Real-time threat intelligence

Threat IntelAPIfor Security Teams

Check any IP, domain, URL, file hash, or CVE against 500M+ threat indicators aggregated from 500+ sources — through a REST API, dashboard, or real-time stream. Free API key, no credit card required.

User
User
User
+117,040 reports
500M+Records
EvidenceSOC
24/7Live
206.168.34.44High risk2h ago
MITRE ATT&CK
T1071 · T1566 · T1583
C&C · Initial Access · Resource Development
AI Summary

Known C2 infrastructure linked to Emotet campaigns. Active phishing operations across 23 domains. High confidence from 12 intel sources.

Reputation Analysis
79%
threat detection rate
42 malicious · 8 suspicious · 3 harmless
12 CVEsdetected
Moscow, RUorigin
SSLexpired 45d
Active< 6h ago
Trusted by security teams worldwide
HKCERT
Houston University
ICS
Kimoshiro
National Grid
Tehtris
Xfinit
By the numbers

523

Source Checks

Configured feeds are reliability-weighted so SOC teams can see why a verdict was produced.

24/7

Real-Time Updates

Continuous monitoring and database refreshes ensure you always have the latest threat intelligence.

500M+

Threat Records

250M IPs, 200M domains, 50M hashes, and more malicious entities tracked across the globe.

80%

Faster Detection

Identify threats faster than traditional methods, reducing response time and potential damage.

Live Data
Updated continuously

What's Happening Right Now

A sample from our live feed. Registered users see the full picture.

Ransomware Activity
Full feed
X-Copper Professional
moneymessageManufacturing
Jul 2
Pennant Hills Golf Club
qilinHospitality and Tourism
Jul 2
Tofutown
payloadAgriculture and Food Production
Jul 2
Salters propane
spacebearsEnergy
Jul 2
Recent CVEs
Full feed
CVE-2026-33592CVSS 7.5
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The ser
CVE-2026-5821CVSS 8.1
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4.
CVE-2026-14249CVSS 7.5
The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the
Logged-in users see 500M+ records, full IOC context, and real-time alerts
Get Free Access
Capabilities

What Powers
the Platform

01

Multi-Source Aggregation

Aggregate data from Shodan, GreyNoise, AbuseIPDB, community threat feeds, and 500+ more providers. One query, comprehensive results — no juggling multiple platforms.

Threat IntelData EnrichmentIOC Feeds
02

AI-Powered Analysis

LLM-generated summaries transform raw enrichment data into actionable intelligence with context-aware threat narratives tailored to your environment.

AI AnalysisContextual IntelGenAI Security
03

MITRE ATT&CK Mapping

Automatically map IOCs to MITRE ATT&CK techniques based on threat tags and enrichment findings. Accelerate triage and build structured threat models.

MITRE ATT&CKTTPsThreat Modeling
How it works

See It in Action

terminal
$ curl -H "X-API-Key: $KEY" https://api.ismalicious.com/v1/check/192.168.1.1
Snippet showing IP/domain check response
Data Sources

564+ Verified
Intelligence Sources

Real-time threat intelligence aggregated from industry-leading providers, community feeds, and proprietary detection engines.

Antivirus Engines
Shodan
GreyNoise
AbuseIPDB
Community IOC feeds
IsMalicious
URLhaus
+557More Sources
FAQ

Frequently Asked
Questions

Anything else? Reach out to us.

    • What data does the API return?

      Security score, threat reputation, WHOIS, geolocation, TLS certificates, vulnerabilities, identifier lists, and similar suspicious entities — all from a single query.
    • How often is data refreshed?

      All data is refreshed once per day to ensure daily accuracy across all 500M+ records.
    • API Usage Limits

      Website / Dashboard:
      Anonymous: 1 request / 60 min (30/month)
      Free Account: 10 request / minute (30/month)

      API Access:
      Free API Key: 10 request / 60 min (30/month)
      Basic: 1 requests / min (2,000/month)
      Pro: 60 requests / min (10,000/month)
    • Why is the API rate limited?

      Rate limits prevent abuse and ensure fair access across all users. Need higher throughput? Contact us for custom plans.
    • Cancel & refund policy

      We do not offer refunds for any plans. If you have an issue with our service, reach out and we will do our best to help.
    • What integrations are available?

      We support CORTEX, offer an on-premise CLI for air-gapped environments, and provide exportable firewall blocklists. More integrations with top cybersecurity platforms are in progress.
    • Where is isMalicious based?

      isMalicious is a French company headquartered in Europe, operating under GDPR compliance.
    • Disclaimer of responsibility

      isMalicious provides threat scores based on aggregated public datasets. We do not accept liability for decisions made from this data. Use it as a supplement to your own security measures and professional judgment.
    • How do I get support?

      Email us at contact@ismalicious.com. We respond within one business day.