Threat Intelligence

We have over 600M malicious IP addresses in our IP Threat Intelligence database. We also track Tor nodes and open proxies. This data is updated every 15mins and is aggregated and published hourly.

Example Request

curl "https://api.ipdata.co/27.126.160.0/threat?api-key=test"
ipdata 27.126.160.0 --fields threat

Sample Response

{
        "is_tor": false,
        "is_icloud_relay": false,
        "is_proxy": false,
        "is_datacenter": false,
        "is_anonymous": false,
        "is_known_attacker": true,
        "is_known_abuser": true,
        "is_threat": true,
        "is_bogon": false,
        "blocklists": [
            {
                "name": "Spamhaus",
                "site": "https://www.spamhaus.org",
                "type": "general"
            },
            {
                "name": "USTC.edu.cn",
                "site": "https://ustc.edu.cn",
                "type": "general"
            }
        ]
    }

Data Fields

Field

Description

is_tor

is true if the IP address is associated with a node on the Tor network

is_vpn

true for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only.

is_icloud_relay

true for IP addresses belonging to Apple's iCloud relay service

is_proxy

is true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies

is_datacenter

true for any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic.

is_anonymous

is set true if either one of is_tor or is_proxy is true

is_known_attacker

is true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc

is_known_abuser

is true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc

is_threat

is true if either one of is_known_abuser or is_known_attacker is true

is_bogon

true for if an IP address is a bogonbogon - Bogons are IP addresses that should not be routed because they are not allocated, or they are allocated for private use. IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user Private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598 and netblocks that have not been allocated to a regional internet registry. Unallocated (Free) Address Space, generated on a daily basis using the IANA registry files, the Regional Internet Registry stats files and the Regional Internet Registry whois data..

blocklists

An array of blocklists an IP address has been reported to. It includes the name, website and list type.


Did this page help you?