Access Enrichment Queries

Enrichment Queries offer a streamlined process for accessing and analyzing enriched data for domains, IPv4 addresses, and IPv6 addresses.

Access Queries

1. Navigate to Advanced Query Builder > Enrichment Queries and select the appropriate option:

   1. Domain for domain-specific data.

   2. IPv4 for IPv4 address data.

   3. IPv6 for IPv6 address data.

Enrichment Data Types

Usage Instructions

1. Specify the target (domain, IPv4 address, or IPv6 address).

2. (Optional) Click explain to view details behind score calculations.

3. (Optional) Click scan_data to access host scanning data.

4. Click Search to retrieve results.

Save Queries

Organizational users can save queries for future use or sharing:

1. Specify query parameters.

2. Click Save Query.

3. Provide a Name and Description for context.

4. Click Save to store the query in the Private Queries menu.

Sample Output (IPv4 Example)

{
  "status_code": 200,
  "error": null,
  "response": {
    "ip2asn": [
      {
        "asn": 13335,
        "asname": "CLOUDFLARENET, US",
        "ip": "104.26.10.149",
        "ip_location": {
          "country_name": "United States"
        },
        "sp_risk_score": 8,
        "subnet": "104.26.0.0/20"
      }
    ]
  }
}

Sample Output - full detailed subfields

{
  "status_code": 200,
  "error": null,
  "response": {
    "ip2asn": [
      {
        "asn": 13335,
        "asn_allocation_age": 4655,
        "asn_allocation_date": 20100714,
        "asn_rank": 0,
        "asn_rank_score": 0,
        "asn_reputation": 0,
        "asn_reputation_explain": {},
        "asn_reputation_score": 0,
        "asn_takedown_reputation": 8,
        "asn_takedown_reputation_explain": {
          "ips_active": 302751,
          "ips_in_asn": 2464000,
          "ips_num_listed": 3,
          "items_num_listed": 3,
          "lifetime_avg": 4,
          "lifetime_max": 4,
          "lifetime_total": 12
        },
        "asn_takedown_reputation_score": 8,
        "asname": "CLOUDFLARENET, US",
        "benign_info": {
          "actor": "",
          "known_benign": false,
          "tags": []
        },
        "date": 20230412,
        "density": 529,
        "ip": "104.26.10.149",
        "ip_has_expired_certificate": false,
        "ip_has_open_directory": false,
        "ip_is_dsl_dynamic": false,
        "ip_is_dsl_dynamic_score": 0,
        "ip_is_ipfs_node": false,
        "ip_is_tor_exit_node": false,
        "ip_location": {
          "continent_code": "NA",
          "continent_name": "North America",
          "country_code": "US",
          "country_is_in_european_union": false,
          "country_name": "United States"
        },
        "ip_ptr": "",
        "ip_reputation": 0,
        "ip_reputation_explain": {},
        "ip_reputation_score": 0,
        "listing_score": 0,
        "listing_score_explain": {},
        "listing_score_feeds_explain": [],
        "malscore": 8,
        "sinkhole_info": {
          "known_sinkhole_ip": false,
          "tags": []
        },
        "sp_risk_score": 8,
        "sp_risk_score_explain": {
          "sp_risk_score_decider": "asn_takedown_reputation"
        },
        "subnet": "104.26.0.0/20",
        "subnet_allocation_age": "UNKNOWN",
        "subnet_allocation_date": "UNKNOWN",
        "subnet_reputation": 0,
        "subnet_reputation_explain": {},
        "subnet_reputation_score": 0
      }
    ]
  }
}