Pricing
Docs
Product

Security Intelligence

Comprehensive threat scoring that combines abuse history, botnet participation, spam classification, and real-time threat feeds into a single actionable risk score for every IP address.

Terminal
$ curl https://api.iptruth.com/ip/198.51.100.1

{
  "ip": "198.51.100.1",
  "risk_score": 87,
  "abuse_score": 72,
  "threat_categories": ["spam", "brute_force"],
  "classification": {
    "usage_type": "hosting",
    "is_satellite": false,
    "is_cgnat": false
  },
  "is_vpn": false,
  "is_proxy": true,
  "is_tor_exit": false,
  "network": {
    "asn": 64496,
    "as_name": "EXAMPLE-NET"
  }
}

Multi-Factor Risk Scoring

Composite fraud score (0-100) combining abuse signals, network reputation, and behavioral patterns.

Abuse Classification

Categorize IPs by usage type: residential, hosting, business, education, or known abuse infrastructure.

Threat Feed Integration

Real-time integration with global threat intelligence feeds for up-to-the-minute risk assessment.

How It Works

IPTruth's risk score is a composite of multiple independent signals: VPN and proxy detection results, abuse report history, BGP routing anomalies, and data from global threat intelligence feeds. Each factor is weighted based on recency and reliability, producing a single 0-100 score that reflects current risk, not historical reputation alone.

Unlike static blacklists that update weekly or monthly, our scoring is continuous. When a previously clean IP begins exhibiting malicious behavior -- or when a flagged IP is reassigned to a legitimate operator -- the score adjusts within minutes. Threat categories provide granular context so you can distinguish spam sources from brute-force attackers or botnet participants.

Usage type classification identifies whether an IP belongs to residential broadband, hosting infrastructure, corporate networks, educational institutions, satellite internet, or CGNAT pools -- critical context for calibrating your security policies.

Use Cases

WAF Integration

Feed risk scores directly into your web application firewall to block or challenge suspicious traffic.

Email Filtering

Score sender IPs to improve spam filtering and reduce phishing attacks.

Fraud Prevention

Identify high-risk IPs during checkout, registration, or login to prevent fraud.

SOC Triage

Prioritize security incidents with IP reputation data to focus analyst attention.

Ready to get started?

Start with our free tier — no credit card required. Upgrade when you need more.

Start Free Contact Sales