IP reputation: why your firewall isn't enough
Static IP blocklists can't keep up with attackers who rotate through VPNs, residential proxies, and Tor exit nodes. The Veille IP Reputation API (GET /v1/intelligence/ip) analyzes each IP in real time across multiple dimensions and returns a threat_score from 0 to 100.
What the API returns
For any IPv4 or IPv6 address, you get: VPN/proxy/Tor/datacenter detection, ASN and network owner details, geolocation (country, city, coordinates, timezone), and whether the IP has been flagged as an abuser or crawler.
Quick integration
Python
import requests
API_KEY = "YOUR_API_KEY"
BASE_URL = "https://api.veille.io/v1"
response = requests.get(
f"{BASE_URL}/intelligence/ip",
params={"query": "82.64.12.193"},
headers={"x-api-key": API_KEY},
)
data = response.json()
if data["is_vpn"] or data["threat_score"] > 60:
print(f"Suspicious IP - score: {data['threat_score']}")
else:
print(f"Clean IP from {data['location']['country']}")
TypeScript
const API_KEY = "YOUR_API_KEY";
const BASE_URL = "https://api.veille.io/v1";
const headers = { "x-api-key": API_KEY };
const response = await fetch(
`${BASE_URL}/intelligence/ip?query=82.64.12.193`,
{ headers }
);
const data = await response.json();
if (data.is_vpn || data.threat_score > 60) {
console.log(`Suspicious IP - score: ${data.threat_score}`);
} else {
console.log(`Clean IP from ${data.location.country}`);
}
Key response fields
is_vpn/is_proxy/is_tor- specific anonymization flagsis_datacenter- identifies cloud/hosting IPs used for automated attacksis_abuser- flagged for known malicious activityasn- network owner, type (isp,hosting,business), and countrythreat_score- 0 (clean) to 100 (high threat)
5 use cases
- Signup fraud detection - flag accounts created from VPN or Tor exit nodes for manual review.
- Adaptive authentication - add CAPTCHA or MFA when the IP comes from a datacenter or proxy.
- Geo-restriction enforcement - verify the user's actual country matches your service region.
- Rate limiting - apply stricter rate limits to IPs with high threat scores.
- Payment fraud prevention - compare the IP geolocation with the billing address before processing a charge.