Our Security API provides advanced cyber security solutions that deliver comprehensive cyber threat assessments. It analyzes the provided IP address to detect VPNs, proxies, and related technologies. The API calculates a threat score based on multiple attributes to reflect the overall risk level. It detects proxies, identifies their types (e.g., VPN, PROXY, RELAY), and reveals the VPN service provider.
The Security API also determines if the IP is linked to anonymous activity or associated with bot behavior. Additionally, the security data includes accurate geolocation details. This allows you to better protect your systems from malicious activities and region-based threats.
ip:"3.144.156.43",
security:Object,
threat_score:0,
is_tor:false,is_proxy:false,proxy_type:"",proxy_provider:"",is_anonymous:false,is_known_attacker:false,is_spam:false,is_bot:false,is_cloud_provider:false,cloud_provider:"",location:Object,continent_code:"NA",continent_name:"North America",country_code2:"US",country_code3:"USA",country_name:"United States",country_name_official:"United States of America",country_capital:"Washington, D.C.",state_prov:"Ohio",state_code:"US-OH",district:"Franklin",city:"Columbus",zipcode:"43215",latitude:"39.96199",longitude:"-83.00275",is_eu:false,country_flag:"https://ipgeolocation.io/static/flags/us_64.png",geoname_id:"4516394",country_emoji:"🇺🇸",network:Object,asn:Object,as_number:"AS16509",organization:"Amazon.com, Inc.",country:"US",company:Object,name:"Amazon Technologies Inc.",This API provides a reliable proxy detection method, adding seamless VPN and proxy check capabilities. The threat score reflects the risk associated with the provided IP, ranging from 0 to 100. The API indicates whether the IP is a proxy, along with its provider, making it a powerful proxy detector tool.
It also identifies if an IP address is a bot, uses Tor, sends spam, hides its identity, or performs attacks. Additionally, it shows whether the IP is linked to a cloud provider and includes the provider’s name. These features make the API a powerful and accurate proxy detection service.
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 75,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": true,
14 "cloud_provider": "Packethub S.A."
15 }The API provides both the Autonomous System (AS) Number and organization details about the specified IP address. The API response provides network identification data about the IP address which enables easier detection of service providers as well as potential malicious networks.
Enriching security data with AS number details helps detect risky patterns and supports proactive threat response. Blocking dangerous IP ranges, along with restricting access to IPs associated with specific AS numbers, organizations, or ISPs, helps enhance your cyber security posture.
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 75,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": true,
14 "cloud_provider": "Packethub S.A."
15 },
16 "network": {
17 "asn": {
18 "as_number": "3640",
19 "organization": "C I C E S E",
20 "country": "MX"
21 },
22 "company": {
23 "name": "Packethub S.A.",
24 }
25 }
26}The geolocation information for the provided IP can also be included in the default response of the Security API. The geolocation data contains the country, state, city, and ZIP code, along with the latitude and longitude of the IP address. This cybersecurity intelligence helps identify region-specific threats and block high-risk IPs by location.
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 75,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": true,
14 "cloud_provider": "Packethub S.A."
15 },
16 "location": {
17 "continent_code": "OC",
18 "continent_name": "Oceania",
19 "country_code2": "AU",
20 "country_code3": "AUS",
21 "country_name": "Australia",
22 "country_name_official": "Commonwealth of Australia",
23 "country_capital": "Canberra",
24 "state_prov": "Queensland",
25 "state_code": "AU-QLD",
26 "district": "",
27 "city": "Brisbane",
28 "zipcode": "4101",
29 "latitude": "-27.47306",
30 "longitude": "153.01421",
31 "is_eu": false,
32 "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
33 "geoname_id": "10113228",
34 "country_emoji": "🇦🇺"
35 }
36}Our IP Security API allows you to retrieve security details for up to 50,000 IPs at once using the bulk lookup feature. This powerful capability saves time and enables users to analyze large volumes of IP behavior patterns quickly and efficiently. Through bulk IP security lookups, organizations can detect VPN usage at scale, perform VPN checks, identify proxies, bots, and known attackers across large datasets, and automate threat detection workflows for real-time security monitoring.
Whether you're monitoring user activity, blocking suspicious traffic, or conducting cybersecurity audits, the bulk lookup API is built to support high-performance threat intelligence operations.
You can retrieve the location information for an IP address in the following languages:
English 
German 
Russian 
Japanese 
French 
Chinese Simplified 
Spanish 
Czech 
Italian 
Korean 
Persian 
PortugueseWhen a user attempts to log in, their IP address can be analyzed for threat level, proxy or VPN usage, and whether it is associated with known attackers, spam, or bots. Leveraging advanced VPN detection, this API stands out as one of the most reliable VPN detector services.
It plays a key role in controlling unauthorized logins and reducing the risk of multiple account creation. This use case is especially important for banking platforms, SaaS applications, and any user-based systems where security and identity integrity are paramount.
During the checkout process, the API works as a reliable proxy checker by analyzing the customer’s IP address. It can detect whether the IP is associated with a VPN, proxy, Tor, bot, spam, cloud provider, or shows a suspicious location mismatch. This helps prevent fraudulent transactions, such as fake orders or the use of stolen credit cards, protecting both your business and your customers.
Before allowing users to send messages or join live chats, you can leverage the API’s bot detection and threat analysis features to evaluate their IP address. This helps identify spammy behavior, anonymous access, or any history of malicious activity. It ensures a safer and more trustworthy environment for gaming platforms, community forums, and live chat applications.
Combining geolocation data with security analysis provides a more comprehensive defense against privacy and security threats. The combination of geolocation with IP address security features enables you to make stronger security decisions.The method proves useful in blocking specific regions that take part in harmful activities thus minimizing security threats.
Our IP Security API not only provides the AS Number but also reveals the associated ASN organization and company name, along with detailed security insights and geolocation data. This empowers security teams to identify and block entire networks or specific organizations involved in malicious activity. It allows for broader, more accurate, and proactive threat mitigation through enhanced visibility and context.
IP Security API provides detailed security information for a given IP address. It detects whether the IP is associated with a proxy, Tor node, or bot, and identifies the proxy type (e.g., VPN, PROXY, RELAY) along with its VPN/proxy service provider—making it a powerful VPN checker. The API also flags IPs involved in spam activities and checks if the IP is linked to a cloud provider, including the cloud provider’s name.
The IP Security API offers two endpoints for threat detection, supporting both single and bulk IP lookups.
Note: For client-side calls to the endpoints mentioned below using the Request Origin (available on paid plans only), the apiKey parameter can be omitted.
You can use the single IP lookup API to get security details of a given IP in both JSON and XML formats.The URL for this API is https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34 and its default JSON response is shown below:
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 75,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": true,
14 "cloud_provider": "Packethub S.A."
15 }
16}Without passing IP Address, API returns the security health details of the client device IP. You can perform this lookup using the following URL: https://api.ipgeolocation.io/v2/security?apiKey=API_KEY and its default JSON response is given below:
1{
2 "ip": "207.244.89.161",
3 "security": {
4 "threat_score": 90,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Vpnsurf VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": true,
12 "is_bot": false,
13 "is_cloud_provider": false,
14 "cloud_provider": ""
15 }
16}You can use following parameters to customize the API response according to your requirements.
Location and network details can be included by specifying the include parameter.
This parameter accepts two values: location and network. To retrieve security details along with geolocation data, set the include parameter to location like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 75,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": true,
14 "cloud_provider": "Packethub S.A."
15 },
16 "location": {
17 "continent_code": "OC",
18 "continent_name": "Oceania",
19 "country_code2": "AU",
20 "country_code3": "AUS",
21 "country_name": "Australia",
22 "country_name_official": "Commonwealth of Australia",
23 "country_capital": "Canberra",
24 "state_prov": "Queensland",
25 "state_code": "AU-QLD",
26 "district": "",
27 "city": "Brisbane",
28 "zipcode": "4101",
29 "latitude": "-27.47306",
30 "longitude": "153.01421",
31 "is_eu": false,
32 "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
33 "geoname_id": "10113228",
34 "country_emoji": "🇦🇺"
35 }
36}To retrieve security details along with AS Number and network information, set the include parameter to network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 75,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": true,
14 "cloud_provider": "Packethub S.A."
15 },
16 "network": {
17 "asn": {
18 "as_number": "3640",
19 "organization": "C I C E S E",
20 "country": "MX"
21 },
22 "company": {
23 "name": "Packethub S.A.",
24 }
25 }
26}For complete security insights, you can include both geolocation data and network information of an IP address. To do this, set the Include by separating them with a comma include=location,network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for these values given below:
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 75,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": true,
14 "cloud_provider": "Packethub S.A."
15 },
16 "location": {
17 "continent_code": "OC",
18 "continent_name": "Oceania",
19 "country_code2": "AU",
20 "country_code3": "AUS",
21 "country_name": "Australia",
22 "country_name_official": "Commonwealth of Australia",
23 "country_capital": "Canberra",
24 "state_prov": "Queensland",
25 "state_code": "AU-QLD",
26 "district": "",
27 "city": "Brisbane",
28 "zipcode": "4101",
29 "latitude": "-27.47306",
30 "longitude": "153.01421",
31 "is_eu": false,
32 "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
33 "geoname_id": "10113228",
34 "country_emoji": "🇦🇺"
35 },
36 "network": {
37 "asn": {
38 "as_number": "3640",
39 "name": "C I C E S E",
40 "country": "MX"
41 },
42 "company": {
43 "name": "Packethub S.A.",
44 }
45 }
46}You can exclude specific fields from the API response based on your requirements, except for the ip field, which is always included. For example, If you want to remove is_tor and is_cloud_provider from api response, you can put the keys in excludes parameter like this:
This helps reduce payload size and tailors the response to your application’s needs.
You can also retrieve only the specific fields you need from the geolocation and network details. To do this, use the fields parameter and specify the object and field names you want in the response. For example, if you only need threat_score, city and as_number in api response, you can put the keys in fields parameter, as demonstrated in the URL below. Please note that, to make this work, you need to include the objects that aren't included by default. If you're selecting specific fields from those objects (like location or network), make sure to include the full object first. Kindly refer to example given below:
You can retrieve only the location information for an IP address from the IP Security API in any of these languages:
By default, the API responds in English. You can change the response language by passing the language code as a query parameter lang. Here is an example to get the geolocation data for IP adderss '2.56.188.34' in Chinese language:
1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 80,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_type": "VPN",
8 "proxy_provider": "Nord VPN",
9 "is_anonymous": true,
10 "is_known_attacker": true,
11 "is_spam": false,
12 "is_bot": false,
13 "is_cloud_provider": false,
14 "cloud_provider": ""
15 },
16 "location": {
17 "continent_code": "NA",
18 "continent_name": "北美洲",
19 "country_code2": "US",
20 "country_code3": "USA",
21 "country_name": "美国",
22 "country_name_official": "",
23 "country_capital": "",
24 "state_prov": "德克萨斯州",
25 "state_code": "US-TX",
26 "district": "達拉斯縣",
27 "city": "達拉斯縣",
28 "zipcode": "75207",
29 "latitude": "32.78916",
30 "longitude": "-96.82170",
31 "is_eu": false,
32 "country_flag": "https://ipgeolocation.io/static/flags/us_64.png",
33 "geoname_id": "7181768",
34 "country_emoji": "🇺🇸"
35 }
36}Note: Paid plan subscribers are the only ones who can receive responses in languages other than English. All other plans receive responses only in English.
The Bulk IP Security Lookup API allows you to retrieve security details for up to 50,000 IP addresses in a single request. It supports the same customization parameters as the Single IP Security Lookup API, enabling you to tailor the response to your needs. You can find the API endpoint and a sample JSON response below.
1[
2 {
3 "ip": "2.56.188.34",
4 "security": {
5 "threat_score": 75,
6 "is_tor": false,
7 "is_proxy": true,
8 "proxy_type": "VPN",
9 "proxy_provider": "Nord VPN",
10 "is_anonymous": true,
11 "is_known_attacker": true,
12 "is_spam": false,
13 "is_bot": false,
14 "is_cloud_provider": true,
15 "cloud_provider": "Packethub S.A."
16 },
17 "location": {
18 "city": "Los Angeles"
19 },
20 "network": {
21 "asn": {
22 "as_number": "AS62240"
23 }
24 }
25 },
26 {
27 "ip": "2.56.188.35",
28 "security": {
29 "threat_score": 75,
30 "is_tor": false,
31 "is_proxy": true,
32 "proxy_type": "VPN",
33 "proxy_provider": "Nord VPN",
34 "is_anonymous": true,
35 "is_known_attacker": true,
36 "is_spam": false,
37 "is_bot": false,
38 "is_cloud_provider": true,
39 "cloud_provider": "Packethub S.A."
40 },
41 "location": {
42 "city": "Los Angeles"
43 },
44 "network": {
45 "asn": {
46 "as_number": "AS62240"
47 }
48 }
49 }
50]| Field | Type | Description | Can be empty? |
|---|---|---|---|
| ip | string | IP address for which security data is required. | No |
| security.threat_score | integer | Represents the risk level associated with a specific IP address | No |
| security.is_tor | boolean | Shows if the IP is using the Tor network | No |
| security.is_proxy | boolean | Tells if the IP is coming through a proxy | No |
| security.proxy_type | string | Indicates the kind of proxy used(e.g. VPN, PROXY, RELAY, OPENVPN, WIREGUARD, PRIVATEVPN) | Yes |
| security.proxy_provider | string | Name of the detected proxy or VPN provider. | Yes |
| security.anonymous | boolean | Shows if the user is hiding their identity. | No |
| security.is_known_attacker | boolean | Flags if the IP is tied to known cyberattacks | No |
| security.is_spam | boolean | Tells if the IP is associated with spam activity. | No |
| security.is_bot | boolean | Indicates if the IP belongs to a bot. | No |
| security.is_cloud_provider | boolean | Flags if the IP comes from a cloud hosting service. | No |
| security.cloud_provider | string | Name of the cloud service. | Yes |
| location.country_name | string | The common name of the country | No |
| location.country_name_official | string | The official full name of the country | No |
| location.country_code2 | string | The two-letter ISO country code. | No |
| location.country_code3 | string | The three-letter ISO country code. | No |
| location.continent_name | string | The full name of the continent where the IP is located. | No |
| location.continent_code | string | A short code representing the continent where the IP is located. | No |
| location.state_prov | string | The name of the state or province within the country. | No |
| location.state_code | string | The code for the state or province. | No |
| location.country_capital | string | The capital city of the country. | No |
| location.city | string | The city associated with the IP address | Yes |
| location.district | string | The district associated with the IP address | Yes |
| location.zipcode | string | The postal or ZIP code of the location. | No |
| location.latitude | string | The latitude coordinate for the IP location. | No |
| location.longitude | string | The longitude coordinate for the IP location. | No |
| location.is_eu | boolean | Indicates if the IP location is within the European Union. | No |
| location.country_flag | string | A URL linking to an image of the country’s flag. | No |
| location.country_emoji | string | An emoji version of the country’s flag for visual use. | No |
| location.geoname_id | string | A unique ID from the GeoNames database that identifies the geographic location. | No |
| network.asn.as_number | string | The Autonomous System Number (ASN) assigned to the network that owns the IP. | No |
| network.asn.organization | string | The name of the organization or entity that owns or operates the ASN. | No |
| network.asn.country | string | The country where the ASN or its owning organization is registered. | No |
| network.company.name | string | The name of the company associated with the IP address. | No |
| network.company.type | string | The type or category of the company (e.g., ISP, hosting provider, enterprise). | No |
| network.company.domain | string | The official domain or website of the company. | No |
IP Security API returns HTTP status code 200 for a successful API request along with the response.
While, in case of a bad or invalid request, IP Security API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.
Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:
| HTTP Status | Description |
|---|---|
| 400 Bad Request | It is returned for one of the following reasons:
|
| 401 Unauthorized | It is returned for one of the following reasons:
|
| 404 Not Found | It is returned for one of the following reasons:
|
| 405 Method Not Allowed |
|
| 413 Content Too Large |
|
| 415 Unsupported Media Type |
|
| 423 Locked |
|
| 429 Too Many Requests | It is returned for one of the following reasons:
|
| 499 Client Closed Request |
|
| 5XX Server Side Error |
|