Threat Intelligence
We have over 600M malicious IP addresses in our IP Threat Intelligence database. We also track Tor nodes and open proxies. This data is updated every 15mins and is aggregated and published hourly.
Example Request
curl "https://api.ipdata.co/27.126.160.0/threat?api-key=test"
ipdata 27.126.160.0 --fields threat
Sample Response
{
"is_tor": false,
"is_icloud_relay": false,
"is_proxy": false,
"is_datacenter": false,
"is_anonymous": false,
"is_known_attacker": true,
"is_known_abuser": true,
"is_threat": true,
"is_bogon": false,
"blocklists": [
{
"name": "Spamhaus",
"site": "https://www.spamhaus.org",
"type": "general"
},
{
"name": "USTC.edu.cn",
"site": "https://ustc.edu.cn",
"type": "general"
}
]
}
Data Fields
Field | Description |
---|---|
is_tor | is true if the IP address is associated with a node on the Tor network |
is_vpn | true for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only. |
is_icloud_relay | true for IP addresses belonging to Apple's iCloud relay service |
is_proxy | is true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies |
is_datacenter | true for any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic. |
is_anonymous | is set true if either one of is_tor or is_proxy is true |
is_known_attacker | is true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc |
is_known_abuser | is true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc |
is_threat | is true if either one of is_known_abuser or is_known_attacker is true |
is_bogon | true for if an IP address is a bogonbogon - Bogons are IP addresses that should not be routed because they are not allocated, or they are allocated for private use. IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user Private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598 and netblocks that have not been allocated to a regional internet registry. Unallocated (Free) Address Space, generated on a daily basis using the IANA registry files, the Regional Internet Registry stats files and the Regional Internet Registry whois data.. |
blocklists | An array of blocklists an IP address has been reported to. It includes the name, website and list type. |
Updated 11 days ago