API Basics
Fundamentals
Multicloud / Geofence
API Examples
API Specification
SDKs / Codegen
Batch Processing
Best Practice
Error Codes
Data Tools
Email Validate
Phone Validate
UA Lookup
Bad Word Filter
Convert
WWW
Browser Bot
HTML Clean
URL Info
Telephony
Phone Verify
SMS Verify
Verify Security Code
Phone Playback
HLR Lookup
Rates
Geolocation
IP Info
Geocode Address
Geocode Reverse
Security and Networking
Domain Lookup
Email Verify
IP Probe
IP Blocklist
IP Blocklist Download
Host Reputation
E-commerce
BIN Lookup
BIN List Download
Currency Convert
Imaging
HTML Render
Image Resize
Image Watermark
QR Code
Legacy APIs
User Agent Info
HTML5 Render
SMS Message
HTML Extract
Code Highlight

IP Lookup

Lookup IPv4 and IPv6 address provider details, perform IP based geolocation and check various blocklists.

This API can optionally also run a series of live network scans and service probes to detect proxies and VPNs in realtime.

Some of the checks this API will perform:

VPN Detection

Scan for VPN software running on the host. This can even identify some private and stealth VPNs

Proxy Detection

Scan for signs of proxy software running on the host. Socks, Squid, Tor, etc

IP Address Validation

Validate the IP address is compliant and filter for bogon addresses

IP Type Detection

Determine the general type of the IP such as 'ISP', 'hosting' or 'proxy'

ASN Lookup

Get the ASN (Autonomous System Number) and other AS details controlling the IP address

Provider Details

Get detailed IP provider information like the name, description, website and network size

IP Geolocation

Geolocate the physical location of the IP down to the city level (where possible)

IP Blocklist Lookup

Check many blocklists to identify malicious IPs, proxies, tor, botnets, spammers and more

PTR Lookup

Perform realtime reverse DNS (PTR) lookups and domain name extraction

End Point

https://neutrinoapi.net/ip-lookup
API Request
ParameterRequiredTypeDefaultDescription
ipyesstringAn IPv4 or IPv6 address. Accepts standard IP notation and also CIDR notation
livenobooleanfalsePerform live lookups such as reverse DNS (PTR) and provider/ASN refreshes. If this option is disabled (the default) then lookups will be fully offline and return instantly and in constant time. When enabled this option may add additional non-deterministic latency to the request.
scannobooleanfalsePerform realtime service scans to detect VPN and proxy software running on the host, we recommend enabling this feature if one of your main use-cases is to detect VPNs. When enabled this option may add additional non-deterministic latency to the request.
API Response
ParameterTypeDescription
ipstringThe IPv4 or IPv6 address returned
validbooleanTrue if this is a valid IPv4 or IPv6 address
is-v6booleanTrue if this is a IPv6 address. False if IPv4
is-6to4booleanTrue if this is a 6to4 address. The IPv4 address will be returned in the 'ip' field
is-v4-mappedbooleanTrue if this is a IPv4 mapped IPv6 address
is-bogonbooleanTrue if this is a bogon IP address such as a private network, local network or reserved address
hostnamestringThe IPs full hostname from it's PTR/RDNS record (will always be empty if 'live' lookups are disabled)
hostname-domainstringThe primary domain name from the IPs hostname (will always be empty if 'live' lookups are disabled)
typestringThe detected IP address type, possible values are:
  • isp - an internet service provider, this includes home and business internet providers as well as mobile internet providers (mobile carriers)
  • hosting - a hosting company, this includes cloud computing platforms as well as VPS and dedicated/colocation server hosting providers
  • cdn - a content delivery network (CDN)
  • vpn-commercial - a commercial/paid VPN provider
  • vpn-private - a private or stealth VPN service is running on this IP
  • proxy - a proxy service. This includes HTTP/SOCKS proxies, browser based proxies and open proxies
  • tor - the Tor network
  • edu - a university/college/campus or other type of educational/research facility
  • gov - a government department. This includes military facilities
  • commercial - a commercial entity such as a corporate headquarters or company office
  • bogon - a bogon address
  • unknown - could not reliably identify the IP type
is-ispbooleanTrue if this IP belongs to one of the ISP types
is-hostingbooleanTrue if this IP belongs to one of the hosting types
is-proxybooleanTrue if this IP belongs to either one of the VPN, proxy or tor types
vpn-domainstringFor IPs of type 'vpn' this may contain the domain name of the VPN provider (can also be empty if a specific domain name is not found)
providermapMap containing the provider/ASN details for the IP:
ParameterTypeDescription
typestringThe detected provider type. This is a subset of the IP address types but can differ from the detected IP type. Possible values are:
  • isp - an internet service provider, this includes home and business internet providers as well as mobile internet providers (mobile carriers)
  • hosting - a hosting company, this includes cloud computing platforms as well as VPS and dedicated/colocation server hosting providers
  • cdn - a content delivery network (CDN)
  • edu - a university/college/campus or other type of educational/research facility
  • gov - a government department. This includes military facilities
  • commercial - a commercial entity such as a corporate headquarters or company office
  • unknown - could not reliably identify the provider type
asnstringThe autonomous system number (ASN)
cidrstringThe autonomous system (AS) CIDR range for this IP address
namestringThe unique autonomous system (AS) name. At a minimum this includes the unique AS identifier but may also include the country code, brand name(s) and company address
subnet-namestringIf not empty provides the name of the subnet specific to this CIDR and under the control of the primary ASN
descriptionstringA brief description of the service provider. This is usually extracted directly from the providers main website but may also be synthesized from other sources
websitestringThe main website URL for the provider
registeredintegerThe year the provider was registered in
ageintegerThe current age of the provider in number of years since the registered year
domainsarrayArray of all the domains associated with the provider (ordered by most relevant)
country-codestringThe ISO 2-letter country code this provider operates from. NOTE: This may not match the IP geolocated country in the 'location' data
country-code3stringThe ISO 3-letter country code this provider operates from
network-size-v4integerThe number of IPv4 addresses the provider controls
network-size-v6integerThe number of /48 IPv6 addresses the provider controls
locationmapMap containing geolocation details for the IP:
ParameterTypeDescription
latitudefloatThe IP geolocation latitude
longitudefloatThe IP geolocation longitude
countrystringFull country name
country-codestringISO 2-letter country code
country-code3stringISO 3-letter country code
continent-codestringISO 2-letter continent code
currency-codestringISO 4217 currency code associated with the country
citystringName of the city (if detectable)
regionstringName of the region (if detectable)
region-codestringISO 3166-2 region code (if detectable)
language-codestringThe ISO 2-letter language code for the official language spoken in the country
timezonemapMap containing timezone details for the location:
ParameterTypeDescription
idstringThe time zone ID as per the IANA time zone database (tzdata). If empty then no valid timezone was detected
namestringThe full time zone name
abbrstringThe time zone abbreviation
datestringThe current date at the time zone (ISO 8601 format 'YYYY-MM-DD')
timestringThe current time at the time zone (ISO 8601 format 'hh:mm:ss.sss')
offsetstringThe UTC offset for the time zone (ISO 8601 format '±hh:mm')
blocklistmapMap containing blocklist details for the IP:
ParameterTypeDescription
cidrstringThe CIDR address for this listing (only set if the IP is listed)
is-listedbooleanTrue if this IP is current listed on at least one blocklist
last-seenintegerThe unix time when this IP was last seen on any blocklist. IPs are automatically removed after 7 days therefor this value will never be older than 7 days
blocklistsarrayAn array of strings indicating which blocklist categories this IP is listed on. Current possible values are:
  • tor - IP is a Tor node or running a Tor related service
  • proxy - IP has been detected as an anonymous web proxy or HTTP proxy
  • vpn - IP belongs to a public VPN provider
  • bot - IP is hosting a malicious bot or is part of a botnet. This is a broad category which includes brute-force crackers
  • spam-bot - IP address is hosting a spam bot, comment spamming or any other spamming type software
  • exploit-bot - IP is hosting an exploit finding bot or is running exploit scanning software
  • hijacked - IP is part of a hijacked netblock or a netblock controlled by a criminal organization
  • malware - IP is currently involved in distributing or is running malware
  • spyware - IP is currently involved in distributing or is running spyware
  • spider - IP is running a hostile web spider / web crawler
  • dshield - IP has been flagged as a significant attack source by DShield (dshield.org)
sensorsarrayAn array of objects containing details on which specific sensors detected the IP:
ParameterTypeDescription
idintegerThe sensor ID. This is a permanent and unique ID for each sensor
blockliststringThe primary blocklist category this sensor belongs to
descriptionstringContains details about the sensor source and what type of malicious activity was detected
API Performance
CharacteristicValueDescription
Avg Latency15-5000ms (fixed or variable)This API can be configured using the 'live' option for fixed low-latency responses or non-deterministic latency for realtime reconnaissance
Max Rate200/secondMaximum inbound request rate. Exceeding this will result in request throttling
Max Concurrency250Maximum concurrent/simultaneous requests. Exceeding this will result in error code 06 [TOO MANY CONNECTIONS]