Usage Guide
This guide will help you protect your website by querying our database of malicious IPs. You can use DNS queries for fast real-time protection or make API requests to check specific IPs.
Both our API and DNS interfaces return a CNAME record when an IP address is found in our database.
If the IP is not present, you will receive either a 404 response (for the API) or NXDOMAIN (for DNS).
Currently, we use three different CNAMEs to indicate the reason for blocking:
-
bad.ip64.org: The IP address appears on one of the public blocklists that we import daily. -
autoblock.ip64.org: The IP address was automatically added by our honeypot, typically due to scraping activity. This list is available for download here. -
manual.ip64.org: The IP address or network was manually added by one of our trained cybersecurity analysts.
Using DNS Queries
The preferred method to check whether an IP address is flagged as malicious is through a DNS query. This method is fast and lightweight.
dig +short 12.12.12.12.ip64.org
If the IP is flagged, you will receive a response, such as the CNAME value bad.ip64.org. Otherwise, you'll get an NXDOMAIN response.
Using the API
If you prefer to integrate the check within your codebase, you can use our simple API to check for malicious IPs. Here's an example using curl:
curl -X POST https://ip64.org/api/check_ip -H "Content-Type: application/json" \
-d '{"ip": "192.0.2.1"}'This API request will return a JSON response indicating whether the IP is in the database or not.