IP Reputation / CTI

Query behavioral intelligence on any IP — reputation scores, attack patterns, linked CVEs, and activity history — sourced from hundreds of thousands of real CrowdSec deployments worldwide.

🔍

Explore in the Web UI

No setup needed. Search any IP directly from your browser — run Lucene queries with live faceted filters (reputation, country, AS, behaviors, classifications) and open any result to see its full report: threat score, behaviors mapped to MITRE ATT&CK, linked CVEs, and time-windowed activity. The homepage also surfaces a Top 10 Most Aggressive IPs leaderboard updated every 24h.

IP Search →Advanced Search →IP Report →Lucene Query Reference →

🔑

Enrich your Alerts

Unlock programmatic access to 30+ enrichment fields per IP — reputation, behaviors, CVEs, attack context, MITRE mappings, and more. Use it to enrich SIEM alerts, automate lookups, or feed threat intel platforms. Free tier included, no credit card needed.

Create an API key →Data Taxonomy →API Reference

You might also be interested in

🚨

Live Exploit Tracker ↗

A dedicated platform tracking CVEs actively exploited in the wild — with exploitation momentum, opportunity scores, and the IPs behind each attack. Uses the same CTI API key.

Explore the Live Exploit Tracker →

Get your first API key →

---

For API endpoints, request/response schemas, integrations (SIEM, SOAR, TIP platforms), and data taxonomy, see the CTI API documentation.