Most IP geolocation APIs make you choose: you can have location data cheaply, or you can have security context if you pay more, or you can have abuse contacts if you're on enterprise. APIFreaks is the only API in this test that returns all three (geolocation, security flags, and abuse contacts) in a single call, on the free tier and every paid plan.
The stakes are real. Imperva's 2025 Bad Bot Report found that automated traffic surpassed human activity for the first time in a decade in 2024, reaching 51% of all web traffic, with malicious bots making up roughly 37% of that. The same report found that API-directed attacks reached 44% of advanced bot traffic. Meanwhile, the FBI's IC3 2024 Internet Crime Report recorded a record $16.6 billion in reported losses, up 33% from 2023. Knowing whether an IP is a VPN exit node, a residential proxy, or a known attacker isn't an edge case anymore; it's table stakes for anything handling user accounts, payments, or API access.
If you've been evaluating IP geolocation APIs and running into IPStack's $99.99/month requirement before security fields appear on paid plans, or ipinfo.io's Plus plan at $74/month as the minimum before full privacy detection kicks in, this comparison lays out exactly what each API returns and what it costs. We ran the same five IP addresses (a clean residential, a residential proxy, a VPN exit node, a Tor exit node, and a cloud/hosting IP) through APIFreaks, IPStack, ipinfo.io, AbstractAPI, and ip-api.com, captured every response field, and compared what each one actually returns. The results are below.
TL;DR: Key Takeaways
- APIFreaks is the only API in this test that returns geolocation, security flags, named proxy provider, abuse contacts, and ASN data in a single call at every paid tier. Best fit for fraud detection and security-aware applications.
- IPStack includes the security module on the Free Trial and Professional Plus ($99.99/mo). The Basic and Professional mid-tiers have no security fields at all. VPN detection is solid (
vpn_servicenames the vendor,proxy_last_detectedadds recency), but it missed the Tor exit node and the residential proxy entirely in our test. No abuse contacts at any tier. - ipinfo.io provides detailed ASN and network intelligence data. Full privacy detection (VPN, proxy, Tor service identification) requires the Plus plan at $74/mo. Core ($49/mo) only returns basic booleans. No dedicated abuse contact fields at any tier. Most expensive per 1,000 calls in this test at the security-enabled tier.
- AbstractAPI missed the Windscribe VPN IP entirely (
is_vpn: falseon a known VPN exit node) and false-flagged a Hetzner cloud IP as VPN. Security fields are oddly absent from the Starter and Standard plans despite being present on the free tier. - ip-api.com offers unlimited free non-commercial calls, but no SSL on the free tier, no named proxy/VPN provider, no threat score, and no abuse contacts. Good for prototyping; limited for production security use.
- All five APIs return broadly comparable city-level geolocation accuracy, though with some notable misses. The real differences are in security data, abuse contacts, detection accuracy, depth, and what's paywalled.
- On latency: APIFreaks showed the tightest p50-to-p99 spread with a strong multiregional PoP. AbstractAPI's median looks fast but p99 spikes nearly 4×. IPStack was slowest at the high end. ip-api.com's tail latency was unreliable. ipinfo.io Lite was steady but carries no security data.
Test Methodology
We selected five IPs that represent the most common categories a security team or fraud prevention system would encounter:
| # | IP | Category | ASN | Network Operator |
|---|---|---|---|---|
| 1 | 163.135.0.1 |
Clean residential | AS4673 | NTT DATA CORPORATION |
| 2 | 100.0.212.217 |
Residential proxy | AS701 | Verizon Business |
| 3 | 181.215.52.197 |
VPN exit node | AS397540 | Windscribe |
| 4 | 152.53.149.32 |
Known Tor exit node | AS197540 | netcup GmbH |
| 5 | 5.9.2.192 |
Cloud/hosting IP | AS24940 | Hetzner Online GmbH |
Each IP was queried against all five APIs on June 10, 2026, using each provider's free tier. IPStack's security module is included on the free trial, which is why security data is available for it despite no paid plan being used. ipinfo.io's privacy detection requires a paid plan and was not tested against our five IPs directly; results for that provider are documented from their official response schema.
The focus across all five APIs is on four dimensions: what fields are returned, whether the security data is accurate enough to be actionable, what it costs at scale, and how fast the response comes back in production conditions.
Side-by-Side Comparison
Feature Coverage
| Feature | APIFreaks | IPStack | ipinfo.io | AbstractAPI | ip-api.com |
|---|---|---|---|---|---|
| City-level geolocation | Yes | Yes | Yes (Core+) | Yes | Yes |
| State / district / locality | Yes | Yes (region only) | Yes (Core+, region only) | Yes (region only) | Yes |
| Accuracy radius + confidence score | Yes | Yes | Plus+ | No | No |
| Country metadata (calling code, TLD, languages) | Yes | Yes (calling code + languages) | No | No | No |
| ASN number | Yes | Yes | Yes | Yes | Yes |
| ASN org name | Yes | Yes | Yes | Yes | Yes |
| ASN type (ISP/Hosting/Business) | Yes | Yes | Yes (Core+) | Yes | No |
| ASN RIR, date allocated, route counts | Yes | No | No | No | No |
is_proxy | Yes | Free Trial + Pro+ | Plus+ | Free + Pro | Yes (basic) |
is_tor | Yes | Free Trial + Pro+ | Plus+ | Free + Pro | No |
proxy_provider / vpn_service (named vendor) | Yes | Free Trial + Pro+ | Plus+ (service field) | No | No |
proxy_type | Yes | Free Trial + Pro+ | No | No | No |
threat_score (numeric) | Yes | No (threat_level string only) | No | No | No |
is_known_attacker | Yes | No | No | No | No |
is_spam / is_bot | Yes | No | No | No | No |
is_cloud_provider + cloud_provider (named) | Yes | No (hosting_facility boolean only) | Yes (Core+, is_hosting boolean only) | Yes (boolean only) | Yes (hosting boolean only) |
proxy_level / anonymizer_status | No | Free Trial + Pro+ | No | No | No |
proxy_last_detected | No | Free Trial + Pro+ | Max+ (last_seen field) | No | No |
is_crawler / crawler_type | No | Free Trial + Pro+ | No | No | No |
| Abuse contact (org, email, phone, address) | Yes | No | No | No | No |
| Connection type | Yes | Yes | No | No | No |
| Currency | Yes | Yes | No | Yes | Yes |
| Timezone | Yes | Yes | Yes (Core+) | Yes | Yes |
| HTTPS on free tier | Yes | Yes | Yes | Yes | No |
All fields listed under APIFreaks are available from the free tier, with no plan upgrade required to access security, abuse contacts, or ASN data.
Pricing: Cost per 1,000 Calls and Minimum Security Commitment
Each row shows the lowest achievable cost per 1,000 calls at scale, and the minimum monthly spend required to unlock security fields. These are two different questions a developer would ask: how cheap does it get at volume? and what do I have to commit to just to get security data?
| Provider | Free Tier | Lowest cost/1k calls (security-enabled) | Min. monthly spend for security | Security depth |
|---|---|---|---|---|
| APIFreaks | 10,000 credits (~1,000 full calls) | $0.47/1k (17M credits/$800/mo, 10 credits/call) | $10/mo (80k plan) | Geo + security + abuse + ASN in one call |
| IPStack | 5,000 requests (security included) | $0.05/1k (Pro+, 2M req/$99.99/mo) | $99.99/mo (Pro+, the only paid security tier) | is_proxy, is_tor, vpn_service, proxy_last_detected; no abuse contacts |
| ipinfo.io | Unlimited, country-level only | $0.49/1k (Plus plan, flat rate across all volume tiers from 150k to 5M/mo) | $74/mo (Plus) | VPN/proxy/Tor detection; residential proxy on Max ($94/mo+); no abuse contacts at any tier |
| AbstractAPI | 1k/mo (security included) | $0.106/1k (Professional, 1.5M req/$159/mo) | $39/mo (Professional, 200k) | is_vpn, is_proxy, is_tor; no abuse contacts, no threat score |
| ip-api.com | Unlimited, non-commercial, HTTP only | ~$0/1k at scale (€13.30/mo flat, unlimited) | €13.30/mo (Pro) | proxy and hosting booleans only; no threat score, no named vendor, no abuse contacts |
Notes on the pricing table:
- APIFreaks uses an additive credit system. Base geolocation = 2 credits. Adding
include=security= +4 credits. Addinginclude=abuse= +4 credits. Full response (geo + security + abuse) = 10 credits per call. Security is available from the free tier and every paid plan with no gating. The $10/mo entry plan gives 8,000 full calls; the 17M/$800/mo plan gives 1,700,000 full calls at the lowest per-call rate. - IPStack's security module is available on the Free Trial (5,000 requests) and Professional Plus ($99.99/mo) only. Basic ($12.99/mo) and Professional ($59.99/mo) return no security fields. The $0.05/1k figure is accurate at full 2M monthly usage, but the $99.99/mo floor applies regardless of actual volume consumed. (Per IPStack pricing, accessed June 2026.)
- ipinfo.io Core ($49/mo) includes basic privacy detection booleans but not privacy service identification. You need the Plus plan ($74/mo) to get VPN/proxy/Tor service-level data. Plus pricing is a flat $0.49/1k across all volume tiers (150k through 5M/mo), so unlike most providers, buying more volume doesn't reduce your per-call rate. Overages beyond your chosen tier cap are billed at $0.81/1k. Residential proxy detection requires Max ($94/mo+). No dedicated abuse contact fields at any tier. (Per ipinfo.io pricing, accessed June 2026.)
- AbstractAPI security fields are absent on Starter ($17/mo) and Standard ($37/mo) but present on the free tier and Professional ($39/mo+) only. The $0.106/1k figure is at the 1.5M Professional tier. (Per AbstractAPI pricing, accessed June 2026.)
- ip-api.com Pro is a flat €13.30/mo for unlimited commercial requests. Per-call cost approaches zero at high volume, but the security payload is limited to boolean
proxyandhostingflags with no threat score, no vendor name, and no abuse contacts. Included for completeness but not directly comparable on security depth. (Per ip-api.com pricing, accessed June 2026.)
API Response Breakdown
For each API, we're showing the complete response for the VPN exit node (181.215.52.197) as a representative example since it exercises the most fields across location, security, and network data. Results across all five test IPs are summarized in the Security Detection Summary table further below.
APIFreaks
Free tier: 10,000 credits on signup, no credit card required. The full response used in this test (geolocation + security + abuse contact) costs 10 credits per call, giving you 1,000 test requests before spending anything. If you only need geolocation without abuse contacts, that drops to 6 credits per call and 1,666 requests.
Standard call response: APIFreaks returns a single unified JSON payload covering location, ASN, network, currency, security intelligence, abuse contact data, timezone, and user agent. The endpoint used in this test includes all available modules:
curl -X 'GET' \
'https://api.apifreaks.com/v1.0/geolocation/lookup?include=security%2Cabuse%2Chostname%2CliveHostname%2ChostnameFallbackLive%2Cuser_agent%2Cdma%2Ctime_zone&ip=181.215.52.197' \
-H 'X-apiKey: API_KEY'
{
"ip": "181.215.52.197",
"hostname": "181.215.52.197",
"location": {
"continent_code": "NA",
"continent_name": "North America",
"country_code2": "CA",
"country_code3": "CAN",
"country_name": "Canada",
"country_name_official": "Canada",
"country_capital": "Ottawa",
"state_prov": "Ontario",
"state_code": "CA-ON",
"district": "Toronto",
"city": "Toronto",
"locality": "Toronto",
"accuracy_radius": "14.934",
"confidence": "high",
"dma_code": "",
"zipcode": "M5H",
"latitude": "43.65107",
"longitude": "-79.34702",
"is_eu": false,
"country_flag": "https://ipgeolocation.io/static/flags/ca_64.png",
"geoname_id": "6123731",
"country_emoji": "🇨🇦"
},
"country_metadata": {
"calling_code": "+1",
"tld": ".ca",
"languages": ["en-CA", "fr-CA", "iu"]
},
"network": {
"asn": {
"as_number": "AS397540",
"organization": "Windscribe",
"country": "AQ",
"asn_name": "WINDSCRIBE",
"type": "ISP",
"domain": "windscribe.com",
"date_allocated": "2019-05-02",
"allocation_status": "",
"num_of_ipv4_routes": "4",
"num_of_ipv6_routes": "2",
"rir": "ARIN"
},
"connection_type": "",
"company": {
"name": "Windscribe",
"type": "ISP",
"domain": "windscribe.com"
}
},
"currency": {
"code": "CAD",
"name": "Canadian Dollar",
"symbol": "C$"
},
"security": {
"threat_score": 80,
"is_tor": false,
"is_proxy": true,
"proxy_type": "VPN",
"proxy_provider": "Windscribe VPN",
"is_anonymous": true,
"is_known_attacker": true,
"is_spam": false,
"is_bot": false,
"is_cloud_provider": true,
"cloud_provider": "Windscribe"
},
"abuse": {
"route": "181.215.52.0/24",
"country": "US",
"handle": "WL2284-RIPE",
"name": "Private Customer",
"organization": "",
"role": "abuse",
"kind": "group",
"address": "Private Residence",
"emails": ["report@abuseradar.com"],
"phone_numbers": []
},
"time_zone": {
"name": "America/Toronto",
"offset": -5,
"offset_with_dst": -4,
"current_time": "2026-06-05 08:47:29.316-0400",
"current_time_unix": 1780663649.316,
"current_tz_abbreviation": "EDT",
"current_tz_full_name": "Eastern Daylight Time",
"standard_tz_abbreviation": "EST",
"standard_tz_full_name": "Eastern Standard Time",
"is_dst": true,
"dst_savings": 1,
"dst_exists": true,
"dst_start": {
"utc_time": "2026-03-08 TIME 07",
"duration": "+1H",
"gap": true,
"date_time_after": "2026-03-08 TIME 03",
"date_time_before": "2026-03-08 TIME 02",
"overlap": false
},
"dst_end": {
"utc_time": "2026-11-01 TIME 06",
"duration": "-1H",
"gap": false,
"date_time_after": "2026-11-01 TIME 01",
"date_time_before": "2026-11-01 TIME 02",
"overlap": true
}
},
"user_agent": {
"user_agent_string": "curl/8.5.0",
"name": "Curl",
"type": "Robot",
"version": "8.5.0",
"version_major": "8",
"device": {
"name": "Curl",
"type": "Robot",
"brand": "Curl",
"cpu": "Unknown"
},
"engine": {
"name": "curl",
"type": "Robot",
"version": "8.5.0",
"version_major": "8"
},
"operating_system": {
"name": "Cloud",
"type": "Cloud",
"version": "??",
"version_major": "??",
"build": "??"
}
}
}
A few things worth calling out in this response. The proxy_provider field named the actual vendor ("Windscribe VPN"), something no other API in this test returned. The cloud_provider field confirms the IP routes through Windscribe's own infrastructure. The ASN block includes date_allocated, rir (Regional Internet Registry), and both IPv4 and IPv6 route counts, giving you more network attribution depth than any other provider here. The country_metadata object adds calling code, TLD, and languages. The abuse block returns a full contact record including postal address, handle, role, and phone numbers where available. The time_zone block goes beyond a simple timezone ID; it includes current time, UTC offset with and without DST, full DST start and end schedules, and both standard and daylight abbreviations. And the user_agent object, parsed from the request headers, gives you device type, browser engine, OS, and brand in a single structured block, something no other API in this test returns.
IPStack
Free tier: 5,000 requests, SSL included, and, notably, the security module is active on the free trial. That's a genuine advantage for evaluation: you can test security detection before committing to a paid plan.
Standard call response: The base payload covers location down to city level, timezone, currency, ASN, ISP, connection type, routing type, and the full security block. The endpoint used in this test:
curl -X 'GET' \
'https://api.ipstack.com/181.215.52.197?access_key=API_KEY&hostname=1&security=1'
VPN exit node (181.215.52.197):
{
"ip": "181.215.52.197",
"hostname": "181.215.52.197",
"type": "ipv4",
"continent_code": "NA",
"continent_name": "North America",
"country_code": "US",
"country_name": "United States",
"region_code": "IL",
"region_name": "Illinois",
"city": "Chicago",
"zip": "60608",
"latitude": 41.84885025024414,
"longitude": -87.67124938964844,
"ip_routing_type": "fixed",
"connection_type": "tx",
"location": {
"geoname_id": 4887539,
"capital": "Washington D.C.",
"languages": [{"code": "en", "name": "English", "native": "English"}],
"calling_code": "1",
"is_eu": false
},
"time_zone": {
"id": "America/Chicago",
"current_time": "2026-06-05T05:25:30-05:00",
"gmt_offset": -18000,
"code": "CDT",
"is_daylight_saving": true
},
"currency": {
"code": "USD",
"name": "US Dollar",
"plural": "US dollars",
"symbol": "$",
"symbol_native": "$"
},
"connection": {
"asn": 397540,
"isp": "Windscribe",
"sld": "windscribe",
"tld": "net",
"carrier": "windscribe",
"home": false,
"organization_type": null
},
"security": {
"is_proxy": true,
"proxy_type": "service",
"is_crawler": false,
"crawler_name": null,
"crawler_type": null,
"is_tor": false,
"threat_level": "low",
"threat_types": null,
"proxy_last_detected": "2026-06-01",
"proxy_level": "elite",
"vpn_service": "windscribe",
"anonymizer_status": "private",
"hosting_facility": false
}
}
The VPN detection here is solid. vpn_service: "windscribe" names the vendor correctly, proxy_last_detected gives a recency timestamp, and proxy_level: "elite" and anonymizer_status: "private" add context no other API in this test returns. These are genuinely useful fields for fraud scoring. Note that threat_level returned "low" even on this confirmed VPN exit; as a risk signal on its own, it carries limited discriminating value.
What you have to pay extra for: The security module is available on the free trial and jumps directly to Professional Plus at $99.99/month. Basic ($12.99/mo) and Professional ($59.99/mo) return no security fields at all. There are no abuse contacts at any tier. No numeric threat score exists; threat_level is a low/medium/high string only.
ipinfo.io
Free tier: The Lite plan offers unlimited requests per month using https://api.ipinfo.io/lite/{ip} with Bearer token auth. Here's what it actually returned for our VPN test IP (181.215.52.197):
curl -H "Authorization: Bearer API_KEY" \
'https://api.ipinfo.io/lite/181.215.52.197'
{
"ip": "181.215.52.197",
"asn": "AS397540",
"as_name": "Windscribe",
"as_domain": "windscribe.com",
"country_code": "CA",
"country": "Canada",
"continent_code": "NA",
"continent": "North America"
}
That's it. Eight fields. No city, no privacy detection, no hostname. It confirms the ASN belongs to Windscribe and places it in Canada, but gives you nothing actionable for security purposes.
Standard call response (Plus plan and above): On the Plus plan you get geolocation down to city level, ASN with type and change tracking, and privacy detection booleans. The endpoint:
curl 'https://api.ipinfo.io/lookup/51.68.57.72?token=API_KEY'
We did not test ipinfo.io on a paid plan against our five IPs. The response below is from their official documentation for a different IP and is included to illustrate the Plus plan response structure:
{
"ip": "51.68.57.72",
"hostname": "ip72.ip-51-68-57.eu",
"geo": {
"city": "Lille",
"region": "Hauts-de-France",
"country": "France",
"country_code": "FR",
"continent": "Europe",
"latitude": 50.63297,
"longitude": 3.05858,
"timezone": "Europe/Paris",
"postal_code": "59000",
"radius": 200,
"last_changed": "2025-06-15"
},
"as": {
"asn": "AS16276",
"name": "OVH SAS",
"domain": "ovhcloud.com",
"type": "hosting",
"last_changed": "2025-03-09"
},
"anonymous": {
"is_proxy": false,
"is_relay": false,
"is_tor": false,
"is_vpn": false
},
"is_anonymous": false,
"is_hosting": true,
"is_mobile": false,
"is_anycast": false,
"is_satellite": false
}
The anonymous block on the Plus plan returns boolean flags (is_proxy, is_relay, is_tor, is_vpn) alongside the service field which names the vendor where available (e.g., "NordVPN", "CyberGhost"). The Max plan adds recency and frequency signals (last_seen, percent_days_seen) on top of that. The last_changed field on both geo and as objects tells you when the geolocation or ASN assignment for that IP last shifted, which is useful for attribution confidence.
What you have to pay extra for: Full privacy detection (VPN, proxy, Tor service identification) requires the Plus plan ($74/mo). Named anonymization service, recency, and frequency data (name, last_seen, percent_days_seen) require the Max plan ($94/mo+). IP Whois is Enterprise-only. There are no dedicated abuse contact fields (org, email, phone) at any tier. The Lite free tier returns no city-level or privacy data.
AbstractAPI IP Intelligence
Free tier: 1,000 requests per month with geolocation, ASN, and security fields (is_vpn, is_proxy, is_tor). That's genuinely useful for initial testing. The catch: security data disappears entirely on the Starter ($17/mo) and Standard ($37/mo) plans and only returns on the Professional plan ($39/mo at 200k requests).
Standard call response: The payload is compact and readable. The endpoint used in this test:
curl -X 'GET' \
'https://ip-intelligence.abstractapi.com/v1/?api_key=API_KEY&ip_address=181.215.52.197'
VPN exit node (181.215.52.197):
{
"ip_address": "181.215.52.197",
"security": {
"is_vpn": false,
"is_proxy": false,
"is_tor": false,
"is_hosting": false,
"is_relay": false,
"is_mobile": false,
"is_abuse": false
},
"asn": {
"asn": 397540,
"name": "Windscribe",
"domain": null,
"type": "isp"
},
"company": {
"name": "Windscribe",
"domain": null,
"type": "isp"
},
"domains": {"domains": []},
"location": {
"city": "",
"region": "",
"postal_code": "93939",
"country": "United Arab Emirates",
"country_code": "AE",
"is_country_eu": false,
"continent": "Asia",
"continent_code": "AS",
"longitude": null,
"latitude": null
},
"timezone": {
"name": null,
"abbreviation": null,
"utc_offset": null,
"local_time": null,
"is_dst": null
},
"flag": {
"emoji": "🇦🇪",
"png": "https://static.abstractapi.com/country-flags/AE_flag.png",
"svg": "https://static.abstractapi.com/country-flags/AE_flag.svg"
},
"currency": {
"name": "Dirham",
"code": "AED",
"symbol": ""
}
}
Two things stand out in this response. First, the security block marked this known Windscribe VPN IP as is_vpn: false, is_proxy: false, a clear miss. Second, the location came back as United Arab Emirates with no city or region, while every other API returned either Canada or the United States for the same IP. For a VPN exit node, some location variance is expected, but a wrong country with no city data is a meaningful accuracy gap.
What you have to pay extra for: Company information is only available on Standard plans and above. Abuse contacts are not returned at any tier. No numeric threat score exists. No proxy vendor or type identification.
ip-api.com
Free tier: Unlimited requests for non-commercial use, no API key required, JSON/XML/CSV supported. The big limitations: HTTP only (no SSL), and commercial use is explicitly prohibited. Rate limited to 45 requests per minute.
Standard call response: ip-api.com returns a flat, simple JSON object. Clean and easy to parse. The endpoint used in this test (free tier, all relevant fields specified):
curl -X 'GET' \
'http://ip-api.com/json/181.215.52.197?fields=status,message,continent,continentCode,country,countryCode,region,regionName,city,district,zip,lat,lon,timezone,offset,currency,isp,org,as,asname,reverse,mobile,proxy,hosting,query'
VPN exit node (181.215.52.197):
{
"status": "success",
"continent": "North America",
"continentCode": "NA",
"country": "United States",
"countryCode": "US",
"region": "NY",
"regionName": "New York",
"city": "New York",
"district": "",
"zip": "10013",
"lat": 40.7157,
"lon": -74,
"timezone": "America/New_York",
"offset": -14400,
"currency": "USD",
"isp": "Windscribe",
"org": "Ipxo",
"as": "AS397540 Windscribe",
"asname": "WINDSCRIBE",
"reverse": "",
"mobile": false,
"proxy": true,
"hosting": false,
"query": "181.215.52.197"
}
The proxy: true flag on the Windscribe IP is correct. The ISP is correctly identified as Windscribe and the ASN resolves accurately. Beyond that, the response is flat: no security object, no threat score, no proxy type or vendor name.
What you have to pay extra for: SSL requires the Pro plan (€13.30/month). Commercial use requires Pro. The Pro plan adds API keys, usage stats, access restrictions, and a 99.9% SLA, but the response payload is identical to the free tier.
Security Detection Summary
Here's how each API scored across our five test IPs, specifically for security flag accuracy:
| IP / Category | APIFreaks | IPStack (Free Trial) | ipinfo.io | AbstractAPI | ip-api.com |
|---|---|---|---|---|---|
| Clean residential (163.135.0.1) | threat_score: 0, all flags clean | is_proxy: false, is_tor: false (correct) | Documented, not tested* | All flags clean | proxy: false |
| Residential proxy (100.0.212.217) | threat_score: 45, is_proxy: true, proxy_type: "PROXY", proxy_provider: "Zyte Proxy" | is_proxy: false (miss) | Documented, not tested* | is_proxy: false (miss) | proxy: false (miss) |
| VPN exit (181.215.52.197) | threat_score: 80, is_proxy: true, proxy_type: "VPN", proxy_provider: "Windscribe VPN", is_known_attacker: true | is_proxy: true, vpn_service: "windscribe", proxy_last_detected: "2026-06-01" (correct) | Documented, not tested* | is_vpn: false (miss) | proxy: true |
| Tor exit (152.53.149.32) | threat_score: 80, is_tor: true, is_known_attacker: true | is_tor: false, threat_level: "low" (complete miss) | Documented, not tested* | is_tor: true | proxy: true |
| Cloud/hosting (5.9.2.192) | threat_score: 5, is_cloud_provider: true, cloud_provider: "Hetzner Online GmbH" | hosting_facility: true (correct) | Documented, not tested* | is_vpn: true (overreach) | hosting: true |
*Privacy detection on ipinfo.io requires the Plus plan ($74/mo). Results are documented from their official response schema but were not tested against our five IPs directly. Response structure and field availability are covered in the ipinfo.io section above.
IPStack's security module is available on the free trial, which is what we used for this test. It correctly identified the Windscribe VPN but missed the Tor exit node and the residential proxy entirely.
The residential proxy miss is worth noting specifically. Residential proxies are a growing abuse vector. In early 2026, Google moved to dismantle Ipidea, described as one of the largest residential proxy networks in the world, controlling millions of residential connections through compromised consumer devices. A proxy detection API that can't flag a known commercial residential proxy service like Zyte is a meaningful gap for any fraud or bot mitigation use case.
AbstractAPI flagged the Hetzner cloud IP (5.9.2.192) as is_vpn: true. Hetzner is a hosting provider, not a VPN, so that's a false positive. AbstractAPI also missed the Windscribe VPN entirely.
ip-api.com missed the residential proxy and doesn't distinguish between VPN and generic proxy in its response structure.
Response Latency
Per Postman's State of the API report, performance ranks among the top factors developers evaluate when integrating a new API, alongside security and reliability. For IP geolocation specifically, latency matters most when the call sits on the critical path: signup fraud checks, checkout access control, real-time routing decisions. A slow IP lookup taxes the very transaction it's meant to protect.
We ran hundreds of timed requests per API across multiple regions (US East Coast and Central Europe) on June 9, 2026. Results are reported as p50 / p95 / p99 in milliseconds. Ranges reflect regional variance.
| API | Payload | p50 | p95 | p99 |
|---|---|---|---|---|
| APIFreaks | Geo + security | 35–126ms | 39–131ms | 51–138ms |
| IPStack | Geo + security | 88–170ms | 142–222ms | 234–237ms |
| AbstractAPI | Geo + security | 32–121ms | 51–153ms | 119–228ms |
| ipinfo.io | Geo only (Lite)* | 40–120ms | 44–122ms | 45–124ms |
| ip-api.com | Proxy boolean only | 10–289ms | 24–292ms | ~35–~295ms |
*ipinfo.io tested on the Lite plan (8 fields, no security data). Lower latency partly reflects a lighter payload. A Plus plan response with privacy detection would carry more overhead.
APIFreaks had the tightest p50-to-p99 spread across regions, staying within 16ms in both test locations. AbstractAPI posted the lowest median in one region (32ms) but its p99 climbs to 119ms, nearly 4× the median, a concern for synchronous calls where the 99th percentile user still needs a fast decision. IPStack is the slowest at the high end across regions. ipinfo.io Lite showed steady latency but the payload comparison is not equivalent; speed here is partly a function of returning less.
One consideration the raw numbers don't capture: matching APIFreaks' single-call data depth requires multiple round trips from competitors. ipinfo.io needs a separate paid-tier call for privacy detection. IPStack lacks abuse contacts at any tier. The latency advantage of a single comprehensive call compounds when competitors require sequential requests to reach equivalent data.
Who Should Use What
APIFreaks makes the most sense for security-conscious teams that want a single endpoint returning everything: location, threat score, proxy vendor identification, Tor detection, cloud provider identification, and abuse contacts. The credit model scales efficiently with usage, and the 10,000 free credits give you enough room to run real integration tests before committing to a plan. If you need fields like a numeric threat_score, named proxy_provider, cloud_provider identification, is_known_attacker, is_spam, is_bot, and full abuse contacts, all in a single call with no tier juggling, APIFreaks is the most direct path there. Teams building more advanced threat pipelines can also pair the geolocation endpoint with the IP Threat Intelligence API for deeper risk scoring.
IPStack is a reasonable choice if your primary need is geolocation with timezone, currency, and connection data. The free trial includes the security module, which is useful for evaluation. In production, however, the jump from $59.99/mo (no security) to $99.99/mo (security enabled) is steep, and the detection gaps on Tor and residential proxies in our test are a real concern for fraud-prevention use cases. If VPN detection is your main security requirement and Tor coverage is less critical, the Pro+ plan delivers solid results.
ipinfo.io is worth evaluating if ASN and network intelligence is your primary need and security detection is secondary. Their data depth on network context is detailed, and the last_changed tracking on geographic and ASN data is useful for teams that need high-confidence attribution. The pricing is the steepest of the group at the security-enabled tier.
AbstractAPI is a reasonable starting point for low-volume applications where the $17-$39/month price range is a hard constraint. The free tier is genuinely functional for prototyping. The security detection misses on common VPN providers are a concern for any production fraud system.
ip-api.com remains the go-to for internal tooling, non-commercial scripts, and any context where you need quick lookups without account setup. The free tier's reach is unmatched. For production security use cases, the field-depth limitations and HTTP-only free tier make it unsuitable as a standalone solution.
Conclusion
Geolocation accuracy was broadly similar across the five APIs, with some notable misses on specific IP categories. The real gap is in security data, abuse contacts, detection accuracy, depth, and what a single API call returns when you need location and risk context together.
IPStack splits these concerns across tiers in a way that gets expensive fast. ipinfo.io provides strong privacy detection at the Plus tier but returns no dedicated abuse contact data at any tier. AbstractAPI has detection gaps on common VPN providers. ip-api.com gives you unlimited free calls but minimal security depth.
On top of standard geolocation, ASN, timezone, and currency data, APIFreaks also returns a numeric threat score, proxy type, named proxy provider, Tor detection, cloud provider identification, abuse contacts, and more in the same call. For security-conscious teams, that unified response is the practical difference between one API call and four.
If you're evaluating IP geolocation APIs for a fraud detection pipeline, access control system, or security-aware routing layer, start your test with the IP Geolocation API. The 10,000 free credits on signup give you 1,000 full calls (geolocation + security + abuse contact) before you spend anything. Enough runway to run the same test we ran here against your own IP corpus. Use the pricing calculator to estimate costs at your expected volume, or see all monthly pricing plans for the full breakdown. If you want a quick no-code check first, the VPN & Proxy Detection Tool lets you test any IP directly in the browser.
Frequently Asked Questions
Which IP geolocation API returns the most complete security data in a single call?
APIFreaks. While several providers offer basic security flags on their free tiers, APIFreaks is the only one that returns is_proxy, is_tor, proxy_type, proxy_provider, threat_score, is_known_attacker, is_spam, is_bot, cloud_provider, and full abuse contacts all in one call, with no separate endpoint or plan upgrade required.
Does IPStack include security data on all plans?
No. Security is only available on the Free Trial (5,000 requests) and the Professional Plus plan ($99.99/mo). The Basic and Professional plans in between return no security fields at all.
What is the difference between threat_score and threat_level?
threat_score is a numeric 0-100 value returned by APIFreaks that lets you define your own risk thresholds, for example, blocking anything above 70 or flagging anything above 40 for review. threat_level is a low/medium/high string returned by IPStack. In testing, IPStack returned "low" on all five IPs including a confirmed Tor exit node, making it ineffective as a discriminating signal. For risk-tiered decision-making, APIFreaks's numeric threat_score is the more actionable field.
Which IP geolocation API returns abuse contact data?
Only APIFreaks, across all five APIs tested. The abuse block includes organization name, email addresses, phone numbers, postal address, and ARIN/RIPE handle, available via include=abuse. None of the other providers return abuse contacts at any tier.
Is ip-api.com free to use commercially?
No. ip-api.com's free tier is restricted to non-commercial use, HTTP only, and capped at 45 requests per minute. Commercial use requires the Pro plan at €13.30/month, though the response payload is identical to the free tier — no additional security fields are unlocked on any plan.
What is the cheapest IP geolocation API with full security features?
APIFreaks at $10/month gives you the most complete security stack: numeric threat score, named proxy provider, cloud provider identification, Tor detection, and abuse contacts in one call. No other provider in this comparison matches that combination at any price point.
Can I test APIFreaks before paying?
Yes, no credit card required. You get 10,000 free credits on signup. The full geolocation + security + abuse call costs 10 credits, giving you 1,000 complete test calls on the free tier.
Does ipinfo.io return abuse contact data?
No, not at any tier. IP Whois is available on the Enterprise plan but is not the same as a structured abuse contact response with org name, email, phone, and address.