Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

IP Object

The IP object is returned in the IP API as well various datasets: VPN, Tor, etc.

Please see IP Shared score information below.

IP Attributes

address

string
The IPv4 or IPv6 address.

version

string
The IP address version - either ipv4 or ipv6.

shared_score

integer
A metric quantifying IP multi-tenancy on a scale from 0 (Dedicated) to 100 (Shared). High scores identify shared infrastructure, such as CDNs, while low scores indicate an IP assigned to a single application. See details below.

is_anycast

boolean
Indicates if the IP is routed via Anycast. When true, the IP is announced from multiple global locations simultaneously, typical of CDNs and load balancers.

is_bogon

boolean
Flag to indicate when a bogon network is detected. See Special Networks documentation for details.

app_cidr

string
The app_cidr attribute will appear if the IP address is included in application range. For example, 9.9.9.9 is a well known public DNS server from Quad9. Since this IP is part of the Quad9 9.9.9.0/24 network block, the app_cidr attribute will be set. A Quad9 IP that is outside of all the application network blocks (CIDRs) will not have the app_cidr attribute set.

rdns

object - Reverse DNS Object
The rdns attribute provides the hostname (reverse DNS lookup) and associated application.

tls_certificate

object - TLS Certificate Object
Default TLS certificate detected for the IP address and associated application.

platform

object - Application Object (similar)
Platform is a generic term we use for a CDN, hosting, and SaaS providers.

network

object - Network Object
Network information related to the IP.

pop

object - PoP Object
The point-of-presence (PoP) information.

asn

object - ASN Object
The Autonomous System Number associated with the IP.

asn_route

string
The specific CIDR prefix (e.g., 104.19.160.0/20) currently announced by the Autonomous System (ASN) that encompasses this IP address.

geolocation

object - Geolocation Object
The available city and country level information.

mobile_gateway

object - Mobile Gateway Object
Mobile gateway information if IP is part of 3GPP mobile network.

tor

object - Tor Object
Tor node information if IP is part of the Tor network.

application_list

array - Application Object List
The list of applications detected on the IP. Many IPs are dedicated to a single application, so only one application will be listed.

speedtest_list

array - Speed Test Object List
The list of speed test servers detected on the IP.

vpn_list

array - VPN Object List
The list of VPN servers detected on the IP.

hostnames

array
A simple list of notable application hostnames on the IP. If you would like more details on a hostname provided in the list, you can use the hostname API to retrieve details.

IP Object - JSON Overview

"ip": {
    "address": "1.2.3.4",
    "version": "ipv4",
    "shared_score": 95,
    "is_anycast": true,
    "is_bogon": true,
    "app_cidr": "1.2.3.0/26",
    "rdns": { rDNS Attributes },
    "tls_certificate": { TLS Certificate Attributes },
    "platform": { Platform Attributes },
    "pop": { PoP Attributes },
    "network": { Network Attributes },
    "asn": { ASN Attributes },
    "asn_route": "1.2.3.0/24",
    "geolocation": { Geolocation Attributes },
    "mobile_gateway": { Mobile Gateway Attributes },
    "tor": { Tor Attributes },
    "application_list": [
        { Application Object },
        { Application Object },
        ...
    ],
    "speedtest_list": [
        { Speed Test Object },
        { Speed Test Object },
        ...
    ],
    "vpn_list": [
        { VPN Object },
        { VPN Object },
        ...
    ],
    "hostnames": [
        "www.example.com",
        ...
    ],
}

IP Object - JSON Example

"ip": {
   "address": "13.55.4.2",
   "version": "ipv4",
   "shared_score": 95,
   "is_bogon": true,
   "is_anycast": true,
   "rdns": {
      "hostname": "ec2-13-55-4-2.ap-southeast...",
      { Application Object for rDNS hostname }
   },
   "tls_certificate": {
      "common_name": "t.nc0.co",
      { Application Object for TLS common name }
   },
   "platform": {
      "id": 10843,
      "tag": "ensighten",
      "label": "Ensighten",
      "description": "Ensighten is a ...",
      ...
   },
   "network": {
     "id": 10091,
     "tag": "amazon-aws",
     "label": "Amazon AWS",
     "category": {
        "id": 36,
        "tag": "hosting",
        "label": "Hosting"
     },
     "favicon": "https://static.netify.ai...",
     "icon": "https://static.netify.ai...",
     "logo": "https://static.netify.ai...",
     ...
   },
   "pop": {
      "id": 80,
      "label": "Asia Pacific (Sydney)",
      "internal_tag": "ap-southeast-2",
   },
   "asn_route": "13.54.0.0/15",
   "asn": {
      "tag": "AS16509",
      "label": "Amazon.com Inc",
      "entity": {
         "id": 178,
         "tag": "amazon",
         "label": "Amazon",
         "category": {
            "id": 5,
            "tag": "business",
            "label": "Business"
         }
         ...
      }
   },
   "geolocation": {
      "city": {
         "geoname_id": 2147714,
         "label": "Sydney"
      },
      "region": {
         "geoname_id": 2155400,
         "label": "New South Wales"
      },
      "country": {
         "code": "AU",
         "label": "Australia"
      },
      "coordinates": {
         "scale": "city",
         "latitude": "-33.87150",
         "longitude": "151.20060"
      }
   }
}

IP Shared Score

It is very common for applications to use shared IPs. Here are three common shared IP scenarios:

  • Content delivery networks
  • Third party platforms, e.g. a third-party mail service
  • Multi-app organizations, e.g. the YouTube and Gmail apps both use shared Google infrastructure

The shared_score provides information on IP sharing. Every IP is given a score from 0 (dedicated) to 100 (shared). Details on the scores are provided in the table below.

Shared Score Descriptions
-1
Analysis has not been completed.
0-10
Dedicated IP detected: dedicated network ASNs, IP certificate matches, reverse DNS matches.
10-20
Dedicated IP detected, high probability.
20-40
Dedicated IP detected, but possibility of sharing detected through heuristics / machine learning.
40-60
Gah. This often happens when IPs are churned (dedicated to one app, then later dedicated to a different app).
60-80
Shared IP detected, but possibility that it is dedicated.
80-90
Shared IP detected, high probability.
90-100
Shared IP detected: raw Netify intelligence data confirms sharing.