Proxy, Tor and Threat Detection
Ipregistry IP threat intelligence database includes over 620M malicious IP addresses. Among others, we track Tor nodes and open proxies. Data is checked and updated continuously. Publications occur as changes are detected to reduce false positives to their minimum.
Request Example
curl https://api.ipregistry.co/223.245.175.3?key=YOUR_API_KEY&fields=security
Response Example
{
"security": {
"is_bogon": false,
"is_cloud_provider": false,
"is_tor": false,
"is_tor_exit": false,
"is_proxy": true,
"is_anonymous": true,
"is_abuser": false,
"is_attacker": false,
"is_threat": false
}
}
Field | Description |
---|---|
security → is_bogon | Boolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address. |
security → is_cloud_provider | Boolean indicating whether the IP address is used by a Content Delivery Network (CDN) or for hosting purposes (e.g. a node from Akamai, Cloudflare, Google Cloud Platform, Amazon EC2, and more). |
security → is_tor | Boolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge. |
security → is_tor_exit | Boolean indicating whether the IP Address is a Tor exit relay node. |
security → is_proxy | Boolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies. |
security → is_anonymous | Boolean with true value if is_proxy OR is_tor is satisfied. |
security → is_abuser | Boolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots). |
security → is_attacker | Boolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity). |
security → is_threat | Boolean with true value if is_abuser OR is_attacker is satisfied. |