Threat Intelligence

We publish 4M+ malicious IP addresses daily in our IP Threat Intelligence database. We also track Tor nodes and open proxies.

Example Request

curl "<<apiKey>>"
ipdata -f threat

Sample Response

        "is_tor": false,
        "is_icloud_relay": false,
        "is_proxy": false,
        "is_datacenter": false,
        "is_anonymous": false,
        "is_known_attacker": true,
        "is_known_abuser": true,
        "is_threat": true,
        "is_bogon": false,
        "blocklists": [
                "name": "Spamhaus",
                "site": "",
                "type": "general"
                "name": "",
                "site": "",
                "type": "general"

Data Fields

is_toris true if the IP address is associated with a node on the Tor network
is_vpntrue for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only.
is_icloud_relaytrue for IP addresses belonging to Apple's iCloud relay service
is_proxyis true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies
is_datacentertrue for any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic.
is_anonymousis set true if either one of is_tor or is_proxy is true
is_known_attackeris true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc
is_known_abuseris true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc
is_threatis true if either one of is_known_abuser or is_known_attacker is true
is_bogontrue for if an IP address is a bogon.
blocklistsAn array of blocklists an IP address has been reported to. It includes the name, website and list type.
scoresA map of IP reputation scores.