Proxy, Tor and Threat Detection
Ipregistry IP threat intelligence database includes over 620M malicious IP addresses. Among others, we track Tor nodes and open proxies. Data is checked and updated continuously. Publications occur as changes are detected to reduce false positives to their minimum.
Request Example
curl https://api.ipregistry.co/223.245.175.3?key=YOUR_API_KEY&fields=securityResponse Example
{
"security": {
"is_bogon": false,
"is_cloud_provider": false,
"is_tor": false,
"is_tor_exit": false,
"is_proxy": true,
"is_anonymous": true,
"is_abuser": false,
"is_attacker": false,
"is_threat": false
}
}| Field | Description |
|---|---|
| security → is_bogon | Boolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address. |
| security → is_cloud_provider | Boolean indicating whether the IP address is used by a Content Delivery Network (CDN) or for hosting purposes (e.g. a node from Akamai, Cloudflare, Google Cloud Platform, Amazon EC2, and more). |
| security → is_tor | Boolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge. |
| security → is_tor_exit | Boolean indicating whether the IP Address is a Tor exit relay node. |
| security → is_proxy | Boolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies. |
| security → is_anonymous | Boolean with true value if is_proxy OR is_tor is satisfied. |
| security → is_abuser | Boolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots). |
| security → is_attacker | Boolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity). |
| security → is_threat | Boolean with true value if is_abuser, is_attacker OR is_cloud_provider is satisfied. |