# IP Address

# RFC 5735 Check

This check verifies whether the IP address belongs to a reserved or special-use range defined by RFC 5735 (e.g., private networks, loopback addresses, or multicast ranges). These IPs are not routable on the public internet and should never appear in legitimate customer requests. Any address in these ranges is flagged as invalid or suspicious.

Here are some examples of IPs which will fail this check:

This check influences the fraud score as follows:

# Tor Exit Node

This check determines whether the IP address is associated with a known Tor exit node. Tor is often used to anonymize traffic and can be leveraged to create multiple accounts or evade bans. The system compares the IP against regularly updated lists of Tor exit nodes and flags any matches as high-risk or suspicious.

Here are some examples of IPs which will fail this check:

• 185.220.101.1
• 199.249.230.83
• 37.218.245.14
• 154.35.175.225
• 204.13.164.118

This check influences the fraud score as follows:

# Type Check: Residential or Datacenter

This check identifies whether the IP address originates from a residential ISP or a commercial datacenter. Datacenter IPs are frequently used by bots, proxies, or bulk registration scripts, while residential IPs are more likely to represent real end users. The system queries IP reputation and ownership databases to classify the address and flags datacenter or hosting provider ranges as higher risk.

Here are some examples of IPs which will fail this check:

This check influences the fraud score as follows: