Scamalytics provides fraud detection services to organizations by analyzing IP addresses and user behavior. The Scamalytics fraud risk API assesses the reputation of IP addresses, identifies proxy usage, and provides a fraud risk score. Additionally, Scamalytics uses shared blacklists and machine learning to detect high-risk users, particularly in industries like banking, payments, and dating services, helping businesses protect their customers and revenue from fraudulent activities.

The Scamalytics Action for ThreatQ allows users to automatically bulk lookup IP addresses, against Scamalytics’s API. The action will fetch geolocation, proxy attributes, risk scores, and other information for each IP address, ingesting the results into ThreatQ.

The integration provides the following actions:

• Scamalytics - Enrich IPs - performs IP lookups against Scamalytics to fetch contextual information about how fraudulent an IP address may be.

The integration is compatible with the following object types:

• Indicators (IP Address)

The integration enriched the following object types:

• Indicators (IP Address, ASN)

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.