Threat Intelligence
Know your threats.
GeoIPHub's in-house threat-intelligence engine flags malicious IPs across botnets, malware C2, spam sources, scanners, crawlers, and Tor — every lookup returns the threat type, confidence, and a recommended action so you can block, challenge, or allow with precision.
Botnet & Malware C2
Identify botnet-infected hosts and command-and-control servers in real time. Includes malware-distribution and known-bad-SSL signals for early-warning containment.
Spam Source Detection
Flag spam-emitting IPs from continuously refreshed reputation data. Returns spam category, severity, and confidence so you can route, throttle, or quarantine.
Scanner & Crawler Detection
Detect mass scanners, exploit probes, and abusive crawlers with a 4-tier verification model — verified, unverified, spoofed, and unknown — to filter automated abuse without breaking legit bots.
Tor Exit Node Detection
Real-time Tor exit-node identification with continuously updated relay data. Knowing an IP is a Tor exit lets you step up auth or block sensitive endpoints instantly.
Composite Threat Type
Every threat IP returns a typed verdict — botnet, spammer, scanner, crawler, or relay — plus a granular sub-type so policies can target the exact category that matters to you.
Honeypot Hit Tracking
Track IPs that have hit our honeypots in the last 30 days, with hit count and severity. Catch reconnaissance before it turns into a real attack.
Sample Response
{
"is_botnet": false,
"is_spammer": true,
"is_scanner": false,
"is_tor": false,
"threat_types": ["spam"],
"threat_score": 64,
"confidence": 0.91,
"recommended_action": "review",
"honeypot_hits_30d": 0
}Ready to get started?
2,000 free requests per day. No credit card required.