Proxy, Tor and Threat Detection

We have over 600M malicious IP addresses in our IP Threat Intelligence database. We also track Tor nodes and open proxies. This data is updated every 15mins and is aggregated and published hourly.

An example request;

curl https://api.ipdata.co/103.76.180.54/threat?api-key=test

Sample Response;

{
"is_tor": true,
"is_proxy": false,
"is_anonymous": true,
"is_known_attacker": false,
"is_known_abuser": false,
"is_threat": false,
"is_bogon": false
}

Data Fields

Field

Description

is_tor

is true if the IP address is associated with a node on the Tor network

is_proxy

is true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies

is_anonymous

is set true if either one of is_tor or is_proxy is true

is_known_attacker

is true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc

is_known_abuser

is true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc

is_threat

is true if either one of is_known_abuser or is_known_attacker is true