Introducing LIR services: ASN registration, IPv6 address lease, and more.

Proxy, Tor and Threat Detection

Ipregistry IP threat intelligence database includes over 620M malicious IP addresses. Among others, we track Tor nodes and open proxies. Data is checked and updated continuously. Publications occur as changes are detected to reduce false positives to their minimum.

Request Example

curl https://api.ipregistry.co/223.245.175.3?key=YOUR_API_KEY&fields=security

Response Example

{
    "security": {
        "is_abuser": false,
        "is_attacker": false,
        "is_bogon": false,
        "is_cloud_provider": false,
        "is_proxy": false,
        "is_relay": false,
        "is_tor": false,
        "is_tor_exit": false,
        "is_vpn": false,
        "is_anonymous": true,
        "is_threat": false
    }
}
FieldDescription
security → is_abuserBoolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots).
security → is_attackerBoolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity).
security → is_bogonBoolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address.
security → is_cloud_providerBoolean indicating whether the IP address is used by a Content Delivery Network (CDN) or for hosting purposes (e.g. a node from Akamai, Cloudflare, Google Cloud Platform, Amazon EC2, and more).
security → is_proxyBoolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies.
security → is_relayBoolean indicating whether the IP Address is a known relay. Relay IP addresses are not designed to bypass geo-controls but instead pool multiple users behind the same IP. At this time, only Apple Private Relay IP addresses are detected.
security → is_torBoolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge.
security → is_tor_exitBoolean indicating whether the IP Address is a Tor exit relay node.
security → is_vpnReturns true when the IP address under search is used by a Virtual Private Network (VPN), false otherwise. VPNs encrypt internet traffic and disguise online identity.
security → is_anonymousBoolean with true value if is_proxy OR is_tor is satisfied.
security → is_threatBoolean with true value if is_abuser OR is_attacker is satisfied.