Data Methodology & Accuracy

IP intelligence is probabilistic. OpenIPApi combines geolocation datasets, ASN data, reverse DNS, TLS metadata, Tor exit lists, datacenter ranges, proxy fingerprints and active probing signals. Country-level results are generally more reliable than city-level results, especially for mobile carriers, VPNs and large ISPs. Threat scores should be used as risk signals, not as automatic final decisions.

Geolocation

Country-level accuracy is typically high (95–99%). City-level accuracy is lower and degrades for mobile carriers, VPNs, large ISPs that NAT many users behind a single IP, and recently re-allocated ranges. Coordinates should be treated as a region indicator, not a precise location.

ASN, ISP and connection type

ASN data comes from public RIR delegations cross-referenced with active reverse DNS. Connection type classification (residential, datacenter, mobile, education, government) is heuristic and can be wrong, especially for hybrid networks.

VPN, proxy, Tor and datacenter detection

Detection combines (1) public lists (Tor exit nodes, known VPN ranges, datacenter CIDRs), (2) reverse DNS and TLS certificate patterns, (3) active probing for VPN protocols (OpenVPN, WireGuard) and proxy responses (SOCKS, HTTP CONNECT), (4) IP reputation feeds. No single signal is conclusive — flags reflect the weight of evidence across these sources.

Threat score

The threat score (0–100) is a risk indicator, not a final verdict. Combine it with account, payment, device and behavior signals — for example: an IP with score 85 plus a freshly created email plus an unusual browser fingerprint is a stronger fraud signal than any of those alone.

Known limitations

Carrier-grade NAT can place thousands of users behind the same IP. Recently changed IP allocations can lag in our data. Residential proxy pools rotate quickly. Mobile IPs change frequently. Treat our data as one input to a decision, not the decision itself.