Skip to content
Free tool

IP Fraud Score Checker

A 0–100 risk score for any IP address, built from 40+ weighted signals, with the exact detection methods that produced it listed on every response.

How the score works

Explainable by design.

The fraud score combines 40+ weighted signals: anonymizer verdicts, blocklist and DNSBL hits, scanner and spam history, hosting classification, WHOIS keywords, and more. Crucially, the model also subtracts risk. A residential ISP removes 20 points; a verified search-engine crawler removes 30. An IP behind carrier-grade NAT gets its score capped, because thousands of households can share one CGNAT address and punishing all of them produces false positives.

Every response includes scoring.detection_methods, the list of signals that actually fired. When the score is 84, you can see why it is 84. That matters when you have to justify a blocked checkout to a customer, or tune thresholds against your own traffic.

ScoreActionWhat to do
0–25allowNo meaningful risk evidence. Let the request through.
26–50reviewSome signals fired. Log it, watch it, or queue for review.
51–75step_upStrong signals. Add friction: 2FA, email verification, captcha.
76–100blockMultiple corroborating signals. Deny or hard-challenge.
See how teams use the score for fraud prevention
FAQ

Frequently asked questions

What is an IP fraud score?

A single 0–100 number summarizing how risky an IP address looks based on observable evidence: anonymizer use, blocklist presence, abuse history, and network type. 0 means no risk signals fired; 100 means multiple corroborating signals did. It scores the address, not the person.

How is the score calculated?

From 40+ weighted signals, both incriminating and exonerating. VPN exits, blocklist hits, and scanner history push the score up; a residential ISP subtracts 20 points and a verified crawler subtracts 30. The scoring.detection_methods field lists exactly which signals fired, so no score is a black box.

What do the score bands mean?

GeoIPHub maps scores to a recommended action: allow at 25 and below, review for 26–50, step_up for 51–75, and block for 76–100. These are defaults, and the raw score is on every response so you can set your own thresholds.

Why does a shared mobile IP not score high?

Carrier-grade NAT (CGNAT) puts many subscribers behind one IPv4 address, so one bad actor would otherwise poison the score for everyone. GeoIPHub detects CGNAT ranges and caps their scores specifically to prevent that class of false positive.
More free tools

Every check, one API call.

IP Lookup

The complete report for any IPv4 or IPv6 address: location, network, detections, risk score.

GET /v1/lookup/{ip}
What Is My IP

Your public IP, where it places you, and what every website can infer from it.

geo + asn + detection
VPN Detection Test

Check whether an IP is a VPN or proxy exit, with the provider named when known.

detection.is_vpn
Tor Exit Node Check

Verify an IP against the official Tor Project exit list.

detection.is_tor
Datacenter IP Check

Find out if an IP belongs to a hosting provider or cloud platform.

detection.is_hosting

Need this at scale?

Get 1,500 free API lookups a day, every field included, no credit card. These tools run on the same endpoint you would ship to production.

Get a free API keyRead the docs