What's the data distributed by the API?

Security score, threat reputation, whois, geolocation, certificates, vulnerabilities, identifiers lists, similar suspicious entities.

What's the data retention duration limits?

All data are refreshed 1 time a day to ensure data accuracy on a daily basis.

Why is the API rate limited?

The API is rate limited to prevent abuse. If you need a higher rate limit, please contact us at contact@ismalicious.com.

What about the cancel & refund policy?

We do not offer refunds for any of our plans. If you have any issues with our service, please contact us at contact@ismalicious.com and we will do our best to assist you.

What integrations are available?

We support CORTEX, offer a CLI version of isMalicious for on-premise use, and provide firewall exportable blocklist features. We are working on more integrations with top cybersecurity companies.

Where is isMalicious based?

isMalicious is a French company based in Europe.

How do I get support?

If you need support, please contact us at contact@ismalicious.com.

Real-time threat intelligence

Threat IntelAPIfor Security Teams

Check any IP, domain, URL, file hash, or CVE against 500M+ threat indicators aggregated from 500+ sources — through a REST API, dashboard, or real-time stream. Free API key, no credit card required.

+116,720 reports

500M+Records

EvidenceSOC

24/7Live

206.168.34.44High risk2h ago

MITRE ATT&CK

T1071 · T1566 · T1583

C&C · Initial Access · Resource Development

AI Summary

Known C2 infrastructure linked to Emotet campaigns. Active phishing operations across 23 domains. High confidence from 12 intel sources.

Reputation Analysis

79%

threat detection rate

42 malicious · 8 suspicious · 3 harmless

12 CVEsdetected

Moscow, RUorigin

SSLexpired 45d

Active< 6h ago

Trusted by security teams worldwide

By the numbers

523

Source Checks

Configured feeds are reliability-weighted so SOC teams can see why a verdict was produced.

24/7

Real-Time Updates

Continuous monitoring and database refreshes ensure you always have the latest threat intelligence.

500M+

Threat Records

250M IPs, 200M domains, 50M hashes, and more malicious entities tracked across the globe.

80%

Faster Detection

Identify threats faster than traditional methods, reducing response time and potential damage.

Live Data

Updated continuously

What's Happening Right Now

A sample from our live feed. Registered users see the full picture.

Ransomware Activity

Full feed

joyconstructionnyc.com

settra • Construction

Jun 30

wilfley.com

settra • Business Services

Jun 30

Chamco

qilin • Manufacturing

Jun 30

Hemmersbach GmbH & Co. KG

qilin • Business Services

Jun 30

Recent CVEs

Full feed

CVE-2026-21637CVSS 7.5

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCall…

CVE-2025-11158CVSS 9.1

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restric…

CVE-2026-30929CVSS 7.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1…

Logged-in users see 500M+ records, full IOC context, and real-time alerts

Get Free Access

Capabilities

What Powers
the Platform

Multi-Source Aggregation

Aggregate data from Shodan, GreyNoise, AbuseIPDB, community threat feeds, and 500+ more providers. One query, comprehensive results — no juggling multiple platforms.

Threat IntelData EnrichmentIOC Feeds

AI-Powered Analysis

LLM-generated summaries transform raw enrichment data into actionable intelligence with context-aware threat narratives tailored to your environment.

AI AnalysisContextual IntelGenAI Security

MITRE ATT&CK Mapping

Automatically map IOCs to MITRE ATT&CK techniques based on threat tags and enrichment findings. Accelerate triage and build structured threat models.

MITRE ATT&CKTTPsThreat Modeling

How it works

See It in Action

terminal

$ curl -H "X-API-Key: $KEY" https://api.ismalicious.com/v1/check/192.168.1.1

Snippet showing IP/domain check response

Trust & coverage

Trusted by Security
Teams Worldwide

500M+

Threat indicators

IPs, domains, hashes, URLs aggregated continuously

500+

Data sources

NVD, CISA KEV, EPSS, GHSA, CERT-FR, OTX, and more

24/7

Real-time updates

Stream API and webhooks for sub-second propagation

Built for:National CERTsUniversity SOCsMSSPsEnterprise security teamsDevSecOps pipelinesThreat researchers

Try it now Contact for on-premise

Data Sources

564+ Verified
Intelligence Sources

Real-time threat intelligence aggregated from industry-leading providers, community feeds, and proprietary detection engines.

Antivirus Engines

Shodan

GreyNoise

AbuseIPDB

Community IOC feeds

IsMalicious

URLhaus

+557More Sources

FAQ

Frequently Asked
Questions

Anything else? Reach out to us.

- What data does the API return?
  Security score, threat reputation, WHOIS, geolocation, TLS certificates, vulnerabilities, identifier lists, and similar suspicious entities — all from a single query.
- How often is data refreshed?
  All data is refreshed once per day to ensure daily accuracy across all 500M+ records.
- API Usage Limits
  Website / Dashboard:
  — Anonymous: 1 request / 60 min (30/month)
  — Free Account: 10 request / minute (30/month)
  
  API Access:
  — Free API Key: 10 request / 60 min (30/month)
  — Basic: 1 requests / min (2,000/month)
  — Pro: 60 requests / min (10,000/month)
- Why is the API rate limited?
  Rate limits prevent abuse and ensure fair access across all users. Need higher throughput? Contact us for custom plans.
- Cancel & refund policy
  We do not offer refunds for any plans. If you have an issue with our service, reach out and we will do our best to help.
- What integrations are available?
  We support CORTEX, offer an on-premise CLI for air-gapped environments, and provide exportable firewall blocklists. More integrations with top cybersecurity platforms are in progress.
- Where is isMalicious based?
  isMalicious is a French company headquartered in Europe, operating under GDPR compliance.
- Disclaimer of responsibility
  isMalicious provides threat scores based on aggregated public datasets. We do not accept liability for decisions made from this data. Use it as a supplement to your own security measures and professional judgment.
- How do I get support?
  Email us at contact@ismalicious.com. We respond within one business day.

Pricing

Simple Pricing for
All Security Needs

MonthlyAnnually

Free

$0/mo

Get started with basic threat intelligence. Perfect for individuals and small projects.

Get started for free

30 reputation checks/month
10 checks/hour burst limit (session & API)
Monitor up to 5 domains or IPs
Basic threat reports
Dashboard and API access

Pro

$99/mo

Ideal for professionals and small businesses requiring more robust protection.

10,000 reputation checks/month
60 checks/minute burst limit (API)
Monitor up to 100 domains or IPs
Real-time email notifications
Detailed threat reports
Advanced API & bulk (up to 100 entities/request)
Up to 10 webhooks
Priority support

Enterprise

Comprehensive solution for organizations with advanced security needs. Custom limits and maximum protection.

Unlimited IP/Domain checks (no rate limit)
Monitor unlimited domains and IPs
Custom notification systems
Advanced threat intelligence
Real-time database updates
Custom API rate limits
On-premise solution
Dedicated support

Database

500M+ Threat Records
Across Every Category

The most comprehensive threat intelligence database, continuously refreshed from 500+ verified sources.

Phishing Database

45M+ phishing domains and credential harvesting sites. Detect fake login pages, brand impersonation, and social engineering attacks in real-time.

Updated hourly

Malware Intelligence

120M+ malware distribution IPs and domains. Block ransomware, trojans, viruses, and zero-day malware before they infect your systems.

500+ sources

IP Blocklist

100M+ malicious IP addresses involved in DDoS attacks, brute force attempts, botnet C2 servers, and network abuse.

Real-time updates

Adware Blocklist

28M+ invasive advertising networks, unwanted software promotions, and aggressive marketing domains that degrade user experience.

Multi-source verified

Tracking Domain Database

67M+ tracking domains, analytics scripts, and surveillance networks. Protect user privacy and comply with GDPR requirements.

Privacy-focused

Vulnerability Database

Comprehensive vulnerability intelligence including CVEs, exposed services, weak SSL certificates, and security misconfigurations.

Continuous scanning

Multi-Source Validation

Every threat is verified across multiple intelligence sources. Our cross-referencing system eliminates false positives and provides confidence scores for each detection.

Real-Time Blocklist Updates

Unlike static blocklists updated weekly, our database receives hourly updates. New phishing sites, malware domains, and malicious IPs are added within minutes of discovery.

Comprehensive Threat Context

Beyond simple blocklists, get rich threat intelligence including geolocation, ASN data, WHOIS information, SSL certificates, and historical behavior patterns.

Enterprise-Ready API

Sub-100ms response times, 99.9% uptime SLA, and unlimited scalability. Our cybersecurity API integrates seamlessly with firewalls, SIEM systems, and custom applications.

Start Protecting Your Infrastructure
Today — Free Tier Available

Try Free Now Explore Database

Enterprise

On-Premise
CLI Solution

Enterprise-grade threat intelligence CLI built for maximum performance. Deploy in air-gapped environments, integrate with your CI/CD pipeline, or run automated security checks at scale.

Request Enterprise License

terminal — ismalicious cli

# Update threat intelligence database from 500+ sources
$ ismalicious update
Database update started.
Fetching source 1 of 500 - 00:01.234s
Fetching source 2 of 500 - 00:00.987s
...
Fetching source 500 of 500 - 00:00.823s
Cleaning false positives...
Loaded 2,000,000 legitimate domains
Removed 1,234 false positives
Database update completed in 05:23.456s

# Check a domain
$ ismalicious get malicious-site.ru
Found entry: malicious-site.ru
Categories: malware phishing c2 botnet

# Docker deployment
$ docker run -v $(pwd)/data:/app/data ismalicious/cli update

Offline Database Operations

Run threat intelligence checks completely offline with local JSON databases. No internet dependency once synchronized — perfect for air-gapped environments.

ismalicious get domain.com