Appearance

IP Intelligence

Look up any IP address for geolocation, threat score, network identity, and detection flags. One API call, under 100ms response time, free tier included.

Best for: login protection, fraud detection, access control, and any application that needs to know where an IP is and whether it is trustworthy.

Try it now | IP Intelligence API reference

What this is

WAYSCloud IP Intelligence is a real-time IP lookup API. Send a GET /v1/ip/{ip} request and receive geolocation (country, city, coordinates), network data (ASN, ISP, organization), a threat score (0-100), and detection flags (VPN, proxy, Tor, datacenter, botnet). The service queries multiple data sources in parallel and returns a consolidated response in under 100ms.

Data is sourced from 297M+ threat reports across 21.9M+ unique IP addresses, 5.3M+ malware URLs, and 3.5M+ blacklisted domains, covering 240 countries.

A free tier is auto-provisioned on your first API call. No activation step required. A public lookup portal is available at ip.wayscloud.services for one-off queries.

When to use it

Use this when:

  • You need to score login attempts by IP risk before granting access
  • You want to detect VPN, proxy, or Tor usage at signup or checkout
  • You need IP geolocation for content localization or compliance
  • You want to enrich logs or analytics with IP metadata

Consider something else when:

  • You need DNS-level threat filtering for your domains — use WAYSCloud Shield
  • You need to verify a user identity (not just their IP) — use Verify

What you get

  • Full IP lookup in a single call: geo, network, threat, and flags
  • Threat score from 0 (clean) to 100 (critical) with level classification
  • Detection flags: VPN, proxy, Tor, datacenter, botnet
  • Geolocation: country, city, region, coordinates, timezone
  • Network identity: ASN, ISP, organization, connection type
  • Specialized endpoints: geo-only, threat-only, live threat feed, country intel, ASN intel
  • Free tier auto-provisioned, paid plans for higher rate limits
  • Public portal at ip.wayscloud.services

Pricing

All prices exclude VAT.

PlanEUR/monthNOK/monthSEK/monthDKK/month
IP Intelligence CustomFreeFreeFreeFree
IP Intelligence Enterprise259299928191919
IP Intelligence FreeFreeFreeFreeFree
IP Intelligence Professional39499469319

Free tier auto-provisioned (100 lookups/day). Paid plans via Shield.

View all plans in dashboard

How it works

  1. First API call auto-provisions the free tier. No activation needed.
  2. Send a lookup with GET /v1/ip/{ip} and your API key.
  3. Multiple databases are queried in parallel: geolocation, threat intelligence, network registry, detection engines.
  4. A threat score (0-100) is computed from combined signals: known malicious activity, proxy/VPN indicators, network reputation.
  5. Response returned in under 100ms with geo, network, threat, and flags.

What you see in the dashboard

  • Lookup interface: enter any IP and see the full report inline
  • Threat level badge: clean / low / medium / high / critical with numeric score
  • Geolocation: country flag, city, region, coordinates plotted on a map
  • Network panel: ASN number, ISP, organization, connection type
  • Detection flags: VPN, proxy, Tor, datacenter, botnet indicators with confidence
  • Live threat feed: most recently reported malicious IPs across the platform
  • Usage stats: lookups today, this month, plan limit

Fastest way to get started

Dashboard

  1. Open my.wayscloud.services and go to Networking then IP Intelligence
  2. The service is auto-activated. Copy your API key from the dashboard.
  3. Or use the public portal at ip.wayscloud.services for one-off lookups.

API

bash
curl https://api.wayscloud.services/v1/ip/185.47.100.12 \
  -H "X-API-Key: wayscloud_ipintel_abc12_YOUR_SECRET"

Example request and response

Request: Full lookup of a suspicious IP

bash
curl https://api.wayscloud.services/v1/ip/203.0.113.50 \
  -H "X-API-Key: wayscloud_ipintel_abc12_YOUR_SECRET"

Response:

json
{
  "ip": "203.0.113.50",
  "ip_version": 4,
  "hostname": null,
  "geo": {
    "country": "RU",
    "country_name": "Russia",
    "city": "Moscow",
    "region": "Moscow",
    "latitude": 55.7558,
    "longitude": 37.6173,
    "timezone": "Europe/Moscow"
  },
  "network": {
    "asn": 48666,
    "isp": "Marosnet Telecommunications",
    "org": "Marosnet",
    "connection_type": "datacenter"
  },
  "threat": {
    "score": 72,
    "level": "high",
    "is_clean": false
  },
  "flags": {
    "vpn": true,
    "proxy": false,
    "tor": false,
    "datacenter": true,
    "botnet": false
  }
}

Use in a login flow (Python):

python
import requests

def assess_login_risk(ip_address):
    resp = requests.get(
        f"https://api.wayscloud.services/v1/ip/{ip_address}",
        headers={"X-API-Key": "wayscloud_ipintel_abc12_YOUR_SECRET"}
    )
    data = resp.json()

    if data["threat"]["score"] > 70:
        return "block"
    if data["flags"]["tor"] or data["flags"]["vpn"]:
        return "challenge"
    return "allow"

Common use cases

  • Login protection — block or challenge logins from high-risk IPs
  • Fraud detection — flag orders from VPN, proxy, or datacenter IPs at checkout
  • Geo-restriction — enforce country-based access policies
  • Log enrichment — add geo and threat data to access logs for analytics
  • Compliance — verify user location matches claimed jurisdiction

Integration examples

Bash — quick IP lookup

bash
#!/bin/bash
ip="${1:-$(curl -4 -s ifconfig.me)}"
curl -s "https://api.wayscloud.services/v1/ip/$ip" \
  -H "X-API-Key: wayscloud_ipintel_abc12_YOUR_SECRET" | jq .

Python — threat intelligence client

python
import requests

class IPIntelClient:
    def __init__(self, api_key):
        self.base = "https://api.wayscloud.services/v1/ip"
        self.headers = {"X-API-Key": api_key}

    def lookup(self, ip):
        return requests.get(f"{self.base}/{ip}", headers=self.headers).json()

    def threat(self, ip):
        return requests.get(f"{self.base}/{ip}/threat", headers=self.headers).json()

    def live_feed(self, limit=25):
        return requests.get(f"{self.base}/threats/live",
            headers=self.headers, params={"limit": limit}).json()

client = IPIntelClient("wayscloud_ipintel_abc12_YOUR_SECRET")
result = client.lookup("8.8.8.8")
print(f"Threat: {result['threat']['level']} (score {result['threat']['score']})")

Node.js — Express threat check middleware

javascript
const axios = require('axios');

const API_KEY = process.env.WAYSCLOUD_API_KEY;

async function checkThreat(req, res, next) {
    const ip = req.headers['x-forwarded-for']?.split(',')[0] || req.ip;
    try {
        const { data } = await axios.get(
            `https://api.wayscloud.services/v1/ip/${ip}`,
            { headers: { 'X-API-Key': API_KEY } }
        );
        if (data.threat.score > 50) {
            return res.status(403).json({ error: "High risk IP blocked" });
        }
        req.threatIntel = data;
        next();
    } catch {
        next(); // Allow on lookup failure
    }
}

app.use(checkThreat);

fail2ban — automatic abuse reporting

ini
# /etc/fail2ban/action.d/wayscloud-report.conf
[Definition]
actionban = curl -s -X POST https://api.wayscloud.services/v1/ip/report \
  -H "X-API-Key: <apikey>" \
  -H "Content-Type: application/json" \
  -d '{"ip": "<ip>", "category": "ssh_bruteforce", "severity": "medium", "confidence": 0.8}'

See Report IP Abuse for the full reporter setup guide.

Open in dashboard