No scraping
Raw JSON may be shown in the dashboard for transparency, but automated collection from web pages will be blocked. Use the API for programmatic access.
API access
Build your own tools around transparent IP context.
The IPContext API is planned to expose the same evidence-led approach as the dashboard: recent observations, historical context, subnet activity and source-aware data streams.
Planned access
Users will be able to search a single IP address, a collection of IPs, or integrate through the API. The long-term goal is to provide a firehose stream so teams can build scoring and enrichment pipelines that match their own risk models.
Where possible, data sources will be identified in the stream so users can decide how much weight to give each observation.
Initial rate limits
API requests are expected to be limited to 10 requests per second. Higher request rates may result in a temporary one-minute pause. Repeated excessive requests may lead to longer bans.
Example response shape
{
"ip": "203.0.113.42",
"window": "last_30_days",
"context": {
"recent_activity": true,
"activity_types": ["port_scan", "auth_attempt"],
"sensor_spread": "multiple_environments",
"subnet_correlation": "similar_activity_seen"
},
"events": [
{
"first_seen": "2026-04-20T14:22:00Z",
"last_seen": "2026-04-20T14:29:00Z",
"type": "port_scan",
"ports": [22, 80, 443, 8080],
"source": "honeypot_network"
}
]
}Your own scoring
IPContext will provide evidence and context rather than forcing a universal score. You decide how observations should affect your systems.
Interest trends
Lookup patterns may be used to build an anonymous interest score showing whether other users are also investigating an IP. No user data will be shared.