Tempico IP & Hash Reputation API
Real-time answers for real-world threats.
Instantly reveal a metadata for any IP or file hash: accurate, agent-free, and ready for automation.
Give it a try:
WHAT WE HAVE MASTERED
How it works?
Tempico gathers, analyzes, and structures large volumes of raw security telemetry to surface malicious intent worldwide. Our Reputation API components query the Threat Intelligence Data Lake to deliver real-time threat insights. The current release supports IP and hash lookups, but customers who need richer context can upgrade to the Tempico Unified Operations Center — Innovator plan or higher.
IP address intelligence
We track the behavior of more than 800 million IP addresses around the world. Since many IPs change owners every day, the system applies weighted analysis, banner grabbing, and other expert techniques, resulting in a trusted reputation score with very few false positives.
Threat detection
Network monitoring flags IPs tied to malware, DDoS, spam, and brute-force attacks.
Open port visibility
Check which network services and ports, like SSH or HTTP, are open on any public host.
Network & Location context
Access ASN, net range, organization, country and city to profile each IP’s origin and risk.
Continuous monitoring
In 2024, Tempico flagged 32,297,537 unique IPs with a reputation warning. Each notice let our customers to proactively block a malicious actor or make an informed decision — ultimately reducing the risk of cyber threats across their networks.
Unique IPs
SLA availability
Pricing
The IP Address Reputation API offers two response modes to fit different security and integration needs.
High-volume bundles start at 1 million requests, stay active for one year, and can be procured from Customer Portal or through your Account Manager.
IP Lookup Core
0.27€
per 1000 requests
Features
- ASN​
- Location​
- Organisation​
- IP reputation
- Subnet​
- Abuse contacts​​
- Hostnames
- Community meta
- Detected open ports
IP Lookup for SIEM
0.75€
0.65€
per 1000 requests
Features
- ASN​
- Location​
- Organisation​
- IP reputation
- Subnet​
- Abuse contacts​​
- Hostnames
- Community meta
- Detected open ports
File threat recognition
With almost two billion file hashes on record, Tempico offers deep threat insight. This data, available through a developer-friendly, easy-to-use API, lets you block harmful code before it runs on your network.
Hash-based detection
Identify whether a file has known malware associations across global threat feeds, in less than a second.
File scanning
Upload suspicious files for a detailed verdict in minutes. Decide whether to share samples with partners or keep them private.
Designed for enterprise
Maintain a unified hash repository with hundreds of millions of entries, ensuring consistent threat intelligence across teams.
Updated hash database
Our hash database updates continuously to ensure you’re protected from both classic and emerging threats. It contains a balanced ratio of clean and malicious hashes to ensure a reasonable detectability from both worlds.
Updated at: May 2025
Pricing
The Hash Reputation API offers two response modes to fit different security and integration needs.
High-volume bundles start at 1 million requests, stay active for one year, and can be procured from Customer Portal or through your Account Manager.
Hash Lookup
for 1000 requests
0.27€
Features
- Detection stats
- Timestamps
- Classification
- File size
- PE info
Enterprise add-on
From
2690€
Features
- Sample download
- Live community updates
- Private sandbox
- Exportable hash-feeds
- Org-wide known hash lists
- Search & sort entire hash database
IP address intelligence
We track the behavior of more than 800 million IP addresses around the world. Since many IPs change owners every day, the system applies weighted analysis, banner grabbing, and other expert techniques, resulting in a trusted reputation score with very few false positives.
Threat detection
Network monitoring flags IPs tied to malware, DDoS, spam, and brute-force attacks.
Open port visibility
Check which network services and ports, like SSH or HTTP, are open on any public host.
Network & location context
Access ASN, net range, organization, country and city to profile each IP’s origin and risk.
Continuous monitoring
In 2024, Tempico flagged 32,297,537 unique IPs with a reputation warning. Each notice let our customers to proactively block a malicious actor or make an informed decision — ultimately reducing the risk of cyber threats across their networks.
Unique IPs
SLA availability
Pricing
The IP Address Reputation API offers two response modes to fit different security and integration needs.
High-volume bundles start at 1 million requests, stay active for one year, and can be procured from Customer Portal or through your Account Manager.
File threat recognition
With almost two billion file hashes on record, Tempico offers deep threat insight. This data, available through a developer-friendly, easy-to-use API, lets you block harmful code before it runs on your network.
Hash-based detection
Identify whether a file has known malware associations across global threat feeds, in less than a second.
File scanning
Upload suspicious files for a detailed verdict in minutes. Decide whether to share samples with partners or keep them private.
Designed for enterprise
Maintain a unified hash repository with hundreds of millions of entries, ensuring consistent threat intelligence across teams.
Updated hash database
Our hash database updates continuously to ensure you’re protected from both classic and emerging threats. It contains a balanced ratio of clean and malicious hashes to ensure a reasonable detectability from both worlds.
Updated at: May 2025
Pricing
The Hash Reputation API offers two response modes to fit different security and integration needs.
High-volume bundles start at 1 million requests, stay active for one year, and can be procured from Customer Portal or through your Account Manager.
Free daily API credits
The Tempico Reputation API is free for small projects and educational use. Every account receives €0.10 in API credits each day on the standard usage-based plan. Once you’ve used up the daily allowance, the API returns a quota-exceeded error until the credits reset at midnight (UTC).
Need more throughput or protection against traffic spikes? Simply add a credit card in the customer portal and enable automatic top-ups. The usage-based plan has no monthly fees and no minimum commitment — your prepaid balance stays available as long as you need it.
Why consider Tempico Reputation API?
Trusted platform
The platform was originally developed to power premium security services for TUOC. Its design has been kept faster and smarter, while benefits stay focused on real use. Through solid threat intelligence and reliable defense, organizations receive needed protection without inflated fees.
Unified security data
Proactive defense
Better decision-making
Focus on important
Integration & Use cases
Ultimate network visibility
On-premises sensor
Deploy Tempico sensors inside your network using port mirroring, endpoint agents or similar taps. Linked to the TUOC Enterprise plan, each sensor streams live telemetry to out managed SIEM. The Tempico PaaS traffic, user behaviour metrics, custom machine learning models, global threat intelligence and other feeds can be then correlated together to ensure the 360-degree view of your security landscape.
Integration with blackbox ecosystems
Reputation-based IP blocking
Integrate Tempico Reputation API with your firewall, IDS, IPS, or WAF to automatically stop bad actors before they even reach your network. Our API responses flag IPs associated with botnets, malware distribution, or hostile scanning behavior in real time, enabling security appliances or custom scripts to instantly block, allow, or escalate traffic for further inspection.
Data Enrichment
Identify files and IPs at scale
Implement our IP & hash lookup service with your SIEM, SOAR, EDR, or XDR to give analysts quick context on suspicious files and hosts. During an incident, your tools already know if a hash or host matches a known threat, when it first appeared, and how widespread it is. This knowledge speeds up response because teams can rank alerts and trigger automatic remediation without extra research, so the data works at its best.
from IoT to WebApps
Custom integrations
Integrate the hash lookup service into web or backend workflows to ensure that every file is inspected the moment it appears in any workload environment. When the Tempico Reputation API response highlights known malware or an IP with a bad reputation, automatically block the upload, terminate the connection, or log the incident for correlation. Apply the same pattern to IoT gateways or other lightweight compute nodes where full antivirus or network intrusion prevention agents are impractical.
FAQ
Frequently Asked Questions
Yes. The samples sensitive data-free samples, or samples which were allowed to be shared with community can be downloaded through our API, given that the account has a respective download permission.
Indeed. Sometimes security appliances are not able to preform online IP lookups, or generate too heavy traffic doing so. For such cases we provide an API endpoint to fetch blocklists as per categories selected. The database is available in the MMDB and plain text formats.
We continuously refine our detection models and encourage users to report misclassifications. Our analysts promptly review flagged entries to maintain data integrity and reduce false positives or false negatives.
Yes. Our platform fully supports IPv6 addresses, ensuring you don’t miss potential threats in dual-stack or newer network environments.
Custom visualizations are not available out-of-the-box, as our customers often have very different requirements in this area. However, performance and automation are consistently high priorities, which is why our primary focus is on the data layer. In most cases, your data can still be visualized using external tools that can integrate with our platform. If you require assistance with this, please submit a request to our Unified Operations Center.
Our APIs are designed to support batch processing and job scheduling, enabling reliable, high-throughput automated workflows. The pricing model scales with request volume, offering flexibility for larger deployments. For exceptionally large-scale setups, alternative connectors may offer greater efficiency than traditional REST APIs.
What is SIEM?
SIEM (Security Information and Event Management) is a solution that collects and centralizes logs and security data from across your environment — including endpoints, servers, cloud services, and network devices. It analyzes this data in real time to detect suspicious activity, generate alerts, support compliance reporting, and provide visibility into your overall security posture.
What is SOAR?
SOAR (Security Orchestration, Automation, and Response) is a system designed to help security teams streamline and automate their incident response processes. It connects to various tools in your environment, ingests alerts (often from a SIEM), enriches them with context, and runs automated playbooks to investigate or contain threats — reducing response time and improving consistency in how incidents are handled.
The global volume of known malicious files is massive — and many of them are outdated, polymorphic, or unlikely to be seen in real-world environments today. To keep our Hash Database lean and responsive, we routinely archive older or low-relevance entries, removing them from active (public) querying.
However, when a user queries a hash that’s been archived and it results in a miss, our system automatically rehydrates the relevant information within minutes. The hash then becomes available again for a limited time. This approach ensures both high performance and the ability to respond to rare or long-tail queries without bloating the live dataset.