Skip to content

Threat Intelligence

Named feeds. Boolean flags. No mystery scores.

GeoIPHub's IP reputation API returns seven boolean threat flags — is_abusive, is_spammer, is_scanner, is_botnet, is_crawler, is_bogon, is_cgnat — plus a threat_types array, built from public feeds we name: Spamhaus DROP/EDROP, FireHOL Level 1, Feodo Tracker, the official Tor exit list, and Team Cymru bogons, all refreshed daily. And because the modern bot problem includes AI scrapers, every lookup verifies crawlers against 9 official IP-range feeds — so a real Googlebot and a fake one get different answers.

  • Seven Threat Flags
  • Named Public Feeds, Daily
  • Verified Crawler Identification
Threat intelligencethreat
185.220.101.7Flagged
is_abusiveis_botnetis_scanneris_spammeris_crawleris_bogonis_cgnat

dnsbl_sources

Spamhaus DROPFireHOL L1Feodo Tracker
7Boolean threat flags
DailyThreat feed refresh
9Official crawler feeds
4DNSBL zones checked

Seven Threat Flags

is_abusive, is_spammer, is_scanner, is_botnet, is_crawler, is_bogon, and is_cgnat — plus a threat_types array naming each category that applies. Booleans you can branch on, not a number you have to interpret.

Named Public Feeds, Daily

Spamhaus DROP/EDROP, FireHOL Level 1, Feodo Tracker for botnet C2, the official Tor Project exit list, and Team Cymru bogons — every feed named, every feed refreshed daily. You can audit our sources yourself.

Verified Crawler Identification

Crawlers are checked against 9 official IP-range feeds — Googlebot, Google Special Crawlers, Bingbot, Applebot, and DuckDuckBot among them — refreshed every 2 days. The crawler object reports verified, unverified, or spoofed, so fake "Googlebots" stop getting a free pass.

AI Bot Detection

GPTBot, ChatGPT-User, OAI-SearchBot, and CCBot are identified from their operators' official IP ranges. Decide deliberately whether AI scrapers read your site — and know when one is pretending to be something else.

Scanner & Recon Awareness

Known scanner ranges — including Shodan and Censys — set is_scanner, separating internet-wide measurement traffic from your actual users before it skews your logs or your rate limits.

DNSBL Cross-Checks

Each IP is checked against 4 DNS blocklist zones, and dnsbl_sources names every zone that listed it. Evidence you can verify with a dig command, not a proprietary reputation number.

Ready to get started?

1,500 free requests per day. Every field included. No credit card required.