1 stable release

1.0.0 Apr 24, 2023

#602 in Database interfaces

Download history 5/week @ 2024-01-22 77/week @ 2024-01-29 126/week @ 2024-02-05 145/week @ 2024-02-12 120/week @ 2024-02-19 316/week @ 2024-02-26 268/week @ 2024-03-04

849 downloads per month

MIT license

51KB
811 lines

IPQualityScore IP Address Reputation & Proxy Detection Rust DB Reader

Flat File Version 1.0

Our flat file proxy detection database allows you to lookup important details about any IP address using a straight forward library. Simply install the reader, download a database, and instantly check IP addresses against our large volume of data.

Click here to see the full Rust IPQualityScore flat file database documentation or click here for a more in depth explanation of what our proxy detection database does. The library crate listing and Cargo-generated docs can be found here.
Installation

To install, simply run the following Cargo command in your project directory:


cargo add ipqs_db_reader
			
Usage

Using our flat file database system to lookup an IP address is simple:


let ip: IpAddr = IpAddr::V4(Ipv4Addr::from_str("8.8.0.0").unwrap());

let mut path_buf = PathBuf::from(env!("CARGO_MANIFEST_DIR")); path_buf.push("resources/IPQualityScore-IP-Reputation-Database-IPv4.ipqs");

let mut reader = FileReader::open(&path_buf)?; let record = reader.fetch(&ip)?;

if let Some(is_proxy) = record.is_proxy() { if is_proxy { println!("{} is a proxy!", ip); } }

println!("Connection type: {}", record.connection_type()); if let Some(fraud_score) = record.fraud_score(Strictness::Zero) { println!("Fraud Score (Strictness 0): {:#?}", fraud_score); }

// Record implements fmt::Display println!("{}", record);

// Record implements serde::Serialization #[cfg(feature = "json")] { let serialized = serde_json::to_string_pretty(&record)?; println!("{}", serialized); }

// Record implements Clone let _ = record;

Usage Notes
  • Each database only holds either IPv4 or IPv6 data. Therefore you may need two instances of the reader available depending on your use case.
  • Make sure to include the release option cargo build --release when compiling, as this will greatly speed up searches.
  • The feature to serialize the Record struct into JSON is enabled by default. This feature requires serde and serde_json as dependencies. If you do not need to serialize results and would like to build with no external dependencies (other than the Rust Standard Library), disable default features.
    
    [dependencies]
    ipqs_db_reader = { version = "1.0.0", default-features = false, }
    

Record Struct Methods

Depending on which database file you receive, some of these fields may be unavailable. If the field in question is unavailable in your database, the associated method will return Option::None.

Implementations Description
pub fn is_proxy(&self) -> Option<bool> Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)
pub fn is_vpn(&self) -> Option<bool> Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The "proxy" status will always be true when this value is true.
pub fn is_tor(&self) -> Option<bool> Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The "proxy" status will always be true when this value is true.
pub fn is_crawler(&self) -> Option<bool> Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification.
pub fn is_bot(&self) -> Option<bool> Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious.
pub fn recent_abuse(&self) -> Option<bool> This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days.
pub fn is_blacklisted(&self) -> Option<bool> This value will indicate if the IP has been blacklisted by any 3rd party agency for spam, abuse or fraud.
pub fn is_private(&self) -> Option<bool> This value will indicate if the IP is a private, nonrouteable IP address.
pub fn is_mobile(&self) -> Option<bool> This value will indicate if the IP is likely owned by a mobile carrier.
pub fn has_open_ports(&self) -> Option<bool> This value will indicate if the IP has recently had open (listening) ports.
pub fn is_hosting_provider(&self) -> Option<bool> This value will indicate if the IP is likely owned by a hosting provider or is leased to a hosting company.
pub fn active_vpn(&self) -> Option<bool> Identifies active VPN connections used by popular VPN services and private VPN servers.
pub fn active_tor(&self) -> Option<bool> Identifies active TOR exits on the TOR network.
pub fn public_access_point(&self) -> Option<bool> Indicates if this IP is likely to be a public access point such as a coffee shop, college or library.
pub fn connection_type(&self) -> &str

The suspected type of connection for this IP address. Returns one of: "Residential", "Mobile", "Corporate", "Data Center", "Education", or "Unknown".

pub fn abuse_velocity(&self) -> &str

How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be "high", "medium", "low", or "none".

pub fn country(&self) -> Option<&str>

Two character country code of IP address or "N/A" if unknown.

pub fn city(&self) -> Option<&str>

City of IP address if available or "N/A" if unknown.

pub fn isp(&self) -> Option<&str>

ISP if one is known. Otherwise "N/A".

pub fn region(&self) -> Option<&str>

Region (or State) if one is known. Otherwise "N/A".

pub fn organization(&self) -> Option<&str>

Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise "N/A".

pub fn asn(&self) -> Option<u64>

Autonomous System Number if one is known. Zero if nonexistent.

pub fn timezone(&self) -> Option<&str>

Timezone of IP address if available or "N/A" if unknown.

pub fn latitude(&self) -> Option<f32>

Latitude of IP address if available or 0.00 if unknown.

pub fn longitude(&self) -> Option<f32>

Longitude of IP address if available or 0.00 if unknown.

pub fn fraud_score(&self, strictness: Strictness) -> Option<u32>

Returns the fraud score associated with the IP address corresponding to the given strictness. Strictness can be one of: Strictness::{Zero, One, Two, Three}. Some databases may contain only 1 entry, others all 4. We recommend starting at Strictness::Zero, the lowest strictness setting, and increasing to Strictness::One depending on your levels of fraud. Levels greater than Strictness::One have a very high risk of false-positives. If a fraud score corresponding to the given strictness does not exist, this method will return Option::None.

Dependencies

~0–280KB