Get 1,000 lookups for free
AI-powered
AI-powered
Cyberintelligence.
Real-time fraud risk analysis for every request — powered by IP, email, domain, and device signals.
Trusted by 500+ engineering teams
Threat Analysis
Live
Signal Check
Blocklist Reputation
Checking blocklists…
Threat Score
Low Risk—/100
Scanning…
Edge response time
< 50ms
Global P95
Email domains blocked
100k+
Continuously updated
API uptime SLA
99.9%
Last 90 days
Three tools, one bill
1 SDK
IP · Email · CAPTCHA
Product suite
Three tools. One SDK. One bill.
IP intelligence, proof-of-work CAPTCHA, and human-verified links — all from one integration.
Risk Intelligence
Every request analyzed in under 50ms
IP reputation, VPN detection, disposable email, and device signals — one call, one decision.
VPN / Proxy None
Tor Exit Node None
Threat Score 12 / 100
Explore API
CAPTCHA
Stop bots without punishing your users
Proof-of-work challenge runs invisibly. No image puzzles, no Google, no cookies. One script tag.
Verified — human
Proof-of-work solved · 280ms
See how it works
Protected Links
Gate any URL behind a human check
Wrap any destination in a browser verification step. Real visitors pass in seconds. Bots are turned away.
Human verified
Redirecting to destination…
View product
Quick start
Two steps. Production-ready protection.
Install the package, pass the context you already collect, get back allow, challenge, or block.
1
Terminal
$ npm install @requestguard/js
→ added 1 package in 0.8s
Install the SDK
One package. Works with any Node.js backend, Cloudflare Worker, or edge runtime. Or call the REST API directly.
2
signup.ts
const result = await rg.assess({
ip: req.ip,
email: body.email
})
// result.decision "challenge"
Act on the decision
Send the context you already have. Get back allow, challenge, or block — with reasons your app can act on.
Risk signals
Signals behind every decision
rg.assess()
Docs
Fraud Assessment
Combines IP, email, domain, and device signals into a single decision: allow, challenge, review, or block. One call replaces four separate checks.
< 50ms p99 4 signals combined allow · challenge · review · block
import RequestGuard from "@requestguard/js";
const rg = RequestGuard({ apiKey: "rg_sk_live_..." });
const result = await rg.assess({
ip: req.ip,
email: body.email,
userAgent: req.headers["user-agent"],
event: "signup",
});
if (result.decision === "block") {
return res.status(403).json({ error: "Blocked" });
}
if (result.decision === "challenge") {
return requireCaptcha();
}POST https://api.requestguard.com/v1/assess
Authorization: Bearer rg_sk_live_...
Content-Type: application/json
{
"ip": "203.0.113.42",
"email": "user@tempmail.com",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
"event": "signup"
}{
"request_id": "req_05dfbed6225a45e5a8be189c",
"created_at": "2026-05-19T22:34:48.947Z",
"risk_score": 86,
"risk_level": "critical",
"decision": "block",
"confidence": 0.93,
"reasons": [
{
"code": "datacenter_ip",
"severity": "medium",
"description": "IP belongs to a hosting or cloud network."
},
{
"code": "disposable_email",
"severity": "high",
"description": "Email domain is associated with temporary inbox services."
},
{
"code": "new_email_domain",
"severity": "medium",
"description": "Email domain appears newly registered or synthetic."
},
{
"code": "new_domain",
"severity": "medium",
"description": "Domain is newly registered or has no established age signal."
}
],
"recommended_action": "block_request",
"summary": "Block signup request because ip belongs to a hosting or cloud network, email domain is associated with temporary inbox services, email domain appears newly registered or synthetic.",
"matched_rules": [],
"signals": {
"ip": {
"ip": "8.8.8.8",
"is_valid": true,
"is_private": false,
"is_tor": false,
"is_proxy": false,
"is_vpn": false,
"is_datacenter": true,
"network_type": "datacenter",
"asn": 15169,
"as_organization": "Google LLC",
"isp": "Google LLC",
"country_code": "US",
"timezone": "America/Los_Angeles",
"abuse_history": {
"blocklist_hits": 0,
"recent_reports": 0
},
"bot_likelihood": 0.45,
"geolocation_confidence": 0.62,
"is_hosting": true,
"sources": [
{
"name": "VPN range dataset",
"type": "dataset",
"matched": false,
"category": "vpn"
},
{
"name": "Datacenter range dataset",
"type": "dataset",
"matched": true,
"category": "datacenter"
},
{
"name": "Tor exit dataset",
"type": "dataset",
"matched": false,
"category": "tor"
},
{
"name": "ASN registry lookup",
"type": "dataset",
"matched": true,
"category": "asn"
},
{
"name": "IP registration lookup",
"type": "rdap",
"matched": true,
"category": "ownership"
}
]
},
"email": {
"email": "user@tempmail.test",
"domain": "tempmail.test",
"is_valid": true,
"is_disposable": true,
"is_role_account": false,
"mx_present": false,
"smtp_deliverable": null,
"domain_age_days": 0,
"breach_or_spam_pattern": true,
"claimed_company_mismatch": false,
"risk_score": 46,
"suggested_action": "require_email_verification",
"is_free_email": false,
"sources": [
{
"name": "Disposable email dataset",
"type": "dataset",
"matched": true,
"category": "disposable_email"
},
{
"name": "Mailbox heuristic",
"type": "heuristic",
"matched": false,
"category": "mailbox"
},
{
"name": "MX record lookup",
"type": "dataset",
"matched": false,
"category": "dns"
}
]
},
"domain": {
"domain": "tempmail.test",
"is_valid": true,
"domain_age_days": 0,
"registrar": "known-public-record",
"nameserver_reputation": "unknown",
"has_suspicious_tld": false,
"newly_registered": true,
"parked_domain": false,
"threat_list_match": false,
"typosquatting_risk": false,
"mx_present": null,
"spf_present": null,
"dkim_present": null,
"dmarc_policy": "unknown"
},
"device": {
"user_agent": "Mozilla/5.0",
"suspicious_user_agent": false,
"bot_likelihood": 0.45,
"timezone_mismatch": false
},
"behavior": {
"event": "signup",
"phone_present": false,
"metadata_keys": []
}
},
"risk": {
"score": 86,
"level": "critical",
"reasons": [
"datacenter_ip",
"disposable_email",
"new_email_domain",
"new_domain"
]
},
"actions": [
"block"
],
"ip": {
"ip": "8.8.8.8",
"is_valid": true,
"is_private": false,
"is_tor": false,
"is_proxy": false,
"is_vpn": false,
"is_datacenter": true,
"network_type": "datacenter",
"asn": 15169,
"as_organization": "Google LLC",
"isp": "Google LLC",
"country_code": "US",
"timezone": "America/Los_Angeles",
"abuse_history": {
"blocklist_hits": 0,
"recent_reports": 0
},
"bot_likelihood": 0.45,
"geolocation_confidence": 0.62,
"is_hosting": true,
"sources": [
{
"name": "VPN range dataset",
"type": "dataset",
"matched": false,
"category": "vpn"
},
{
"name": "Datacenter range dataset",
"type": "dataset",
"matched": true,
"category": "datacenter"
},
{
"name": "Tor exit dataset",
"type": "dataset",
"matched": false,
"category": "tor"
},
{
"name": "ASN registry lookup",
"type": "dataset",
"matched": true,
"category": "asn"
},
{
"name": "IP registration lookup",
"type": "rdap",
"matched": true,
"category": "ownership"
}
]
},
"domain": {
"domain": "tempmail.test",
"is_valid": true,
"domain_age_days": 0,
"registrar": "known-public-record",
"nameserver_reputation": "unknown",
"has_suspicious_tld": false,
"newly_registered": true,
"parked_domain": false,
"threat_list_match": false,
"typosquatting_risk": false,
"mx_present": null,
"spf_present": null,
"dkim_present": null,
"dmarc_policy": "unknown"
},
"email": {
"email": "user@tempmail.test",
"domain": "tempmail.test",
"is_valid": true,
"is_disposable": true,
"is_role_account": false,
"mx_present": false,
"smtp_deliverable": null,
"domain_age_days": 0,
"breach_or_spam_pattern": true,
"claimed_company_mismatch": false,
"risk_score": 46,
"suggested_action": "require_email_verification",
"is_free_email": false,
"sources": [
{
"name": "Disposable email dataset",
"type": "dataset",
"matched": true,
"category": "disposable_email"
},
{
"name": "Mailbox heuristic",
"type": "heuristic",
"matched": false,
"category": "mailbox"
},
{
"name": "MX record lookup",
"type": "dataset",
"matched": false,
"category": "dns"
}
]
},
"userAgent": {
"user_agent": "Mozilla/5.0",
"suspicious_user_agent": false,
"bot_likelihood": 0.45,
"timezone_mismatch": false
},
"sources": [
{
"name": "VPN range dataset",
"type": "dataset",
"matched": false,
"category": "vpn"
},
{
"name": "Datacenter range dataset",
"type": "dataset",
"matched": true,
"category": "datacenter"
},
{
"name": "Tor exit dataset",
"type": "dataset",
"matched": false,
"category": "tor"
},
{
"name": "ASN registry lookup",
"type": "dataset",
"matched": true,
"category": "asn"
},
{
"name": "IP registration lookup",
"type": "rdap",
"matched": true,
"category": "ownership"
},
{
"name": "Disposable email dataset",
"type": "dataset",
"matched": true,
"category": "disposable_email"
},
{
"name": "Mailbox heuristic",
"type": "heuristic",
"matched": false,
"category": "mailbox"
},
{
"name": "MX record lookup",
"type": "dataset",
"matched": false,
"category": "dns"
},
{
"name": "Domain blocklist lookup",
"type": "dnsbl",
"matched": false,
"category": "domain"
},
{
"name": "URI blocklist lookup",
"type": "dnsbl",
"matched": false,
"category": "domain"
},
{
"name": "Domain reputation lookup",
"type": "dnsbl",
"matched": false,
"category": "domain"
},
{
"name": "Domain registration lookup",
"type": "rdap",
"matched": true,
"category": "registration"
},
{
"name": "Domain heuristic",
"type": "heuristic",
"matched": false,
"category": "domain_risk"
},
{
"name": "Risk policy",
"type": "heuristic",
"matched": true,
"category": "assessment"
}
]
} rg.geolocation()
Docs
IP Geolocation
Returns country, region, city, coordinates, timezone, and EU membership for any IP address. Covers 99.9% of allocated IPs with city-level accuracy.
250+ countries 99.9% IP coverage city-level accuracy
import RequestGuard from "@requestguard/js";
const rg = RequestGuard({ apiKey: "rg_sk_live_..." });
const geo = await rg.geolocation({ ip: req.ip });
// Block signups from sanctioned countries
if (["RU", "KP", "IR"].includes(geo.countryCode)) {
return res.status(403).json({ error: "Region not supported" });
}GET https://api.requestguard.com/v1/ip/203.0.113.42/geo
Authorization: Bearer rg_sk_live_...{
"ip": "8.8.8.8",
"countryCode": "US",
"country_code": "US",
"timezone": "America/Los_Angeles",
"asn": 15169,
"organization": "Google LLC",
"confidence": 0.62,
"lookup": {
"method": "local_database",
"fallback_used": false,
"confidence": 0.62
},
"sources": [
{
"name": "Local geolocation database",
"type": "dataset",
"matched": true,
"confidence": 0.62
}
]
} rg.connection()
Docs
Connection Intelligence
Detects VPNs, proxies, Tor exit nodes, and datacenter IPs in a single call. Anonymous traffic and hosting networks are scored alongside the rest of the request.
VPN and proxy signals Tor exit detection datacenter ASN detection
import RequestGuard from "@requestguard/js";
const rg = RequestGuard({ apiKey: "rg_sk_live_..." });
const conn = await rg.connection({ ip: req.ip });
if (conn.isTor || conn.isProxy) {
return res.status(403).json({ error: "Anonymous traffic not allowed" });
}
// Allow but flag datacenter IPs for review
if (conn.isHosting && conn.riskScore > 60) {
await flagForReview(session.id);
}GET https://api.requestguard.com/v1/ip/185.220.101.34/reputation
Authorization: Bearer rg_sk_live_...{
"ip": "185.220.101.1",
"is_valid": true,
"is_private": false,
"is_tor": true,
"is_proxy": true,
"is_vpn": true,
"is_datacenter": false,
"network_type": "tor",
"abuse_history": {
"blocklist_hits": 2,
"recent_reports": 4
},
"bot_likelihood": 0.33,
"geolocation_confidence": 0.18,
"is_hosting": false,
"sources": [
{
"name": "VPN range dataset",
"type": "dataset",
"matched": true,
"category": "vpn"
},
{
"name": "Datacenter range dataset",
"type": "dataset",
"matched": false,
"category": "datacenter"
},
{
"name": "Tor exit dataset",
"type": "dataset",
"matched": true,
"category": "tor"
},
{
"name": "ASN registry lookup",
"type": "dataset",
"matched": false,
"category": "asn"
},
{
"name": "IP registration lookup",
"type": "rdap",
"matched": false,
"category": "ownership"
}
],
"risk_score": 85,
"risk_level": "critical",
"decision": "block",
"reasons": [
{
"code": "tor_exit_node",
"severity": "critical",
"description": "IP matches a known Tor exit pattern."
},
{
"code": "vpn_detected",
"severity": "high",
"description": "IP is associated with proxy or VPN infrastructure."
}
],
"risk": {
"score": 85,
"level": "critical",
"reasons": [
"tor_exit_node",
"vpn_detected"
]
}
} rg.email()
Docs
Email Risk
Checks email addresses against 150,000+ known disposable domains, verifies MX records, and inspects DMARC and SPF configuration to score fraud risk.
150K+ disposable domains MX record verification DMARC & SPF checks
import RequestGuard from "@requestguard/js";
const rg = RequestGuard({ apiKey: "rg_sk_live_..." });
const email = await rg.email(body.email);
if (email.isDisposable) {
return res.status(400).json({
error: "Disposable email addresses are not allowed",
});
}
if (email.riskScore > 60) {
await requireEmailVerification(body.email);
}POST https://api.requestguard.com/v1/email/check
Authorization: Bearer rg_sk_live_...
Content-Type: application/json
{ "email": "checkout@tempmail.co" }{
"email": "admin@tempmail.test",
"domain": "tempmail.test",
"is_valid": true,
"is_disposable": true,
"is_role_account": true,
"mx_present": false,
"smtp_deliverable": null,
"domain_age_days": 0,
"breach_or_spam_pattern": true,
"claimed_company_mismatch": false,
"risk_score": 58,
"suggested_action": "require_email_verification",
"is_free_email": false,
"sources": [
{
"name": "Disposable email dataset",
"type": "dataset",
"matched": true,
"category": "disposable_email"
},
{
"name": "Mailbox heuristic",
"type": "heuristic",
"matched": true,
"category": "mailbox"
},
{
"name": "MX record lookup",
"type": "dataset",
"matched": false,
"category": "dns"
}
]
} rg.domain()
Docs
Domain Intelligence
Scores any domain for fraud risk: newly registered domains, suspicious TLDs, parked pages, typosquatting attempts, and threat list matches.
suspicious TLD database newly registered flags typosquatting detection
import RequestGuard from "@requestguard/js";
const rg = RequestGuard({ apiKey: "rg_sk_live_..." });
// Check the domain from a claimed company website
const domain = await rg.domain(body.companyDomain);
if (domain.isNewlyRegistered || domain.isSuspiciousTld) {
return res.status(400).json({
error: "Company domain appears suspicious",
});
}GET https://api.requestguard.com/v1/domain/acme-invoices-secure.xyz
Authorization: Bearer rg_sk_live_...{
"domain": "malware.test",
"is_valid": true,
"domain_age_days": 1,
"registrar": "known-public-record",
"nameserver_reputation": "suspicious",
"has_suspicious_tld": false,
"newly_registered": true,
"parked_domain": false,
"threat_list_match": true,
"typosquatting_risk": false,
"mx_present": null,
"spf_present": null,
"dkim_present": null,
"dmarc_policy": "unknown",
"tld": "test",
"risk_score": 88,
"risk_level": "critical",
"decision": "block",
"reasons": [
{
"code": "new_domain",
"severity": "medium",
"description": "Domain is newly registered or has no established age signal."
},
{
"code": "threat_list_match",
"severity": "critical",
"description": "Domain matches a known phishing or malware indicator."
}
],
"risk": {
"score": 88,
"level": "critical",
"reasons": [
"new_domain",
"threat_list_match"
]
},
"sources": [
{
"name": "Domain blocklist lookup",
"type": "dnsbl",
"matched": true,
"category": "domain"
},
{
"name": "URI blocklist lookup",
"type": "dnsbl",
"matched": true,
"category": "domain"
},
{
"name": "Domain reputation lookup",
"type": "dnsbl",
"matched": true,
"category": "domain"
},
{
"name": "Domain registration lookup",
"type": "rdap",
"matched": true,
"category": "registration"
},
{
"name": "Domain heuristic",
"type": "heuristic",
"matched": false,
"category": "domain_risk"
}
]
} rg.fingerprint()
Docs
Device Fingerprint
Generates a stable device identifier from browser signals. Survives cookie clearing and incognito mode. Use the ID server-side to detect multi-accounting and link suspicious sessions.
survives cookie clears incognito-resistant browser-side only
import RequestGuard from "@requestguard/js";
const rg = RequestGuard({ apiKey: "rg_sk_live_..." });
// Call in the browser before form submission
const fp = await rg.fingerprint();
await fetch("/api/signup", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
...formData,
visitorId: fp.id,
fpConfidence: fp.confidence,
}),
});# Fingerprint is collected browser-side via the SDK.
# Send the resulting visitorId with your backend request:
POST https://api.requestguard.com/v1/assess
Authorization: Bearer rg_sk_live_...
Content-Type: application/json
{
"ip": "203.0.113.42",
"email": "user@example.com",
"device": { "visitor_id": "fp_a1b2c3d4e5f6..." }
}{
"id": "fp_a1b2c3d4e5f6a7b8c9d0",
"confidence": 0.97,
"version": "browser"
} rg.whois()
Docs
WHOIS / RDAP
Retrieves ownership, registration, and network information for any IP or domain using the RDAP protocol. Returns registrar, ASN, CIDR, creation date, and abuse contacts.
RDAP protocol IP & domain lookup ASN & CIDR data
import RequestGuard from "@requestguard/js";
const rg = RequestGuard({ apiKey: "rg_sk_live_..." });
// Investigate a suspicious IP from your logs
const info = await rg.whois("185.220.101.34");
console.log(info.org); // "Chaos Computer Club"
console.log(info.country); // "DE"
console.log(info.cidr); // ["185.220.96.0/21"]
console.log(info.abuseEmail); // "abuse@..."GET https://api.requestguard.com/v1/whois?q=185.220.101.34
Authorization: Bearer rg_sk_live_...{
"type": "domain",
"domain": "example.com",
"tld": "com",
"registrar": "known-public-record",
"domain_age_days": 10000,
"status": "active",
"risk": {
"suspicious_tld": false,
"newly_registered": false,
"threat_list_match": false,
"typosquatting_risk": false
},
"lookup": {
"method": "heuristic",
"fallback_used": false,
"confidence": 0.68
},
"sources": [
{
"name": "Domain blocklist lookup",
"type": "dnsbl",
"matched": false,
"category": "domain"
},
{
"name": "URI blocklist lookup",
"type": "dnsbl",
"matched": false,
"category": "domain"
},
{
"name": "Domain reputation lookup",
"type": "dnsbl",
"matched": false,
"category": "domain"
},
{
"name": "Domain registration lookup",
"type": "rdap",
"matched": true,
"category": "registration"
},
{
"name": "Domain heuristic",
"type": "heuristic",
"matched": false,
"category": "domain_risk"
}
]
}Runs anywhere JavaScript runs
Node.jsCloudflare WorkersVercel EdgeDenoBunNext.jsSvelteKitRemixExpressFastifyHonoElysia
What teams say
Fraud prevention shouldn't
slow down your business.
RequestGuard caught a coordinated VPN fraud ring on our checkout in the first hour. Zero false positives on real customers. Absolutely worth it.
JK
Jonas K.
CTO, Storefront Labs
We switched from building our own IP blocklists to RequestGuard. Setup took 10 minutes, and we immediately blocked 15% of suspicious checkout attempts.
MR
Mia R.
Founder, Checkout.so
The proof-of-work captcha is a game changer. Real users don't even notice it, but bots get stopped cold. Our chargebacks dropped 80% in the first month.
TS
Tom S.
Head of Eng, Rapid Store
We needed disposable email detection without building it ourselves. RequestGuard's API is clean, fast, and the edge latency is unreal.
AL
Ana L.
Backend Lead, Lumo
Pricing
Start free. Scale as you grow.
From indie launch to enterprise review. Five layers of protection in one API, one SDK, and one bill.
Free
$0 forever
- 1,000 protected requests/mo
- All core fraud signals
- REST API + SDK
- Community support
Indie
$29 / month
- 50,000 protected requests/mo
- Webhook integrations
- Custom block rules
- 7-day event history
Startup
$99 / month
- 250,000 protected requests/mo
- 5 team seats
- 30-day event history
- Slack alerts
Get started
Stop fake users before they cost you money.
Real-time risk assessment, disposable email detection, and adaptive CAPTCHA — one SDK, one bill.
$ npm install @requestguard/js
Free up to 1,000 requests/month · No credit card required