GeoThreat API Now Live
FraudGuard’s newest feature is now live: GeoThreat API — a powerful new way to understand attacker activity near any IP address using real geolocation, ASN, ISP, and organizational matching.
GeoThreat blends the accuracy of FraudGuard’s global ACE dataset with hyper‑local context, answering questions that were previously impossible without internal telemetry:
- “Are there high‑risk attackers on the same ISP as this user?”
- “What kinds of botnet clusters operate in the same city or region?”
- “Is this login IP sitting in a known hostile neighborhood?”
- “Are there coordinated threats around this cloud asset?”
If you’ve ever wanted deeper risk signals—with real geographic relevance—GeoThreat delivers that instantly.
What GeoThreat API Does
Given any IP, GeoThreat returns:
- Precise latitude/longitude, city, region, and ISP data
- Nearby attackers from our global honeypot footprint
- Sorted by risk, similarity, and proximity
- With
radius_km, pagination, and total attacker counts
This creates a unique “risk neighborhood” around each IP.
Real Example: Threats Around a Residential IP in Brazil
Below is a real GeoThreat API response for a residential Vivo IP in São Paulo. Within a 100km radius, GeoThreat identified 2,430 nearby high‑risk attackers, including multiple anonymous network nodes operating less than 25km away:
{
"isocode": "BR",
"country": "Brazil",
"state_code": "SP",
"state": "São Paulo",
"city": "Carapicuíba",
"postal_code": "06300",
"latitude": -23.5257,
"longitude": -46.8288,
"timezone": "America/Sao_Paulo",
"connection_type": "Cable/DSL",
"asn": 27699,
"asn_organization": "TELEFONICA BRASIL S.A",
"isp": "Vivo",
"organization": "Vivo",
"discover_date": "2025-12-03 04:40:32",
"threat": "unknown",
"risk_level": "1",
"geo_threat": {
"query_ip": "187.34.26.2",
"radius_km": 100,
"page": 1,
"limit": 2,
"total_attackers": 2430,
"results": [
{
"ip": "177.139.130.157",
"threat": "anonymous_tracker",
"risk": "3",
"asn": "27699",
"asn_organization": "TELEFONICA BRASIL S.A",
"isp": "Vivo",
"organization": "Vivo",
"isocode": "BR",
"country": "Brazil",
"state": "São Paulo",
"city": "São Paulo",
"latitude": "-23.629300",
"longitude": "-46.635100",
"connection_type": "Corporate",
"updated_at": "2025-12-03 04:19:18",
"distance_km": "22.85584792284798"
},
{
"ip": "179.111.216.102",
"threat": "anonymous_tracker",
"risk": "3",
"asn": "27699",
"asn_organization": "TELEFONICA BRASIL S.A",
"isp": "Vivo",
"organization": "Vivo",
"isocode": "BR",
"country": "Brazil",
"state": "São Paulo",
"city": "São Paulo",
"latitude": "-23.629300",
"longitude": "-46.635100",
"connection_type": "Cable/DSL",
"updated_at": "2025-12-03 03:56:40",
"distance_km": "22.85584792284798"
}
]
}
}
This example highlights the power of GeoThreat: it not only identifies attackers, but clusters them by proximity, ISP, ASN, and region—revealing patterns traditional IP reputation alone can’t show.
Live Today
GeoThreat is now live and ready to use for all Business and Enterprise customers.
View the GeoThreat API Documentation →
If you have any questions or need help getting started, feel free to reach out to us anytime at hello@fraudguard.io.