Real-time threat intelligence

Threat IntelAPIfor Security Teams

Check any IP, domain, URL, file hash, or CVE against 500M+ threat indicators aggregated from 500+ sources — through a REST API, dashboard, or real-time stream. Free API key, no credit card required.

User
User
User
+117,200 reports
500M+Records
EvidenceSOC
24/7Live
206.168.34.44High risk2h ago
MITRE ATT&CK
T1071 · T1566 · T1583
C&C · Initial Access · Resource Development
AI Summary

Known C2 infrastructure linked to Emotet campaigns. Active phishing operations across 23 domains. High confidence from 12 intel sources.

Reputation Analysis
79%
threat detection rate
42 malicious · 8 suspicious · 3 harmless
12 CVEsdetected
Moscow, RUorigin
SSLexpired 45d
Active< 6h ago
Trusted by security teams worldwide
HKCERT
Houston University
ICS
Kimoshiro
National Grid
Tehtris
Xfinit
By the numbers

523

Source Checks

Configured feeds are reliability-weighted so SOC teams can see why a verdict was produced.

24/7

Real-Time Updates

Continuous monitoring and database refreshes ensure you always have the latest threat intelligence.

500M+

Threat Records

250M IPs, 200M domains, 50M hashes, and more malicious entities tracked across the globe.

80%

Faster Detection

Identify threats faster than traditional methods, reducing response time and potential damage.

Live Data
Updated continuously

What's Happening Right Now

A sample from our live feed. Registered users see the full picture.

Ransomware Activity
Full feed
redeplastrs.com.br
BlackfieldManufacturing
Jul 3
aydeniz.com
apt73Not Found
Jul 3
AC Beverage, Inc.
pearAgriculture and Food Production
Jul 3
CNW Electronics Pte Ltd
pearManufacturing
Jul 3
Recent CVEs
Full feed
CVE-2026-14327CVSS 7.5
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.4
CVE-2026-13768CVSS 10.0
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub R
CVE-2026-57100CVSS 9.9
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to
Logged-in users see 500M+ records, full IOC context, and real-time alerts
Get Free Access
Capabilities

What Powers
the Platform

01

Multi-Source Aggregation

Aggregate data from Shodan, GreyNoise, AbuseIPDB, community threat feeds, and 500+ more providers. One query, comprehensive results — no juggling multiple platforms.

Threat IntelData EnrichmentIOC Feeds
02

AI-Powered Analysis

LLM-generated summaries transform raw enrichment data into actionable intelligence with context-aware threat narratives tailored to your environment.

AI AnalysisContextual IntelGenAI Security
03

MITRE ATT&CK Mapping

Automatically map IOCs to MITRE ATT&CK techniques based on threat tags and enrichment findings. Accelerate triage and build structured threat models.

MITRE ATT&CKTTPsThreat Modeling
How it works

See It in Action

terminal
$ curl -H "X-API-Key: $KEY" https://api.ismalicious.com/v1/check/192.168.1.1
Snippet showing IP/domain check response
Data Sources

564+ Verified
Intelligence Sources

Real-time threat intelligence aggregated from industry-leading providers, community feeds, and proprietary detection engines.

Antivirus Engines
Shodan
GreyNoise
AbuseIPDB
Community IOC feeds
IsMalicious
URLhaus
+557More Sources
FAQ

Frequently Asked
Questions

Anything else? Reach out to us.

    • What data does the API return?

      Security score, threat reputation, WHOIS, geolocation, TLS certificates, vulnerabilities, identifier lists, and similar suspicious entities — all from a single query.
    • How often is data refreshed?

      All data is refreshed once per day to ensure daily accuracy across all 500M+ records.
    • API Usage Limits

      Website / Dashboard:
      Anonymous: 1 request / 60 min (30/month)
      Free Account: 10 request / minute (30/month)

      API Access:
      Free API Key: 10 request / 60 min (30/month)
      Basic: 1 requests / min (2,000/month)
      Pro: 60 requests / min (10,000/month)
    • Why is the API rate limited?

      Rate limits prevent abuse and ensure fair access across all users. Need higher throughput? Contact us for custom plans.
    • Cancel & refund policy

      We do not offer refunds for any plans. If you have an issue with our service, reach out and we will do our best to help.
    • What integrations are available?

      We support CORTEX, offer an on-premise CLI for air-gapped environments, and provide exportable firewall blocklists. More integrations with top cybersecurity platforms are in progress.
    • Where is isMalicious based?

      isMalicious is a French company headquartered in Europe, operating under GDPR compliance.
    • Disclaimer of responsibility

      isMalicious provides threat scores based on aggregated public datasets. We do not accept liability for decisions made from this data. Use it as a supplement to your own security measures and professional judgment.
    • How do I get support?

      Email us at contact@ismalicious.com. We respond within one business day.