Threat Intelligence

We have over 600M malicious IP addresses in our IP Threat Intelligence database. We also track Tor nodes and open proxies. This data is updated every 15mins and is aggregated and published hourly.

Example Request

curl ""
ipdata --fields threat

Sample Response

        "is_tor": false,
        "is_icloud_relay": false,
        "is_proxy": false,
        "is_datacenter": false,
        "is_anonymous": false,
        "is_known_attacker": true,
        "is_known_abuser": true,
        "is_threat": true,
        "is_bogon": false,
        "blocklists": [
                "name": "Spamhaus",
                "site": "",
                "type": "general"
                "name": "",
                "site": "",
                "type": "general"

Data Fields




is true if the IP address is associated with a node on the Tor network


true for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only.


true for IP addresses belonging to Apple's iCloud relay service


is true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies


true for any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic.


is set true if either one of is_tor or is_proxy is true


is true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc


is true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc


is true if either one of is_known_abuser or is_known_attacker is true


true for if an IP address is a bogonbogon - Bogons are IP addresses that should not be routed because they are not allocated, or they are allocated for private use. IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user Private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598 and netblocks that have not been allocated to a regional internet registry. Unallocated (Free) Address Space, generated on a daily basis using the IANA registry files, the Regional Internet Registry stats files and the Regional Internet Registry whois data..


An array of blocklists an IP address has been reported to. It includes the name, website and list type.

Did this page help you?