We're Giving Away 10 Free Review Plans — Here's How to Get One

We're opening 10 review plan slots. Each one gives you 30 days of elevated API access — enough to integrate SikkerAPI into real infrastructure and see whether the data holds up.

What the Review Plan Includes

The plan lasts 30 days from activation.

What That Unlocks

Full-depth IP lookups at volume

The check endpoint returns confidence scores, geolocation, ASN, Tor/proxy detection, protocol breakdown, detected behaviors, primitives, and community reports for any IPv4 or IPv6 address. At 10,000 lookups per day, you can feed that into automated workflows instead of one-off checks — pipe results through the CLI with sikker check <ip> --json, or hit the API directly from scripts.

For CI/CD pipelines, the CLI supports --fail-above <score> to exit with code 1 when a confidence score exceeds your threshold.

Larger blacklists for SikkerGuard and firewall rules

The blacklist endpoint generates scored IP lists filtered by country, ASN, protocol, severity, and IP version. At 100,000 IPs per day, you're pulling a much broader slice of our threat data.

If you run SikkerGuard — the Docker container that automatically blocks malicious IPs via iptables/ipset — this directly increases the number of IPs it can pull and block. SikkerGuard handles the entire lifecycle: pulls the blacklist on a schedule, loads IPs into kernel-level ipset, drops matching packets before they reach your applications, auto-whitelists your gateway and DNS, runs connectivity self-tests after every update, and reports blocked connections back to the threat database.

The same blacklist works with manual iptables/ipset setups, CSF, or any firewall that accepts plaintext IP lists (?plaintext=true).

STIX/TAXII feeds for SIEM integration

The TAXII 2.1 endpoint serves threat intelligence as STIX 2.1 indicators — each IP includes confidence scoring, behavioral labels, and MITRE ATT&CK technique mappings. At 10,000 indicators per day, you can build incremental feeds using added_after timestamps.

Native connectors exist for Splunk, Microsoft Sentinel, Elastic Security, and QRadar.

CIDR range monitoring

Range alerts let you define CIDR blocks to watch. When an IP inside your range shows up in our threat database — from honeypot captures or community reports — you get an hourly digest email with the IP, confidence score, country, and last seen timestamp.

The review plan gives you 2 ranges with a /20 minimum prefix (4,096 IPs per range). Useful if you manage hosting infrastructure or public-facing IP space and want visibility into whether your IPs are appearing in threat feeds.

Community reporting at scale

The report endpoint accepts individual IP reports across 16 categories (bruteforce, portscan, ddos, webexploit, sqlinjection, phishing, spam, bad_bot, and more). The bulk report endpoint accepts up to 10,000 reports per request via JSON or CSV.

If you use Fail2Ban, reports can fire automatically from your existing jails — SSH brute-force bans, bad bots, SMTP spam, all reported back to the community database without manual intervention.

How to Apply

1. Register a free account if you don't have one.
2. Go to https://sikkerapi.com/contact.
3. Select Other as the subject.
4. Use the email address you registered with.
5. Tell us why you want the review plan and what you plan to use it for.

We'll review requests in order and activate your plan directly. You'll get a confirmation email when it's live. Expect 1-2 business days.

10 Slots

Once they're claimed, this round is closed. We may open more later.

If you want to see what the API returns before applying, look up any IP at https://sikkerapi.com — the public lookup shows the same data the API returns. Full endpoint documentation is at sikkerapi.com/docs.