Real-time threat intelligence

Threat IntelAPIfor Security Teams

Check any IP, domain, URL, file hash, or CVE against 500M+ threat indicators aggregated from 500+ sources — through a REST API, dashboard, or real-time stream. Free API key, no credit card required.

User
User
User
+117,360 reports
500M+Records
EvidenceSOC
24/7Live
206.168.34.44High risk2h ago
MITRE ATT&CK
T1071 · T1566 · T1583
C&C · Initial Access · Resource Development
AI Summary

Known C2 infrastructure linked to Emotet campaigns. Active phishing operations across 23 domains. High confidence from 12 intel sources.

Reputation Analysis
79%
threat detection rate
42 malicious · 8 suspicious · 3 harmless
12 CVEsdetected
Moscow, RUorigin
SSLexpired 45d
Active< 6h ago
Trusted by security teams worldwide
HKCERT
Houston University
ICS
Kimoshiro
National Grid
Tehtris
Xfinit
By the numbers

523

Source Checks

Configured feeds are reliability-weighted so SOC teams can see why a verdict was produced.

24/7

Real-Time Updates

Continuous monitoring and database refreshes ensure you always have the latest threat intelligence.

500M+

Threat Records

250M IPs, 200M domains, 50M hashes, and more malicious entities tracked across the globe.

80%

Faster Detection

Identify threats faster than traditional methods, reducing response time and potential damage.

Live Data
Updated continuously

What's Happening Right Now

A sample from our live feed. Registered users see the full picture.

Ransomware Activity
Full feed
Schacht Law Office
akiraBusiness Services
May 29
Badan Pangan Nasional
novaAgriculture and Food Production
May 29
Braincell Braincell.sa rfcargo.braincell.solutions rf.braincell.solutions governata.com
0day SyndicateTechnology
May 29
BCD Travel
shinyhuntersBusiness Services
May 29
Recent CVEs
Full feed
CVE-2026-53478CVSS 7.2
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 r
CVE-2026-49815CVSS 7.2
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 r
CVE-2026-49814CVSS 7.2
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 r
Logged-in users see 500M+ records, full IOC context, and real-time alerts
Get Free Access
Capabilities

What Powers
the Platform

01

Multi-Source Aggregation

Aggregate data from Shodan, GreyNoise, AbuseIPDB, community threat feeds, and 500+ more providers. One query, comprehensive results — no juggling multiple platforms.

Threat IntelData EnrichmentIOC Feeds
02

AI-Powered Analysis

LLM-generated summaries transform raw enrichment data into actionable intelligence with context-aware threat narratives tailored to your environment.

AI AnalysisContextual IntelGenAI Security
03

MITRE ATT&CK Mapping

Automatically map IOCs to MITRE ATT&CK techniques based on threat tags and enrichment findings. Accelerate triage and build structured threat models.

MITRE ATT&CKTTPsThreat Modeling
How it works

See It in Action

terminal
$ curl -H "X-API-Key: $KEY" https://api.ismalicious.com/v1/check/192.168.1.1
Snippet showing IP/domain check response
Data Sources

564+ Verified
Intelligence Sources

Real-time threat intelligence aggregated from industry-leading providers, community feeds, and proprietary detection engines.

Antivirus Engines
Shodan
GreyNoise
AbuseIPDB
Community IOC feeds
IsMalicious
URLhaus
+557More Sources
FAQ

Frequently Asked
Questions

Anything else? Reach out to us.

    • What data does the API return?

      Security score, threat reputation, WHOIS, geolocation, TLS certificates, vulnerabilities, identifier lists, and similar suspicious entities — all from a single query.
    • How often is data refreshed?

      All data is refreshed once per day to ensure daily accuracy across all 500M+ records.
    • API Usage Limits

      Website / Dashboard:
      Anonymous: 1 request / 60 min (30/month)
      Free Account: 10 request / minute (30/month)

      API Access:
      Free API Key: 10 request / 60 min (30/month)
      Basic: 1 requests / min (2,000/month)
      Pro: 60 requests / min (10,000/month)
    • Why is the API rate limited?

      Rate limits prevent abuse and ensure fair access across all users. Need higher throughput? Contact us for custom plans.
    • Cancel & refund policy

      We do not offer refunds for any plans. If you have an issue with our service, reach out and we will do our best to help.
    • What integrations are available?

      We support CORTEX, offer an on-premise CLI for air-gapped environments, and provide exportable firewall blocklists. More integrations with top cybersecurity platforms are in progress.
    • Where is isMalicious based?

      isMalicious is a French company headquartered in Europe, operating under GDPR compliance.
    • Disclaimer of responsibility

      isMalicious provides threat scores based on aggregated public datasets. We do not accept liability for decisions made from this data. Use it as a supplement to your own security measures and professional judgment.
    • How do I get support?

      Email us at contact@ismalicious.com. We respond within one business day.