Bulk Check
Mass threat intelligence lookups
Check batches of domains, IPs, or URLs in one API call (up to 100 on Pro, 50 on Basic). Each item returns full threat context subject to your plan limits.
100
Max items/request (Pro)
10K/mo
Pro monthly quota
60/min
Pro API burst
Mixed
Input types
Key Features
Everything you need to protect your infrastructure and users
Plan-based batches
Up to 50 entities per request on Basic and 100 on Pro, within monthly quotas.
Multiple Formats
Accept JSON, CSV, or newline-delimited text input.
Mixed Types
Check domains, IPs, and URLs in the same request.
Full Results
Get complete threat data for each item, not just verdicts.
Chunk large jobs
Split very large indicator lists across multiple requests while respecting burst and monthly limits.
Export Options
Download results as JSON, CSV, or STIX format.
Use Cases
How security teams use this tool
Log Enrichment
Enrich SIEM logs with threat data in bulk.
List Validation
Validate blocklists and allowlists against threat intel.
Incident Response
Quickly check IOCs during incident investigations.
Email Gateway
Check sender domains and URLs from email batches.
Why Bulk Threat Checking?
Security operations generate massive volumes of indicators that require threat analysis: firewall logs contain thousands of external IPs daily, email gateways process millions of URLs, SIEMs aggregate indicators from dozens of sources, and incident response investigations can involve hundreds of IOCs. Checking these one at a time is impractical. The bulk API lets you process many domains, IPs, and URLs per call (up to 50 on Basic and 100 on Pro), so you can automate enrichment in chunks that fit your plan limits.
Use Cases for Bulk Threat Intelligence
Security teams leverage bulk checking across numerous workflows: enrich SIEM alerts with threat context for thousands of indicators simultaneously, validate and prioritize blocklists before deployment, analyze log files to identify compromised hosts communicating with malicious infrastructure, screen vendor and partner domains for supply chain risk assessment, and process IOC feeds from ISAC sharing groups. Any scenario involving more than a handful of indicators benefits from bulk API efficiency.
API Integration Best Practices
Maximize bulk API effectiveness with these practices: batch indicators logically by time window or source for easier result correlation, implement async processing for very large batches to avoid timeout issues, cache results to reduce duplicate lookups for frequently-seen indicators, use mixed-type requests to check domains, IPs, and URLs together when investigating related infrastructure, and export results in STIX format for seamless integration with threat intelligence platforms.
Performance and Scalability
Our bulk API handles mixed indicator types with automatic detection and routing, supports JSON bodies with arrays of entities, returns rich threat context for each item, and is designed to be called repeatedly within your plan burst and monthly quotas. For volumes beyond a single batch, run parallel or sequential requests and cache results to stay within limits.
Frequently Asked Questions
How many items can I check at once?
What formats do you accept?
How fast is bulk processing?
Can I mix domains and IPs in one request?
Related Articles
Learn more from our security research blog
Ready to Get Started?
Join thousands of security teams using isMalicious to protect their infrastructure.