Hosted API · One Key · Three Tools

Network intelligence APIs that actually tell you something

Production-ready, hosted APIs for IP reputation, deep domain inspection, and live honeypot threat intelligence — built for SOCs, MSSPs, and product teams. No infrastructure, no feed wrangling, no DNS rate limits to manage.

Get an API key See the APIs
Millions of threat-intel events daily  ·  30+ reputation feeds  ·  50+ DNSBLs  ·  47 threat-intel export formats  ·  Live honeypot telemetry
30+
IP Reputation Feeds
50+
DNSBL Sources
47
Blocklist Export Formats
3
APIs · 1 Key
The APIs

Three focused APIs, one credential

From a single IP lookup to a live attack globe fed by our own global honeypot sensor network — query everything with one API key.

🔍
IP Intelligence API

IP Info

Check any IP against 30+ threat-intelligence feeds and 50+ DNS-based blacklists in a single call. Backed by an asynchronous job queue so heavy lookups never block your application.

  • Reputation across EmergingThreats, Spamhaus, FireHOL, AlienVault, CINS, Tor, Mirai & more
  • 50+ DNSBL lookups in parallel (Barracuda, SpamCop, Spamhaus ZEN…)
  • Async job queue with status polling — no client-side timeouts
  • JSON or HTML output — paste the URL anywhere
  • Header, query-param, or form API key auth
Try IP Info
🌐
Domain Intelligence API

Domain Info

A comprehensive domain inspection API that goes far beyond basic WHOIS. Get the full security posture of any domain in one report — DNS health, email authentication, certificate details, open ports, subdomains, and an interactive relationship graph.

  • WHOIS, full DNS (SOA, DNSSEC, DNSKEY, CAA, TLSA, SSHFP, NAPTR…)
  • Email security: SPF, DMARC, DKIM, MTA-STS, TLS-RPT, BIMI
  • SSL/TLS certificate analysis & security-header grading
  • Port probing, subdomain discovery & web-tech fingerprinting
  • Interactive domain relationship graph
  • Export as HTML, PDF, or standalone graph
Try Domain Info
🕸️
Threat Intelligence API

Honeypot Dashboard

A managed analyst console fed by our globally distributed honeypot sensor network. Live attack arcs on a 3D globe, campaign clustering, Sankey flow graphs, decoded payloads, and one-click blocklist exports — in 47 formats from iptables to Terraform — all behind your API key.

  • Real-time 3D WebGL globe + 2D Leaflet map with live attack arcs
  • Campaign clustering by source IP, attack tag, and 15-minute burst window
  • Sankey flow diagrams: Country→IP→Service→Tag, ASN→IP→Service→Tag
  • Payload intelligence: decoded & clustered by Jaccard similarity
  • HTTP traffic summary: methods, status codes, URIs, user-agents
  • 47 blocklist export formats: iptables, nftables, nginx, Suricata, STIX 2.1, Cloudflare, AWS WAF, Ansible, Terraform…
Try Honeypot Dashboard
Use Cases

Built for security practitioners and product teams

Whether you're running a SOC, building a security product, or doing threat research, the APIs drop straight into your workflow.

🛡️

Incident Response

An alert fires. You have an IP and a domain. In under a minute you know if the IP is on 30+ threat feeds, if the domain's DNS is healthy, and if the certificate is legitimate.

📧

Email Security Audits

Check any domain for SPF, DMARC, DKIM, MTA-STS, and BIMI in one pass. Spot misconfigurations before attackers use them for spoofing or phishing.

🔬

Threat Research

Query our live honeypot telemetry for attacker IPs, campaign clusters, and decoded payloads. Pivot from a single suspicious IP to its full TTP footprint.

🚫

Firewall Blocklist Generation

Pull attacker IPs seen in the last hour, 24 hours, or week directly into your firewall. iptables, nftables, pfSense, Cisco ASA, AWS WAF, and 42 more formats — ready to paste.

⚙️

SIEM & SOAR Enrichment

Every API returns clean JSON with a single API key. Wire IP and domain checks into Splunk, Elastic, Sentinel, or your SOAR playbooks for automated enrichment.

🧩

Embed in Your Product

MSSPs, hosting providers, and security vendors: white-glove the data into your own UI. Predictable per-key auth, JSON everywhere, and no rate-limit surprises.

Developers

One key. Three endpoints. Plain HTTP.

No SDK required. Pass your key as a header, query parameter, or form field — every response is JSON, every endpoint is documented.

IP reputation lookup

Queue a check across 30+ feeds and 50+ DNSBLs.

curl "https://ip.ultimateip.info/ip?ip=8.8.8.8&type=json" \ -H "X-API-Key: YOUR_KEY"

Domain deep inspection

WHOIS, DNS, email auth, TLS, ports, subdomains.

curl "https://domain.ultimateip.info/api/check/example.com" \ -H "X-API-Key: YOUR_KEY"

Live honeypot telemetry

Real-time attacker map data from our sensor network.

curl "https://honeypot.ultimateip.info/api/map-live?api_key=YOUR_KEY"

Blocklist export — 47 formats

Drop the output straight into your firewall.

curl -O "https://honeypot.ultimateip.info/api/threat-intel/export\ ?format=iptables&time_range=24h&limit=5000&api_key=YOUR_KEY"
Pricing

Straightforward API plans

One API key works across all three services. Upgrade or cancel any time. Need volume or a private deployment? Talk to us.

Starter

$299 / month
  • Up to 5 Edge devices
  • All 3 APIs included
  • JSON + HTML responses
  • Blocklist exports (47 formats)
  • Email support
Get Starter key
Most popular

Pro

$499 / month
  • 50,000+ API calls / month
  • All 3 APIs included
  • Priority job queue
  • Live honeypot map streaming
  • Priority email support
Get Pro key

Enterprise

Custom
  • Unlimited or contracted volume
  • SLA & dedicated capacity
  • White-label & custom domains
  • Private honeypot tenancy
  • Slack / Teams support channel
Contact sales