The IPQS Python reader brings a new standard of performance and compression to our IP reputation and geo location services. Setting up and using the reader can be achieved in minutes using this Python reader class, providing access to our threat intelligence feeds and proxy & VPN detection database.
Installation with our Python reader class can be achieved by issuing one command as follows (Alternatively you can download a copy of the source directly from our github:
Using our flat file database system with Python to lookup an IP address is simple:
The following fields are available on all default database files. Some of these fields may be unavailable if you have a custom database file. If the field in question is unavailable, it will default to Python's default value for that type.
|record.IsProxy()||bool||Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)|
|record.IsVPN()||bool||Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The "proxy" status will always be true when this value is true.|
|record.IsTOR()||bool||Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The "proxy" status will always be true when this value is true.|
|record.IsCrawler()||bool||Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification.|
|record.IsBot()||bool||Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious.|
|record.RecentAbuse()||bool||This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days.|
|record.IsBlacklisted()||bool||This value will indicate if the IP has been blacklisted by any 3rd party agency for spam, abuse or fraud.|
|record.IsPrivate()||bool||This value will indicate if the IP is a private, non-routable IP address.|
|record.IsMobile()||bool||This value will indicate if the IP is likely owned by a mobile carrier.|
|record.HasOpenPorts()||bool||This value will indicate if the IP has recently had open (listening) ports.|
|record.IsHostingProvider()||bool||This value will indicate if the IP is likely owned by a hosting provider or is leased to a hosting company.|
|record.ActiveVPN()||bool||Identifies active VPN connections used by popular VPN services and private VPN servers.|
|record.ActiveTOR()||bool||Identifies active TOR exits on the TOR network.|
|record.PublicAccessPoint||bool||Indicates if this IP is likely to be a public access point such as a coffee shop, college or library.|
A numerical representation for the suspected type of connection for this IP address. It is generally recommended you call the ToString() function listed below instead of using this value, but it is available as an option.
A string representation for the suspected type of connection for this IP address. (Residential, Mobile, Corporate, Data Center, Education or Unknown)
How frequently the IP address is engaging in abuse across the IPQS threat network. Can be used in combination with the Fraud Score to identify bad behavior. It is generally recommended you call the ToString() function listed below instead of using this value, but it is available as an option.
How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be "high", "medium", "low", or "none".
Two character country code of IP address or "N/A" if unknown.
City of IP address if available or "N/A" if unknown.
ISP if one is known. Otherwise "N/A".
Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise "N/A".
Autonomous System Number if one is known. Zero if nonexistent.
Timezone of IP address if available or "N/A" if unknown.
Latitude of IP address if available or 0.00 if unknown.
Longitude of IP address if available or 0.00 if unknown.
A map containing multiple possible fraud scores. The key is the "strictness level" of the query and can be 0, 1 or 2. Some databases may contain 1 entry, others all 3. It is recommended that you use the lowest strictness for Fraud Scoring. Increasing this value will expand the tests we perform. Levels 2+ have a higher risk of false-positives.
Each database only holds either IPv4 or IPv6 data. Therefore you may need two instances of the reader available depending on your use case.