Our IP Threat Rating Lookup API allows you to query information about specific IP addresses in our threat database. By making a simple request to /ip/{ip_address}, you'll receive detailed JSON data including the threat score, submission count, and last update time for the requested IP. This endpoint makes it easy to integrate threat intelligence into your security tools, firewall rules, or monitoring systems, enabling real-time validation of suspicious connections before they can impact your infrastructure.

Access our comprehensive list of known malicious IPs through our Threat Feed API. With a single request to /feed, you'll receive a plaintext list of all threat IPs in our database, perfect for bulk importing into firewalls, security appliances, and other defensive systems. Each feed includes helpful comments detailing the last update time and purpose of the list, while being formatted for maximum compatibility with security tools. This API enables you to leverage SSHwatch's collective threat intelligence to strengthen your perimeter defenses and block known malicious actors before they attempt to breach your systems.