SikkerAPI is a REST API service that provides IP reputation and threat intelligence data sourced from a globally distributed honeypot sensor network and community-submitted reports. The platform operates high-interaction honeypot sensors across 17 protocols, including SSH, HTTP, MySQL, PostgreSQL, FTP, SMTP, and Redis. Data collected from these sensors is combined with community IP reports to generate IP reputation scores based on observable events, with a transparent confidence scoring system. Each IP lookup returns behavioral attack intelligence, including classified attack patterns such as GPU reconnaissance campaigns, SSH key persistence, and IoT botnet staging. Detections are decomposed into named primitives and composed into behaviors with severity levels and match counts. The service offers several API endpoints: - IP Check: Look up reputation data for IPv4, IPv6, or CIDR ranges - Blacklist: Generate dynamic IP blacklists for firewall consumption - Report / Bulk Report: Submit suspicious IPs to the community database - TAXII Feed: Structured threat intelligence feed Additional tooling includes: - SikkerGuard: Firewall automation component - Sikker-CLI: Command-line interface tool (available via npm) - Email Lookup and Username Lookup utilities - Detection Catalog: Browsable catalog of named threat behaviors - Threat browsing by country, ASN, protocol, and IP A free tier is available with 1,000 IP lookups per day. Paid plans are also offered.