The IP Blocklist API will detect potentially malicious or dangerous IP addresses.
Use this API for anonymous proxy detection, Tor detection, identifying malicious hosts, botnets, spammers and more.
Block, filter and flag traffic to help reduce attacks your networks and software.
We currently detect the following types of IP addresses:
- Proxies and VPNs
- Tor nodes
- Malware and spyware
- Criminal netblocks
- Exploit scanners
Blocklists are updated continuously in real time.
You can also download the complete IP data for direct use on your own systems using the Download API
Under the hood there are 3 core components that make up our blocklist system.
This is our system of automated bots, crawlers and honeypots which continuously collect data from across the Internet.
This system aggregates IP data from thousands of commercial and open-source security appliances.
This includes feeds from firewall's, gateways and intrusion detection systems (IDS).
We collect data from many public sources of IP related data.
This includes public blocklists, blacklists, malware/botnet trackers and various security intelligence feeds.
|ip||Yes||string||An IPv4 or IPv6 address|
|is-listed||boolean||Is this IP on a blocklist|
|list-count||integer||The number of blocklists the IP is listed on|
|last-seen||integer||The last time this IP was seen on a blocklist (in Unix time or 0 if not listed recently)|
|is-proxy||boolean||IP has been detected as an anonymous web proxy or anonymous HTTP proxy|
|is-tor||boolean||IP is a Tor node or Tor related service|
|is-vpn||boolean||IP has been detected as belonging to a VPN provider|
|is-malware||boolean||IP is involved in distributing or is running malware|
|is-spyware||boolean||IP is involved in distributing or is running spyware |
|is-dshield||boolean||IP has been flagged on DShield (dshield.org)|
|is-hijacked||boolean||IP is part of a hijacked netblock or a netblock controlled by a criminal organization|
|is-spider||boolean||IP is running a hostile web spider / web crawler|
|is-bot||boolean||IP is hosting a malicious bot or is part of a botnet. Includes brute-force crackers|
|is-spam-bot||boolean||IP address is hosting a spam bot, comment spamming or any other spamming type software|
|is-exploit-bot||boolean||IP is hosting an exploit finding bot or is running exploit scanning software|
Free limit: 25/day