Threat Intelligence
We publish 4M+ malicious IP addresses daily in our IP Threat Intelligence database. We also track Tor nodes and open proxies.
Example Request
curl "https://api.ipdata.co/27.126.160.0/threat?api-key=<<apiKey>>"
ipdata 27.126.160.0 -f threat
Sample Response
{
"is_tor": false,
"is_icloud_relay": false,
"is_proxy": false,
"is_datacenter": false,
"is_anonymous": false,
"is_known_attacker": true,
"is_known_abuser": true,
"is_threat": true,
"is_bogon": false,
"blocklists": [
{
"name": "Spamhaus",
"site": "https://www.spamhaus.org",
"type": "general"
},
{
"name": "USTC.edu.cn",
"site": "https://ustc.edu.cn",
"type": "general"
}
]
}
Data Fields
| Field | Description |
|---|---|
| is_tor | is true if the IP address is associated with a node on the Tor network |
| is_vpn | true for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only. |
| is_icloud_relay | true for IP addresses belonging to Apple's iCloud relay service |
| is_proxy | is true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies |
| is_datacenter | true for any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic. |
| is_anonymous | is set true if either one of is_tor or is_proxy is true |
| is_known_attacker | is true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc |
| is_known_abuser | is true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc |
| is_threat | is true if either one of is_known_abuser or is_known_attacker is true |
| is_bogon | true for if an IP address is a bogon. |
| blocklists | An array of blocklists an IP address has been reported to. It includes the name, website and list type. |
| scores | A map of IP reputation scores. |
Updated 10 months ago