Proxy, Tor and Threat Detection

Ipregistry IP threat intelligence database includes over 620M malicious IP addresses. Among others, we track Tor nodes and open proxies. Data is checked and updated continuously. Publications occur as changes are detected to reduce false positives to their minimum.

Request Example

Response Example

FieldDescription
security → is_bogonBoolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address.
security → is_cloud_providerBoolean indicating whether the IP address is used for hosting purposes (e.g. a node on Google Cloud Platform, Amazon EC2, and more).
security → is_torBoolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge.
security → is_tor_exitBoolean indicating whether the IP Address is a Tor exit relay node.
security → is_proxyBoolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies.
security → is_anonymousBoolean with true value if is_proxy OR is_tor is satisfied.
security → is_abuserBoolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots).
security → is_attackerBoolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity).
security → is_threatBoolean with true value if is_abuser, is_attacker OR is_cloud_provider is satisfied.