API Basics
★  Fundamentals
★  Error Codes
★  Examples
★  Batch Processing
★  Specifications
★  Best Practice
★  SDKs
★  Stats
Data Tools
Security and Networking

IP Blocklist

The IP Blocklist API will detect potentially malicious or dangerous IP addresses.

Use this API for identifying malicious hosts, anonymous proxies, Tor, botnets, spammers and more.
Block, filter and flag traffic to help reduce attacks on your networks and software.

IP blocklist will detect the following main categories of IP addresses:
Under the hood there are 3 core components that make up our blocklist system.
You can also download the complete IP data for direct use on your own systems using the Download API

IP blocklist is a database of known malicious IP addresses, this does not generally include commercial/legitimate VPN providers. For realtime detection of VPN users check out the IP Probe API

End Point

Test API
API Request
ipyesstringAn IPv4 or IPv6 address
API Response
ipstringThe IP address
is-listedbooleanIs this IP on a blocklist
last-seenintegerThe last time this IP was seen on a blocklist (in Unix time or 0 if not listed recently)
list-countintegerThe number of blocklists the IP is listed on
blocklistsarrayAn array of strings indicating which blocklists this IP is listed on (empty if not listed)
sensorsarrayAn array of objects containing details on which sensors were used to detect this IP
is-proxybooleanIP has been detected as an anonymous web proxy or anonymous HTTP proxy
is-torbooleanIP is a Tor node or running a Tor related service
is-vpnbooleanIP has been detected as belonging to a VPN provider
is-malwarebooleanIP is involved in distributing or is running malware
is-spywarebooleanIP is involved in distributing or is running spyware
is-dshieldbooleanIP has been flagged as an attack source on DShield (dshield.org)
is-hijackedbooleanIP is part of a hijacked netblock or a netblock controlled by a criminal organization
is-spiderbooleanIP is running a hostile web spider / web crawler
is-botbooleanIP is hosting a malicious bot or is part of a botnet. Includes brute-force crackers
is-spam-botbooleanIP address is hosting a spam bot, comment spamming or any other spamming type software
is-exploit-botbooleanIP is hosting an exploit finding bot or is running exploit scanning software
Daily Limits
Free TierTier 1Tier 2Tier 3