REAL-TIME THREAT INTELLIGENCE

Know the risk behind
every IP address

IPShield scores any IP in milliseconds, combining geo intelligence, threat feeds, WHOIS signals, Shodan data, and behavioral analysis into a single actionable risk score.

View API Docs
450k
IPs Scored
30k
Critical Threats
4
Threat Feeds
<80ms
Avg Response
Everything you need to block threats
🎯
Real-Time IP Scoring
Score IPv4 or IPv6 address in under 100ms. Combines 10+ intelligence sources into a single risk score.
🌐
Threat Feed Integration
Checks against Feodo Tracker, Spamhaus DROP, Emerging Threats, and OTX pulses in real time.
🗺️
Geo & Network Intel
Full geolocation, ASN, ISP classification, datacenter detection with interactive map visualization.
📁
Case Management
Group suspicious IPs into investigation cases. Track status and assign to analysts.
🚫
Blacklist & Firewall Export
Maintain IP blacklist, export rules in 10 formats: Cisco ACL, iptables, Nginx, and more.
📡
SIEM Integration
Push every score event to Splunk, Microsoft Sentinel, or any generic webhook.
👁️
IP Watchlist & Monitoring
Add any IP to your watchlist and get automatic re-scores on a schedule.
📊
Live API Observability
Dashboard shows real-time request volume, error rates and endpoint usage.
🔍
Active Vulnerability Scanning
Run nmap port scans and nuclei vulnerability templates on demand, with CVE matching and consent-gated execution.
Built for security teams, not just lookups
Continuous Monitoring
Watch IPs & get alerted when risk changes
Watch any IP. IPShield continuously re-scores it and alerts you when risk crosses your defined threshold, before it turns into an incident.
Set per-IP alert thresholds (0–100)
Automatic re-score polling on a schedule
Instant alerts via SIEM or webhook on risk change
Score trend bar for each watched IP
WATCHLIST
185.220.101.1
94
CRITICAL
45.33.32.156
71
HIGH
198.20.69.98
42
MEDIUM
8.8.8.8
3
LOW
Complete Audit Trail
Every score. Every flag. Every timestamp.
IPShield logs every scored IP to a persistent database with an immutable hash chain.
Persistent PostgreSQL-backed audit history
Filter by risk, score range, proxy, Tor, datacenter
Search by IP, country or ISP
Threat feed indicators (Feodo, Spamhaus, ET, OTX)
AUDIT LOG
ALLCRITICALHIGHMEDIUMLOW
91.108.56.181[F·S]CRITICAL97
185.220.101.34[F]CRITICAL91
45.33.32.156HIGH71
198.20.69.98MEDIUM42
1.1.1.1LOW2
Active Reconnaissance
Go beyond passive intel scan on demand
When passive scoring isn't enough, launch an active scan directly from any result. IPShield runs nmap and nuclei in parallel, fingerprinting open services and matching them against known CVEs.
nmap port scan with service & version detection
Automatic CVE matching via vulners NSE
nuclei templates for misconfig, SSL/TLS, exposures
ACTIVE SCAN — 45.33.32.156
⚠ CONSENT REQUIRED
22 ssh 80 http 443 https 3306 mysql
CRITICALCVE-2024-30949.8
HIGHOutdated TLS 1.0 enabled
MEDIUMDefault MySQL credentials exposed
INFOnginx/1.18.0 banner disclosed
API Observability
Live telemetry. Zero extra tooling.
A built-in observability dashboard shows request volume, error rates, top endpoints, all in real time.
Real-time request and error rate counters
P50 / P95 / P99 latency per endpoint
Top API consumers by request volume
Hourly traffic sparkline (last 24h)
Live request log with method, status and latency
LIVE TELEMETRY
12.4k
Requests
0.3%
Error Rate
84ms
Avg Latency
99.9%
Uptime
TOP ENDPOINTS
GET /api/score/:ip8,241112ms
POST /api/score/batch1,833340ms
GET /api/whois/:ip982201ms
Four-tier risk classification
Every IP gets a score from 0–100 mapped to a risk level with a recommended action
■ CRITICAL — BLOCK
▲ HIGH — CHALLENGE
◆ MEDIUM — MONITOR
● LOW — ALLOW
Start Analyzing IPs →

Ready to secure your infrastructure?

Request access to the IPShield platform or integrate directly via the REST API. Full Swagger documentation included.

API Documentation