Real-time threat intelligence

Threat IntelAPIfor Security Teams

Check any IP, domain, URL, file hash, or CVE against 500M+ threat indicators aggregated from 500+ sources — through a REST API, dashboard, or real-time stream. Free API key, no credit card required.

User
User
User
+3,696,827 threats indexed today
500M+Records
EvidenceSOC
24/7Live
206.168.34.44High risk2h ago
MITRE ATT&CK
T1071 · T1566 · T1583
C&C · Initial Access · Resource Development
AI Summary

Known C2 infrastructure linked to Emotet campaigns. Active phishing operations across 23 domains. High confidence from 12 intel sources.

Reputation Analysis
79%
threat detection rate
42 malicious · 8 suspicious · 3 harmless
12 CVEsdetected
Moscow, RUorigin
SSLexpired 45d
Active< 6h ago
Trusted by security teams worldwide
HKCERT
Houston University
ICS
Kimoshiro
National Grid
Tehtris
Xfinit
By the numbers

0M+

Threat Records

Malicious IPs, domains, URLs, and file hashes tracked across the globe — refreshed continuously.

531

Intelligence Sources

Configured feeds are reliability-weighted so SOC teams can see why a verdict was produced.

0M+

New Threats (24h)

Indicators indexed in the last day. Continuous monitoring means you always query the latest intelligence.

0%

Multi-Source Validated

Share of records confirmed by two or more independent sources, cutting false positives before they reach you.

Live Data
Updated continuously

What's Happening Right Now

A sample from our live feed. Registered users see the full picture.

Recent CVEs
Full feed
CVE-2026-9085CVSS 8.8
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software
CVE-2026-6509CVSS 7.8
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Priv
CVE-2026-14756CVSS 7.3
A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown fun
Logged-in users see 500M+ records, full IOC context, and real-time alerts
Get Free Access
Capabilities

What Powers
the Platform

Every check fans out across 500+ intelligence sources, correlates the evidence, and returns one explainable verdict — in a single API call.

Multi-Source Verdicts

Aggregate Shodan, GreyNoise, AbuseIPDB, community feeds, and 500+ more providers. Every verdict shows which sources agreed, how reliable they are, and why the score was produced — evidence a SOC can act on.

Threat IntelSource AgreementIOC Feeds

Full Enrichment Profiles

WHOIS, DNS history, SSL certificates, ASN, geolocation, abuse contacts, and tech stack — resolved in one pass so analysts stop juggling five tabs.

AI-Powered Analysis

LLM summaries turn raw enrichment into a threat narrative with recommended next steps, tailored to the indicator in front of you.

MITRE ATT&CK Mapping

IOCs map automatically to ATT&CK techniques from threat tags and findings — triage faster with structured threat models.

One Request, Full Verdict

A REST API designed for developers: reputation, sources, categories, and history in a single JSON response. SDKs, OpenAPI spec, and copy-paste examples included.

REST APISDKsOpenAPI

Monitoring & Alerts

Watch critical IPs and domains 24/7. Get notified the moment a watched asset turns suspicious or its threat status changes.

Bulk & Streaming Checks

Thousands of indicators per request over the bulk API, or progressive results streamed over SSE for long-running lookups.

Blocklist Exports

Firewall-ready blocklists by threat family, refreshed continuously and exportable straight into your perimeter.

Similarity Search

Fuzzy matching surfaces look-alike domains and related infrastructure, exposing coordinated campaigns behind a single IOC.

How it works

See It in Action

terminal
$ curl -H "X-API-Key: $KEY" https://api.ismalicious.com/v1/check/192.168.1.1
Snippet showing IP/domain check response
Free account

You Just Ran a Check.
Here's What You're Missing.

Anonymous checks show the verdict. A free account unlocks the analysis, the history, and the API behind it — in under a minute.

AI Threat Analysis

Unlock the AI summary on every report — a narrative verdict with recommended next steps.

Free API Key

30 checks per month through the REST API, straight from your dashboard. No credit card.

Saved Reports & History

Every check you run is saved. Revisit, compare, and share reports with your team.

Monitoring & Alerts

Watch the assets you care about and get notified when their threat status changes.

Exports

Take verdicts with you — PDF exports for stakeholders, upgrade paths to STIX, CSV, and JSON.

Create Your Free Account

No credit card required · 30 free checks/month · Free API key

Data Sources

530+ Verified
Intelligence Sources

Real-time threat intelligence aggregated from industry-leading providers, community feeds, and proprietary detection engines.

Antivirus Engines
Shodan
GreyNoise
AbuseIPDB
Community IOC feeds
IsMalicious
URLhaus
+523More Sources
FAQ

Frequently Asked
Questions

Anything else? Reach out to us.

What data does the API return?

Security score, threat reputation, WHOIS, geolocation, TLS certificates, vulnerabilities, identifier lists, and similar suspicious entities — all from a single query.

How often is data refreshed?

All data is refreshed once per day to ensure daily accuracy across all 500M+ records.

What are the API usage limits?

Website / Dashboard:
Anonymous: 1 request / 60 min (30/month)
Free Account: 10 request / minute (30/month)

API Access:
Free API Key: 10 request / 60 min (30/month)
Basic: 1 requests / min (2,000/month)
Pro: 60 requests / min (10,000/month)

Why is the API rate limited?

Rate limits prevent abuse and ensure fair access across all users. Need higher throughput? Contact us at contact@ismalicious.com for custom plans.

What is the cancel & refund policy?

We do not offer refunds for any plans. If you have an issue with our service, reach out at contact@ismalicious.com and we will do our best to help.

What integrations are available?

We support CORTEX, offer an on-premise CLI for air-gapped environments, and provide exportable firewall blocklists. More integrations with top cybersecurity platforms are in progress.

Where is isMalicious based?

isMalicious is a French company headquartered in Europe, operating under GDPR compliance.

Disclaimer of responsibility

isMalicious provides threat scores based on aggregated public datasets. We do not accept liability for decisions made from this data. Use it as a supplement to your own security measures and professional judgment.

How do I get support?

Email us at contact@ismalicious.com. We respond within one business day.