v3.0.9 · 30+ intelligence endpoints·● All systems operational

Peer into the Abyss.
Know every IP's true intent.

A top-tier IP threat intelligence API. Abuse scoring, blocklists, darknet mentions, JA3 fingerprints, behavioral analysis, predictive ML — all in one call. 30+ endpoints. Sub-50ms warm cache.

Try:

Free tier: 50 anonymous scans per month. No signup required.

No signup to try 50 free scans / month STIX 2.1 export Cloudflare-protected
30+
Intelligence Endpoints
10+
Blocklist Feeds
<50ms
Warm-cache Latency
99.9%
Uptime SLA

One API. Every angle of attack.

Most IP reputation APIs give you a yes/no answer. Abyss gives you the forensic depth security teams actually need.

Calibrated Risk Scoring

A weighted scoring model combines 10+ blocklist feeds, darknet mentions, honeypot interactions, and behavioral analysis into a single 0–100 risk score with confidence intervals.

Blocklist Aggregation

Real-time lookup across Spamhaus, Feodo Tracker, Emerging Threats, blocklist.de, and more — with hit categorization and source attribution for every match.

Predictive ML Analysis

A trained model predicts the probability of future malicious behavior based on burst patterns, threat actor correlation, and historical trajectory.

Darknet Intelligence

Continuously crawled darknet forums surface mentions of the IP — context, post date, reliability rating, and source attribution.

JA3 + TLS Fingerprinting

Capture and correlate TLS handshake fingerprints against known malware families. Identify C2 infrastructure even when ports and banners change.

Behavioral Fingerprinting

Detect burst patterns, off-hours activity, periodic beaconing, and weekend ratios — the behavioral signals that distinguish a real user from a botnet node.

Threat Actor Attribution

Link IPs to known threat actors (APT29, FIN7, Lazarus, etc.) with confidence scores and MITRE ATT&CK technique mappings.

STIX 2.1 Compliant

Export intelligence as STIX 2.1 bundles with deterministic UUIDv5 IDs — drop straight into your TIP, SIEM, or threat intelligence platform.

Bulk + Async Scan

Synchronous bulk for up to 25 IPs, or async jobs for up to 1000. Poll the job endpoint, get results back, build it into your SOC pipeline.

The full endpoint catalog.

Every endpoint below is live in production. All responses are JSON, cached at the edge, and documented in the OpenAPI spec.

Start scanning in under a second.

No credit card, no signup. Just type an IP and see what the abyss already knows about it.