sikkerapi@prod ~$
Why SikkerAPI|
Sikker-CLISikkerGuard
Honeypot DatabaseEmail LookupUsername LookupDetection CatalogSubnet CalculatorEncoder / Decoder
Prices
|
Fail2BanCSF FirewallNginxiptables / ipset
|
Blog
OverviewIP CheckBlacklistReportBulk ReportTAXII FeedSikker-CLIConfidence Score Algorithm
Top CountriesTop ASNsTop ProtocolsTop IPsSMTP Database
CIDR Range AlertsIP AlertsUsername AlertsEmail AlertsBlacklist Web-UIInstall SikkerGuard
|login|signup
Loading
SikkerAPI

Open source threat intelligence from a global honeypot sensor network. Real attacker behavior, not purchased feeds.

Product
PricingDocumentationReport an IPThreat MapSystem Status
Resources
BlogFAQAboutContactComparisons
Tools
Sikker-CLISikkerGuardDetection CatalogSession DatabaseTAXII Feed
Browse
Top CountriesTop ASNsTop ProtocolsTop IPsSMTP Wall of Fame
© 2026 SikkerAPI
TermsPrivacyRemove Me

Threat intelligence API pricing

IP lookups, blacklist feeds, STIX/TAXII, alerts, and community reporting. Start free, scale as you grow. Read the docs or see our FAQ.

Free

$0/mo
Lookups1,000
Reports1,000
Blacklist25,000
TAXII/day5,000
Range alerts1 × /28
IP alerts1
Email alerts5
Username alerts5
SupportCommunity
Get Started

Basic

$7/mo
Lookups7,000
Reports7,000
Blacklist50,000
TAXII/day7,000
Range alerts5 × /24
IP alerts10
Email alerts20
Username alerts20
SupportEmail
Subscribe

Small Business

$14/mo
Lookups14,000
Reports14,000
Blacklist100,000
TAXII/day14,000
Range alerts10 × /20
IP alerts20
Email alerts40
Username alerts40
SupportEmail
Subscribe

Medium Business

$28/mo
Lookups30,000
Reports30,000
Blacklist250,000
TAXII/day30,000
Range alerts20 × /16
IP alerts40
Email alerts80
Username alerts80
SupportEmail
Subscribe

Large Business

$56/mo
Lookups100,000
Reports100,000
Blacklist500,000
TAXII/day100,000
Range alerts40 × /16
IP alerts80
Email alerts160
Username alerts160
SupportEmail
Subscribe
$ sikker faq --topic pricingall questions →

What counts as a lookup?

A lookup is any request to the /v1/key/check/{ip} endpoint. Web-based lookups on the website are free and don't count. Quota resets daily at midnight UTC. Exceeding your limit returns HTTP 429 with a Retry-After header.

What firewall integrations are included?

All plans include scripts for Fail2Ban, CSF, nginx, and iptables/ipset. The blacklist API generates filtered IP lists for any firewall. Our STIX/TAXII feed integrates with Splunk, Sentinel, Elastic, and QRadar.

Where does the threat data come from?

A global network of honeypot sensors emulating 16 protocols (SSH, HTTP, SMTP, MySQL, and more), plus community-submitted IP reports and bulk submissions. Both sources are weighted in the scoring algorithm and processed in real-time. See behind the scenes for the full pipeline.

What is a range alert?

Range alerts monitor a CIDR block and notify you when any IP in that range is detected by our honeypot sensors or flagged through community reports. Maximum CIDR size scales with your plan — /28 (16 IPs) on Free to /16 (65,536 IPs) on Business plans. Configure from your dashboard.

How is the confidence level calculated?

Confidence levels (0–100) combine two evidence sources: honeypot sensor data (attack behaviors, command patterns, protocol diversity) and community-submitted reports (unique reporters, report volume, bulk submissions). When both sources corroborate, a multiplier boosts the score. See the full methodology or check any IP to see it in action.

Can I change plans or cancel?

Yes. Upgrade, downgrade, or cancel anytime from your dashboard. Changes are immediate with prorated billing. No contracts, no lock-in.

Get started free