Many cybersecurity organizations use IPinfo’s data as a foundation for threat intelligence.

Not only that, but with IPinfo’s feedback, cybersecurity users have created more reliable use cases, scalable threat intelligence, and better team efficiency.

Here are just a few ways security organizations have accomplished these goals with IP data.


NetSPI - a penetration testing organization - ingests IPinfo’s API for Attack Surface Management (ASM). Every year, NetSPI has conducted over 250,000 hours of security testing. With over 20 years of experience in the pentesting space, NetSPI is known for how they increase testing efficiency by up to 40 percent.

So when they were developing new Attack Surface Management features, they needed reliable IP data as a foundation for their solution. Not only that but they were faced with the challenge of architecting and building an ingestion pipeline capable of handling over 70 million rows of data on a daily basis.

After consulting with IPinfo’s data team, they decided the most performant approach for their ingestion pipeline was to ingest the data into their ASM solution. Then they denormalized the data onto their ip_addresstable. You can read all about it in this article: Ingesting IPinfo geolocation data with PostgreSQL 13.

The result? Significantly faster execution time.

Execution time decreased to 24 seconds – a 72x performance improvement over their initial query. Additionally, they increased single IP lookup time from 20 seconds with their first schema to 4 milliseconds with IP4R.

How did they develop better threat intelligence with IPinfo?

NetSPI signed up for an API token and started testing the data. Then when they encountered difficulty making the data performant, they reached out to our data team to help develop a more performant data ingestion approach.

“We’d like to thank Ben, Augustin, and the entire IPinfo team for their insight and service — it’s made all the difference.” - NetSPI

What datasets does NetSPI ingest?

For their use case, NetSPI uses the IP to geolocation and IP to company APIs.


Panther addresses the challenges faced by traditional SIEMs. As a cloud-native SIEM that provides highly-scalable, real-time threat detection, Panther needs effective enrichment to make sure customers get the context they need fast.

Just like IPinfo, Panther is also a Snowflake partner. As a result, IPinfo’s data is a seamless way for them to enrich alerts.  

"As a fellow Snowflake partner, IPinfo was an ideal choice for seamless alert enrichment - quickly adding the geolocation and ASN context our customers need to tune detections and accelerate triage." - Joren McReynolds, SVP of Engineering, Product & Design

By merging IPinfo with their high-level threat detection, Panther’s customers can gather more enrichment data when threats are detected. Panther also uses these datasets to feed into their additional risk assessment algorithms, too.

What datasets does Panther ingest?

Panther uses IPinfo’s IP to geolocation, Privacy Detection, and ASN APIs.


Nethone, a leading fraud detection platform, uses IPinfo’s data to gather threat intelligence and prevent fraudulent activity. Since 2016, Nethone has grown to nearly 100 team members who specialize in security, engineering, business skills, and data science.

When the team at Nethone developed proprietary technology to determine fraud risk, they needed IP data as one of their 5,000+ attributes. Their team has defined fraud parameters that are more crucial to understanding if someone is going to commit a crime. VPN detection is one of them.

Nethone’s team already maintains a state-of-the-art in-house VPN detection solution. However, they also needed a robust and reliable IP address data provider to free up more time for their team to focus on developing reliable fraud detection.

“Getting the same quality data as IPinfo with an in-house team is actually quite difficult. That’s why we chose IPinfo.” - Marcin Zubrycki, Senior Product Manager of Fraud Intelligence Team

In the past five years, Nethone has improved its threat intelligence and fraud detection with IPinfo. And now their team has more time to focus on what matters most for their customers - reliable Machine Learning (ML) fraud prevention.

What datasets does Nethone ingest?

Nethone uses IPinfo’s Privacy Detection data to improve threat intelligence for their ML fraud scoring.

Zero Spam

Zero Spam gathers intelligence on emails and IPs to stop website attacks before they occur. They’ve stopped 8+ million attacks on over 11,000 sites.

Initially, Zero Spam used another IP lookup company. But when they switched to IPinfo, they discovered they were able to prevent even more attacks. According to Zero Spam, IPinfo’s data is way more accurate and up-to-date than other providers. Plus, they’ve benefitted from the wide variety of contextualized insights IPinfo gathers from IP addresses.

What datasets does Zero Spam ingest?

Zero Spam uses a variety of IPinfo datasets.

Additional cybersecurity resources

Many of our cybersecurity users have also benefited from these resources on our website.

This list of cybersecurity success stories is by no means exhaustive. Rather, it’s representative of how accurate IP data has helped cybersec scale security operations and improve team efficiency.

IPinfo provides the foundation for a successful investigation and is a must-have in any security organization. -Thomas Kilmer, Co-founder of Spur Intelligence Corp

IPinfo provides data to many other leading cybersecurity use cases around the world, including governments, educational institutions, medical organizations, financial technology, and many more.

Want to learn more about IP data for cybersecurity? Connect with a data expert!