The IP Reputation API returns detailed threat intelligence for any IPv4 or IPv6 address. It detects VPNs, proxies (including residential), Tor exit nodes, bot or spam activity, and known attacker behavior. It also identifies cloud provider associations and, when available, returns the provider name. In addition, it delivers geolocation and network details enriched with country metadata, making it a comprehensive source of security and geolocation data.
Authorization
You can make authorized requests to our API by passing API key
as a query parameter. To get your API key, login to our billing
dashboard and get your API key! If your API key has been
compromised, you can change it by clicking on reset button in
billing dashboard.
Important References
- For details on request limits and handling rate limiting, refer here
- For a complete overview of API credit consumption and usage, refer here
Fields Description
ip
IP address being analyzed
8.8.8.8
location
Geolocation details derived from IP address
continent_code
Continent code
NA
continent_name
Continent name
North America
country_code2
2-letter country code
US
country_code3
3-letter country code
USA
country_name
Country name
United States
country_name_official
Official country name
United States of America
country_capital
Capital city of the country
Washington, D.C.
state_prov
State or province name
California
state_code
State or region code
US-CA
district
District or administrative area
Santa Clara
city
City name
Mountain View
locality
Local area name
Mountain View
accuracy_radius
Accuracy radius of geolocation data
zipcode
Postal code
94043-1351
latitude
Latitude coordinate
37.42240
longitude
Longitude coordinate
-122.08421
is_eu
Indicates whether IP is in EU region
false
geoname_id
GeoNames identifier
6301403
country_emoji
Country flag emoji
🇺🇸
network
Network-level information of the IP
connection_type
Type of network connection
route
CIDR route or network range associated with the IP address
1.1.1.0/24
is_anycast
Indicates whether the IP address is configured as an anycast address
true
asn
Autonomous System Number details
as_number
ASN identifier
AS15169
organization
Organization owning ASN
Google LLC
country
Country of ASN registration
US
type
Type of organization (e.g., BUSINESS)
BUSINESS
domain
Associated organization domain
about.google
date_allocated
ASN allocation date
rir
Regional Internet Registry
ARIN
security
Security and threat intelligence information for the IP
threat_score
Threat score of the IP (0 = safe, higher = risky)
5
is_tor
Indicates if the IP address is part of the Tor network
false
is_proxy
Indicates whether the IP address is detected as a proxy
false
proxy_provider_names
List of detected proxy service providers associated with the IP
proxy_confidence_score
Confidence score indicating the likelihood of proxy usage
0
proxy_last_seen
Last detected timestamp of proxy activity for the IP address
is_residential_proxy
Indicates whether the IP address belongs to a residential proxy network
false
is_vpn
Indicates whether the IP address is associated with a VPN service
false
vpn_provider_names
List of detected VPN providers associated with the IP address
vpn_confidence_score
Confidence score indicating the likelihood of VPN usage
0
vpn_last_seen
Last detected timestamp of VPN activity for the IP address
is_relay
Indicates whether the IP address is operating as a relay service
false
relay_provider_name
Name of the relay service provider associated with the IP address
is_anonymous
Indicates anonymous IP usage
false
is_known_attacker
Indicates if the IP address is known for malicious or abusive activity
false
is_bot
Indicates if the IP address belongs to a bot
false
is_spam
Indicates whether the IP address is associated with spam activity
false
is_cloud_provider
Indicates whether the IP address belongs to a cloud hosting provider
true
cloud_provider_name
Name of the cloud provider associated with the IP address
Cloudflare, Inc.
