ASN, geolocation, open ports, and service-level data in a single structured response. Malware associations include family, confidence score, and active status where detected.
Basic IP Enrichment
ASN and hosting company
Geolocation
Open ports
Threat Intelligence
Malware family association
Confidence score
Active status
Infrastructure Intelligence
Service tags
Port and banner detail
Reverse DNS (PTR)
Fingerprinting & Timeline
SSH fingerprints: RSA, ECDSA, ED25519
First seen and last seen per service
Scan history per port
Certificate Intelligence
SHA256, SHA1, MD5 hashes
Subject and issuer details
Validity window
HTTP Intelligence
Server fingerprint
Response headers and status codes
Body hash (SHA256, murmur3)
Redirect detection
Built From Live Scanning
All enrichment is powered by Hunt’s own internet-wide scanning and validation.
Designed for Automation
Consistent schemas, timestamps, and structured fields designed for pipelines and integrations.
Infrastructure Context Over Raw IOCs
Understand how an IP fits into attacker's infrastructure, not just whether it appeared in a list.
SOC & Incident Response Teams
Enrich alerts with infrastructure context to triage incidents faster.
Threat Hunters & Researchers
Pivot from a single IP into tooling, certificates, directories, and campaign signals.
Security Platforms & OEMs
Embed threat enrichment directly into products via API.
ASN, geolocation, open ports, service-level context, malware associations, certificates, SSH fingerprints, and HTTP intelligence. All returned in one structured API response.
faq
What does the IP Enrichment API return for an IP?
Structured enrichment blocks including certificates, malware signals, network and protocol fingerprints, exposed directories, phishing indicators, and timestamps showing observed activity.
How is this different from reputation or blacklist APIs?
The API focuses on infrastructure behavior and attacker tooling rather than static reputation scores.
How do I access the IP Enrichment API ?
Access is provided via API key and standard REST requests.
What formats are supported?
Responses are available in JSON and GZ formats.