Proxy, Tor and Threat Detection

We have over 600M malicious IP addresses in our IP Threat Intelligence database. We also track Tor nodes and open proxies. This data is updated every 15mins and is aggregated and published hourly.

An example request;

curl ""

Sample Response;

"is_tor": true,
"is_proxy": false,
"is_anonymous": true,
"is_known_attacker": false,
"is_known_abuser": false,
"is_threat": false,
"is_bogon": false

Data Fields




is true if the IP address is associated with a node on the Tor network


is true if the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies


is set true if either one of is_tor or is_proxy is true


is true if an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc


is true if the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc


is true if either one of is_known_abuser or is_known_attacker is true

Detecting additional proxies and threats

The ASN Data field 'type' may also be used to determine any threats i.e. a 'type' set to Hosting would indicate a datacenter IP address which is not expected to be visiting a consumer facing website.