Greip IP Reputation Scoring

An Apify Actor for analyzing IP addresses using the Greip IP Reputation API. This Actor provides comprehensive threat intelligence data linked to specific IP addresses, including insights into malicious activity, reputation scoring, and potential security risks.

Features

• Threat Intelligence: Comprehensive analysis of IP addresses for security risks
• Malicious Activity Detection: Identifies IP addresses associated with malware, phishing, spam, and other threats
• Proxy & VPN Detection: Detects IP addresses using proxies, VPNs, or Tor networks
• Bot Detection: Identifies automated traffic and bot activity
• Hosting Provider Detection: Flags IP addresses from hosting services and data centers
• Geolocation Data: Provides geographic information about the IP address
• ISP Information: Details about the Internet Service Provider
• Custom Rules Support: Applies organization-specific rules for enhanced filtering
• Risk Scoring: Numerical risk assessment for decision-making

Quick Start

Once you've installed the dependencies, start the Actor:

$apify run

Once your Actor is ready, you can push it to the Apify Console:

apify login # first, you need to log in if you haven't already done so

apify push

Input Parameters

• ip (required): IP address to analyze for reputation scoring. Supports both IPv4 and IPv6 formats:

  • IPv4: 1.1.1.1
  • IPv6: 2001:db8::1

• userID (optional): User identifier for tracking requests in the Greip dashboard (e.g., email address, user ID, name).

• mode (optional): API mode for development or production environment:

  • live (default): Production environment
  • test: Development/testing environment

Output Data

The Actor outputs structured data with the following fields:

• ip: The analyzed IP address
• timestamp: When the analysis was performed
• riskScore: Numerical risk score for the IP address
• threats: Object containing threat intelligence data:
  • isProxy: Whether the IP is a proxy
  • proxyType: Type of proxy (if applicable)
  • isTor: Whether the IP is using Tor network
  • isBot: Whether the IP is associated with bot activity
  • isRelay: Whether the IP is a relay server
  • isHosting: Whether the IP belongs to a hosting provider
  • blacklisted: Whether the IP is blacklisted
  • malware: Whether the IP is associated with malware
  • phishing: Whether the IP is associated with phishing
  • spam: Whether the IP is associated with spam
  • suspicious: Whether the IP shows suspicious activity
• geolocation: Geographic information about the IP
• isp: Internet Service Provider information
• customRulesApplied: Custom rules that were applied during analysis
• status: API response status
• ipType: Type of IP address (IPv4 or IPv6)
• mode: API mode used for the request

Environment Variables

You need to set the following environment variable:

• GREIP_API_KEY: Your Greip API key (required)

To obtain an API key, create an account at Greip and find your API key in the dashboard.

Project Structure

.actor/
├── actor.json # Actor config: name, version, env vars, runtime settings
├── dataset_schema.json # Structure and representation of data produced by an Actor
├── input_schema.json # Input validation & Console form definition
└── output_schema.json # Specifies where an Actor stores its output
src/
└── main.ts # Actor entry point and orchestrator
storage/ # Local storage (mirrors Cloud during development)
├── datasets/ # Output items (JSON objects)
├── key_value_stores/ # Files, config, INPUT
└── request_queues/ # Pending crawl requests
Dockerfile # Container image definition

For more information, see the Actor definition documentation.

How it works

This Actor uses TypeScript and the Greip IP Reputation API to analyze IP addresses for threat intelligence:

1. Input Processing: The Actor accepts an IP address (with optional user ID and mode)
2. API Request: Makes a request to the Greip IP Reputation API endpoint (/lookup/ip/threats)
3. Data Processing: Processes the API response to extract threat intelligence and risk data
4. Output Storage: Stores the structured results in the Actor's dataset

The analysis process provides:

• Comprehensive threat intelligence data
• Risk scoring for security assessment
• Detection of malicious activity associations
• Proxy, VPN, and Tor network identification
• Bot and automated traffic detection
• Geolocation and ISP information

Use Cases

• Fraud Prevention: Analyze IP addresses in payment transactions for fraud detection
• Content Moderation: Identify high-risk IP addresses attempting to bypass filters
• User Registration: Screen new user registrations for suspicious IP addresses
• API Security: Block or flag requests from known malicious IP addresses
• Threat Intelligence: Enhance security systems with real-time IP reputation data
• Compliance: Meet regulatory requirements for transaction monitoring and user verification

What's included

• Apify SDK - toolkit for building Actors
• Input schema - define and easily validate a schema for your Actor's input
• Dataset - store structured data where each object stored has the same attributes
• TypeScript - strongly typed JavaScript for better development experience

Resources

• Greip IP Reputation API Documentation
• Greip IP Lookup API Documentation
• Greip Documentation
• Quick Start guide for building your first Actor
• Integration with Zapier, Make, Google Drive and others
• Video guide on getting data using Apify API

Getting started

For complete information see this article. In short, you will:

1. Build the Actor
2. Run the Actor

Pull the Actor for local development

If you would like to develop locally, you can pull the existing Actor from Apify console using Apify CLI:

1. Install apify-cli

   Using Homebrew

   $brew install apify-cli
   

   Using NPM

   $npm -g install apify-cli
   

2. Pull the Actor by its unique <ActorId>, which is one of the following:

   • unique name of the Actor to pull (e.g. "apify/hello-world")
   • or ID of the Actor to pull (e.g. "E2jjCZBezvAZnX8Rb")

   You can find both by clicking on the Actor title at the top of the page, which will open a modal containing both Actor unique name and Actor ID.

   This command will copy the Actor into the current directory on your local machine.

   $apify pull <ActorId>
   

Documentation reference

To learn more about Apify and Actors, take a look at the following resources:

• Apify SDK for JavaScript documentation
• Apify SDK for Python documentation
• Apify Platform documentation
• Join our developer community on Discord