ELLIO: Threat Intel Extended IP lookup

ELLIO: Threat Intel Extended IP lookup

Information about an IP address, including targeted ports, spoofability, targeted continents, event volume over the last 30 days, and GeoIP details.
Subscribe 
                  {
  "ip": "190.53.43.178",
  "seen": true,
  "spoofable": false,
  "ports": [
    "22"
  ],
  "spoofable_ports": [],
  "target": {
    "continents-2": [
      "AS",
      "EU"
    ]
  },
  "fingerprints": {
    "ja3": [
      "cba7f34191ef2379c1325641f6c6c4f4"
    ],
    "ja4": [
      "t12i130500_2d7513195f68_e51b7354d87f"
    ]
  },
  "volume": 4313,
  "last_seen": {
    "ts": 1720632298,
    "tsHuman": "2024-07-10 17:24:58",
    "last5Minutes": false,
    "lastHour": false,
    "last24Hours": false,
    "last14Days": true,
    "last30Days": true
  },
  "geo": {
    "city": "Managua",
    "region": "Managua Department",
    "country": "NI",
    "asn": {
      "asn": "AS27742",
      "name": "Amnet Telecomunicaciones S.A.",
      "domain": "amnet.com.ni",
      "route": "190.53.43.0/24",
      "type": "ISP"
    },
    "company": {
      "name": "Amnet Datos Nicaragua",
      "domain": "amnetdatos.net",
      "type": "Business"
    },
    "domains": {
      "total": 0,
      "domains": []
    }
  },
  "services": {
    "vpn": false,
    "proxy": false,
    "tor": false,
    "relay": false,
    "hosting": false,
    "service": ""
  }
}

Response example. If you want to see more check the documentation.

Comprehensive IP Analysis API with Enhanced Security Features

Our Advanced IP Analysis API delivers critical insights into IP addresses, tailored for cybersecurity professionals. It features in-depth port analysis, spoofability metrics, geographic intelligence, and enhanced fingerprinting techniques including JA3 and JA4. This API is essential for a nuanced understanding of potential security threats associated with IP addresses.

Core Features

  • Port Analysis: Provides detailed information on targeted ports, identifying which services given IP is targeting.
  • Spoofability Detection: Assesses the possibility of IP spoofing by given IP address.
  • Geographical Insights: Delivers GeoIP details to aid in pinpointing network ownership and location-based risk assessment.
  • JA3/JA4 Fingerprinting: Offers advanced fingerprinting of TLS/SSL negotiation, helping identify known security threats and actors.
  • Event Volume Tracking: Tracks and analyzes IP activity, offering insights over the last 30 days for trend analysis.
  • Service Detection: Identifies the use of services like VPNs, proxies, and TOR, crucial for determining anonymizing behaviors and potential misuse.

Security Benefits

Integrating our Advanced IP Analysis API into security systems like SIEM/SOAR provides robust tools for preemptive threat detection and filtering of sources of mass-exploitation, saving valuable time during incident response.

Ultimately, this API serves as a critical component in the defense against global cyber threats, helping SOC teams to focus on threats that really matter.