About IPOK

IPOK is built and maintained by one independent developer. There is no company behind it, no research lab, no “team of security analysts,” and no venture funding. It is a side project that grew out of a real, recurring annoyance — and I would rather tell you that plainly than dress it up as something it isn't.

I mention this up front because the IP-checking space is full of tools that imply institutional authority they don't have: invented “security teams,” stock-photo headshots, fabricated user counts, and award badges nobody can verify. IPOK takes the opposite position. The credibility of this tool should come from what it actually does and whether you can verify its output, not from a logo wall.

In practice that means: every risk score is explained source by source, so you can judge it yourself rather than trusting one opaque number; the detection logic and data-aggregation code are described openly on the methodology page, and the companion CLI is open source under the MIT license (github.com/szp2005/ipok-cli), so you can read exactly how an API response becomes a score; where IPOK relies on third-party data it names the third party, and where it uses its own data it says so too.

IPOK started for practical reasons. I run servers, move between networks, and constantly deal with IPs that get silently treated as “dirty” — blocked at signup, served endless CAPTCHAs, geo-restricted, or flagged by fraud systems — with no way to see why. The dominant tool in this category gives you a single risk number and almost no reasoning. When a number decides whether you can log in, sign up, or get an order through, “trust me” is not good enough.

The people who hit this same wall fall into a few groups, and IPOK is built for them: developers and sysadmins who buy a VPS and find the IP on shared blocklists, or need to know datacenter vs. residential before they deploy; cross-border e-commerce sellers whose account or store gets risk-flagged because the IP looks like a proxy or sits in a bad neighborhood of the address space; VPN and proxy users who want to check whether their exit IP is actually clean, whether it leaks via WebRTC, and whether a service will let them through; and anti-fraud and trust-and-safety people who need a second opinion on an address and want the underlying signals, not just a verdict.

So the design goals were: aggregate more than one risk source instead of betting on one; explain every flag instead of hiding the reasoning; profile the surrounding address block, not just the single IP; and do it in both English and Chinese, for free, fast, on infrastructure close to the user. That's the whole pitch. IPOK is the tool I wanted to exist, made available to anyone with the same problem.

IPOK does not invent a risk number — it aggregates several independent signals and shows you each one. The score on screen is a weighted combination, with a transparent rule that a strong hard signal (a confirmed Tor exit, for example) raises the floor so a single clean-looking source can't bury it.

The eight signal sources, blended by reliability weight: (1) ip-api — geolocation, ASN/network ownership, and a baseline proxy/hosting classification; (2) ipapi.is — a calibrated abuse score plus network provenance; (3) proxycheck — live commercial proxy/VPN detection; (4) AbuseIPDB — a community-reported abuse database; (5) Scamalytics — fraud scoring focused on online-transaction risk; (6) StopForumSpam — a long-running forum/signup-spam address database; (7) IPQS — commercial risk scoring (may be dormant; dormant or failed sources are simply excluded); and (8) IPOK-DB, a self-built offline reputation library compiled from freely redistributable feeds (the official Tor bulk exit list, X4BNet community VPN ranges, Spamhaus DROP, and tested open proxies), built into a compact in-memory sorted-range table refreshed weekly to catch VPN ranges that ASN-based checks miss. On top of the weighted sources, IPOK applies hard-signal floors (a confirmed Tor exit, blocklist hit, or proven proxy keeps the score from dropping below a set floor) and runs a /24 neighbor (C-segment) profile — scanning the 256 addresses around yours and feeding the flagged-neighbor ratio back as a co-location signal, an extra dimension rather than one of the data sources above, because real fraud systems judge addresses by their surroundings too.

Two design choices matter: community and lower-precision sources are weighted conservatively — a community VPN feed contributes a normal vote, not an automatic verdict, to avoid over-flagging; and everything is shown in the breakdown table, so when IPOK marks an address you can see exactly which sources agreed and why. That explainability is the entire point, and what separates IPOK from a black-box score.

A note on what IPOK does not do: it doesn't claim more precision than its inputs allow, it doesn't use paid databases with restrictive licenses (no MaxMind redistribution), and the speed test is clearly labeled as measuring your current network, not the IP you looked up.

Because IPOK is a one-person project, the feedback loop is direct — your message reaches the person who actually writes the code.

Good reasons to get in touch: you think a result is wrong (IP reputation data is imperfect and sources occasionally disagree or misclassify; corrections to the offline database and weighting are exactly what one developer can act on quickly); you found a bug in the checker, CLI, or Chrome extension; you're a data provider or feed maintainer and want IPOK to use or stop using your source; or you have press, partnership, or API questions.

Contact: open an issue on the GitHub repo (github.com/szp2005/ipok-cli), or reach out via ipok.io. I won't pretend to be a support department I'm not, auto-reply with a ticket number from a fictional team, or quote a response-time SLA I can't honor as a solo maintainer. A reply may take a day or two — the trade-off is that the person reading your message is the one who can fix what you're writing about.