API Basics
Data Tools
★  Browser Bot
★  HTML Clean
★  HTML Extract
★  URL Info
Security and Networking

IP Blocklist

The IP Blocklist API will detect potentially malicious or dangerous IP addresses.

Use this API for identifying malicious hosts, anonymous proxies, tor, botnets, spammers and more. Block, filter or flag traffic to help reduce attacks on your networks and software stacks. You can also download the complete IP data for direct use on your own systems using the Download API.

IP blocklist will detect the following main categories of IP addresses:
Under the hood there are 3 core components that make up our blocklist:

Autonomous Networks

This is our system of autonomous bots, crawlers and honeypots which continuously collect data from across the Internet in realtime

Firewall Aggregation

This system collects IP data from security appliances, this includes feeds from firewalls, gateways and intrusion detection systems (IDS)

Open Data

We compile data from many public sources of IP data. This includes public blocklists, blacklists, botnet trackers and various security intelligence feeds

End Point

Test API
API Request
ipyesstringAn IPv4 or IPv6 address
vpn-lookupnobooleanfalseInclude public VPN provider IP addresses.
NOTE: For more advanced VPN detection including the ability to identify private and stealth VPNs use the IP Probe API
API Response
ipstringThe IP address
is-listedbooleanIs this IP on a blocklist
last-seenintegerThe last time this IP was seen on a blocklist (in Unix time or 0 if not listed recently)
list-countintegerThe number of blocklists the IP is listed on
blocklistsarrayAn array of strings indicating which blocklists this IP is listed on (empty if not listed)
sensorsarrayAn array of objects containing details on which sensors were used to detect this IP
is-proxybooleanIP has been detected as an anonymous web proxy or anonymous HTTP proxy
is-torbooleanIP is a Tor node or running a Tor related service
is-vpnbooleanIP belongs to a public VPN provider (only set if the 'vpn-lookup' option is enabled)
is-malwarebooleanIP is involved in distributing or is running malware
is-spywarebooleanIP is involved in distributing or is running spyware
is-dshieldbooleanIP has been flagged as an attack source on DShield (dshield.org)
is-hijackedbooleanIP is part of a hijacked netblock or a netblock controlled by a criminal organization
is-spiderbooleanIP is running a hostile web spider / web crawler
is-botbooleanIP is hosting a malicious bot or is part of a botnet. Includes brute-force crackers
is-spam-botbooleanIP address is hosting a spam bot, comment spamming or any other spamming type software
is-exploit-botbooleanIP is hosting an exploit finding bot or is running exploit scanning software
Daily Limits
Free TierTier 1Tier 2Tier 3