IP Intelligence API
Real-time IP risk data, served in one curl.
Geo, ASN, Tor / VPN / proxy / datacenter / residential-proxy classification, a recommendation severity, plus optional WHOIS. Sub-100ms p50 from US edges. Every response carries the sources behind every detection so the logic is replayable.
{
"ip": "8.8.8.8",
"type": "IPv4",
"success": true,
"geo": {
"continent": "North America",
"continent_code": "NA",
"country": "United States",
"country_code": "US",
"is_eu": false,
"region": "",
"region_code": "",
"city": "",
"postal": "",
"latitude": 37.751,
"longitude": -97.822,
"accuracy_radius_km": 1000,
"flag_emoji": "🇺🇸",
"capital": "Washington D.C.",
"calling_code": "1",
"currency": "USD"
},
"network": {
"asn": 15169,
"organization": "Google LLC",
"isp": "Google LLC",
"network_cidr": "",
"rir": "RIPE NCC",
"reverse_dns": "dns.google",
"reverse_dns_valid": true
},
"timezone": {
"id": "America/Chicago",
"abbreviation": "CDT",
"utc_offset": "-05:00",
"current_time": "2026-05-18T06:29:31.234Z",
"is_dst": false
},
"security": {
"is_tor": false,
"is_vpn": false,
"is_proxy": false,
"is_residential_proxy": false,
"is_datacenter": true,
"is_relay": false,
"is_bogon": false,
"threat_score": 15,
"threat_level": "low",
"detection_sources": [
"datacenter-asn-list"
],
"detected_services": [
"Google"
],
"ip_type": "datacenter"
},
"abuse": {
"network_name": "",
"description": "Google LLC",
"country": ""
},
"whois": {
"handle": "NET-8-8-8-0-2",
"rir": "arin",
"networkName": "GOGL",
"startAddress": "8.8.8.0",
"endAddress": "8.8.8.255",
"cidrList": [
"8.8.8.0/24"
],
"org": {
"name": "Google LLC",
"id": "GOGL",
"address": null
},
"abuse": {
"email": "[email protected]",
"phone": "+1-650-253-0000"
},
"technical": {
"email": "[email protected]",
"phone": "+1-650-253-0000"
},
"dates": {
"registration": "2023-12-28T17:24:33-05:00",
"lastChanged": "2023-12-28T17:24:56-05:00",
"lastQueried": "2026-02-16T03:00:20.436Z"
},
"status": [
"active"
],
"contentHash": "ddf3a9c13258ba646a0a5bebb750cba5",
"contacts": [
{
"emails": [],
"role": "registrant",
"address": "1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States",
"tier": "standard",
"org": null,
"name": "Google LLC",
"phones": [],
"handle": "GOGL",
"source": "entity",
"category": "registrant",
"displayName": "Registrant",
"remarks": "Registration Comments\nPlease note that the recommended way to file abuse complaints are located in the following links. \n\nTo report abuse and illegal activity: https://www.google.com/contact/\n\nFor legal requests: http://support.google.com/legal \n\nRegards, \nThe Google Team"
},
{
"emails": [
"[email protected]"
],
"role": "abuse",
"address": "1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States",
"tier": "standard",
"org": "Abuse",
"name": "Abuse",
"phones": [
"+1-650-253-0000"
],
"handle": "ABUSE5250-ARIN",
"source": "entity",
"category": "general_abuse",
"displayName": "General Abuse",
"remarks": "Registration Comments\nPlease note that the recommended way to file abuse complaints are located in the following links.\n\nTo report abuse and illegal activity: https://www.google.com/contact/\n\nFor legal requests: http://support.google.com/legal \n\nRegards,\nThe Google Team"
},
{
"emails": [
"[email protected]"
],
"role": "administrative",
"address": "1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States",
"tier": "standard",
"org": "Google LLC",
"name": "Google LLC",
"phones": [
"+1-650-253-0000"
],
"handle": "ZG39-ARIN",
"source": "entity",
"category": "administrative",
"displayName": "Administrative",
"remarks": null
},
{
"emails": [
"[email protected]"
],
"role": "technical",
"address": "1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States",
"tier": "standard",
"org": "Google LLC",
"name": "Google LLC",
"phones": [
"+1-650-253-0000"
],
"handle": "ZG39-ARIN",
"source": "entity",
"category": "technical",
"displayName": "Technical",
"remarks": null
}
]
},
"whois_status": "available",
"meta": {
"data_freshness": {
"geolite_city": "2026-04-24",
"geolite_asn": "2026-04-27",
"tor_nodes": "2026-05-18T06:00:02.017Z",
"cloud_ranges": "2026-05-18T06:00:02.015Z",
"proxy_lists": "2026-05-18T00:00:02.539Z"
},
"query_time_ms": 7.63,
"cached": false
},
"classification": {
"primary_type": "hosting",
"is_residential": false,
"is_mobile": false,
"is_business": false,
"is_hosting": true,
"is_vpn": false,
"is_tor": false,
"is_proxy": false,
"is_residential_proxy": false,
"is_cloud_gaming": false,
"is_privacy_relay": false,
"is_bogon": false
},
"recommendation": {
"severity": 2,
"action": "block",
"score": 15,
"confidence": "medium",
"reasons": [
"datacenter-asn-list"
],
"summary": "Datacenter / hosting IP (Google LLC). Block end-user / login traffic; safe for service-to-service."
},
"service": {
"name": "Google",
"category": "hosting"
}
}What lands in every response
Six fields, one round trip, no hidden upgrades. Every detection ships with the sources behind it.
Geo
geo"country": "DE", "city": "Frankfurt", "lat": 50.11, "lon": 8.68
Country, region, city, lat/lon. MaxMind GeoLite2 baseline overridden by DNS Checker zone observations when they conflict.
ASN
asn"asn": 16276, "org": "OVH SAS", "type": "hosting"
AS number, organization, and network type (residential, mobile, hosting, business, education, government).
Threat classification
threat"is_tor": true, "is_vpn": false, "is_datacenter": true, "is_residential_proxy": false
Six-bit classification: Tor exit, VPN, public proxy, datacenter, residential proxy (commercial, ASN-detectable), bogon. Each carries detection_sources[].
Recommendation
recommendation"severity": 2, "action": "block", "reason": "tor_exit_node"
Severity 0/1/2 plus a recommended action (allow / friction / block) plus a string reason for logging. One field reads, one decision out.
Service identification
service"service": { "name": "Cloudflare", "kind": "cdn" }Identifies CDN, public DNS resolver, search-engine crawler, and known cloud egress so legitimate infrastructure is not blocked by accident.
WHOIS / RDAP
whois"whois": { "owner": "OVH SAS", "abuse": "[email protected]" }Optional structured WHOIS pulled from the DNS Checker RDAP cache: network owner, abuse contact, allocation date.
Six places this earns its keep
Each link is a working playbook with the relevant fields and a sample integration.
Paid-ads click fraud
Filter datacenter and residential-proxy clicks before they reach your conversion model.
if (data.asn.type === 'hosting' || data.is_residential_proxy) rejectClick(data.recommendation.reason);Read the playbook
Payment fraud at checkout
Add IP risk to your checkout score before charging the card.
score += data.recommendation.severity * 10; if (data.is_vpn) score += 15;Read the playbook
Account takeover
Block credential-stuffing waves originating from known datacenter ranges.
if (data.asn.type === 'hosting' && route === '/login') challenge(req); // captcha or step-upRead the playbook
Scraper / scalper defense
Detect commercial-proxy traffic hammering pricing and inventory pages.
if (data.is_datacenter || data.is_proxy) serveStaticPage(); // no live pricingRead the playbook
Geo-licensing enforcement
Enforce regional content locks based on IP country, with VPN penalty.
if (!ALLOWED.has(data.country) || data.is_vpn) return geoBlocked();Read the playbook
Ban evasion (games / streaming)
Stop banned users from rejoining via VPN, datacenter, or commercial proxy.
if (bannedUserIds.has(uid) ||
data.recommendation.severity >= 2)
refuseSession();Read the playbook Drop-in guide
Use IP Intelligence in WordPress in 30 minutes
Ten production-ready PHP recipes built on a single mu-plugin helper. Brute-force defense for wp-login.php, WooCommerce checkout fraud scoring, EU-only GDPR banner, hosting-ASN throttling, bulk WP-CLI enrichment.
Honest coverage, said up front
What is reliably caught
Datacenter and hosting ASN traffic, public proxy lists, Tor exit nodes via live consensus, commercial residential proxies whose egress ASN is publicly known (Bright Data datacenter, Smartproxy, Oxylabs ISP, etc.), and major commercial VPN ranges. Roughly 30 to 50 percent of commercial-proxy abuse traffic overall.
What is not detectable by IP
SDK-residential pools that egress through real consumer devices (Bright Data EarnApp, Honeygain, Massive, IPRoyal Pawns). The exit IP belongs to a real residential ISP, so no ASN check or DNS signal flags it. Behavioural defenses at the application layer are the right tool for that segment. DNS Checker says this on the marketing page, not buried in docs.
Pricing
Free tier never expires. Subscriptions stack with general DNS Checker plans, and the daily free allowance applies on top of any paid monthly quota.
Free
For evaluating the IP Intelligence API. No credit card.
1,000 req / day
- 1,000 IP lookups/day
- All detection categories
- No credit card
Indie
Side projects, indie SaaS, validation work.
50k req / month
- 50,000 IP lookups/month
- All detection categories
- Bulk endpoint
Growth
Production fraud defense at modest scale.
300k req / month
- 300,000 IP lookups/month
- All detection categories
- Bulk endpoint
Scale
High-volume API consumption with per-key analytics.
2,000k req / month
- 2,000,000 IP lookups/month
- All detection categories
- Bulk endpoint
- Per-key analytics
Custom tier
Custom
For 10M+ requests/month or contract billing.
- 10M+ requests/month
- Custom contract
- Monthly subscription or one-time invoice
- Stripe-invoice billing
Need extra credits this month?
One-time top-ups for IP Intelligence. No subscription required, never expire, stack on top of any active plan.
Integrate in four lines
Use any HTTP client. The response shape is stable, the recommendation field is designed to be read in one boolean.
curl -H "Authorization: Bearer dk_live_..." -H "Accept: application/json" \ "https://dnschkr.com/api/v1/ip?address=185.220.101.1"
Frequently Asked Questions
1,000 requests per day on the free tier. No card, no support tier, no feature ransom.
Generate a key