Proxy, Tor and Threat Detection

Ipregistry IP threat intelligence database includes over 620M malicious IP addresses. Among others, we track Tor nodes and open proxies. Data is checked and updated continuously. Publications occur as changes are detected to reduce false positives to their minimum.

Request Example

curl https://api.ipregistry.co/223.245.175.3?key=YOUR_API_KEY&fields=security

Response Example

{
    "security": {
        "is_abuser": false,
        "is_attacker": false,
        "is_bogon": false,
        "is_cloud_provider": false,
        "is_proxy": false,
        "is_relay": false,
        "is_tor": false,
        "is_tor_exit": false,
        "is_vpn": false,
        "is_anonymous": true,
        "is_threat": false
    }
}

Field	Description
security → is_abuser	Boolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots).
security → is_attacker	Boolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity).
security → is_bogon	Boolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address.
security → is_cloud_provider	Boolean indicating whether the IP address is used by a Content Delivery Network (CDN) or for hosting purposes (e.g. a node from Akamai, Cloudflare, Google Cloud Platform, Amazon EC2, and more).
security → is_proxy	Boolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies.
security → is_relay	Boolean indicating whether the IP Address is a known relay. Relay IP addresses are not designed to bypass geo-controls but instead pool multiple users behind the same IP. At this time, only Apple Private Relay IP addresses are detected.
security → is_tor	Boolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge.
security → is_tor_exit	Boolean indicating whether the IP Address is a Tor exit relay node.
security → is_vpn	Returns `true` when the IP address under search is used by a Virtual Private Network (VPN), `false` otherwise. VPNs encrypt internet traffic and disguise online identity.
security → is_anonymous	Boolean with `true` value if `is_proxy` OR `is_tor` is satisfied.
security → is_threat	Boolean with `true` value if `is_abuser` OR `is_attacker` is satisfied.