Under the Hood

The Intelligence Engine
Built for Speed.

We don't just aggregate lists. Our proprietary pipeline collects, cleans, and scores millions of IP signals in real-time. Here is how we do it.

The Data Pipeline

From raw signal to actionable score in <50ms

📡

1. Collect

Ingesting Tor, VPN, and Honeypot data.

🧹

2. Clean

Filtering false positives & stale data.

🧠

3. Score

Applying subnet & behavioral logic.

4. API Delivery

Served via Redis edge cache.

MODULE: IP-COLLECTOR

Real-Time Ingestion

Our collectors run 24/7, scraping public and private threat feeds. We monitor Tor exit nodes, open proxies, and abusive ASNs. Unlike static databases, we ingest data as it happens.

  • • Interval: Continuous
  • • Sources: 15+ Threat Feeds
MODULE: SUBNET-INTELLIGENCE

The "Neighborhood Watch"

This is our secret sauce. We don't just look at single IPs. We analyze the entire /24 subnet. If 5 neighbors are bad, we preemptively flag the 6th before it attacks you.

  • • Logic: Heuristic Clustering
  • • Scope: /24 CIDR Blocks
MODULE: REDIS-CACHE

Edge Performance

Speed is a security feature. We cache hot IP data in Redis memory layers. This ensures that 99% of API requests are served in under 50 milliseconds.

  • • Technology: Redis + Node.js
  • • Latency: < 5ms internal
MODULE: API-SERVER

Developer Experience

We strip away the noise. No complex XML or confusing booleans. Just a clean JSON response with a 0-100 Risk Score and clear "Reasons" for the flag.

  • • Format: JSON
  • • Auth: API Key Header

The Output

This is exactly what you get when you call our API. Clean, actionable data ready for your firewall or app logic.

Read Full API Docs
GET /api/ip/1.2.3.4
{
"ip": "1.2.3.4",
"risk_score": 98,
"label": "high_risk",
"reasons": [
"tor_exit_node",
"abusive_subnet"
]
}

Ready to use this engine?

Get access to the full pipeline with a free API key.

Start Free