Loading
Common questions about SikkerAPI, our data, and how to get started.
Yes. The free tier includes 1,000 IP lookups per day with no credit card required. Web-based lookups on the website are always free and do not count against your quota. See our pricing page for all available plans.
Register an account, log in to your dashboard, and generate an API key. You can create and manage multiple keys from the dashboard.
A lookup is any request to the /v1/key/check/{ip} API endpoint. Web-based lookups on the website do not count against your quota. See the check endpoint documentation for full details.
You will receive a 429 response with a Retry-After header. Your quota resets daily. You can upgrade your plan for higher limits.
SikkerAPI provides ready-to-use integration guides for the most common firewall and server setups. You can block malicious IPs automatically using Fail2Ban, CSF Firewall, nginx, or iptables with ipset — each with downloadable scripts and cron-based auto-updates. For SIEM platforms, our STIX/TAXII feed integrates with Splunk, Microsoft Sentinel, Elastic Security, and QRadar. You can also use the blacklist API to build custom integrations with any tool that accepts IP lists.
Our data comes from two sources: a global network of honeypot sensors that emulate 16 protocols (SSH, HTTP, SMTP, MySQL, and more), and community-submitted IP reports from security practitioners. Learn how the full data pipeline works on our behind the scenes page.
Confidence levels (0–100) are evidence-weighted with no time decay. They combine observed attack behaviors, command patterns, protocol diversity, volume, and community reports. See our confidence level documentation for the full methodology.
Data is processed in real-time. Events captured by our sensors are available within seconds of occurring. Explore the latest observed threats on our threat landscape page.
The Contributor plan is application-based. Apply with evidence of prior contributions (IP reports, security research, etc.) and we review your history to grant elevated access at no cost. See the pricing page for all plan details.
The Researcher plan provides free API access for security researchers and students. It requires verification of a research affiliation. See the pricing page for eligibility details, or contact us to apply.
Yes. You can upgrade or downgrade at any time. Changes take effect immediately and billing is prorated. View all available plans on our pricing page.
Yes. Contact us for Business plans with higher rate limits, dedicated support, and SLA guarantees.
You can submit reports through the API (/v1/key/report), the report page, or the bulk report page on the website. Reporting requires a free account and API key. Reports are categorized by attack type and feed into our risk scoring. See the report API documentation for integration details.
Yes. We provide a fail2ban action script that automatically reports banned IPs to SikkerAPI. See the fail2ban integration guide. We also support CSF integration.
The blacklist API lets you generate filtered lists of observed IPs for use in firewalls and automated security tools. You can filter by country, ASN, protocol, severity, and confidence level. See the blacklist API documentation. You can also use the blacklist export tool in your dashboard to visually configure filters, preview the score distribution, and download in plaintext or JSON — no code required.
Submit a removal request. Requests are granted for verified false positives, IP ownership changes, and dynamic IP reassignment.
Public listings are removed. Internal telemetry and aggregated data are retained indefinitely for historical context, as described in our privacy policy. See our data retention policy for full technical details.
Yes. SikkerAPI is operated from Denmark and fully complies with GDPR. You have full Article 15–21 rights including access, rectification, erasure, and data portability. Read our privacy policy for full details.