field guide

not all ip addresses
are created equal.

Every IP on the internet carries a story — who owns it, what infrastructure it sits on, and whether it's trying to hide something. This page is a quick field guide to the categories we classify, and the problems this kind of data actually solves — especially now that so much traffic comes from AI agents, not humans.

classification

the five categories that matter

Every record in our dataset gets evaluated against these dimensions. An IP can belong to more than one — a VPN exit node can also be a datacenter IP, for example.

residential

Residential IP

An address assigned by an ISP directly to a home or mobile connection — Comcast, Vodafone, Jio, etc.

  • Looks like a real person to most systems
  • Rarely pre-flagged by anti-fraud lists
  • Often dynamic — reassigned periodically
field: is_residential, isp
datacenter

Datacenter / Hosting IP

Assigned to a cloud provider or hosting company — AWS, Hetzner, DigitalOcean, OVH, etc.

  • Where most servers, bots and scrapers live
  • Commonly blocklisted by anti-bot systems
  • Stable, often static, easy to fingerprint by ASN
field: isp = Datacenter, asn, org_name
vpn

VPN Range

IP ranges published by commercial VPN providers — used to mask a user's real location and identity.

  • Common for privacy users, but also abuse/fraud
  • Often shared across many simultaneous users
  • High-value signal for fraud and access-control systems
field: is_vpn
tor

TOR Exit Node

The final hop in the TOR network before traffic reaches the open internet — the IP a destination server actually sees.

  • Refreshed from the live TOR consensus
  • Often used for anonymity, sometimes for abuse
  • Many services block or challenge TOR exits outright
field: is_tor
apple relay

Apple Private Relay

Apple's iCloud+ feature that routes Safari traffic through two relays so neither Apple nor the destination sees both your identity and your activity.

  • Increasingly common on iOS / macOS traffic
  • Can break IP-based geolocation and rate limiting
  • Refreshed daily from Apple's published egress ranges
field: is_apple_relay
anonymity level

Elite / Anonymous / Transparent

For proxies specifically, we actively test what a destination server sees when traffic passes through.

  • Elite — no trace of the original IP or proxy headers
  • Anonymous — hides origin IP, but leaves proxy headers
  • Transparent — origin IP is fully visible (not hidden)
field: anonymity_level, protocol
why this matters now

the internet's traffic mix has changed

A growing share of requests hitting any given server today aren't from a person clicking a mouse — they're from AI agents, browser automations, scrapers feeding LLM training pipelines, and bots impersonating both. Knowing what kind of IP a request comes from is one of the few reliable signals left.

request_origin.json
"ip": "185.x.x.x",
"isp": "Datacenter", // → likely automated, not a person sitting at home
"is_vpn": true, // → identity intentionally masked
"is_residential": false, // → doesn't match a typical consumer connection
"anonymity_level": "Elite" // → built specifically to avoid detection
use cases

what teams actually do with this data

A sample of the problems IP-type and proxy intelligence data gets used for — across security, AI, and growth teams.

01

Detecting AI agent & bot traffic

Flag requests from datacenter ranges, known VPNs, or proxy exit nodes to separate genuine human visitors from automated agents and scrapers.

ispis_vpnis_tor
02

Cleaning training data sources

Teams building web-scraping pipelines for LLM training data use proxy IPs to distribute requests — this dataset helps both build and detect such pipelines.

protocolanonymity_level
03

Fraud & account-abuse signals

VPN and TOR usage, combined with datacenter origin, are classic signals in fraud-scoring models for signups, logins, and payment flows.

is_vpnis_torasn
04

QA & geo-testing

Use verified proxies across regions and ASNs to test how your app, ads, or pricing behave from different network vantage points.

org_nameportis_residential
05

OSINT & investigations

Cross-reference an IP of interest against known TOR exits, VPN ranges, and ASN ownership to quickly narrow down what kind of connection you're looking at.

is_toris_apple_relayasn
06

Anti-bot rule tuning

Build and tune WAF / bot-management rules using a live, classified feed instead of static, slowly-updated blocklists.

last_testedfirst_seen

see the data for yourself

Free during early access — get the latest snapshot with full classification fields.

go to downloads →