AR

Abuse Radar Threat Feed

Sanitized threat intelligence from monitored infrastructure.

Public API

Use these endpoints for firewall automation, SIEM enrichment, Wazuh rules, fail2ban actions, or quick IP checks. Responses are public-safe and do not include raw logs, usernames, hostnames, or source collector details.

Check one IP

Returns listed status, reason, severity, feed window, counts, and geo context.

GET https://abuse.secureinsight.my/api/v1/check?ip=1.2.3.4

JSON feed

Returns active events from a 1-30 day window. Use reason and limit to narrow results.

GET https://abuse.secureinsight.my/api/v1/feed?days=10&limit=100

Plain blocklists

One IP per line for direct import into firewalls and security tooling.

GET https://abuse.secureinsight.my/blocklists/10days.txt
GET https://abuse.secureinsight.my/blocklists/15days.txt
GET https://abuse.secureinsight.my/blocklists/30days.txt

Severity

Severity is a prioritization hint calculated from recency, detection volume, source count, and signal type. It is not a legal attribution claim.

Low | Medium | High | Critical