Threat Intelligence

We publish 4M+ malicious IP addresses daily in our IP Threat Intelligence database. We also track Tor nodes and open proxies.

Example Request

curl "<<apiKey>>"
ipdata -f threat

Sample Response

		"is_tor": false,
		"is_icloud_relay": false,
		"is_proxy": false,
		"is_datacenter": false,
		"is_anonymous": false,
		"is_known_attacker": true,
		"is_known_abuser": true,
		"is_threat": true,
		"is_bogon": false,
		"blocklists": [
				"name": "Spamhaus",
				"site": "",
				"type": "general"
				"name": "",
				"site": "",
				"type": "general"

Data Fields

is_toris true if the IP address is associated with a node on the Tor network
is_vpntrue for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only.
is_icloud_relaytrue for IP addresses belonging to Apple's iCloud relay service
is_proxyis true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies
is_datacentertrue for any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic.
is_anonymousis set true if either one of is_tor or is_proxy is true
is_known_attackeris true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc
is_known_abuseris true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc
is_threatis true if either one of is_known_abuser or is_known_attacker is true
is_bogontrue for if an IP address is a bogon.
blocklistsAn array of blocklists an IP address has been reported to. It includes the name, website and list type.
scoresA map of IP reputation scores.