The IP Intelligence API provides comprehensive threat analysis:
- Blacklist Checks: Multiple spam and abuse databases
- Tor Exit Detection: Real-time Tor exit node identification
- Proxy Detection: Known proxy and anonymizer detection
- Infrastructure Classification: Datacenter, cloud, mobile, residential
Endpoint
GET https://api.requestguard.com/v1/ip/intelligence
Parameters
| Parameter | Type | Required | Description |
|---|
ip | string | Yes | The IP address to analyze (IPv4 or IPv6) |
Response
{
"success": true,
"data": {
"ip": "185.220.101.1",
"threatLevel": "high",
"threatScore": 75,
"riskFactors": [
"tor_exit_node",
"blacklisted_2_lists",
"spamhaus_zen: SBL - Direct spam source"
],
"blacklists": [
{
"name": "Spamhaus ZEN",
"zone": "zen.spamhaus.org",
"listed": true,
"category": "combined",
"returnCode": "127.0.0.2",
"details": "SBL - Direct spam source"
},
{
"name": "Barracuda",
"zone": "b.barracudacentral.org",
"listed": true,
"category": "spam"
},
{
"name": "SpamCop",
"zone": "bl.spamcop.net",
"listed": false,
"category": "spam"
}
],
"blacklistCount": 2,
"isTorExit": true,
"isProxy": false,
"isAnonymous": true,
"connectionType": "tor",
"isDatacenter": true,
"isHosting": true,
"isMobile": false,
"isResidential": false,
"cloudProvider": "Hetzner",
"isMailServer": false,
"asn": 24940,
"asName": "HETZNER-AS, DE",
"bgpPrefix": "185.220.101.0/24",
"country": "DE",
"hostname": "tor-exit.example.org",
"_meta": {
"queriedAt": "2024-12-01T12:00:00.000Z",
"responseTime": 342
}
}
}
Response Fields
Threat Classification
| Field | Type | Description |
|---|
threatLevel | string | Overall threat level: low, medium, high, critical |
threatScore | number | Threat score (0-100) |
riskFactors | array | List of identified risk factors |
Blacklist Results
| Field | Type | Description |
|---|
blacklists | array | Individual DNSBL check results |
blacklistCount | number | Number of blacklists where IP is listed |
Blacklist Object
| Field | Type | Description |
|---|
name | string | DNSBL name |
zone | string | DNSBL zone |
listed | boolean | Whether IP is listed |
category | string | Category (spam, proxy, combined) |
returnCode | string | DNS return code (e.g., 127.0.0.2) |
details | string | Human-readable listing reason |
Anonymity Detection
| Field | Type | Description |
|---|
isTorExit | boolean | IP is a Tor exit node |
isProxy | boolean | IP is a known proxy |
isAnonymous | boolean | IP provides anonymity (Tor or proxy) |
Infrastructure Classification
| Field | Type | Description |
|---|
connectionType | string | Primary connection type |
isDatacenter | boolean | IP belongs to a datacenter |
isHosting | boolean | IP is from a hosting provider |
isMobile | boolean | IP is from a mobile carrier |
isResidential | boolean | IP appears to be residential |
cloudProvider | string | Detected cloud provider name |
isMailServer | boolean | Hostname suggests mail server |
Connection Types
| Type | Description |
|---|
tor | Tor network exit node |
vpn | VPN service |
proxy | Proxy server |
cloud | Cloud provider (AWS, GCP, Azure, etc.) |
datacenter | Generic datacenter |
hosting | Hosting provider |
mobile | Mobile carrier |
satellite | Satellite internet |
residential | Residential ISP |
Threat Scoring
| Score Range | Level | Description |
|---|
| 0-39 | Low | No significant threats detected |
| 40-59 | Medium | Minor risk factors present |
| 60-79 | High | Multiple risk factors or blacklist hits |
| 80-100 | Critical | Severe threats (malware, Tor + blacklisted) |
Score Factors
| Factor | Points |
|---|
| Each blacklist hit | +20 |
| Tor exit node | +35 |
| Proxy detected | +25 |
| Datacenter (no cloud provider) | +15 |
| No reverse DNS | +5 |
Example Requests
Basic Intelligence Check
curl "https://api.requestguard.com/v1/ip/intelligence?ip=8.8.8.8"
Check Known Bad IP
curl "https://api.requestguard.com/v1/ip/intelligence?ip=185.220.101.1"
Example Response (Clean IP)
{
"success": true,
"data": {
"ip": "8.8.8.8",
"threatLevel": "low",
"threatScore": 0,
"riskFactors": [],
"blacklists": [
{
"name": "Spamhaus ZEN",
"zone": "zen.spamhaus.org",
"listed": false,
"category": "combined"
}
],
"blacklistCount": 0,
"isTorExit": false,
"isProxy": false,
"isAnonymous": false,
"connectionType": "cloud",
"isDatacenter": false,
"isHosting": false,
"isMobile": false,
"isResidential": false,
"cloudProvider": "google",
"isMailServer": false,
"asn": 15169,
"asName": "GOOGLE, US",
"bgpPrefix": "8.8.8.0/24",
"country": "US",
"hostname": "dns.google",
"_meta": {
"queriedAt": "2024-12-01T12:00:00.000Z",
"responseTime": 156
}
}
}
Error Responses
Missing Parameter
{
"success": false,
"error": {
"code": "MISSING_PARAMETER",
"message": "Missing required parameter: ip"
}
}
Invalid IP
{
"success": false,
"error": {
"code": "INVALID_IP",
"message": "Invalid IP address format"
}
}
Private IP
{
"success": false,
"error": {
"code": "PRIVATE_IP",
"message": "Cannot lookup private IP address"
}
}
Rate Limits
| Plan | Requests per minute |
|---|
| Free | 10 |
| Pro | 100 |
| Enterprise | Unlimited |
Use Cases
- Fraud Prevention: Block high-risk IPs from transactions
- Bot Detection: Identify datacenter/proxy traffic
- Abuse Prevention: Check IPs against blacklists
- Security Monitoring: Alert on Tor/VPN usage
- Email Security: Verify sender IP reputation
- Access Control: Block anonymous traffic
