Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Application IPs Datasets

The Netify Application IPs dataset provides network intelligence data that is typically used for:

  • QoS/QoE
  • Network routing policies
  • Denylisting/safelisting

The dataset provides network blocks and IP lists for every application supported by Netify.

See It
Browse application data
Learn About It
Dataset overview
Update Frequency
2 to 3 times a month

Legacy Dataset

If you subscribed to the Application IPs dataset prior to October 2024, you can access the legacy dataset here:

Dataset Samples

Sample Description
Root Servers Simple IP-only example
Telegram Simple network-only example
e-Planning A mix of IPs and networks

Downloads

You can find links to information on authentication, response codes, and other developer topics in the menu. An API key or token from a subscription is required to access the links below.

Single Application
GET
https://feeds.netify.ai/datasets/v2/application_ips/{application_tag}.json
Compressed JSON file containing Application IPs for a given application.
All Applications
GET
https://feeds.netify.ai/datasets/v2/application_ips/application_ips.json.gz
Full dataset containing all application IP data. This can be too large for some developer tools and JSON readers, so please use it with caution.
Application List
GET
https://feeds.netify.ai/datasets/v2/application_ips/application.json
JSON file that contains a simple list of supported applications.
Status
GET
https://feeds.netify.ai/datasets/v2/application_ips/status.txt
File containing last update timestamp.

Payload Overview

Application Object

Every entry in the application_ips data starts with our standard application object. This provides the application name, description, logo, and other details.

Application IPs List - Overview

{
    "application": { Application Attributes },
    "cidr_list": [ CIDR Objects ],
    "ip_list": [ IP Objects ],
}

CIDR List

Some applications operate across large, dedicated network blocks. For example, Telegram runs its infrastructure on networks used exclusively by the Telegram application. We include these network ranges in the cidr_list dataset because they serve only that application.

Many networks, however, support multiple applications. CDNs and hosting providers clearly fall into this category, but other enterprise networks also carry third-party traffic. For instance, Visa hosts several banking applications on its network, so we exclude parts of Visa's network blocks.

Large technology companies create similar challenges. Apple uses its network to deliver Apple TV, Apple Mail, Apple Push Notifications, and many other services. The individual applications may include parts of Apple's network in its cidr_list.

CIDR List - JSON Example

"cidr_list": [
    {
        "network": "9.9.9.0/24",
        "version": "ipv4"
    },
    {
        "network": "68.65.126.0/23",
        "version": "ipv4"
    },
    ...
]

CIDR List Exceptions

We also apply practical exceptions to our definition of dedicated. Certain services routinely appear within otherwise dedicated ranges:

  • Tor nodes are often intermixed with consumer VPNs networks.
  • Speed test servers are common on dedicated application networks providing VoIP, teleconferencing, and gaming.
  • NTP/time servers are ubiquitous.

We evaluate these nuances carefully when deciding which network ranges qualify for inclusion in an application's cidr_list.

IP List

The active IPs associated with the application but not part of the cidr_list blocks are provided in the ip_list field of the payload. In essence, the combination of the cidr_list and ip_list provides a complete list of networks/IPs used by the application.

Though many IP addresses serving applications are fairly static, IPs do get re-used. For example, most Amazon CloudFront CDN IPs for a specific application can change every week or so. This Application IPs data feed actively purges stale IP addresses.

IP List - JSON Example

"ip_list": [
   {
      "address": "13.33.166.245",
      "version": "ipv4",
      "shared_score": 5,
   }
}

IP Shared Score

It is very common for applications to use shared IPs. Here are three common shared IP scenarios:

  • Content delivery networks
  • Third party platforms, e.g. a third-party mail service
  • Multi-app organizations, e.g. the YouTube and Gmail apps both use shared Google infrastructure

The shared_score provides information on IP sharing. Every IP is given a score from 0 (dedicated) to 100 (shared). Details on the scores are provided in the table below.

Shared Score Descriptions
-1
Analysis has not been completed.
0-10
Dedicated IP detected: dedicated network ASNs, IP certificate matches, reverse DNS matches.
10-20
Dedicated IP detected, high probability.
20-40
Dedicated IP detected, but possibility of sharing detected through heuristics / machine learning.
40-60
Gah. This often happens when IPs are churned (dedicated to one app, then later dedicated to a different app).
60-80
Shared IP detected, but possibility that it is dedicated.
80-90
Shared IP detected, high probability.
90-100
Shared IP detected: raw Netify intelligence data confirms sharing.