Enter any IPv4 or IPv6 address to get a real-time IP reputation score. Our API combines VPN, proxy, Tor, datacenter, and abuse intelligence signals into a single 0–100 score. Use it as an IP blacklist check, an ip abuse check, or simply to verify whether an IP is safe before you trust it. No sign-up required.
Enter any IPv4 or IPv6 address to get its reputation score
When you check IP reputation with ip-api.io, six threat intelligence signals are evaluated in real time and weighted into a single 0–100 score. Higher combined weight means worse reputation and greater risk.
Identifies HTTP/HTTPS/SOCKS proxies, commercial VPN endpoints, and Tor exit nodes — the primary tools used to mask identity. These three signals carry the highest risk weights (0.25 each) because anonymised traffic is strongly correlated with abuse.
Flags IPs hosted in AWS, GCP, Azure, and other cloud or datacenter providers. Datacenter IPs contribute a medium weight (0.1) since they are commonly used by legitimate services but are also disproportionately associated with bots and scrapers.
Runs a live IP abuse check across threat intelligence feeds covering spam campaigns, botnet C&C servers, malware distribution, and reported abuse activity — equivalent to an IP blacklist check against multiple block lists simultaneously. Spam history contributes 0.05 and broader threat/suspicious signals contribute up to 0.25 each.
Block high-risk IPs automatically at signup, login, and checkout. A single reputation API call gives you the full picture — proxy, VPN, Tor, and abuse history — so you can act on one score rather than managing six separate signals. For combined IP and email scoring, see the Risk Score API.
Look up the reputation of any IP found in server logs, abuse reports, or security incidents. The full signal breakdown tells you exactly why an IP has a poor reputation — is it a known Tor exit node, a datacenter host, or a flagged spam source — so you can triage and respond faster.
Integrate the IP Reputation API into WAF rules, SIEM pipelines, and rate-limiting middleware. A single GET request returns all the signals you need to automate block and allow decisions at any scale — no SDK required.
Integrate real-time IP reputation checks into your application. Simple REST API returning JSON — no SDK required.
https://ip-api.io/api/v1/ip-reputation/{ip}
Returns a reputation score (0.0–1.0), risk level, and per-signal breakdown for any IPv4 or IPv6 address.
Rate limited by IP address — no API key required for free-tier use.
Add ?api_key=YOUR_KEY for higher limits.
{
"ip": "1.2.3.4",
"score": 0.45,
"risk_level": "MEDIUM",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_vpn": true,
"is_tor_node": false,
"is_datacenter": true,
"is_spam": false,
"is_suspicious": false,
"risk_contribution": 0.45
},
"email_factors": null
}
}score
Reputation score from 0.0 (trusted) to 1.0 (very high risk). Multiply by 100 for a 0–100 display value.
risk_level
Human-readable classification: VERY_LOW, LOW, MEDIUM, HIGH, or VERY_HIGH.
ip
The IP address that was analysed.
factors.ip_factors.is_proxy
Whether the IP is a known HTTP/HTTPS/SOCKS proxy server.
factors.ip_factors.is_vpn
Whether the IP is a known VPN endpoint (commercial or self-hosted).
factors.ip_factors.is_tor_node
Whether the IP is a Tor exit or relay node (checked against live Tor consensus).
factors.ip_factors.is_datacenter
Whether the IP belongs to a datacenter or cloud hosting provider.
factors.ip_factors.is_spam
Whether the IP has a known spam or abuse history in threat intelligence feeds.
factors.ip_factors.is_suspicious
Whether the IP shows suspicious behavioural patterns from multiple threat sources.
factors.ip_factors.risk_contribution
The IP's individual contribution to the overall score (0.0–1.0).
# Check IP reputation (no API key needed for free tier)
curl "https://ip-api.io/api/v1/ip-reputation/1.2.3.4"
# With API key for higher rate limits
curl "https://ip-api.io/api/v1/ip-reputation/1.2.3.4?api_key=YOUR_API_KEY"import requests
def check_ip_reputation(ip: str) -> dict:
url = f"https://ip-api.io/api/v1/ip-reputation/{ip}"
response = requests.get(url)
response.raise_for_status()
data = response.json()
score = round(data["score"] * 100)
print(f"Reputation score: {score}/100")
print(f"Risk level: {data['risk_level']}")
factors = data["factors"]["ip_factors"]
print(f"Is proxy: {factors['is_proxy']}")
print(f"Is VPN: {factors['is_vpn']}")
print(f"Is Tor: {factors['is_tor_node']}")
return data
check_ip_reputation("1.2.3.4")const response = await fetch(
"https://ip-api.io/api/v1/ip-reputation/1.2.3.4"
);
const data = await response.json();
const score = Math.round(data.score * 100);
console.log(`Reputation score: ${score}/100`);
console.log(`Risk level: ${data.risk_level}`);
const f = data.factors.ip_factors;
console.log(`Is VPN: ${f.is_vpn}`);
console.log(`Is Tor: ${f.is_tor_node}`);
console.log(`Is proxy: ${f.is_proxy}`);Start using IP-API.io to make your website safer and more user-friendly. Keep out unwanted bots, show visitors content that's relevant to where they are, and spot risky IP addresses quickly. It's perfect for making online shopping more personal and keeping your site secure. Get started today with one of the plans!
Common questions about IP reputation scores and the ip-api.io Reputation API.
An IP reputation score is a numeric value, typically expressed on a 0–100 scale, that indicates how trustworthy an IP address is based on its history and current characteristics. A score near 0 means very low risk; a score near 100 means very high risk. Scores are derived from threat feeds, abuse reports, and signals such as VPN, proxy, Tor, and datacenter usage.
ip-api.io calculates the reputation score by checking six IP signals — proxy detection, VPN detection,
Tor node membership, datacenter hosting, spam/abuse history, and suspicious activity patterns — and
weighting them into a composite score between 0.0 and 1.0 (displayed as 0–100). Each signal contributes
a weighted risk_contribution, and the final score maps to a risk_level of
VERY_LOW, LOW, MEDIUM, HIGH, or VERY_HIGH.
Scores above 60 (HIGH or VERY_HIGH risk level) are generally considered poor reputation and warrant blocking or heightened scrutiny. Scores between 40 and 60 (MEDIUM) suggest caution — consider requiring additional verification such as CAPTCHA or email confirmation. Scores below 40 (LOW or VERY_LOW) represent good reputation.
Yes. The most common causes of a poor reputation score are being listed in spam or abuse databases, routing traffic through shared VPN or proxy servers, or hosting on datacenter infrastructure used for abuse. Removing your IP from blacklists, switching to a residential or dedicated ISP, and ceasing abusive activity will improve your score over time as threat feeds refresh — typically within 24 to 72 hours.
ip-api.io refreshes its threat intelligence feeds continuously. Most signals — VPN and proxy lists, Tor exit node consensus, and spam databases — update in real time or near-real time. Full re-scoring of a given IP address typically reflects changes within 24 hours.
No, but they are related. An IP blacklist check tells you whether a specific IP appears on one or more known block lists (such as Spamhaus or Barracuda). An IP reputation score aggregates blacklist data alongside behavioural signals — VPN, proxy, Tor, datacenter classification, and abuse history — into a single composite score. The reputation score is more nuanced and actionable than a simple pass/fail blacklist check.
Yes. The IP reputation score is a core signal in fraud prevention pipelines. Integrating it at signup, login, checkout, or API rate-limiting points lets you automatically block or challenge high-risk IPs — those using VPNs to hide identity, Tor for anonymity, or datacenter IPs often associated with bots and scrapers. For combined IP and email fraud scoring, see the Risk Score API.
Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.
Contact SupportCustomize your experience with tailored plans that fit your IP security and geolocation needs.
Email Us