New
We're excited to announce the following improvements to ipdata's threat data!
TL;DR
There are 4 new fields under the threat object;
is_vpn
- available on the Business and Enterprise plans
is_icloud_relay
- available on all plans
is_datacenter
- available on all plans
blocklists
- open-source data available on all paid plans, while commercial feeds are available on the Business and Enterprise plans
Here is a sample API response showcasing the new data fields.

Blocklists
The new blocklists array field tells you what blocklists an IP address has been reported to. It includes the name, website and list type. We have manually reviewed and included 100+ established OSINT threat feeds eg. Rutgers, Abuse.ch, Spamhaus as well as 2 commercial feeds HoneyDB and Bambenek Consulting, a list we will continue to add to.
The OSINT data is available to all paying ipdata subscribers while the Commercial Feeds are only available to users on the Business and Enterprise plans.
VPN Detection and Improved Proxy Detection
The is_vpn
field returns true for VPN IP addresses. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only. The existing is_proxy field is now backed by up to 2M+ IP addresses updated daily and is available to all users free and paid.
iCloud Relay Detection
Apple's iCloud relay functionality is supposed to cleave closely to the actual city and region the end-user is in, meaning geolocation accuracy will not be affected. As a convenience we will mark the IP addresses belonging to the service by setting is_icloud_relay
to true.
Bonus:
The new boolean is_datacenter
field returns true for any IP addresses that belong to a datacenter including all cloud providers. This is useful for detecting bots.