Fraudcache uses a sophisticated scoring system to express the likelihood that an IP address is malicious. Understanding how scores are calculated helps you make better decisions about how to use this data.
Understanding Confidence Scores
Unlike traditional blocklists that simply say "blocked" or "not blocked," Fraudcache provides a confidence score from 0 to 100. This score represents our confidence that an IP is involved in malicious activity.
A higher score means more evidence of malicious behavior. This allows you to set your own thresholds based on your risk tolerance.
Scoring Factors
Multiple factors contribute to an IP's confidence score:
Recent Activity
High ImpactMalicious behavior observed in the last 24-48 hours
Source Count
Medium ImpactNumber of independent sources reporting the IP
Attack Category
VariableType of malicious activity (spam, C2, attacks, scanning)
Time Since Last Activity
Reduces ScoreOlder activity contributes less to current score
Score Ranges
Here's what different score ranges typically indicate:
Low Risk
No recent evidence of malicious activity. Safe for most use cases.
Moderate Risk
Some suspicious signals. May warrant additional scrutiny.
High Risk
Strong evidence of malicious activity. Consider blocking or limiting.
Critical Risk
Confirmed malicious source. Active threat that should be blocked.
Score Decay
IP addresses aren't permanently labeled. If an IP stops showing malicious behavior, its score gradually decreases over time. This decay mechanism ensures that IPs can recover their reputation.
The decay rate depends on the severity of past behavior and whether the IP has shown any new suspicious activity. Complete remediation typically takes 7-30 days of clean behavior.
Get Detailed Scoring Data
Our API provides full scoring breakdowns including category-specific scores and historical data.