Compartilhar via


IPQS Fraud and Risk Scoring

IPQualityScore (IPQS) provides enterprise grade fraud prevention, risk analysis, and threat detection. Analyze IP addresses, phone numbers, email addresses, and URLs or domains to identify sophisticated bad actors and high risk behavior.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name IPQS Support
URL https://www.ipqualityscore.com/contact-us
Email Support@IPQualityScore.com
Connector Metadata
Publisher IPQualityScore
Website https://www.ipqualityscore.com/
Privacy policy https://www.ipqualityscore.com/privacy-policy
Categories Security;Website

IPQualityScore (IPQS) provides enterprise grade fraud prevention, risk analysis, and threat detection. Analyze IP addresses, phone numbers, email addresses, and URLs or domains to identify sophisticated bad actors and high risk behavior worldwide.

Pre-requisites

You will need the following to proceed:

  • A Microsoft Power Apps or Power Automate plan with custom connector feature
  • An Azure subscription
  • An IPQualityScore API Key

Supported Operations

The connector supports the following operations:

  • Retrieve IP address reputation data: This service performs real-time lookups to instantly determine how risky a user, click, or transaction is based on an IP address and optional device information. In addition to analyzing if the IP address is a proxy or VPN, the API returns over 20 relevant data points such as:

    • Geo location data
    • ISP
    • Connection type
    • Device details
    • Recent reputation activity
    • Overall fraud score
    • Status as a proxy, VPN, or TOR connection
    • Abuse Velocity
    • Other similar data points to classify reputation and risk
  • Retrieve Email address reputation data: This API provides real-time email address reputation scoring and validation with hundreds of syntax & DNS checks. The API can be leveraged to determine if the email address inbox exists with the mail service provider and is able to accept new messages. In addition, users can determine if the email address has a poor reputation or has recently been associated with abuse or threats. Additional risk scoring can detect disposable and temporary mail services as well as emails with a history of fraudulent behavior online.

  • Retrieve URL (or) Domain reputation data.: Scans links and domains in real-time to detect suspicious URLs using trusted machine learning models. These machine learning models can accurately identify phishing links, malware URLs, viruses, parked domains, and suspicious URLs with real-time risk scores. In addition, the machine learning models can confidently classify poor reputation domains, suspicious links, and phishing URLs with a real-time API integration. Features such as parking domain detection, domain spam scores, reputation checks, and domain age, elevates URL intelligence to a whole new level.

  • Retrieve Phone Number reputation data: Accurately verify phone numbers worldwide and retrieve a combination of carrier and line type details with risk analysis data to assess phone number reputation. IPQS collects phone validation and verification data from a wide variety of carriers and tier 1 telecommunication providers, with support for all regions. Detect inactive and disconnected phone numbers for easy user validation similar to HLR & LRN lookups. Accurately identify virtual and disposable phone numbers along with numbers associated with abusive behavior online.

Access Your API Key

Register for a free API key at IPQualityScore.com or contact your account manager to access your existing API key.

Support and documentation:

For all the support requests and general queries you can contact Support@IPQualityScore.com or contact us

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
IPQualityScore API Key securestring The IPQualityScore API Key for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Retrieve Email address reputation data

This API provides real-time email address reputation scoring and validation with hundreds of syntax & DNS checks. The API can be leveraged to determine if the email address inbox exists with the mail service provider and is able to accept new messages. In addition, users can determine if the email address has a poor reputation or has recently been associated with abuse or threats. Additional risk scoring can detect disposable and temporary mail services as well as emails with a history of fraudulent behavior online.

Retrieve IP address reputation data

This service performs real-time lookups to instantly determine how risky a user, click, or transaction is based on an IP address and optional device information. In addition to analyzing if the IP address is a proxy or VPN, the API returns over 20 relevant data points such as Geo location data, ISP, Connection type, Device details, Recent reputation activity, Overall fraud score, Status as a proxy, VPN, or TOR connection, Abuse Velocity, Other similar data points to classify reputation and risk.

Retrieve Phone Number reputation data

Accurately verify phone numbers worldwide and retrieve a combination of carrier and line type details with risk analysis data to assess phone number reputation. IPQS collects phone validation and verification data from a wide variety of carriers and tier 1 telecommunication providers, with support for all regions. Detect inactive and disconnected phone numbers for easy user validation similar to HLR & LRN lookups. Accurately identify virtual and disposable phone numbers along with numbers associated with abusive behavior online.

Retrieve URL (or) Domain reputation data

Scans links and domains in real-time to detect suspicious URLs using trusted machine learning models. These machine learning models can accurately identify phishing links, malware URLs, viruses, parked domains, and suspicious URLs with real-time risk scores. In addition, the machine learning models can confidently classify poor reputation domains, suspicious links, and phishing URLs with a real-time API integration. Features such as parking domain detection, domain spam scores, reputation checks, and domain age, elevates URL intelligence to a whole new level.

Retrieve Email address reputation data

This API provides real-time email address reputation scoring and validation with hundreds of syntax & DNS checks. The API can be leveraged to determine if the email address inbox exists with the mail service provider and is able to accept new messages. In addition, users can determine if the email address has a poor reputation or has recently been associated with abuse or threats. Additional risk scoring can detect disposable and temporary mail services as well as emails with a history of fraudulent behavior online.

Parameters

Name Key Required Type Description
Email address
email True string

Email address you want to fetch reputation data.

Abuse Strictness
abuse_strictness True integer

Set the strictness level for machine learning pattern recognition of abusive email addresses with the "recent_abuse" data point. Default level of 0 provides good coverage, however if you are filtering account applications and facing advanced fraudsters then we recommend increasing this value to level 1 or 2.

Fast
fast boolean

When this parameter is enabled our API will not perform an SMTP check with the mail service provider, which greatly increases the API speed. Syntax and DNS checks are still performed on the email address as well as our disposable email detection service. This option is intended for services that require decision making in a time sensitive manner.

Timeout in seconds (1-60)
timeout integer

Maximum number of seconds to wait for a reply from a mail service provider. If your implementation requirements do not need an immediate response, we recommend bumping this value to 20. Any results which experience a connection timeout will return the "timed_out" variable as true. Default value is 7 seconds.

Suggest Domain
suggest_domain boolean

Force analyze if the email addresses domain has a typo and should be corrected to a popular mail service. By default, this test is currently only performed when the email is invalid or if the "recent abuse" status is true.

Returns

Name Path Type Description
Message
message string

A generic status message, either success or some form of an error notice.

Success
success boolean

Was the request successful?

Valid
valid boolean

Does this email address appear valid?

Disposable
disposable boolean

Is this email suspected of belonging to a temporary or disposable mail service? Usually associated with fraudsters and scammers.

SMTP Score
smtp_score integer

Validity score of email server's SMTP setup. Range: "-1" - "3". Scores above "-1" can be associated with a valid email. -1 = invalid email address 0 = mail server exists, but is rejecting all mail 1 = mail server exists, but is showing a temporary error 2 = mail server exists, but accepts all email 3 = mail server exists and has verified the email address

Overall Score
overall_score integer

Overall email validity score. Range: "0" - "4". Scores above "1" can be associated with a valid email. 0 = invalid email address 1 = dns valid, unreachable mail server 2 = dns valid, temporary mail rejection error 3 = dns valid, accepts all mail 4 = dns valid, verified email exists

First Name
first_name string

Suspected first name based on email. Returns "CORPORATE" if the email is suspected of being a generic company email. Returns "UNKNOWN" if the first name was not determinable.

Generic
generic boolean

Is this email suspected as being a catch all or shared email for a domain? ("admin@", "webmaster@", "newsletter@", "sales@", "contact@", etc.)

Common
common boolean

Is this email from a common email provider? ("gmail.com", "yahoo.com", "hotmail.com", etc.)

DNS Valid
dns_valid boolean

Does the email's hostname have valid DNS entries? Partial indication of a valid email.

Honeypot
honeypot boolean

Is this email believed to be a "honeypot" or "SPAM trap"? Bulk mail sent to these emails increases your risk of being blacklisted by large ISPs & ending up in the spam folder.

Deliverability
deliverability string

How likely is this email to be delivered to the user and land in their mailbox. Values can be "high", "medium", or "low".

Frequent Complainer
frequent_complainer boolean

Indicates if this email frequently unsubscribes from marketing lists or reports email as SPAM.

Spam Trap Score
spam_trap_score string

Confidence level of the email address being an active SPAM trap. Values can be "high", "medium", "low", or "none". We recommend scrubbing emails with "high" or "medium" statuses. Avoid "low" emails whenever possible for any promotional mailings.

Catch All
catch_all boolean

Is this email likely to be a "catch all" where the mail server verifies all emails tested against it as valid? It is difficult to determine if the address is truly valid in these scenarios, since the email's server will not confirm the account's status.

Timed Out
timed_out boolean

Did the connection to the mail service provider timeout during the verification? If so, we recommend increasing the "timeout" variable above the default 7 second value. Lookups that timeout with a "valid" result as false are most likely false and should be not be trusted.

Suspect
suspect boolean

This value indicates if the mail server is currently replying with a temporary error and unable to verify the email address. This status will also be true for "catch all" email addresses as defined below. If this value is true, then we suspect the "valid" result may be tainted and there is not a guarantee that the email address is truly valid.

Recent Abuse
recent_abuse boolean

This value will indicate if there has been any recently verified abuse across our network for this email address. Abuse could be a confirmed chargeback, fake signup, compromised device, fake app install, or similar malicious behavior within the past few days.

Fraud Score
fraud_score integer

The overall Fraud Score of the user based on the email's reputation and recent behavior across the IPQS threat network. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent.

Suggested Domain
suggested_domain string

Default value is "N/A". Indicates if this email's domain should in fact be corrected to a popular mail service. This field is useful for catching user typos. For example, an email address with "gmai.com", would display a suggested domain of "gmail.com". This feature supports all major mail service providers.

Leaked
leaked boolean

Was this email address associated with a recent database leak from a third party? Leaked accounts pose a risk as they may have become compromised during a database breach.

Domain Age Human
domain_age.human string

A human description of when this domain was registered. (Ex: 3 months ago)

Domain Age Timestamp
domain_age.timestamp integer

Unix time since the epoch when this domain was first registered(Ex: 1568061634).

Domain Age ISO
domain_age.iso string

The time-domain was registered in ISO8601 format(Ex: 2019-09-09T16:40:34-04:00).

FirstSeen Human
first_seen.human string

A human description of the email address age, using an estimation of the email creation date when IPQS first discovered this email address. (Ex: 3 months ago)

FirstSeen Timestamp
first_seen.timestamp integer

The unix time since epoch when this email was first analyzed by IPQS. (Ex: 1568061634)

FirstSeen ISO
first_seen.iso string

The time this email was first analyzed by IPQS in ISO8601 format (Ex: 2019-09-09T16:40:34-04:00).

Sanitized Email
sanitized_email string

Sanitized email address with all aliases and masking removed, such as multiple periods for Gmail.com.

Request Id
request_id string

A unique identifier for this request.

Retrieve IP address reputation data

This service performs real-time lookups to instantly determine how risky a user, click, or transaction is based on an IP address and optional device information. In addition to analyzing if the IP address is a proxy or VPN, the API returns over 20 relevant data points such as Geo location data, ISP, Connection type, Device details, Recent reputation activity, Overall fraud score, Status as a proxy, VPN, or TOR connection, Abuse Velocity, Other similar data points to classify reputation and risk.

Parameters

Name Key Required Type Description
IP address
ip True string

IP address you want to fetch reputation data.

Strictness
strictness True integer

How in depth (strict) do you want this query to be? Higher values take longer to process and may provide a higher false-positive rate. We recommend starting at "0", the lowest strictness setting, and increasing to "1" or "2" depending on your levels of fraud.

User Agent
user_agent string

You can optionally provide us with the user agent string (browser). This allows us to run additional checks to see if the user is a bot or running an invalid browser. This allows us to evaluate the risk of the user as judged in the "fraud_score".

User Language
user_language string

You can optionally provide us with the user's language header. This allows us to evaluate the risk of the user as judged in the "fraud_score".

Fast
fast boolean

When this parameter is enabled our API will not perform certain forensic checks that take longer to process. Enabling this feature greatly increases the API speed without much impact on accuracy. This option is intended for services that require decision making in a time sensitive manner and can be used for any strictness level.

Mobile
mobile boolean

You can optionally specify that this lookup should be treated as a mobile device. Recommended for mobile lookups that do not have a user agent attached to the request. NOTE-This can cause unexpected and abnormal results if the device is not a mobile device.

Allow Public Access Points
allow_public_access_points boolean

Bypasses certain checks for IP addresses from education and research institutions, schools, and some corporate connections to better accommodate audiences that frequently use public connections.

Lighter Penalties
lighter_penalties boolean

Skip some blacklists which can cause false-positives for sensitive audiences.

Returns

Name Path Type Description
Success
success boolean

Was the request successful?

Message
message string

A generic status message, either success or some form of an error notice.

Fraud Score
fraud_score integer

The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 85, but you may find it beneficial to use a higher or lower threshold.

Country Code
country_code string

Two character country code of IP address or "N/A" if unknown.

Region
region string

Region (state) of IP address if available or "N/A" if unknown.

City
city string

City of IP address if available or "N/A" if unknown.

ISP
ISP string

ISP if one is known. Otherwise "N/A".

ASN
ASN integer

Autonomous System Number if one is known. Null if nonexistent.

Organization
Organization string

Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise "N/A".

Is Crawler
is_crawler boolean

Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification.

Timezone
timezone string

Timezone of IP address if available or "N/A" if unknown.

Mobile
mobile boolean

Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)

Host
host string

Hostname of the IP address if one is available.

Proxy
proxy boolean

Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)

VPN
vpn boolean

Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The "proxy" status will always be true when this value is true.

TOR
tor boolean

Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The "proxy" status will always be true when this value is true.

Active VPN
active_vpn boolean

Premium Account Feature - Identifies active VPN connections used by popular VPN services and private VPN servers.

Active TOR
active_tor boolean

Premium Account Feature - Identifies active TOR exits on the TOR network.

Recent Abuse
recent_abuse boolean

This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days.

Bot Status
bot_status boolean

Premium Account Feature - Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious.

Connection Type
connection_type string

Classification of the IP address connection type as "Residential", "Corporate", "Education", "Mobile", or "Data Center".

Abuse Velocity
abuse_velocity string

Premium Account Feature - How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be "high", "medium", "low", or "none". Can be used in combination with the Fraud Score to identify bad behavior.

Latitude
latitude float

Latitude of IP address if available or "N/A" if unknown.

Longitude
longitude float

Longitude of IP address if available or "N/A" if unknown.

Request Id
request_id string

A unique identifier for this request that can be used to lookup the request details or send a postback conversion notice.

Retrieve Phone Number reputation data

Accurately verify phone numbers worldwide and retrieve a combination of carrier and line type details with risk analysis data to assess phone number reputation. IPQS collects phone validation and verification data from a wide variety of carriers and tier 1 telecommunication providers, with support for all regions. Detect inactive and disconnected phone numbers for easy user validation similar to HLR & LRN lookups. Accurately identify virtual and disposable phone numbers along with numbers associated with abusive behavior online.

Parameters

Name Key Required Type Description
Phone Number
phone True string

Phone Number you want to fetch reputation data.

Strictness
strictness True integer

How in depth (strict) do you want this reputation check to be? Stricter checks may provide a higher false-positive rate. We recommend starting at "0", the lowest strictness setting, and increasing to "1" or "2" depending on your levels of fraud.

Country(For multiple countries, provide comma-separated values)
country string

You can optionally provide us with the default country or countries(comma separated) this phone number is suspected to be associated with. Our system will prefer to use a country on this list for verification or will require a country to be specified in the event the phone number is less than 10 digits.

Returns

Name Path Type Description
Message
message string

A generic status message, either success or some form of an error notice.

Success
success boolean

Was the request successful?

Formatted
formatted string

The phone number formatted in the international dialing code. N/A if not formattable.

Local Format
local_format string

The phone number formatted in the country's local routing rules with area code. N/A if not formattable.

Valid
valid boolean

Is the phone number properly formatted and considered valid based on assigned phone numbers available to carriers in that country?

Fraud Score
fraud_score integer

The IPQS risk score which estimates how likely a phone number is to be fraudulent. Scores 85+ are high risk.

Recent Abuse
recent_abuse boolean

Has this phone number been associated with recent or ongoing fraud?

VOIP
VOIP boolean

Is this phone number a Voice Over Internet Protocol (VOIP) or digital phone number?

Prepaid
prepaid boolean

Is this phone number associated with a prepaid service plan?

Risky
risky boolean

Is this phone number associated with fraudulent activity, scams, robo calls, fake accounts, or other unfriendly behavior?

Active
active boolean

Is this phone number a live usable phone number that is currently active?

Carrier
carrier string

The carrier (service provider) this phone number has been assigned to or "N/A" if unknown.

Line Type
line_type string

The type of line this phone number is associated with (Toll Free, Mobile, Landline, Satellite, VOIP, Premium Rate, Pager, etc...) or "N/A" if unknown.

Country
country string

The two character country code for this phone number.

City
city string

City of the phone number if available or "N/A" if unknown.

Zip Code
zip_code string

Zip or Postal code of the phone number if available or "N/A" if unknown.

Region
region string

Region (state) of the phone number if available or "N/A" if unknown.

Dialing Code
dialing_code integer

The 1 to 4 digit dialing code for this phone number or null if unknown.

Request Id
request_id string

A unique identifier for this request

Name
name string

The owner name of the phone number such as the first or last name or business name assigned to the phone number. Multiple names will be returned in comma separated format. Value is "N/A" if unknown.

Timezone
timezone string

Timezone of the phone number if available or "N/A" if unknown.

Do Not Call
do_not_call boolean

Indicates if the phone number is listed on any Do Not Call (DNC) lists. Only supported in US and CA. This data may not be 100% up to date with the latest DNC blacklists.

Active Status
active_status string

Additional details on the status of the subscriber connection when enhanced active line checks are enabled. These values can be "Active Line", "Disconnected Line", "Phone Turned Off", "Inconclusive Status", or "N/A" if unknown.

Retrieve URL (or) Domain reputation data

Scans links and domains in real-time to detect suspicious URLs using trusted machine learning models. These machine learning models can accurately identify phishing links, malware URLs, viruses, parked domains, and suspicious URLs with real-time risk scores. In addition, the machine learning models can confidently classify poor reputation domains, suspicious links, and phishing URLs with a real-time API integration. Features such as parking domain detection, domain spam scores, reputation checks, and domain age, elevates URL intelligence to a whole new level.

Parameters

Name Key Required Type Description
URL (or) Domain
url True string

URL (or) Domain you want to fetch reputation data.

Strictness
strictness True integer

How strict should we scan this URL? Stricter checks may provide a higher false-positive rate. We recommend defaulting to level "0", the lowest strictness setting, and increasing to "1" or "2" depending on your levels of abuse.

Fast
fast boolean

When enabled, the API will provide quicker response times using lighter checks and analysis. This setting defaults to False.

Returns

Name Path Type Description
Message
message string

A generic status message, either success or some form of an error notice.

Success
success boolean

Was the request successful?

Unsafe
unsafe boolean

Is this domain suspected of being unsafe due to phishing, malware, spamming, or abusive behavior? View the confidence level by analyzing the "risk_score".

Domain
domain string

Domain name of the final destination URL of the scanned link, after following all redirects.

Server
server string

The server banner of the domain's IP address. For example: "nginx/1.16.0". Value will be "N/A" if unavailable.

Content Type
content_type string

MIME type of URL's content. For example "text/html; charset=UTF-8". Value will be "N/A" if unavailable.

Status Code
status_code integer

HTTP Status Code of the URL's response. This value should be "200" for a valid website. Value is "0" if URL is unreachable.

Page Size
page_size integer

Total number of bytes to download the URL's content. Value is "0" if URL is unreachable.

Domain Rank
domain_rank integer

Estimated popularity rank of website globally. Value is "0" if the domain is unranked or has low traffic.

DNS Valid
dns_valid boolean

The domain of the URL has valid DNS records.

Parking
parking boolean

Is the domain of this URL currently parked with a for sale notice?

Spamming
spamming boolean

Is the domain of this URL associated with email SPAM or abusive email addresses?

Malware
malware boolean

Is this URL associated with malware or viruses?

Phishing
phishing boolean

Is this URL associated with malicious phishing behavior?

Suspicious
suspicious boolean

Is this URL suspected of being malicious or used for phishing or abuse? Use in conjunction with the "risk_score" as a confidence level.

Adult
adult boolean

Is this URL or domain hosting dating or adult content?

Risk Score
risk_score integer

The IPQS risk score which estimates the confidence level for malicious URL detection. Risk Scores 85+ are high risk, while Risk Scores = 100 are confirmed as accurate.

Category
category string

Website classification and category related to the content and industry of the site. Over 70 categories are available including "Video Streaming", "Trackers", "Gaming", "Privacy", "Advertising", "Hacking", "Malicious", "Phishing", etc. The value will be "N/A" if unknown.

Domain Age Human
domain_age.human string

A human description of when this domain was registered. (Ex: 3 months ago)

Domain Age Timestamp
domain_age.timestamp integer

The unix time since epoch when this domain was first registered. (Ex: 1568061634)

Domain Age ISO
domain_age.iso string

The time this domain was registered in ISO8601 format (Ex: 2019-09-09T16:40:34-04:00)

Request Id
request_id string

A unique identifier for this request