Proxy, Tor and Threat Detection
We have over 600M malicious IP addresses in our IP Threat Intelligence database. We also track Tor nodes and open proxies. This data is updated every 15mins and is aggregated and published hourly.
An example request;
1
curl "https://api.ipdata.co/103.76.180.54/threat?api-key=test"
Copied!
Sample Response;
1
{
2
"is_tor": true,
3
"is_proxy": false,
4
"is_anonymous": true,
5
"is_known_attacker": false,
6
"is_known_abuser": false,
7
"is_threat": false,
8
"is_bogon": false
9
}
Copied!

Data Fields

Field
Description
is_tor
is true if the IP address is associated with a node on the Tor network
is_proxy
is true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies
is_anonymous
is set true if either one of is_tor or is_proxy is true
is_known_attacker
is true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc
is_known_abuser
is true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc
is_threat
is true if either one of is_known_abuser or is_known_attacker is true

Detecting additional proxies and threats

The ASN Data field 'type' may also be used to determine any threats i.e. a 'type' set to Hosting would indicate a datacenter IP address which is not expected to be visiting a consumer facing website.
Last modified 2mo ago