IP Address Lookup & Risk Detection

Cloudflare Enterprise provides a risk score called Bot Scores, indicating whether traffic is from a bot. The original Bot Score ranges from 1 to 99 — higher values mean safer, more human-like traffic. To keep consistency with our risk scoring (higher = more dangerous), the Cloudflare Risk Score displayed is: 100 - Cloudflare Bot Score.

Cloudflare does not provide a public API to query the risk score of an arbitrary IP. It only returns the score for the currently accessing IP, so queries that don't meet this condition will not show results. The Cloudflare score depends not only on the IP but also on the browser, recent CAPTCHA results, and JS Detection. It's returned in real-time by Cloudflare with no caching.

Cloudflare uses multiple detection mechanisms to score requests:

• Heuristic Detection：Scores 1 for clear malicious patterns
• Machine Learning：Main engine, uses supervised learning on global request data
• Anomaly Detection：Unsupervised learning to detect traffic anomalies
• JS Detection：Injects JavaScript to identify headless browsers
• Special Sources：Enterprise Zero Trust integration

A Cloudflare Risk Score below 70 is good. When it exceeds 90, you may frequently trigger CAPTCHA (Turnstile) challenges.

The ASN Bot Traffic Ratio is based on GreyNoise's big data service, representing the average Cloudflare Bot Score of all IPs within that ASN. It can be used to assess the overall user profile of an ASN — residential IPs have higher human activity, better IP cleanliness, and fewer restrictions when browsing.

The default risk score indicates an IP may be involved in various types of abuse (proxies, spam, crawlers, fraud). The Cloudflare Risk Score focuses more on network security. Cloudflare's score is more tolerant — even public proxies are often considered low risk since they may be used by regular users.