Supported indicators
IP addresses, domains, URLs, file hashes, email reputation, ASN context, and vulnerability references.
One REST surface for IP reputation, domain reputation, URL scanning, file hashes, bulk checks, streaming enrichment, and IOC workflows — documented, versioned, and ready for your SIEM, SOAR, or product backend.
{ "query": "example.com", "reputation": "suspicious", "score": 0.87 }
Illustrative response — fields vary by plan and target type.
Base64-encode apiKey:apiSecret as X-API-KEY. Same pattern in every SDK.
# X-API-KEY = base64(apiKey:apiSecret)
curl -G "https://api.ismalicious.com/check" \
--data-urlencode "query=example.com" \
--data-urlencode "enrichment=standard" \
-H "X-API-KEY: $(echo -n 'YOUR_API_KEY:YOUR_API_SECRET' | base64)"Deep dives per topic — or jump straight into the canonical reference.
Routes, auth modes, public vs dashboard endpoints, TAXII, bulk, streaming — kept in sync with api.ismalicious.com.
Import into Postman, Insomnia, or codegen pipelines.
Clear product boundaries for security teams comparing API-first threat intelligence vendors.
IP addresses, domains, URLs, file hashes, email reputation, ASN context, and vulnerability references.
Single lookup, bulk lookup, Server-Sent Events streaming, webhook notifications, SDKs, and OpenAPI import.
Normalized reputation, source attribution, category labels, confidence context, enrichment metadata, and rate-limit headers.
SOC enrichment, SIEM/SOAR workflows, signup abuse checks, firewall automation, CTI platforms, and developer security products.
Free key with 30 checks/month, documented rate limits, Pro with 10,000 checks/month, and enterprise support for custom feed needs.
isMalicious is a threat intelligence and reputation API; it is not a full malware sandbox or internet-wide asset search engine.
Supporting material for buyers comparing threat intelligence APIs, IP/domain reputation APIs, and enrichment pipelines.
Programmatic access to our threat intelligence graph: real-time domain, IP, URL, and hash reputation with enrichment designed for security workflows — not a generic WHOIS wrapper.
Free tier includes 30 requests per month. Create an account, issue keys from the dashboard, and use official SDKs or curl. The playground and OpenAPI spec help you explore without guesswork.
Infrastructure aimed at mission-critical use cases: high availability targets, low-latency responses, and clear rate-limit semantics so you can scale integrations confidently.
Endpoints are documented with examples and field explanations. Paid plans include prioritized support channels; status and incidents are communicated on our public status page.
Patterns for integrating threat intel at scale
30 free requests per month. No card required — upgrade when you outgrow the sandbox.
Create account