{ "ip_address": "198.51.100.42", "security": { "is_vpn": true, "is_proxy": false, "is_tor": false, "is_hosting": true, "is_abuse": true } }






IP reputation is a measure of how trustworthy an IP address is, based on its history and network type. An address tied to a VPN, proxy, Tor exit, hosting or datacenter range, or past abuse carries a worse reputation than a residential connection with a clean record. It is a signal, not a verdict.
It comes from the network the IP belongs to and what it has done. Abstract checks whether the address is a VPN, proxy, Tor exit, or hosting or datacenter IP, and whether it appears on abuse and blocklist sources. You combine those flags into your own score and threshold rather than trusting one opaque number.
The strongest negatives are anonymizing networks (VPN, proxy, Tor), hosting and datacenter ranges that real users rarely browse from, and a history of spam, scraping, or fraud on abuse lists. None is proof of bad intent on its own, but several together mark an address worth extra scrutiny.
Run the address through a reputation check that returns its network type and abuse flags. Abstract's free IP abuse checker looks up any IP in the browser, and the same signals are available through the IP Intelligence API for checking addresses in your own signup, login, and checkout flows.
Score the IP behind each request and act on the combination of flags, not a single one. A datacenter IP on a high-value checkout, or a VPN plus a disposable email at signup, is worth a step-up check. Pair IP reputation with email and phone signals for bot detection and ad-fraud screening.
No. Plenty of legitimate users browse through a VPN or a corporate proxy, so blocking every one will turn away real customers. Treat a VPN or proxy flag as one input, weigh it with the rest of the signals and the action's risk, and prefer a challenge over an outright block.
Abstract's IP Intelligence API returns the reputation signals for any address: VPN, proxy, Tor, and hosting or datacenter flags, abuse indicators, plus geolocation and network details. You get the raw flags and decide the action, or feed them into your existing risk rules and fraud tooling. Start free.