IP fraud detection API
One risk score from every abuse signal.
GeoQ rolls VPN, proxy, datacenter, Tor and bot signals into a single transparent 0–100 risk score with reasons — so you can act with one number and still see why.
How it works
01
Each triggered signal adds a documented weight: Tor +45, proxy +40, datacenter +35, VPN +30, bot +25.
02
The score is the sum of triggered weights, capped at 100. low < 30, medium 30–59, high ≥ 60.
03
risk.reasons lists exactly which signals fired. Nothing about the score is hidden — see the full methodology.
What you get back
| Field | Meaning |
|---|---|
risk.score | 0–100, the capped sum of triggered signal weights. |
risk.level | low / medium / high derived from the score. |
risk.reasons | Array of the exact signals that contributed. |
signals.* | The underlying booleans, so you can build your own policy. |
In your code
const r = await geoq.check(req.ip); switch (r.risk.level) { case "high": return challenge(user); // MFA / manual review case "medium": return monitor(user); // log + watch default: return allow(user); }
FAQ
Frequently asked questions
How is the risk score calculated?
It's the capped sum of triggered signal weights (Tor 45, proxy 40, datacenter 35, VPN 30, bot 25). Full detail on the methodology page.
Can I rely on the score alone to block users?
No. The score is probabilistic and must not be the sole basis for an automated decision about a person. Use it as one input. See our AUP.
Can I set my own threshold?
Yes — the booleans and reasons are all returned, so you can build any policy you like on top of the score.
Related signals
Start with the free tier. No card.
1,000 lookups a day, every signal, the same transparent risk score. Upgrade only when you outgrow it.