:
The full name of the country where the IP address is located.
Example:"Russia"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"STA"
for Stavropol Kray.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"Stavropol Kray"
.city
:
The city associated with the IP address.
Example:"Pyatigorsk"
.postal_code
:
The postal or ZIP code for the location.
Example:"357500"
.latitude
:
The geographic latitude of the IP address's location.
Example:44.0562
.longitude
:
The geographic longitude of the IP address's location.
Example:43.0707
.timezone
:
The time zone identifier for the location.
Example:"Europe/Moscow"
.connection_type
:
The type of internet connection used. Possible values include:"Corporate"
,"Cable/DSL"
,"Mobile"
.
Example:"Cable/DSL"
.asn
:
The Autonomous System Number associated with the IP address.
Example:44963
.asn_organization
:
The organization that owns the ASN.
Example:"Stavtelecom LLC"
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"Stavtelecom LLC"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"Stavtelecom LLC"
.discover_date
:
The date and time when the IP address was first identified or reported for suspicious activity, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"2024-11-12 23:37:45"
.threat
:
The category of threat detected for the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). This field highlights specific behaviors or associations flagged for the IP:"abuse_tracker"
: Indicates involvement in abusive activities, such as unauthorized access attempts or exploitation."honeypot_tracker"
: Associated with honeypot traps, suggesting the IP has been caught in decoy systems designed to detect malicious behavior."botnet_tracker"
: Part of a botnet network, indicating the IP is likely compromised and under the control of malicious actors."spam_tracker"
: Linked to spamming activities, including the distribution of unsolicited emails or messages."anonymous_tracker"
: Associated with anonymization services like proxies or VPNs, which can be used to mask the true origin of traffic."unknown"
: No specific threat detected.
Example:"anonymous_tracker"
.
risk_level
:
A numeric value representing the assessed threat level of the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). Therisk_level
reflects not just the nature of malicious activities but also factors in time and recurrence:- Older incidents, especially from IPs that have not repeated their behavior, may have a lower risk level due to the lack of recent activity.
- Recurring offenders or IPs flagged for multiple recent events are assigned a higher risk level.
The scale typically ranges from 1 to 5, with higher numbers indicating greater risk: - Level 1 (Low Risk): Minimal or negligible threat. Likely a benign IP with a clean reputation.
- Level 2: Some indicators of suspicious behavior but not considered actively dangerous.
- Level 3: Moderate risk with signs of suspicious or harmful activity.
- Level 4: High risk with significant evidence of malicious behavior, often repeated or recent.
- Level 5 (Critical Risk): Severe threats, actively engaged in malicious activities and requiring immediate attention.
Example:3
(indicating a moderate-risk IP).
ip_in_whitelist
:
Indicates whether the IP address is present in a custom whitelist.
Example:"false"
.ip_in_blacklist
:
Indicates whether the IP address is present in a custom blacklist.
Example:"true"
.
curl -X GET -u "username:password" "https://@api.fraudguard.io/v4/ip/92.42.8.20"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/v4/ip/92.42.8.20','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/v4/ip/92.42.8.20', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/v4/ip/92.42.8.20',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/v4/ip/92.42.8.20';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/v4/ip/92.42.8.20' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode": "RU",
"country": "Russia",
"state_code": "STA",
"state": "Stavropol Kray",
"city": "Pyatigorsk",
"postal_code": "357500",
"latitude": 44.0562,
"longitude": 43.0707,
"timezone": "Europe/Moscow",
"connection_type": "Cable/DSL",
"asn": 44963,
"asn_organization": "Stavtelecom LLC",
"isp": "Stavtelecom LLC",
"organization": "Stavtelecom LLC",
"discover_date": "2024-11-12 23:37:45",
"threat": "anonymous_tracker",
"risk_level": "3",
"ip_in_whitelist": "false",
"ip_in_blacklist": "true"
}
HTTP Request
GET https://api.fraudguard.io/v4/ip/<IP>
URL Parameters
Parameter | Description |
---|---|
IP | Any IPv4 or IPv6 address |
Get Specific IP Reputation v5
This API endpoint retrieves IP reputation data for a specific IP, nearly identical to IP Reputation v4 API. The only difference is it provides context around blacklists/whitelists and geolocation blocking in the response.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter country code representing the country associated with the IP address.
Example:"VN"
for Vietnam.country
:
The full name of the country where the IP address is located.
Example:"Vietnam"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"HN"
for Hanoi.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"Hanoi"
.city
:
The city associated with the IP address.
Example:"Hanoi"
.postal_code
:
The postal or ZIP code for the location.
Example:"unknown"
.latitude
:
The geographic latitude of the IP address's location.
Example:21.0292
.longitude
:
The geographic longitude of the IP address's location.
Example:105.8526
.timezone
:
The time zone identifier for the location.
Example:"Asia/Bangkok"
.connection_type
:
The type of internet connection used. Possible values include:"Corporate"
,"Cable/DSL"
,"Mobile"
.
Example:"Cable/DSL"
.asn
:
The Autonomous System Number associated with the IP address.
Example:18403
.asn_organization
:
The organization that owns the ASN.
Example:"The Corporation for Financing & Promoting Technology"
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"FPT Telecom"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"FPT Telecom"
.ip_in_whitelist
:
Indicates whether the IP address is present in a custom whitelist.
Example:"false"
.ip_in_blacklist
:
Indicates whether the IP address is present in a custom blacklist.
Example:"true"
.ip_in_geoblock
:
Indicates whether the IP address is blocked based on its geographic location.
Example:"true"
.discover_date
:
The date and time when the IP address was first identified or reported for suspicious activity, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"2024-11-13 04:00:08"
.threat
:
The category of threat detected for the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). This field highlights specific behaviors or associations flagged for the IP:"abuse_tracker"
: Indicates involvement in abusive activities, such as unauthorized access attempts or exploitation."honeypot_tracker"
: Associated with honeypot traps, suggesting the IP has been caught in decoy systems designed to detect malicious behavior."botnet_tracker"
: Part of a botnet network, indicating the IP is likely compromised and under the control of malicious actors."spam_tracker"
: Linked to spamming activities, including the distribution of unsolicited emails or messages."anonymous_tracker"
: Associated with anonymization services like proxies or VPNs, which can be used to mask the true origin of traffic."unknown"
: No specific threat detected.
Example:"honeypot_tracker"
.
risk_level
:
A numeric value representing the assessed threat level of the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). Therisk_level
reflects not just the nature of malicious activities but also factors in time and recurrence:- Older incidents, especially from IPs that have not repeated their behavior, may have a lower risk level due to the lack of recent activity.
- Recurring offenders or IPs flagged for multiple recent events are assigned a higher risk level.
The scale typically ranges from 1 to 5, with higher numbers indicating greater risk: - Level 1 (Low Risk): Minimal or negligible threat. Likely a benign IP with a clean reputation.
- Level 2: Some indicators of suspicious behavior but not considered actively dangerous.
- Level 3: Moderate risk with signs of suspicious or harmful activity.
- Level 4: High risk with significant evidence of malicious behavior, often repeated or recent.
- Level 5 (Critical Risk): Severe threats, actively engaged in malicious activities and requiring immediate attention.
Example:5
(indicating a critical-risk IP).
curl -X GET -u "username:password" "https://@api.fraudguard.io/v5/ip/1.52.122.126"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/v5/ip/1.52.122.126','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/v5/ip/1.52.122.126', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/v5/ip/1.52.122.126',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/v5/ip/1.52.122.126';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/v5/ip/1.52.122.126' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode": "VN",
"country": "Vietnam",
"state_code": "HN",
"state": "Hanoi",
"city": "Hanoi",
"postal_code": "unknown",
"latitude": 21.0292,
"longitude": 105.8526,
"timezone": "Asia/Bangkok",
"connection_type": "Cable/DSL",
"asn": 18403,
"asn_organization": "The Corporation for Financing & Promoting Technology",
"isp": "FPT Telecom",
"organization": "FPT Telecom",
"ip_in_whitelist": "false",
"ip_in_blacklist": "true",
"ip_in_geoblock": "true",
"discover_date": "2024-11-13 04:00:08",
"threat": "honeypot_tracker",
"risk_level": "5"
}
HTTP Request
GET https://api.fraudguard.io/v5/ip/<IP>
URL Parameters
Parameter | Description |
---|---|
IP | Any IPv4 or IPv6 address |
Get Specific IP Reputation v5 by Threat
This API endpoint retrieves all IP reputation data for a specific IP and returns all threat data stored by threat type. The only difference is it provides context around blacklists/whitelists and geolocation blocking in the response.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
isocode
:
The two-letter country code representing the country associated with the IP address.
Example:"US"
for the United States.country
:
The full name of the country where the IP address is located.
Example:"United States"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"CA"
for California.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"California"
.city
:
The city associated with the IP address.
Example:"Los Angeles"
.postal_code
:
The postal or ZIP code for the location.
Example:"90001"
.latitude
:
The geographic latitude of the IP address's location.
Example:34.0522
.longitude
:
The geographic longitude of the IP address's location.
Example:-118.2437
.timezone
:
The time zone identifier for the location.
Example:"America/Los_Angeles"
.connection_type
:
The type of internet connection used. Possible values include:"Corporate"
,"Cable/DSL"
,"Mobile"
.
Example:"Cable/DSL"
.asn
:
The Autonomous System Number associated with the IP address.
Example:12345
.asn_organization
:
The organization that owns the ASN.
Example:"Example ISP Inc."
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"Example ISP"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"Example Organization"
.ip_in_whitelist
:
Indicates whether the IP address is present in a custom whitelist.
Example:"false"
.ip_in_blacklist
:
Indicates whether the IP address is present in a custom blacklist.
Example:"true"
.ip_in_geoblock
:
Indicates whether the IP address is blocked based on its geographic location.
Example:"false"
.anonymous_tracker
:
Indicates whether the IP address is associated with anonymization services like proxies or VPNs.listed
: Boolean value (true
orfalse
) indicating if the IP is flagged.discover_date
: The date and time when this association was first identified, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"listed": false, "discover_date": "2024-11-30 00:00:00"
.
botnet_tracker
:
Indicates whether the IP address is part of a botnet network.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": true, "discover_date": "2024-11-29 12:00:00"
.
honeypot_tracker
:
Indicates whether the IP address has interacted with honeypot traps, suggesting malicious behavior.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": false, "discover_date": "2024-11-28 08:00:00"
.
abuse_tracker
:
Indicates whether the IP address has been involved in abusive activities, such as unauthorized access attempts.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": true, "discover_date": "2024-11-27 15:30:00"
.
spam_tracker
:
Indicates whether the IP address is linked to spamming activities, including the distribution of unsolicited emails.listed
: Boolean value indicating if the IP is flagged.discover_date
: The date and time when this association was first identified.
Example:"listed": false, "discover_date": "2024-11-26 10:45:00"
.
curl -X GET -u "username:password" "https://@api.fraudguard.io/v5/ip-all-threats/1.52.122.126"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/v5/ip-all-threats/1.52.122.126','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/v5/ip-all-threats/1.52.122.126', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/v5/ip-all-threats/1.52.122.126',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/v5/ip-all-threats/1.52.122.126';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/v5/ip-all-threats/1.52.122.126' -Headers $Headers
The above command returns JSON structured like this:
{
"isocode": "VN",
"country": "Vietnam",
"state_code": "HN",
"state": "Hanoi",
"city": "Hanoi",
"postal_code": "unknown",
"latitude": 21.0292,
"longitude": 105.8526,
"timezone": "Asia/Bangkok",
"connection_type": "Cable/DSL",
"asn": 18403,
"asn_organization": "The Corporation for Financing & Promoting Technology",
"isp": "FPT Telecom",
"organization": "FPT Telecom",
"ip_in_whitelist": "false",
"ip_in_blacklist": "true",
"ip_in_geoblock": "true",
"anonymous_tracker": {
"listed": false,
"discover_date": "2024-11-13 04:34:49"
},
"botnet_tracker": {
"listed": false,
"discover_date": "2024-11-13 04:34:49"
},
"honeypot_tracker": {
"listed": true,
"discover_date": "2024-11-13 04:00:08"
},
"abuse_tracker": {
"listed": false,
"discover_date": "2024-11-13 04:34:49"
},
"spam_tracker": {
"listed": false,
"discover_date": "2024-11-13 04:34:49"
}
}
HTTP Request
GET https://api.fraudguard.io/v5/ip-all-threats/<IP>
URL Parameters
Parameter | Description |
---|---|
IP | Any IPv4 or IPv6 address |
Bulk IP Lookup
This API endpoint allows you to search the FraudGuard.io attack correlation engine with up to 1024 IPs or a CIDR block of /22 or smaller.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Response Fields:
Each object in the response array represents an IP address and includes the following fields:
ip
:
The IP address queried.
Example:"1.20.97.181"
.isocode
:
The two-letter country code representing the country associated with the IP address.
Example:"TH"
for Thailand.country
:
The full name of the country where the IP address is located.
Example:"Thailand"
.state_code
:
The abbreviated code for the state or region within the country.
Example:"ENG"
for England.state
:
The full name of the state or region corresponding to thestate_code
.
Example:"England"
.city
:
The city associated with the IP address.
Example:"Stoke Newington"
. If unavailable, it will return"unknown"
.postal_code
:
The postal or ZIP code for the location.
Example:"N16"
. If unavailable, it will return"unknown"
.latitude
:
The geographic latitude of the IP address's location.
Example:51.5625
.longitude
:
The geographic longitude of the IP address's location.
Example:-0.074
.timezone
:
The time zone identifier for the location.
Example:"Europe/London"
.connection_type
:
The type of internet connection used. Possible values include:"Cellular"
,"Cable/DSL"
,"Corporate"
.
Example:"Cable/DSL"
.asn
:
The Autonomous System Number associated with the IP address.
Example:5089
.asn_organization
:
The organization that owns the ASN.
Example:"Virgin Media Limited"
.isp
:
The Internet Service Provider providing connectivity for the IP address.
Example:"Virgin Media"
.organization
:
The specific organization associated with the IP address, which may differ from the ISP.
Example:"Virgin Media"
.discover_date
:
The date and time when the IP address was first identified or reported for suspicious activity, formatted as"YYYY-MM-DD HH:MM:SS"
.
Example:"2020-02-24 01:45:05"
.threat
:
The category of threat detected for the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). This field highlights specific behaviors or associations flagged for the IP:"abuse_tracker"
: Indicates involvement in abusive activities, such as unauthorized access attempts or exploitation."honeypot_tracker"
: Associated with honeypot traps, suggesting the IP has been caught in decoy systems designed to detect malicious behavior."botnet_tracker"
: Part of a botnet network, indicating the IP is likely compromised and under the control of malicious actors."spam_tracker"
: Linked to spamming activities, including the distribution of unsolicited emails or messages."anonymous_tracker"
: Associated with anonymization services like proxies or VPNs, which can be used to mask the true origin of traffic."unknown"
: No specific threat detected.
Example:"honeypot_tracker"
.
risk_level
:
A numeric value representing the assessed threat level of the IP address, as determined by FraudGuard.io’s Attack Correlation Engine (ACE). Therisk_level
reflects not just the nature of malicious activities but also factors in time and recurrence:- Older incidents, especially from IPs that have not repeated their behavior, may have a lower risk level due to the lack of recent activity.
- Recurring offenders or IPs flagged for multiple recent events are assigned a higher risk level.
The scale typically ranges from 1 to 5, with higher numbers indicating greater risk: - Level 1 (Low Risk): Minimal or negligible threat. Likely a benign IP with a clean reputation.
- Level 2: Some indicators of suspicious behavior but not considered actively dangerous.
- Level 3: Moderate risk with signs of suspicious or harmful activity.
- Level 4: High risk with significant evidence of malicious behavior, often repeated or recent.
- Level 5 (Critical Risk): Severe threats, actively engaged in malicious activities and requiring immediate attention.
Example:5
(indicating a critical-risk IP).
- Older incidents, especially from IPs that have not repeated their behavior, may have a lower risk level due to the lack of recent activity.
curl -X POST -u "username:password" "https://api.fraudguard.io/api/bulk_lookup" -d '["1.20.97.181", "82.25.3.7"]'
require 'net/http'
require 'net/https'
def post_ip(server,path,username,password)
body = '["1.20.97.181", "82.25.3.7"]'
http = Net::HTTP.new(server,443)
req = Net::HTTP::Post.new(path)
http.use_ssl = true
req.basic_auth username, password
req.body = body
response = http.request(req)
return response.body
end
puts post_ip('api.fraudguard.io','/api/bulk_lookup','username','password')
import requests
from requests.auth import HTTPBasicAuth
data = '["1.20.97.181", "82.25.3.7"]'
ip=requests.post('https://api.fraudguard.io/api/bulk_lookup', data=data, verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var username = 'username';
var password = 'password';
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
const querystring = require('querystring');
const https = require('https');
const data = '["1.20.97.181", "82.25.3.7"]';
var options = {
hostname: "api.fraudguard.io",
port: 443,
path: '/api/bulk_lookup',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': auth,
'Content-Length': data.length
}
};
var req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.write(data);
req.end();
<?php
$username = 'username';
$password = 'password';
$jsondata = '["1.20.97.181", "82.25.3.7"]';
$url = 'https://@api.fraudguard.io/api/bulk_lookup';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsondata);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
$body = @'
'["1.20.97.181", "82.25.3.7"]'
'@
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/bulk_lookup' -Headers $Headers -Method Post -Body $body
The above command needs to POST a JSON body example like this:
["1.20.97.181", "82.25.3.7"]
The above command returns JSON structured like this:
[{
"ip": "1.20.97.181",
"isocode": "TH",
"country": "Thailand",
"state_code": "unknown",
"state": "unknown",
"city": "unknown",
"postal_code": "unknown",
"latitude": 13.75,
"longitude": 100.4667,
"timezone": "Asia/Bangkok",
"connection_type": "Cellular",
"asn": 23969,
"asn_organization": "TOT Public Company Limited",
"isp": "TOT Mobile Co",
"organization": "TOT",
"discover_date": "2020-02-22 03:00:11",
"risk_level": 4,
"threat": "abuse_tracker"
},
{
"ip": "82.25.3.7",
"isocode": "GB",
"country": "United Kingdom",
"state_code": "ENG",
"state": "England",
"city": "Stoke Newington",
"postal_code": "N16",
"latitude": 51.5625,
"longitude": -0.074,
"timezone": "Europe/London",
"connection_type": "Cable/DSL",
"asn": 5089,
"asn_organization": "Virgin Media Limited",
"isp": "Virgin Media",
"organization": "Virgin Media",
"discover_date": "2020-02-24 01:45:05",
"risk_level": 1,
"threat": "unknown"
}]
HTTP Request
POST https://api.fraudguard.io/api/bulk_lookup
Get Custom Blacklist
This API retrieves your custom blacklisted IPs using the GET endpoint, returning a JSON list of entries. This endpoint is designed to help customers audit recent blocks or identify trends in blocked traffic. Manual updates can always be managed at Blacklist
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X GET -u "username:password" "https://@api.fraudguard.io/blacklist/0"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/blacklist/0','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/blacklist/0', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/blacklist/0',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/blacklist/0';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/blacklist/0' -Headers $Headers
The above command returns JSON structured like this:
[
"52.36.72.37",
"144.24.162.232",
"166.13.138.114",
"150.44.117.213",
"51.27.12.0/24",
"71.157.88.0/24"
]
HTTP Request
GET https://api.fraudguard.io/blacklist/<offset>
URL Parameters
Parameter | Description |
---|---|
Offset | Your count offset for retrieving bulk IP info |
Get Custom Whitelist
This API retrieves your custom whitelist via the GET endpoint. This endpoint returns a JSON list and enables quick access to trusted IPs for reviews and audits of whitelisted entries. Manual updates can always be managed at Whitelist
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X GET -u "username:password" "https://@api.fraudguard.io/whitelist/0"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/whitelist/0','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/whitelist/0', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/whitelist/0',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/whitelist/0';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/whitelist/0' -Headers $Headers
The above command returns JSON structured like this:
[
"4.55.39.206",
"149.254.117.146",
"29.99.253.192",
"240.183.218.206",
"51.27.12.0/24",
"71.157.88.0/24"
]
HTTP Request
GET https://api.fraudguard.io/whitelist/<offset>
URL Parameters
Parameter | Description |
---|---|
Offset | Your count offset for retrieving bulk IP info |
Get Custom GeoBlock
This API endpoint allows users to retrieve the list of IP ranges currently blocked based on their custom geoblocking settings. This feature enables users to enforce location-based access restrictions tailored to their specific security needs.
For users who prefer manual management, geoblocking settings can also be adjusted via the GeoControl page in the web app. This page provides an easy-to-navigate list of countries, allowing users to select regions to block directly, with the API reflecting these changes in real-time.
This API can be highly useful in the following scenarios:
- Automated Security Management: Integrate the API into security systems to automatically retrieve and apply geoblocking configurations across platforms, ensuring consistent access control enforcement.
- Compliance Monitoring: Use the API to verify that geoblocking settings meet specific compliance requirements, simplifying the process of audits and adherence to regional regulations.
- Dynamic Access Control: Implement the API within applications that adapt access restrictions based on threat intelligence, providing a responsive approach to new and evolving security risks.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X GET -u "username:password" "https://@api.fraudguard.io/geoblock"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/geoblock','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/geoblock', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/geoblock',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/geoblock';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/geoblock' -Headers $Headers
The above command returns JSON structured like this:
[
"24.51.64.0/18",
"24.206.0.0/19",
"24.231.32.0/19"
"64.66.0.0/20",
"64.150.192.0/18"
]
HTTP Request
GET https://api.fraudguard.io/geoblock
Post to Custom Blacklist
This API endpoint adds to your custom blacklist built in FraudGuard.io
Use this POST endpoint to add individual IPs to the blacklist. This feature is ideal for blocking IPs associated with suspicious or malicious activity and is always account-specific, ensuring that these IPs are never shared outside the owner’s account. To add an IP, send a JSON payload with the IP address. Blacklisting IPs via the API allows automated, responsive blocking, while manual updates can be managed at Blacklist.”
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Note: At this time we do not support entering IP ranges or CIDR notation
curl -X POST -u "username:password" "https://@api.fraudguard.io/blacklist"
require 'net/http'
require 'net/https'
def post_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Post.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts post_ip('api.fraudguard.io','/blacklist','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.post('https://api.fraudguard.io/blacklist', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/blacklist',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.post(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/blacklist';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/blacklist' -Headers $Headers
The above command needs to POST a JSON body example like this:
[
"33.204.31.152",
"22.138.235.67",
"24.51.147.29",
"21.10.48.57",
"35.0.177.190"
]
The above command returns JSON structured like this:
{
"deleted": 0,
"inserted": 5,
"errors": 0
}
HTTP Request
POST https://api.fraudguard.io/blacklist
Post to Custom Whitelist
This API endpoint adds to your custom whitelist built in FraudGuard.io
The POST endpoint adds individual IPs to the whitelist, ensuring trusted access from specific addresses and is always account-specific, ensuring that whitelisted IPs are never shared outside the owner’s account. Whitelisting is recommended for reliable access from internal networks, frequent users, or other known IPs, helping prevent unintentional blocking. You can whitelist programmatically through the API or manually on the Whitelist page.
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Note: At this time we do not support entering IP ranges or CIDR notation
curl -X POST -u "username:password" "https://@api.fraudguard.io/whitelist"
require 'net/http'
require 'net/https'
def post_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Post.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts post_ip('api.fraudguard.io','/whitelist','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.post('https://api.fraudguard.io/whitelist', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/whitelist',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.post(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/whitelist';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/whitelist' -Headers $Headers
The above command needs to POST a JSON body example like this:
[
"33.204.31.152",
"22.138.235.67",
"24.51.147.29",
"21.10.48.57",
"35.0.177.190"
]
The above command returns JSON structured like this:
{
"deleted": 0,
"inserted": 5,
"errors": 0
}
HTTP Request
POST https://api.fraudguard.io/whitelist
Delete from Custom Blacklist
This API endpoint deletes from your custom blacklist built in FraudGuard.io This is useful for unblocking an IP if it’s deemed safe after further review. Blacklist entries can also be managed manually on the Blacklist page.
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X DELETE -u "username:password" "https://@api.fraudguard.io/blacklist"
require 'net/http'
require 'net/https'
def delete_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Delete.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts delete_ip('api.fraudguard.io','/blacklist','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.delete('https://api.fraudguard.io/blacklist', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/blacklist',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.delete(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/blacklist';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, DELETE);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/blacklist' -Headers $Headers
The above command needs to include a JSON body example like this:
[
"33.204.31.152",
"22.138.235.67",
"24.51.147.29",
"21.10.48.57",
"35.0.177.190"
]
The above command returns JSON structured like this:
{
"deleted": 5,
"inserted": 0,
"errors": 0
}
HTTP Request
DELETE https://api.fraudguard.io/blacklist
Delete from Custom Whitelist
This API removes an IP from the whitelist. This is helpful if an IP is no longer considered trusted and should be restricted. For easy manual adjustments, whitelist entries can also be managed on the Whitelist page.
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X DELETE -u "username:password" "https://@api.fraudguard.io/whitelist"
require 'net/http'
require 'net/https'
def delete_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Delete.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts delete_ip('api.fraudguard.io','/whitelist','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.delete('https://api.fraudguard.io/whitelist', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/whitelist',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.delete(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/whitelist';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, DELETE);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/whitelist' -Headers $Headers
The above command needs to include a JSON body example like this:
[
"33.204.31.152",
"22.138.235.67",
"24.51.147.29",
"21.10.48.57",
"35.0.177.190"
]
The above command returns JSON structured like this:
{
"deleted": 5,
"inserted": 0,
"errors": 0
}
HTTP Request
DELETE https://api.fraudguard.io/whitelist
Get User History
The collection of User History APIs provided by FraudGuard.io enables developers to monitor and analyze user activities effectively, enhancing security measures by identifying patterns such as unusual locations, new devices, or specific geoblock policies. These APIs offer comprehensive insights into user behavior, allowing for proactive detection and mitigation of potential security risks.
For detailed information on integrating and utilizing these APIs, please refer to the User History Check API: Enhanced Security Through Activity Tracking article.
This API retrieves the most recent access event for a specified user, providing insights into location, device, and security recommendations.
For more information check out our integration guide here
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/v1/user-history/<user_id>"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/v1/user-history/<user_id>','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/v1/user-history/<user_id>', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/v1/user-history/<user_id>',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/v1/user-history/<user_id>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/v1/user-history/<user_id>' -Headers $Headers
The above command returns JSON structured like this:
{
"user_id": "LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM",
"ip": "125.12.194.229",
"city": "Tokyo",
"country": "Japan",
"timestamp": "2024-11-14 03:53:25",
"user_agent": "Mozilla/5.0 ... Chrome/84.0.4280.85 Safari/537.36",
"recommendation": {
"action": "Challenge",
"reason": "New Device"
}
}
HTTP Request
GET https://api.fraudguard.io/api/v1/user-history/<user_id>
URL Parameters
Parameter | Description |
---|---|
user_id | Identifier for the user whose most recent activity is being retrieved. |
Get User History List
The collection of User History APIs provided by FraudGuard.io enables developers to monitor and analyze user activities effectively, enhancing security measures by identifying patterns such as unusual locations, new devices, or specific geoblock policies. These APIs offer comprehensive insights into user behavior, allowing for proactive detection and mitigation of potential security risks.
For detailed information on integrating and utilizing these APIs, please refer to the User History Check API: Enhanced Security Through Activity Tracking article.
This API retrieves the full (last 100 events) history of access events for a specific user, useful for auditing and identifying patterns over time.
For more information check out our integration guide here
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/v1/list/user-history/<user_id>"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/v1/user-history/list/<user_id>','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/v1/user-history/list/<user_id>', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/v1/user-history/list/<user_id>',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/v1/user-history/list/<user_id>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/v1/user-history/list/<user_id>' -Headers $Headers
The above command returns JSON structured like this:
{
"user_id": "LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM",
"user_history": [
{
"ip": "125.12.194.229",
"city": "Tokyo",
"country": "Japan",
"user_agent": "Mozilla/5.0 ... Chrome/84.0.4280.85 Safari/537.36",
"timestamp": "2024-11-14 03:53:25",
"recommendation": {
"action": "Challenge",
"reason": "New Device"
}
},
{
"ip": "1.162.194.229",
"city": "New Taipei",
"country": "Taiwan",
"user_agent": "Mozilla/5.0 ... Chrome/87.0.4280.85 Safari/537.36",
"timestamp": "2024-11-14 03:49:59",
"recommendation": {
"action": "Block",
"reason": "Bad IP Reputation"
}
}
]
}
HTTP Request
GET https://api.fraudguard.io/api/v1/user-history/list/<user_id>
URL Parameters
Parameter | Description |
---|---|
user_id | Identifier for the user whose most recent activity is being retrieved. |
Post User History Check
The collection of User History APIs provided by FraudGuard.io enables developers to monitor and analyze user activities effectively, enhancing security measures by identifying patterns such as unusual locations, new devices, or specific geoblock policies. These APIs offer comprehensive insights into user behavior, allowing for proactive detection and mitigation of potential security risks.
For detailed information on integrating and utilizing these APIs, please refer to the User History Check API: Enhanced Security Through Activity Tracking article.
This API endpoint logs a new access event with details including IP, location, and user-agent. An optional user_id can be provided to associate the event with a specific user; if omitted, a new GUID is generated.
For more information check out our integration guide here
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X POST -u "username:password" "https://api.fraudguard.io/api/v1/user-history/check" -d '{"user_id":"LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM","ip":"125.12.194.229","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36"}'
require 'net/http'
require 'net/https'
def post_ip(server,path,username,password)
body = '{"user_id":"LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM","ip":"125.12.194.229","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36"}'
http = Net::HTTP.new(server,443)
req = Net::HTTP::Post.new(path)
http.use_ssl = true
req.basic_auth username, password
req.body = body
response = http.request(req)
return response.body
end
puts post_ip('api.fraudguard.io','/api/v1/user-history/check','username','password')
import requests
from requests.auth import HTTPBasicAuth
data = '{"user_id":"LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM","ip":"125.12.194.229","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36"}'
ip=requests.post('https://api.fraudguard.io/api/v1/user-history/check', data=data, verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var username = 'username';
var password = 'password';
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
const querystring = require('querystring');
const https = require('https');
const data = '{"user_id":"LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM","ip":"125.12.194.229","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36"}';
var options = {
hostname: "api.fraudguard.io",
port: 443,
path: '/api/v1/user-history/check',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': auth,
'Content-Length': data.length
}
};
var req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.write(data);
req.end();
<?php
$username = 'username';
$password = 'password';
$jsondata = '{"user_id":"LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM","ip":"125.12.194.229","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36"}';
$url = 'https://@api.fraudguard.io/api/v1/user-history/check';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsondata);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
$body = @'
'{"user_id":"LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM","ip":"125.12.194.229","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36"}'
'@
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/v1/user-history/check' -Headers $Headers -Method Post -Body $body
The above command needs to POST a JSON body example like this:
{
"user_id": "LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM",
"ip": "125.12.194.229",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36"
}
The above command returns JSON structured like this:
{
"user_id": "LZsuJGwxV5y7sTF5yFvvFA1LRuH1gVvM",
"ip": "125.12.194.229",
"city": "Tokyo",
"country": "Japan",
"timestamp": "2024-11-14 03:53:25",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4280.85 Safari/537.36",
"recommendation": {
"action": "Challenge",
"reason": "New Device"
}
}
HTTP Request
POST https://api.fraudguard.io/api/v1/user-history/check
Get API Analytics
This API endpoint provides a comprehensive breakdown of API usage and activity over the last 30 days.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
Response Fields
Totals
total_requests
: Total number of API calls over the past 30 days.blacklisted_count
: Number of API requests flagged as blacklisted.whitelisted_count
: Number of API requests flagged as whitelisted.geoblocked_count
: Number of API requests flagged as geoblocked.risk_level_distribution
:- Breakdown of requests by assessed risk level (1-5). For a detailed explanation of risk levels and how they are assessed by FraudGuard.io’s Attack Correlation Engine (ACE), please refer to the Threats & Risks documentation.
threat_distribution
:- Count of requests flagged under specific threat categories. For a full description of each threat type, including
"anonymous_tracker"
,"botnet_tracker"
,"honeypot_tracker"
,"abuse_tracker"
, and"spam_tracker"
, see the Threats & Risks documentation.
- Count of requests flagged under specific threat categories. For a full description of each threat type, including
Top APIs
api_name
: Name of the API endpoint.request_count
: Total requests made to the API endpoint.
Geographic Overview
country
: The country associated with the IPs queried through the API.request_count
: Total number of requests that involved IPs associated with this country.
Daily Breakdown
day
: Date of activity.total_requests
: Number of requests on that day.
Notes for Developers
- Scope:
- It aggregates data from the past 30 days only.
- Data Retention:
- Analytics data older than 30 days is purged automatically.
- Usage Insights:
- Use this data to monitor API usage patterns, geographic trends, and flagged activity.
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/analytics"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/analytics','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/analytics', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/analytics',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/analytics';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/analytics' -Headers $Headers
The above command returns JSON structured like this:
{
"status": "success",
"analytics": {
"totals": {
"total_requests": 108,
"blacklisted_count": 2,
"whitelisted_count": 1,
"geoblocked_count": 2,
"risk_level_distribution": {
"1": 19,
"2": 2,
"3": 8,
"4": 1,
"5": 1
},
"threat_distribution": {
"anonymous_tracker": 8,
"botnet_tracker": 3,
"honeypot_tracker": 1,
"abuse_tracker": 2,
"spam_tracker": 1
}
},
"top_apis": [
{
"api_name": "Rate Limit Enforce",
"request_count": "19"
},
{
"api_name": "Get API Analytics",
"request_count": "16"
},
{
"api_name": "Get Specific IP Reputation v4",
"request_count": "10"
},
{
"api_name": "Get Specific IP Reputation v5",
"request_count": "8"
}
],
"geographic_overview": [
{
"country": "Italy",
"request_count": "10"
},
{
"country": "United States",
"request_count": "8"
},
{
"country": "Ukraine",
"request_count": "3"
},
{
"country": "Russia",
"request_count": "3"
},
{
"country": "Uruguay",
"request_count": "2"
}
],
"daily_breakdown": [
{
"day": "2024-12-03",
"total_requests": "108"
}
]
}
}
HTTP Request
GET https://api.fraudguard.io/api/analytics
Get IP History v1
This API endpoint provides the last 1,000 IP addresses linked to a specific risk level (2-5) or type (geoblock, whitelist, blacklist) for the authenticated user. The response includes the specified type and an array of IP addresses. Note that duplicate IPs are not filtered; the list reflects exactly the most recent IPs from your account’s lookups.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/v1/ip-history/5"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/v1/ip-history/5','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/v1/ip-history/5', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/v1/ip-history/5',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/v1/ip-history/5';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/v1/ip-history/5' -Headers $Headers
The above command returns JSON structured like this:
{
"type": "5",
"data": [
"46.148.112.138",
"34.75.145.155",
"5.188.11.2",
"5.188.11.2",
"14.29.254.1",
"89.248.163.2",
"89.248.163.22",
"1.93.47.149",
"1.93.47.149",
"46.148.112.0"
]
}
HTTP Request
GET https://api.fraudguard.io/api/v1/ip-history/<type>
URL Parameters
Parameter | Description |
---|---|
Type | Options of Risks 2-5, geoblock, whitelist, blacklist. See Details here |
Rate Limit Rule Creation
This API creates a new rate limit rule for the authenticated user.
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Usage Notes:
ip
- ip (Optional):
- If provided, the rule applies specifically to the given IP address.
- If omitted, the rule applies globally to all IPs.
interval_value
The interval_value
field defines the time interval for the rate limit and supports the following units:
- Seconds (
s
): Short durations in seconds (e.g.,10s
). - Minutes (
m
): Intervals in minutes (e.g.,5m
). - Hours (
h
): Longer durations in hours (e.g.,1h
). - Days (
d
): Full-day intervals (e.g.,1d
). - Weeks (
w
): Multi-day intervals measured in weeks (e.g.,2w
). - Months (
mo
): Month-based intervals (e.g.,1mo
). - Years (
y
): Year-long intervals (e.g.,1y
).
Examples of Valid interval_value
Values:
- 15m
: 15 minutes.
- 1h
: 1 hour.
- 7d
: 7 days.
- 1mo
: 1 month.
- The
interval_value
must be a positive integer followed by a valid unit. - Invalid formats like
1.5h
or2days
will result in a validation error.
interval_type
The interval_type
field determines how the time interval is applied:
rolling
: Enforces limits over a rolling time window.
For example, if the interval is1m
, the API counts requests from the current second to 60 seconds ago.calendar
: Enforces limits based on real-world calendar segments.
For example:- An interval of
1d
(day) will reset at midnight. - An interval of
1mo
(month) will reset at the start of a new month.
- An interval of
Choose
rolling
for fine-grained control.Choose
calendar
for predictable resets (e.g., daily, weekly).
curl -X POST -u "username:password" "https://api.fraudguard.io/api/rate-limits/rules" -d '{
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": ""
}'
require 'net/http'
require 'net/https'
def post_ip(server,path,username,password)
body = '{
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": ""
}'
http = Net::HTTP.new(server,443)
req = Net::HTTP::Post.new(path)
http.use_ssl = true
req.basic_auth username, password
req.body = body
response = http.request(req)
return response.body
end
puts post_ip('api.fraudguard.io','/api/rate-limits/rules','username','password')
import requests
from requests.auth import HTTPBasicAuth
data = '{
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": ""
}'
ip=requests.post('https://api.fraudguard.io/api/rate-limits/rules', data=data, verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var username = 'username';
var password = 'password';
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
const querystring = require('querystring');
const https = require('https');
const data = '{
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": ""
}';
var options = {
hostname: "api.fraudguard.io",
port: 443,
path: '/api/rate-limits/rules',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': auth,
'Content-Length': data.length
}
};
var req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.write(data);
req.end();
<?php
$username = 'username';
$password = 'password';
$jsondata = '{
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": ""
}';
$url = 'https://@api.fraudguard.io/api/rate-limits/rules';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsondata);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
$body = @'
'{
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": ""
}'
'@
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/rate-limits/rules' -Headers $Headers -Method Post -Body $body
The above command needs to POST a JSON body example like this:
{
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": ""
}
If successful, the above command returns JSON structured like this:
{
"status": "success",
"message": "Rate limit rule created successfully."
}
HTTP Request
POST https://api.fraudguard.io/api/rate-limits/rules
Rate Limit Enforce
This API checks and enforces rate limits for a specific rule and IP.
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Usage Notes:
The retry_after
field in the response provides a clear indication of when blocked requests can be retried.
Key Points:
Start Time:
- The
retry_after
timer begins when the first blocked request is detected. - Subsequent blocked requests do not reset this timer.
- The
Duration:
- The value reflects the time remaining in the current interval (based on
interval_value
andinterval_type
).
- The value reflects the time remaining in the current interval (based on
Format:
retry_after
is returned in a human-readable format:58s
: Less than a minute remaining.2m
: Less than an hour remaining.1h
: Greater than or equal to one hour remaining.
Example Behavior:
- If the interval is
1m
(60 seconds) and a request is blocked at10:00:00
:retry_after
starts at60s
.- It decreases to
30s
by10:00:30
. - At
10:01:00
, the block expires, and requests will be allowed again.
curl -X POST -u "username:password" "https://api.fraudguard.io/api/rate-limits/enforce" -d '{
"identifier": "form_submission",
"ip": "99.23.5.3"
}'
require 'net/http'
require 'net/https'
def post_ip(server,path,username,password)
body = '{
"identifier": "form_submission",
"ip": "99.23.5.3"
}'
http = Net::HTTP.new(server,443)
req = Net::HTTP::Post.new(path)
http.use_ssl = true
req.basic_auth username, password
req.body = body
response = http.request(req)
return response.body
end
puts post_ip('api.fraudguard.io','/api/rate-limits/enforce','username','password')
import requests
from requests.auth import HTTPBasicAuth
data = '{
"identifier": "form_submission",
"ip": "99.23.5.3"
}'
ip=requests.post('https://api.fraudguard.io/api/rate-limits/enforce', data=data, verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var username = 'username';
var password = 'password';
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
const querystring = require('querystring');
const https = require('https');
const data = '{
"identifier": "form_submission",
"ip": "99.23.5.3"
}';
var options = {
hostname: "api.fraudguard.io",
port: 443,
path: '/api/rate-limits/enforce',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': auth,
'Content-Length': data.length
}
};
var req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.write(data);
req.end();
<?php
$username = 'username';
$password = 'password';
$jsondata = '{
"identifier": "form_submission",
"ip": "99.23.5.3"
}';
$url = 'https://@api.fraudguard.io/api/rate-limits/enforce';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsondata);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
$body = @'
'{
"identifier": "form_submission",
"ip": "99.23.5.3"
}'
'@
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/rate-limits/enforce' -Headers $Headers -Method Post -Body $body
The above command needs to POST a JSON body example like this:
{
"identifier": "form_submission",
"ip": "99.23.5.3"
}
If the rate limit is not exceeded, the above command returns JSON structured like this:
{
"status": "allowed",
"remaining": 99,
"message": "Request allowed."
}
If the rate limit is exceeded, the above command returns JSON structured like this:
{
"status": "blocked",
"retry_after": "58s",
"message": "Rate limit exceeded. Please try again later."
}
HTTP Request
POST https://api.fraudguard.io/api/rate-limits/enforce
Rate Limit Rules Retrieve All
This API endpoint retrieves all rate limit rules for the authenticated user.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Details About Retrieved Rules
The /api/rate-limits/rules
endpoint returns all rate limit rules for the authenticated user.
Each Rule Contains:
identifier
: The unique name for the rule (e.g.,"form_submission"
).limit
: The maximum number of allowed requests within the interval.interval_type
: The type of interval used (rolling
orcalendar
).interval_value
: The duration of the interval (e.g.,1m
or1d
).ip
: The specific IP address the rule applies to, ornull
if the rule applies to all IPs.
Usage Notes:
- The response includes all active rules scoped to the authenticated user.
- Use the information to verify or update rules as needed.
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/rate-limits/rules"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/rate-limits/rules','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/rate-limits/rules', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/rate-limits/rules',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/rate-limits/rules';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/rate-limits/rules' -Headers $Headers
The above command returns JSON structured like this:
{
"status": "success",
"data": [
{
"id": 1,
"identifier": "form_submission",
"limit": 100,
"interval_type": "rolling",
"interval_value": "1m",
"ip": "99.23.5.3"
}
]
}
HTTP Request
GET https://api.fraudguard.io/api/rate-limits/rules
Rate Limits Analytics
This API endpoint provides analytics on rate limit usage for the authenticated user.
Note: This API is only included in the FraudGuard.io Starter Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Analytics for Rate Limits
The /api/rate-limits/analytics
endpoint provides usage data for rate limits, including:
Total Blocks:
- The total number of times requests were blocked due to exceeding rate limits.
Most Blocked Rules:
- The rules with the highest block counts.
Recent Block Activity:
- The last time each rule was blocked, sorted by recency.
Top Blocked IPs:
- The IP addresses that triggered the most blocks.
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/rate-limits/analytics"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/rate-limits/analytics','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/rate-limits/analytics', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/rate-limits/analytics',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/rate-limits/analytics';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/rate-limits/analytics' -Headers $Headers
The above command returns JSON structured like this:
{
"status": "success",
"data": {
"total_blocks": 25,
"most_blocked_rules": [
{
"identifier": "form_submission",
"block_count": 10
}
],
"recent_blocks": [
{
"identifier": "login_attempts",
"last_block": "2024-11-28 20:45:12"
}
],
"top_blocked_ips": [
{
"ip": "99.23.5.3",
"block_count": 15
}
]
}
}
HTTP Request
GET https://api.fraudguard.io/api/rate-limits/analytics
Rate Limit Rule Delete
This API endpoint deletes a specific rate limit rule for the authenticated user.
Note: This API is only included in the FraudGuard.io Professional Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
Usage Notes:
Scope:
- Attempting to delete a rule that does not exist or belongs to another user will result in a
404 Not Found
error.
- Attempting to delete a rule that does not exist or belongs to another user will result in a
Cascading Effects:
- Deleting a rule will also remove related logs and blocks from the database.
curl -X DELETE -u "username:password" "https://@api.fraudguard.io/api/rate-limits/rules/form_submission"
require 'net/http'
require 'net/https'
def delete_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Delete.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts delete_ip('api.fraudguard.io','/api/rate-limits/rules/form_submission','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.delete('https://api.fraudguard.io/api/rate-limits/rules/form_submission', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/rate-limits/rules/form_submission',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.delete(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/rate-limits/rules/form_submission';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, DELETE);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/rate-limits/rules/form_submission' -Headers $Headers
If successful, the above command returns JSON structured like this:
{
"status": "success",
"message": "Rate limit rule deleted successfully."
}
If unsuccessful, the above command returns JSON structured like this:
{
"status": "error",
"message": "Rate limit rule not found or does not belong to the current user."
}
HTTP Request
DELETE https://api.fraudguard.io/api/rate-limits/rules/{identifier}
ThreatWatch Add Monitored IP
This API adds an individual IP address to the ThreatWatch watchlist.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
Usage Notes:
- Supported Inputs: Only single IP addresses are supported at this time (e.g., 88.25.3.1).
- Duplicate Handling: If an IP already exists in the watchlist, the updated_at timestamp will be refreshed, and no duplicate entry will be created.
curl -X POST -u "username:password" "https://api.fraudguard.io/api/threatwatch/add" -d '{
"ip": "88.25.3.1"
}'
require 'net/http'
require 'net/https'
def post_ip(server,path,username,password)
body = '{
"ip": "88.25.3.1"
}'
http = Net::HTTP.new(server,443)
req = Net::HTTP::Post.new(path)
http.use_ssl = true
req.basic_auth username, password
req.body = body
response = http.request(req)
return response.body
end
puts post_ip('api.fraudguard.io','/api/threatwatch/add','username','password')
import requests
from requests.auth import HTTPBasicAuth
data = '{
"ip": "88.25.3.1"
}'
ip=requests.post('https://api.fraudguard.io/api/threatwatch/add', data=data, verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var username = 'username';
var password = 'password';
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
const querystring = require('querystring');
const https = require('https');
const data = '{
"ip": "88.25.3.1"
}';
var options = {
hostname: "api.fraudguard.io",
port: 443,
path: '/api/threatwatch/add',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': auth,
'Content-Length': data.length
}
};
var req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.write(data);
req.end();
<?php
$username = 'username';
$password = 'password';
$jsondata = '{
"ip": "88.25.3.1"
}';
$url = 'https://@api.fraudguard.io/api/threatwatch/add';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsondata);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
$body = @'
'{
"ip": "88.25.3.1"
}'
'@
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/threatwatch/add' -Headers $Headers -Method Post -Body $body
The above command needs to POST a JSON body example like this:
{
"ip": "88.25.3.1"
}
If successful, the above command returns JSON structured like this:
{
"status": "success",
"message": "IP added to watchlist."
}
HTTP Request
POST https://api.fraudguard.io/api/threatwatch/add
ThreatWatch Delete Monitored IP
This API endpoint deletes a monitored IP address from the ThreatWatch watchlist.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
Usage Notes:
- Impact on Analytics: Deleting an IP will remove it from the watchlist but will not affect historical data in threatwatch_alerts.
- Supported Inputs: Single IP addresses only.
curl -X DELETE -u "username:password" "https://api.fraudguard.io/api/threatwatch/delete" -d '{
"ip": "88.25.3.1"
}'
require 'net/http'
require 'net/https'
def delete_ip(server,path,username,password)
body = '{
"ip": "88.25.3.1"
}'
http = Net::HTTP.new(server,443)
req = Net::HTTP::Delete.new(path)
http.use_ssl = true
req.basic_auth username, password
req.body = body
response = http.request(req)
return response.body
end
puts delete_ip('api.fraudguard.io','/api/threatwatch/delete','username','password')
import requests
from requests.auth import HTTPBasicAuth
data = '{
"ip": "88.25.3.1"
}'
ip=requests.delete('https://api.fraudguard.io/api/threatwatch/delete', data=data, verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var username = 'username';
var password = 'password';
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
const querystring = require('querystring');
const https = require('https');
const data = '{
"ip": "88.25.3.1"
}';
var options = {
hostname: "api.fraudguard.io",
port: 443,
path: '/api/threatwatch/delete',
method: 'DELETE',
headers: {
'Content-Type': 'application/json',
'Authorization': auth,
'Content-Length': data.length
}
};
var req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.write(data);
req.end();
<?php
$username = 'username';
$password = 'password';
$jsondata = '{
"ip": "88.25.3.1"
}';
$url = 'https://@api.fraudguard.io/api/threatwatch/delete';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_DELETE,1);
curl_setopt($ch, CURLOPT_DELETEFIELDS, $jsondata);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
$body = @'
'{
"ip": "88.25.3.1"
}'
'@
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/threatwatch/delete' -Headers $Headers -Method Delete -Body $body
The above command needs to Delete a JSON body example like this:
{
"ip": "88.25.3.1"
}
If successful, the above command returns JSON structured like this:
{
"status": "success",
"message": "IP removed from watchlist."
}
HTTP Request
DELETE https://api.fraudguard.io/api/threatwatch/delete
ThreatWatch List All Monitored IPs
This API endpoint retrieves a list of all IPs currently being monitored.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
Usage Notes:
- This endpoint is useful for verifying whether specific IPs are being actively monitored.
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/threatwatch/list"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/threatwatch/list','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/threatwatch/list', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/threatwatch/list',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/threatwatch/list';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/threatwatch/list' -Headers $Headers
The above command returns JSON structured like this:
{
"status": "success",
"monitored_ips": [
{
"ip": "12.65.23.1",
"created_at": "2024-11-30 10:00:00",
"updated_at": "2024-11-30 12:00:00"
},
{
"ip": "99.2.23.5",
"created_at": "2024-11-29 14:00:00",
"updated_at": "2024-11-30 11:00:00"
}
]
}
HTTP Request
GET https://api.fraudguard.io/api/threatwatch/list
ThreatWatch Analytics
This API endpoint provides a detailed overview of monitored IP activity, including insights into threats, risk levels, and geographic patterns.
Note: This API is only included in the FraudGuard.io Business Plan or above. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
Usage Notes:
- This endpoint is useful for verifying whether specific IPs are being actively monitored.
- Key Metrics:
- total_monitored_ips: Total IPs in the customer’s watchlist.
- matched_threats: Total threats detected for monitored IPs.
- most_active_threats: Top 5 IPs with the most threat activity.
- top_threat_categories: Breakdown of detected threat types.
- geographic_overview: Threat distribution by country.
- recent_activity: Last 10 detected threats.
- Retention Policy: Alerts older than 30 days are automatically purged and will not appear in analytics.
curl -X GET -u "username:password" "https://@api.fraudguard.io/api/threatwatch/analytics"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/api/threatwatch/analytics','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/api/threatwatch/analytics', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/api/threatwatch/analytics',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/api/threatwatch/analytics';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/api/threatwatch/analytics' -Headers $Headers
The above command returns JSON structured like this:
{
"status": "success",
"analytics": {
"total_monitored_ips": 150,
"matched_threats": 320,
"most_active_threats": [
{
"ip": "88.25.3.1",
"threat_count": 25,
"most_recent_threat": "spam_tracker"
},
{
"ip": "25.3.1.1",
"threat_count": 18,
"most_recent_threat": "botnet_tracker"
}
],
"top_threat_categories": {
"abuse_tracker": 40,
"spam_tracker": 30,
"anonymous_tracker": 22,
"botnet_tracker": 20,
"honeypot_tracker": 10
},
"geographic_overview": {
"United States": 35,
"Russia": 25,
"China": 15
},
"recent_activity": [
{
"ip": "72.22.51.3",
"threat": "abuse_tracker",
"risk_level": 4,
"timestamp": "2024-11-30 12:34:56"
},
{
"ip": "98.2.3.2",
"threat": "spam_tracker",
"risk_level": 3,
"timestamp": "2024-11-30 12:31:15"
}
]
}
}
HTTP Request
GET https://api.fraudguard.io/api/threatwatch/analytics
Raw IP Lists by Risk
This API endpoint returns raw IP address lists direct from the FraudGuard.io attack correlation engine by risk level. This dataset is very dynamic and changes constantly.
Note: This API is only included in the FraudGuard.io Enterprise plan. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X GET -u "username:password" "https://@api.fraudguard.io/raw-lists-by-risk/5?offset=0&limit=5&cidr=false&ipv6=false"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/raw-lists-by-risk/5?offset=0&limit=5&cidr=false&ipv6=false','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/raw-lists-by-risk/5?offset=0&limit=5&cidr=false&ipv6=false', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/raw-lists-by-risk/5?offset=0&limit=5&cidr=false&ipv6=false',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/raw-lists-by-risk/5?offset=0&limit=5&cidr=false&ipv6=false';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/raw-lists-by-risk/5?offset=0&limit=5&cidr=false&ipv6=false' -Headers $Headers
The above command returns JSON structured like this:
[
"87.246.7.0",
"185.180.143.146",
"94.102.61.0",
"91.191.209.0",
"5.188.206.0"
]
HTTP Request
GET https://api.fraudguard.io/raw-lists-by-risk/5?offset=0&limit=5&cidr=false&ipv6=false
URL Parameters
Parameter | Description |
---|---|
Risk Level | Options of 1-5 See Details here |
Offset | Offset for Pagination |
CIDR | true/false for enabling/disabling CIDR notation in JSON Response |
IPv6 | true/false for enabling/disabling support for IPv6 addresses |
Limit | Limit for retrieving IP data within the request. We allow values between 1-1000. We share current API total count of results via X-Total-Count response header. |
Raw IP Lists by Threat
This API endpoint returns raw IP address lists direct from the FraudGuard.io attack correlation engine by threat type. This dataset is very dynamic and changes constantly.
Note: This API is only included in the FraudGuard.io Enterprise plan. For more info - check out our API pricing table
FraudGuard.io requires Tier-Based Rate Limits so please review the documentation here
For additional information on Threats & Risks identification please check out our documentation
curl -X GET -u "username:password" "https://@api.fraudguard.io/raw-lists-by-threat/spam_tracker?offset=0&limit=5&cidr=false&ipv6=false"
require 'net/http'
require 'net/https'
def get_ip(server,path,username,password)
http = Net::HTTP.new(server,443)
req = Net::HTTP::Get.new(path)
http.use_ssl = true
req.basic_auth username, password
response = http.request(req)
return response.body
end
puts get_ip('api.fraudguard.io','/raw-lists-by-threat/spam_tracker?offset=0&limit=5&cidr=false&ipv6=false','username','password')
import requests
from requests.auth import HTTPBasicAuth
ip=requests.get('https://api.fraudguard.io/raw-lists-by-threat/spam_tracker?offset=0&limit=5&cidr=false&ipv6=false', verify=True, auth=HTTPBasicAuth('username', 'password'))
print (ip.text)
var options = {
host: 'api.fraudguard.io',
port: 443,
path: '/raw-lists-by-threat/spam_tracker?offset=0&limit=5&cidr=false&ipv6=false',
headers: {
'Authorization': 'Basic ' + new Buffer(username + ':' + password).toString('base64')
}
};
request = https.get(options, function(res){
var body = "";
res.on('data', function(data) {
body += data;
});
res.on('end', function() {
console.log(body);
})
res.on('error', function(e) {
onsole.log("Got error: " + e.message);
});
});
}
<?php
$login = 'username';
$password = 'password';
$url = 'https://@api.fraudguard.io/raw-lists-by-threat/spam_tracker?offset=0&limit=5&cidr=false&ipv6=false';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo $result;
$user = 'username'
$pass = 'password'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
Invoke-WebRequest -Uri 'https://api.fraudguard.io/raw-lists-by-threat/spam_tracker?offset=0&limit=5&cidr=false&ipv6=false' -Headers $Headers
The above command returns JSON structured like this:
[
"5.188.210.93",
"199.167.138.22",
"5.188.210.21",
"185.220.101.23",
"185.220.101.21"
]
HTTP Request
GET https://api.fraudguard.io/raw-lists-by-threat/spam_tracker?offset=0&limit=5&cidr=false&ipv6=false
URL Parameters
Parameter | Description |
---|---|
Threat Type | See Details here |
Offset | Offset for Pagination |
CIDR | true/false for enabling/disabling CIDR notation in JSON response |
IPv6 | true/false for enabling/disabling support for IPv6 addresses |
Limit | Limit for retrieving IP data within the request. We allow values between 1-1000. We share current API total count of results via X-Total-Count response header. |
Errors
The FraudGuard.io API uses the following error codes:
Error Code | Meaning |
---|---|
200 | OK: Request successful (e.g., rule retrieved, request allowed). |
201 | Created: Resource created (e.g., rule created successfully). |
400 | Bad Request -- Your request is invalid. |
401 | Unauthorized -- Your login credentials are invalid. |
404 | Not Found: Resource does not exist or is outside the user’s scope. |
409 | Conflict: Resource conflict (e.g., duplicate rule creation). |
429 | Too Many Requests -- You've exceeded the number of API requests allocated in your pricing plan. You need to upgrade to enable this feature. |
500 | Internal Server Error -- It's our bad. We've had a problem with our server. Try again later. |
503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |