Unified ThreatIntelligence
Comprehensive threat intelligence database with 500M+ malicious IPs, domains, phishing sites, malware, adware, and tracking domains. Our real-time cybersecurity blocklist API protects against vulnerabilities and cyber threats instantly.
Trusted by leading organizations
Our platform delivers actionable intelligence that helps organizations stay ahead of cyber threats
99.9%
Accuracy Rate
Detection accuracy in identifying malicious IPs and domains thanks to our advanced aggregation engine.
24/7
Real-Time Updates
Continuous monitoring and database updates to ensure you always have the latest threat intelligence.
500M+
Threat Records
250M IPs, 200M domains, 50M hashes, and more malicious entities across the globe.
80%
Faster Detection
Identify threats faster than traditional methods, reducing response time and potential damage.
Multi-Source Aggregation
Aggregate data from VirusTotal, Shodan, GreyNoise, AbuseIPDB, AlienVault, and more. One query, eight sources, comprehensive results.
AI-Powered Summaries
LLM-generated analysis transforms raw enrichment data into actionable intelligence with context-aware threat summaries.
MITRE ATT&CK Mapping
Automatically map IOCs to MITRE ATT&CK techniques based on threat tags and enrichment findings.
See How It Works
Query any IP or domain through our API and get instant results with enrichment from multiple security sources.
We check if an IP address or domain is malicious or suspicious. You can use our API or use our website to check IPs and domains.
Protect your assets by watching them and getting notified when something malicious or suspicious related to it. Our aggregator engine is getting updated every day.
Use our API to benefits from our research and detection. This is especially useful if you are a security researcher or a SOC analyst.
Integrated Sources
Real-time threat intelligence from 517+ verified industry-leading providers
VirusTotal
ActiveShodan
ActiveGreyNoise
ActiveAbuseIPDB
ActiveAlienVault OTX
ActiveIsMalicious
ActiveTriage
Coming SoonURLhaus
ActiveAdvanced Features for Security Teams
Built for security professionals who need detailed insights and seamless integration.
Instant Threat Detection
Get real-time threat assessment in milliseconds. Query any IP or domain and receive comprehensive security intelligence including reputation scores, geolocation, and threat history instantly.
Advanced Similarity Search
Discover related threats with fuzzy matching and similarity algorithms. Find malicious domains that mimic legitimate ones or identify coordinated attack patterns.
API-First Architecture
RESTful API designed for developers. Comprehensive documentation, code examples in multiple languages, and straightforward integration with any tech stack.
Proactive Monitoring & Alerts
Monitor your critical assets 24/7. Receive instant email notifications when watched IPs or domains show suspicious activity or threat status changes.
Comprehensive Threat Profiles
Access detailed intelligence including WHOIS data, SSL certificates, vulnerabilities, ASN information, abuse contacts, and historical threat patterns for informed decision-making.
No credit card required · 14-day free trial · Cancel anytime
Frequently asked questions
If you have anything else you want to ask, reach out to us.
What's the data distributed by the API?
Security score, threat reputation, whois, geolocation, certificates, vulnerabilities, identifiers lists, similar suspicious entities...What's the data retention duration limits?
All data are refreshed 1 time a day to ensure data accuracy on a daily basis.API Usage Limits & Restrictions
- Anonymous: 1 request per minute (100/month)
- Free Account: 5 requests per minute (100/month)
- Basic (API Key): 60 requests per minute (100/month)
- Pro Plan: 60 requests per minute (10,000/month)
- Enterprise: 100 requests per minute (1,000,000/month)
Need higher limits? Contact us for custom plans: contact@ismalicious.comWhy is the API rate limited?
The API is rate limited to prevent abuse. If you need a higher rate limit, please contact us at contact@ismalicious.com
What about the cancel & refund policy?
We do not offer refunds for any of our plans. If you have any issues with our service, please contact us at contact@ismalicious.com and we will do our best to assist you.What integrations are available?
We are currently working on integrations with top cybersecurity companies to provide a seamless experience to our users. Keep an eye on our roadmap to see what's coming next. Currently, we support CORTEX, offer a CLI version of isMalicious for on-premise use, and provide firewall exportable blocklist features.Where is isMalicious based?
isMalicious is a French company based in Europe.
Disclaimer of Responsibility for Usage
isMalicious provides information and cyber threat scores based on aggregated and analyzed public datasets. However, we disclaim any responsibility for decisions made or actions taken based on this information. Users are encouraged to use this data as a supplement to their own security measures and to exercise their own professional judgment to assess risks and make appropriate decisions. isMalicious does not guarantee the complete absence of threats and cannot be held liable for any damages resulting from the use of our service.How do I get support?
If you need support, please contact us at contact@ismalicious.com
The Most Comprehensive Threat Intelligence Database
500M+ verified malicious IPs, domains, and cyberthreat records from 600+ intelligence sources. Real-time blocklist API designed for modern cybersecurity teams.
Phishing Database
45M+ phishing domains and credential harvesting sites. Detect fake login pages, brand impersonation, and social engineering attacks in real-time.
Malware Intelligence
120M+ malware distribution IPs and domains. Block ransomware, trojans, viruses, and zero-day malware before they infect your systems.
IP Blocklist
100M+ malicious IP addresses involved in DDoS attacks, brute force attempts, botnet C2 servers, and network abuse.
Adware Blocklist
28M+ invasive advertising networks, unwanted software promotions, and aggressive marketing domains that degrade user experience.
Tracking Domain Database
67M+ tracking domains, analytics scripts, and surveillance networks. Protect user privacy and comply with GDPR requirements.
Vulnerability Database
Comprehensive vulnerability intelligence including CVEs, exposed services, weak SSL certificates, and security misconfigurations.
Why Our Threat Intelligence Database Stands Out
Multi-Source Validation
Every threat is verified across multiple intelligence sources. Our cross-referencing system eliminates false positives and provides confidence scores for each detection.
Real-Time Blocklist Updates
Unlike static blocklists updated weekly, our database receives hourly updates. New phishing sites, malware domains, and malicious IPs are added within minutes of discovery.
Comprehensive Threat Context
Beyond simple blocklists, get rich threat intelligence including geolocation, ASN data, WHOIS information, SSL certificates, and historical behavior patterns.
Enterprise-Ready API
Sub-100ms response times, 99.9% uptime SLA, and unlimited scalability. Our cybersecurity API integrates seamlessly with firewalls, SIEM systems, and custom applications.
Start Protecting Your Infrastructure Today
Join thousands of security professionals using our threat intelligence database. Free tier available - no credit card required.
Limited FREE API calls • No credit card • Instant access
On-Premise CLI Solution
Enterprise-grade threat intelligence CLI built for maximum performance. Deploy in air-gapped environments, integrate with your CI/CD pipeline, or run automated security checks at scale.
# Update threat intelligence database from 500+ sources
$ ismalicious update
Database update started.
Fetching source 1 of 500 - 00:01.234s
Fetching source 2 of 500 - 00:00.987s
Fetching source 3 of 500 - 00:01.456s
...
Fetching source 500 of 500 - 00:00.823s
Cleaning false positives...
Fetching legitimate domains lists...
Processing legitimate domains...
Loaded 2,000,000 legitimate domains
Starting domain cleanup...
Removed 1,234 legitimate domains
False positives cleaning completed in 00:15.789s
Database update completed in 05:23.456s
# Check if a domain is malicious with full category details
$ ismalicious get malicious-site.ru
Found entry in domains.json: malicious-site.ru
Categories: malware phishing c2 botnet
# Check an IP address
$ ismalicious get 192.168.1.100
Found entry in ips.json: 192.168.1.100
Categories: tor-exit-node proxy
# Deploy in Docker with persistent data volume
$ docker run -v $(pwd)/data:/app/data ismalicious/cli update
Database update started...Offline Database Operations
Run threat intelligence checks completely offline with local JSON databases. No internet dependency once synchronized, perfect for air-gapped environments.
ismalicious get domain.comMulti-Source Aggregation
Automatically fetches and combines data from 500+ threat intelligence sources. Single command updates your entire local database with the latest threats.
ismalicious updateFalse Positive Filtering
Advanced curation using Cloudflare Radar and top-1M domains lists. Removes legitimate domains automatically to ensure zero false positives in your threat database.
Auto-cleans during updateEntity Extraction Engine
Smart regex-based extraction supporting domains, IPv4, and IPv6 addresses. Handles multiple formats and automatically categorizes entities by threat type.
Supports all IP/domain formatsHigh-Performance
Built for maximum speed and efficiency. Optimized network operations with libcurl, parallel processing, and minimal memory footprint.
Processes millions of entitiesCross-Platform Support
Native binaries for Linux, macOS, and Windows. Docker images available for containerized deployments and seamless CI/CD integration.
docker run ismalicious/cliCategory Classification
Each threat is tagged with specific categories like malware, phishing, botnet, C2, and more. Enables precise filtering and threat-specific response workflows.
JSON output with categoriesLicense-Based Access
Enterprise license validation system with online verification. Supports offline grace periods and flexible licensing for team deployments.
Secured with license.txtDebug & Performance Monitoring
Built-in benchmarking tools with --debug flag. Track fetch times, processing speeds, and database operations for optimization and troubleshooting.
ismalicious --debug update
Seamless Integration with Your Security Stack
isMalicious integrates effortlessly with leading firewalls, CDNs, and cloud platforms
Palo Alto
Firewall
Fortinet
Firewall
Cisco
Network Security
Check Point
Firewall
Cloudflare
CDN
AWS
Cloud
Azure
Cloud
Google Cloud
Cloud
Need a custom integration? Contact our team
This website uses cookies to enhance your browsing experience, analyze site traffic, and serve better user experiences. By continuing to use this site, you consent to our use of cookies. Learn more in our cookie policy
