Proxy, Tor and Threat Detection

Ipregistry IP threat intelligence database includes over 620M malicious IP addresses. Among others, we track Tor nodes and open proxies. Data is checked and updated continuously. Publications occur as changes are detected to reduce false positives to their minimum.

Request Example

curl https://api.ipregistry.co/223.245.175.3?key=YOUR_API_KEY&fields=security

Response Example

{
    "security": {
        "is_bogon": false,
        "is_cloud_provider": false,
        "is_tor": false,
        "is_tor_exit": false,
        "is_proxy": true,
        "is_anonymous": true,
        "is_abuser": false,
        "is_attacker": false,
        "is_threat": false
    }
}

Field	Description
security → is_bogon	Boolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address.
security → is_cloud_provider	Boolean indicating whether the IP address is used by a Content Delivery Network (CDN) or for hosting purposes (e.g. a node from Akamai, Cloudflare, Google Cloud Platform, Amazon EC2, and more).
security → is_tor	Boolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge.
security → is_tor_exit	Boolean indicating whether the IP Address is a Tor exit relay node.
security → is_proxy	Boolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies.
security → is_anonymous	Boolean with `true` value if `is_proxy` OR `is_tor` is satisfied.
security → is_abuser	Boolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots).
security → is_attacker	Boolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity).
security → is_threat	Boolean with `true` value if `is_abuser`, `is_attacker` OR `is_cloud_provider` is satisfied.