IP Intelligence

Why We Built This

Every network faces the same threats: SSH bruteforce attacks, port scanning, credential stuffing, DDoS attempts. Traditional threat intelligence services collect massive amounts of data, but often struggle to separate real threats from noise.

We built IP Intelligence to solve two specific problems:

First, the false positive problem. Most services treat all abuse reports equally - a compromised home computer gets flagged the same way as a professional attacker operating from bulletproof hosting. This creates alert fatigue and wastes security team resources. Our algorithms use context-aware scoring to distinguish between victims and attackers.

Second, the European data challenge. Organizations in Europe - particularly in public sector, healthcare, finance, and critical infrastructure - need threat intelligence that respects EU data protection laws and can be hosted within European jurisdiction. That's not just a nice-to-have; for many organizations it's a regulatory requirement.

Built for European Requirements

Data Sovereignty

All data processing and storage happens on European infrastructure. For organizations that cannot rely on services hosted outside EU jurisdiction, this matters. No foreign data requests, no exposure to non-EU legislation, complete control over where your data resides.

GDPR Compliance by Design

Built by a Norwegian company under EU/EEA data protection standards. Privacy features like data minimization, purpose limitation, and right to erasure aren't retrofitted - they're part of the core architecture. We understand European privacy requirements because we operate under them.

Transparency & Auditability

Registered with Norwegian Communications Authority (NKOM) with official Object Identifier: 2.16.578.1.62. Every threat report is traceable and auditable. No black-box scoring algorithms - full transparency into data sources, methodology, and confidence levels.

Local Infrastructure & Support

API endpoints hosted in Europe with sub-5ms response times for European users. Support in Nordic languages, European time zones, understanding of regional ISPs and hosting providers. When your firewall needs a verdict in real-time, latency matters.

How It Works

Intelligent Analysis

We don't just collect reports - we analyze them. Our algorithms distinguish between different threat types:

• Professional attackers operating from datacenters and bulletproof hosting get high-confidence threat scores
• Compromised victims (home computers, small businesses, IoT devices) are flagged separately with lower severity
• Tor exit nodes are classified distinctly so you can apply your own Tor policy
• Legitimate services (VPNs, proxies, shared hosting) are identified to reduce false positives

Data Sources

Intelligence comes from two primary sources:

• WAYSCloud infrastructure: Our own network processes millions of security events daily, providing high-quality baseline intelligence
• Community contributions: fail2ban integrations, IDS systems, and security researchers worldwide share threat data

Confidence Scoring

Every threat includes a confidence score. We don't just say "this is bad" - we tell you how certain we are, what type of threat it is, and what context matters. You set your thresholds based on your risk tolerance.

Who Uses This

IP Intelligence is used by organizations that need reliable threat data:

• Public sector and government agencies requiring EU data sovereignty
• Healthcare organizations with strict data protection requirements
• Financial institutions needing GDPR-compliant threat intelligence
• System administrators integrating with fail2ban and firewall systems
• Security teams enriching SIEM data with European context
• Web applications protecting against credential stuffing and automated attacks

The service is free for basic lookups and integration. Enterprise features for advanced use cases are available for organizations with specific requirements.

Technology

Fast REST API with comprehensive threat metadata. Sub-second response times. IPv4 and IPv6 support. Integration examples for fail2ban, nginx, Python, Node.js, and other common platforms.

Data enrichment includes: threat category, severity level, confidence score, ISP identification, geolocation, network type (datacenter/residential), Tor detection, and historical abuse patterns.