The IP Blocklist API will detect potentially malicious or dangerous IP addresses.
Use this API for identifying malicious hosts, anonymous proxies, Tor, botnets, spammers and more.
Block, filter and flag traffic to help reduce attacks on your networks and software.
IP blocklist will detect the following categories of IP addresses:
- Malware and spyware
- Criminal netblocks
- Tor nodes
- Proxies and VPNs
- Bots and botnets
- Exploit scanners
Under the hood there are 3 core components that make up our blocklist system.
This is our system of automated bots, crawlers and honeypots which continuously collect data from across the Internet.
This system aggregates IP data from commercial and open-source security appliances.
This includes feeds from firewalls, gateways and intrusion detection systems (IDS).
We collect data from many public sources of IP related data.
This includes public blocklists, blacklists, malware/botnet trackers and various security intelligence feeds.
You can also download the complete IP data for direct use on your own systems using the Download API
IP blocklist is a database of known malicious IP addresses, this does not generally include commercial/legitimate VPN providers.
For realtime detection of VPN users check out the IP Probe API
|ip||Yes||string||An IPv4 or IPv6 address|
|ip||string||The IP address|
|is-listed||boolean||Is this IP on a blocklist|
|list-count||integer||The number of blocklists the IP is listed on|
|blocklists||array||An array of strings indicating which blocklists this IP is listed on (empty if not listed)|
|last-seen||integer||The last time this IP was seen on a blocklist (in Unix time or 0 if not listed recently)|
|is-proxy||boolean||IP has been detected as an anonymous web proxy or anonymous HTTP proxy|
|is-tor||boolean||IP is a Tor node or running a Tor related service|
|is-vpn||boolean||IP has been detected as belonging to a VPN provider|
|is-malware||boolean||IP is involved in distributing or is running malware|
|is-spyware||boolean||IP is involved in distributing or is running spyware |
|is-dshield||boolean||IP has been flagged as an attack source on DShield (dshield.org)|
|is-hijacked||boolean||IP is part of a hijacked netblock or a netblock controlled by a criminal organization|
|is-spider||boolean||IP is running a hostile web spider / web crawler|
|is-bot||boolean||IP is hosting a malicious bot or is part of a botnet. Includes brute-force crackers|
|is-spam-bot||boolean||IP address is hosting a spam bot, comment spamming or any other spamming type software|
|is-exploit-bot||boolean||IP is hosting an exploit finding bot or is running exploit scanning software|
|Free Tier||Tier 1||Tier 2||Tier 3|