Introducing LIR services: ASN registration, IPv6 / IPv4 address lease, and LIR sponsoring.

Proxy, Tor and Threat Detection

Ipregistry IP threat intelligence database includes over 620M malicious IP addresses. Among others, we track Tor nodes and open proxies. Data is checked and updated continuously. Publications occur as changes are detected to reduce false positives to their minimum.

Request Example

curl https://api.ipregistry.co/223.245.175.3?key=YOUR_API_KEY&fields=security

Response Example

{
    "security": {
        "is_abuser": false,
        "is_attacker": false,
        "is_bogon": false,
        "is_cloud_provider": false,
        "is_proxy": false,
        "is_relay": false,
        "is_tor": false,
        "is_tor_exit": false,
        "is_vpn": false,
        "is_anonymous": true,
        "is_threat": false
    }
}
Field Description
security → is_abuser Boolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots).
security → is_attacker Boolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity).
security → is_bogon Boolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address.
security → is_cloud_provider Boolean indicating whether the IP address is used by a Content Delivery Network (CDN) or for hosting purposes (e.g. a node from Akamai, Cloudflare, Google Cloud Platform, Amazon EC2, and more).
security → is_proxy Boolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies.
security → is_relay Boolean indicating whether the IP Address is a known relay. Relay IP addresses are not designed to bypass geo-controls but instead pool multiple users behind the same IP. At this time, only Apple Private Relay IP addresses are detected.
security → is_tor Boolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge.
security → is_tor_exit Boolean indicating whether the IP Address is a Tor exit relay node.
security → is_vpn Returns true when the IP address under search is used by a Virtual Private Network (VPN), false otherwise. VPNs encrypt internet traffic and disguise online identity.
security → is_anonymous Boolean with true value if is_proxy OR is_tor is satisfied.
security → is_threat Boolean with true value if is_abuser OR is_attacker is satisfied.