Threat Intelligence

We publish 4M+ malicious IP addresses daily in our IP Threat Intelligence database. We also track Tor nodes and open proxies.

Example Request

curl "https://api.ipdata.co/27.126.160.0/threat?api-key=<<apiKey>>"
ipdata 27.126.160.0 -f threat

Sample Response

{
		"is_tor": false,
		"is_icloud_relay": false,
		"is_proxy": false,
		"is_datacenter": false,
		"is_anonymous": false,
		"is_known_attacker": true,
		"is_known_abuser": true,
		"is_threat": true,
		"is_bogon": false,
		"blocklists": [
			{
				"name": "Spamhaus",
				"site": "https://www.spamhaus.org",
				"type": "general"
			},
			{
				"name": "USTC.edu.cn",
				"site": "https://ustc.edu.cn",
				"type": "general"
			}
		]
	}

Data Fields

FieldDescription
is_toris true if the IP address is associated with a node on the Tor network
is_vpntrue for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only.
is_icloud_relaytrue for IP addresses belonging to Apple's iCloud relay service
is_proxyis true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies
is_datacentertrue for any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic.
is_anonymousis set true if either one of is_tor or is_proxy is true
is_known_attackeris true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc
is_known_abuseris true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc
is_threatis true if either one of is_known_abuser or is_known_attacker is true
is_bogontrue for if an IP address is a bogon.
blocklistsAn array of blocklists an IP address has been reported to. It includes the name, website and list type.
scoresA map of IP reputation scores.