The IP Blocklist API will detect potentially malicious or dangerous IP addresses.
Use this API for identifying malicious hosts, anonymous proxies, Tor, botnets, spammers and more.
Block, filter and flag traffic to help reduce attacks on your networks and software.
IP blocklist will detect the following categories of IP addresses:
- Malware and spyware
- Criminal netblocks
- Tor nodes
- Proxies and VPNs
- Exploit scanners
You can also download the complete IP data for direct use on your own systems using the Download API
Under the hood there are 3 core components that make up our blocklist system.
This is our system of automated bots, crawlers and honeypots which continuously collect data from across the Internet.
You can tap into part of this system too by utilizing the IP Probe API which is good at realtime detection of VPN and proxy servers.
This system aggregates IP data from thousands of commercial and open-source security appliances.
This includes feeds from firewall's, gateways and intrusion detection systems (IDS).
We collect data from many public sources of IP related data.
This includes public blocklists, blacklists, malware/botnet trackers and various security intelligence feeds.
|ip||Yes||string||An IPv4 or IPv6 address|
|ip||string||The IP address|
|is-listed||boolean||Is this IP on a blocklist|
|list-count||integer||The number of blocklists the IP is listed on|
|blocklists||array||An array of strings indicating which blocklists this IP is listed on (empty if not listed)|
|last-seen||integer||The last time this IP was seen on a blocklist (in Unix time or 0 if not listed recently)|
|is-proxy||boolean||IP has been detected as an anonymous web proxy or anonymous HTTP proxy|
|is-tor||boolean||IP is a Tor node or Tor related service|
|is-vpn||boolean||IP has been detected as belonging to a VPN provider|
|is-malware||boolean||IP is involved in distributing or is running malware|
|is-spyware||boolean||IP is involved in distributing or is running spyware |
|is-dshield||boolean||IP has been flagged on DShield (dshield.org)|
|is-hijacked||boolean||IP is part of a hijacked netblock or a netblock controlled by a criminal organization|
|is-spider||boolean||IP is running a hostile web spider / web crawler|
|is-bot||boolean||IP is hosting a malicious bot or is part of a botnet. Includes brute-force crackers|
|is-spam-bot||boolean||IP address is hosting a spam bot, comment spamming or any other spamming type software|
|is-exploit-bot||boolean||IP is hosting an exploit finding bot or is running exploit scanning software|
|Free Tier||Tier 1||Tier 2||Tier 3|