Real-time threat intelligence

Threat IntelAPIfor Security Teams

Check any IP, domain, URL, email, phone, crypto wallet, file hash, or CVE against the industry's largest live indicator dataset — through a REST API, dashboard, or real-time stream. Free API key, no credit card required.

User
User
User
+443,264 threats indexed today
Multi-sourceEvidence
Request-timeLookups
As publishedEvents
206.168.34.44High risk2h ago
MITRE ATT&CK
T1071 · T1566 · T1583
C&C · Initial Access · Resource Development
AI Summary

Known C2 infrastructure linked to Emotet campaigns. Active phishing operations across 23 domains. High confidence from 12 intel sources.

Reputation Analysis
79%
threat detection rate
42 malicious · 8 suspicious · 3 harmless
12 CVEsdetected
Moscow, RUorigin
SSLexpired 45d
Active< 6h ago
Trusted by security teams worldwide
HKCERT
Houston University
ICS
Kimoshiro
National Grid
Tehtris
Xfinit
By the numbers

0M+

Threat Records

Malicious IPs, domains, URLs, and file hashes tracked across the globe — refreshed continuously.

541

Intelligence Sources

Configured feeds are reliability-weighted so SOC teams can see why a verdict was produced.

0K+

New Threats (24h)

Indicators indexed in the last day. Continuous monitoring means you always query the latest intelligence.

0%

Source Evidence

Assessments show contributing sources so analysts can review agreement and conflicts.

Current data
Updated continuously

What's Happening Right Now

A sample from our live feed. Registered users see the full picture.

Ransomware Activity
Full feed
Acosol
qilinNot Found
Jul 17
Centre for Newcomers
interlockPublic Sector
Jul 17
Paragon Store Fixtures
interlockManufacturing
Jul 17
Westcoast Communication Services
akiraTelecommunication
Jul 17
Recent CVEs
Full feed
CVE-2026-7488CVSS 7.5
Insertion of sensitive information into sent data vulnerability in IKAS Technology Inc. E-Commerce allows Retrieve Embed
CVE-2026-16016CVSS 7.3
A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file ex
CVE-2024-23564CVSS 9.1
HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obta
Logged-in users see the full record set, full IOC context, and real-time alerts
Get Free Access
Capabilities

What Powers
the Platform

Every check fans out across hundreds of intelligence sources, correlates the evidence, and returns one explainable verdict — in a single API call.

Multi-Source Verdicts

Aggregate Shodan, GreyNoise, AbuseIPDB, community feeds, and hundreds more vetted providers. Every verdict shows which sources agreed, how reliable they are, and why the score was produced — evidence a SOC can act on.

Threat IntelSource AgreementIOC Feeds

Full Enrichment Profiles

WHOIS, DNS history, SSL certificates, ASN, geolocation, abuse contacts, and tech stack — resolved in one pass so analysts stop juggling five tabs.

AI-generated Analysis

LLM summaries turn raw enrichment into a threat narrative with recommended next steps, tailored to the indicator in front of you.

MITRE ATT&CK Mapping

IOCs map automatically to ATT&CK techniques from threat tags and findings — triage faster with structured threat models.

One Request, Full Verdict

A REST API designed for developers: reputation, sources, categories, and history in a single JSON response. SDKs, OpenAPI spec, and copy-paste examples included.

REST APISDKsOpenAPI

Monitoring & Alerts

Watch critical IPs and domains 24/7. Get notified the moment a watched asset turns suspicious or its threat status changes.

Bulk & Streaming Checks

Thousands of indicators per request over the bulk API, or progressive results streamed over SSE for long-running lookups.

Blocklist Exports

Firewall-ready blocklists by threat family, refreshed continuously and exportable straight into your perimeter.

Similarity Search

Fuzzy matching surfaces look-alike domains and related infrastructure, exposing coordinated campaigns behind a single IOC.

How it works

See It in Action

terminal
$ curl -H "X-API-Key: $KEY" https://api.ismalicious.com/v1/check/192.168.1.1
Snippet showing IP/domain check response
Free account

You Just Ran a Check.
Here's What You're Missing.

Anonymous checks show the verdict. A free account includes the analysis, the history, and the API behind it — in under a minute.

AI-generated assessment

Get the AI summary on every report — a narrative verdict with recommended next steps.

Free API Key

30 checks per month through the REST API, straight from your dashboard. No credit card.

Saved Reports & History

Every check you run is saved. Revisit, compare, and share reports with your team.

Monitoring & Alerts

Watch the assets you care about and get notified when their threat status changes.

Exports

Take verdicts with you — PDF exports for stakeholders, upgrade paths to STIX, CSV, and JSON.

Create Your Free Account

No credit card required · 30 free checks/month · Free API key

Data Sources

540+ Verified
Intelligence Sources

Real-time threat intelligence aggregated from industry-leading providers, community feeds, and proprietary detection engines.

Antivirus Engines
Shodan
GreyNoise
AbuseIPDB
Community IOC feeds
IsMalicious
URLhaus
+533More Sources
FAQ

Frequently Asked
Questions

Anything else? Reach out to us.

What data does the API return?

Security score, threat reputation, WHOIS, geolocation, TLS certificates, vulnerabilities, identifier lists, and similar suspicious entities — all from a single query.

How often is data refreshed?

All data is refreshed once per day to ensure daily accuracy across all indexed records.

What are the API usage limits?

Website / Dashboard:
Anonymous: 10 request / 60 min (30/month)
Free Account: 10 request / minute (30/month)

API Access:
Free API Key: 10 request / 60 min (30/month)
Basic: 1 requests / min (2,000/month)
Pro: 60 requests / min (10,000/month)

Why is the API rate limited?

Rate limits prevent abuse and ensure fair access across all users. Need higher throughput? Contact us at contact@ismalicious.com for custom plans.

What is the cancel & refund policy?

We do not offer refunds for any plans. If you have an issue with our service, reach out at contact@ismalicious.com and we will do our best to help.

What integrations are available?

We support CORTEX, offer an on-premise CLI for air-gapped environments, and provide exportable firewall blocklists. More integrations with top cybersecurity platforms are in progress.

Where is isMalicious based?

isMalicious is a French company headquartered in Europe, operating under GDPR compliance.

Disclaimer of responsibility

isMalicious provides threat scores based on aggregated public datasets. We do not accept liability for decisions made from this data. Use it as a supplement to your own security measures and professional judgment.

How do I get support?

Email us at contact@ismalicious.com. We respond within one business day.