Application IPs Datasets

The Netify Applications IPs Datasets provides network intelligence data that is typically used for:

  • QoS/QoE
  • Network routing policies
  • Denylisting/safelisting
  • IP-based machine learning models

The dataset provides network blocks and IP lists for every application supported by Netify.

Learn More Browse Applications

Dataset Samples

Sample Description
Root Servers Simple IP-only example
Telegram Simple network-only example
e-Planning A mix of IPs and networks

Get Started

We have a number of available subscription options to meet your needs. If you have a specific requirement for the data, please do not hesitate to contact us

Available Subscriptions
Legacy Dataset

If you subscribed to the Application IPs dataset prior to October 2024, you can access the legacy dataset here:

Dataset Quick Reference

You can find links to information on authentication, response codes, data formats, and other developer topics in the menu. An API key or token from a subscription is required to access the links below.
Per Application - JSON https://feeds.netify.ai/datasets/v2/application_ips/{application_tag}.json e.g.:
https://feeds.netify.ai/datasets/v2/application_ips/reddit.json
All Applications - JSON https://feeds.netify.ai/datasets/v2/application_ips/application_ips.json.gz

You can fetch the list of application tags from the following API endpoint:
https://feeds.netify.ai/api/v2/lookup/applications

For convenience, the full dataset is available in one large JSON file. This can be too large for some developer tools and JSON readers, so please use it with caution.

Data Payload

Application Property

The Netify Application IPs Feed starts with our standard application property. This provides the application name, description, logo, and other details.

JSON Overview

"data": {
    { Application Property },
    [ CIDR List ],
    [ IP List ],
}

CIDR List

Some applications run across large network blocks. For example, Microsoft Teams connects to specific network blocks for video conferencing. In these cases, the cidr_list property will appear in the dataset.

The networks provided in the cidr_list are dedicated to serving the application and only the application. For example, the networks for Telegram are only used by the Telegram app, so these are listed in the cidr_list data.

Many networks are used for hosting applications. CDNs and and hosting providers certainly fall into this category, but there are other networks that host third party traffic. For example, a handful of banking apps are hosted on the Visa network. In this case, many (or all) of the network blocks for Visa are not included in Visa's cidr_list.

Large companies that provide many applications fall under the same situation as Visa. Apple's network, for example, is used by Apple TV, Apple Mail, Apple Push and many others.

CIDR List - JSON Example

"cidr_list": [
    {
        "network": "8.25.194.0/23",
        "version": "ipv4"
    },
    {
        "network": "8.25.196.0/23",
        "version": "ipv4"
    },
    ...

And just to add some complexity, we make some exceptions to what is considered "dedicated". A few applications can pop-up on what is generally a dedicated network:

  • Tor exit nodes are often intermixed with consumer VPNs network ranges.
  • Speed test servers are common on applications providing VoIP, teleconferencing, and gaming.
  • NTP servers are ubiquitous.

IP List

The active IPs associated with the application but not part of the cidr_list blocks are provided in the ip_list field of the payload. Basically, the combination of the cidr_list and ip_list provides a complete list of networks/IPs used by the application.

Though many IP addresses serving applications are fairly static, IPs do get re-used. For example, most Amazon CloudFront CDN IPs for a specific application can change every week or so. This Application IPs data feed actively purges stale IP addresses.

IP List - JSON Example

"ip_list": [
    {
        "address": "13.33.166.245",
        "version": "ipv4",
        "shared_score": 5,
    }
}
Shared IPs

It is very common for applications to use shared IPs. Here are three common shared IP scenarios:

  • Content delivery networks
  • Third party platforms, e.g. a third-party mail services
  • Multi-app organizations, e.g. the YouTube and Gmail apps both use shared Google infrastructure

The shared_score provides information on IP sharing. Every IP is given a score from 0 (dedicated) to 100 (shared). Details on the scores are provided in the table below.

Score Description
-1 Analysis has not been completed.
0-10 Dedicated IP detected: dedicated network ASNs, IP certificate matches, reverse DNS matches.
10-20 Dedicated IP detected, high probability.
20-40 Dedicated IP detected, but possibility of sharing detected through heuristics / machine learning.
40-60 Gah. This often happens on churned IPs (dedicated to one app, then later dedicated to a different app).
60-80 Shared IP detected, but possibility that it is dedicated.
80-90 Shared IP detected, high probability.
90-100 Shared IP detected: raw Netify intelligence data confirms sharing.

Integration and Custom Solutions

Do you have any questions about integration, APIs or custom development?

Contact Us