For security teams, by security engineers

Identify Bad IPs
Instantly.

Unmask the intent behind every connection. Identify VPNs, Tor nodes, and Residential Proxies to stop hackers before they reach your endpoints.

Get API AccessView Docs
api.speculus.ai/v3/enrich/
GET
NIO v3 · Speculus Enrichment Engineprocessing…

Integrated with industry-leading
security platforms

Microsoft
Google Cloud
AWS
Microsoft Azure
Datadog
IBM
Cloudflare
Cisco

Why it matters

Your analysts are spending hours every day researching IP addresses manually. Each lookup gives the attacker just enough time to hack into your endpoints.

5 min

Average time to manually research a single suspicious IP

80%

Of breaches involve a network indicator that was already visible

50ms

How long Speculus takes to return a full enriched threat verdict

Raw IP → Enriched Threat Identity

One API call. Every field your SOC needs: verdict, threat score, geolocation, ISP, proxy and Tor flags, and enriched identity. Returned as a structured JSON object in under 50ms.

35
medium risk · score 35/100

This IP is an active Tor Exit Node routing traffic through datacenter infrastructure in Amsterdam.

GET /v3/enrich/
200 OK·application/json·47ms
{
  "nio_verdict" :
    "This IP is an active Tor Exit Node
    routing traffic through datacenter
    infrastructure in Amsterdam."
  ,
  "intel" : {
    "risk" : "medium",
    "score" : 35,
    "type" : "VPN",
    "tor_node" : true,
    "vpn_proxy" : true,
    "is_blacklisted" : true,
    "is_datacenter" : true
  },
  "identity" : {
    "ip" : "192.42.116.92",
    "connection_type" : "Cellular",
    "isp" : "Church of Cyberology",
    "org" : "Tor Exit and More",
    "asn" : 215125
  },
  "location" : {
    "city" : "Amsterdam",
    "state" : "North Holland",
    "country" : "Netherlands",
    "country_code" : "NL",
    "coordinates" : {
      "lat" : 52.374,
      "lon" : 4.8897
    }
  }
}
Solutions

Three ways to deploy
Speculus

API, managed integration, or on-prem database. Speculus is built for you.

API Access01

The Speculus API

Direct, programmatic access to the NIO enrichment engine. A single REST call turns any IP address into a full intelligence object: threat score, geolocation, ASN, proxy flags, and a plain-English verdict. Built for developers who want to embed network intelligence directly into their stack.

  • IP enrichment in under 50ms
  • Threat scoring from 0–100 (NIO verdict)
  • Geolocation, ASN, carrier & proxy detection
  • REST + gRPC endpoints with SDKs for Python, Node, Go
  • 99.9% uptime SLA with enterprise rate limits
Get API AccessView API Docs
Integration Package02

The Integration Package

Everything in the API, plus a fully managed deployment into your existing security stack. We connect NIO enrichment directly into Splunk, Elastic, Microsoft Sentinel, Palo Alto, or any SIEM/SOAR your team already operates. Includes custom dashboards, alert workflows, and ongoing support.

  • All API capabilities included
  • Native connectors for Splunk, Elastic, Sentinel & more
  • Custom threat dashboards and alert rule configuration
  • Dedicated onboarding and integration engineering
  • Quarterly threat intelligence briefings
See IntegrationsGet API Access
MMDB03

MMDB Database

The full Speculus threat intelligence dataset in MaxMind Database format, delivered directly to your infrastructure for offline, zero-latency lookups. No API calls, no round-trips, no external dependencies. Ideal for high-throughput environments where every millisecond counts.

  • Offline lookups with sub-millisecond query time
  • Compatible with any MaxMind-compatible reader
  • Weekly threat feed updates delivered to your endpoint
  • Full NIO scoring, geolocation, ASN & proxy data on-prem
  • Air-gapped and sovereign cloud deployments supported
Talk to usView MMDB

Built for the Realities
of Your Industry

Industry context changes everything. We bring proven enrichment strategies that move faster with less risk.

FinServ

Financial Services & Insurance

Risk-aware IP intelligence and governed enrichment pipelines for regulated environments. Detect fraud vectors and sanctions evasion in real time.

<50ms
API Response
99.9%
Uptime SLA

Proof from Real
Enterprise Delivery

See how leading security teams deploy NIO intelligence in production.

All Articles →
Case StudyMar 2026

How a Global Bank Reduced Fraud by 34% with NIO Enrichment

Speculus partnered with a Tier-1 financial institution to embed real-time IP enrichment into their fraud detection pipeline, cutting false positives by 34% in 90 days.

8 min read
Read
BlogFeb 2026

Speculus.ai Launches NIO v3: Sub-50ms Threat Enrichment at Scale

Our new v3 architecture processes 100,000+ enrichment requests per second with no cold-start latency. Here's how we rebuilt the data pipeline.

5 min read
Read
Case StudyJan 2026

Healthcare SOC Migration: From Manual Lookups to Automated NIO Scoring

A regional health system replaced 3 hours of daily manual threat research with automated NIO enrichment in Splunk. Zero additional headcount.

6 min read
Read

Ready to Transform Your
Threat Intelligence?

Let's talk about how Speculus.ai can help you scale network intelligence and achieve measurable security outcomes.

Talk to an ExpertRead the Docs

No credit card required · SOC 2 Type II · Enterprise SLAs available