The proxy server is a bridge between user's device and destination website. The request first goes from user's device to that proxy server, then the server makes a request to the desired website, gets the response, and sends it back to the user's device. Usually, it does not provide sending or receiving data encryption. It only masks the user's original IP, so it is generally used to avoid geolocation based restrictions.

VPN (Virtual Private Network) is a service that encrypts a user's traffic by creating tunnel and routes it via remote server, masking user's original IP. This encryption saves user's online activity and sensitive data from being exposed on internet. Unlike a proxy, a VPN not only masks your IP and changes your location but also provides stronger anonymity and privacy.

Tor (The Onion Router) is an open-source web browsing network that provides multiple layers of anonymity to provide enhanced online privacy. In this network, user requests are encrypted in multiple layers and redirected through a series of routers called nodes, masking the original IP address. The multi-layered encryption and routing system creates anonymous traffic that becomes challenging to track down its source and destination points.

What is the key difference between Proxy, VPN and TOR?

Proxy: Routes the user's traffic via an intermediate remote server, providing IP masking and a modified location. VPN: In addition to IP masking, a VPN encrypts your data by transferring it through a secure tunnel. Thus, it offers more privacy by hiding your online activity from your ISP or network. TOR: Sends your encrypted traffic through multiple nodes, providing a high level of anonymity and making it difficult to trace the source and destination of the traffic.

IP Security API Documentation

Q: What is cyber threat intelligence?

Threat intelligence in the cyber domain represents the method of gathering, analyzing and understanding data regarding possible cyber attacks. Currently, organizations use data for threat forecasting while processing raw information into valuable insights that secure them against hackers. Threat intelligence system functions like a weather alert system in digital world. It helps organizations to detect threats before they appear, better understand the motives of attackers and take preventive measures.

Q: Is a VPN better than a proxy?

Yes VPN is better in terms of privacy than proxy. VPN routes user's traffic through remote sever while encrypting user's data, where as proxy usually does not encrypt the traffic. Proxy just routes traffic through intermediate server providing only IP masking and changed geolocaton.

Q: How to get Free VPN/Proxy IPs data?

There are many services providing VPN IPs data, but ipgeolocatio.io provides accurate and comprehensive VPN/proxy IPs data including spam, bot, tor, attacker, and anonymous IPs. The data is also enriched with the proxy provider name and the cloud provider name associated with each IP. Data also includes location and network details of IPs, making it one of the best VPN/proxy data.

Q: How to check if IP Address is VPN/Proxy?

You can check if particular IP is VPN or proxy by simply making request to the endpoint: [Endpoint]

Q: How can I get VPN/Proxy database?

You can access our comprehensive and accurate VPN database through our [DB Documentation].

Q: What information is included in IP Security API?

IP Security API provides detailed security data of provided IP including threat score(calculated from security attributes), is proxy, proxy type(e.g. VPN, PROXY, RELAY, OPENVPN, WIREGUARD, PRIVATEVPN), proxy provider name, tor, bot, spam, anonymous, attacker, is cloud provider, cloud provider name.

IP Security API

IP Security API provides detailed security information for a given IP address. It detects whether the IP is associated with a proxy, Tor node, or bot, and identifies the proxy type (e.g., VPN, PROXY, RELAY) along with its VPN/proxy service provider—making it a powerful VPN checker. The API also flags IPs involved in spam activities and checks if the IP is linked to a cloud provider, including the cloud provider’s name.

The IP Security API offers two endpoints for threat detection, supporting both single and bulk IP lookups.

Note: For client-side calls to the endpoints mentioned below using the Request Origin (available on paid plans only), the apiKey parameter can be omitted.

Single IP Security Lookup API

1. Lookup With IP

You can use the single IP lookup API to get security details of a given IP in both JSON and XML formats.The URL for this API is https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34 and its default JSON response is shown below:

Response

1{
2  "ip": "2.56.188.34",
3  "security": {
4    "threat_score": 75,
5    "is_tor": false,
6    "is_proxy": true,
7    "proxy_type": "VPN",
8    "proxy_provider": "Nord VPN",
9    "is_anonymous": true,
10    "is_known_attacker": true,
11    "is_spam": false,
12    "is_bot": false,
13    "is_cloud_provider": true,
14    "cloud_provider": "Packethub S.A."
15  }
16}

2. Lookup Without an IP

Without passing IP Address, API returns the security health details of the client device IP. You can perform this lookup using the following URL: https://api.ipgeolocation.io/v2/security?apiKey=API_KEY and its default JSON response is given below:

Response

1{
2  "ip": "207.244.89.161",
3  "security": {
4    "threat_score": 90,
5    "is_tor": false,
6    "is_proxy": true,
7    "proxy_type": "VPN",
8    "proxy_provider": "Vpnsurf VPN",
9    "is_anonymous": true,
10    "is_known_attacker": true,
11    "is_spam": true,
12    "is_bot": false,
13    "is_cloud_provider": false,
14    "cloud_provider": ""
15  }
16}

Parameters

You can use following parameters to customize the API response according to your requirements.

A. Including Data (include)

This parameter accepts multiple values: location, network, currency, time_zone, user_agent, country_metadata , hostname, liveHostname, hostnameFallbackLive

1. Combine IP Security with Geolocation

This parameter accepts two values: location and network. To retrieve security details along with geolocation data, set the include parameter to location like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location'

Response

1{
2  "ip": "2.56.188.34",
3  "security": {
4    "threat_score": 75,
5    "is_tor": false,
6    "is_proxy": true,
7    "proxy_type": "VPN",
8    "proxy_provider": "Nord VPN",
9    "is_anonymous": true,
10    "is_known_attacker": true,
11    "is_spam": false,
12    "is_bot": false,
13    "is_cloud_provider": true,
14    "cloud_provider": "Packethub S.A."
15  },
16  "location": {
17    "continent_code": "OC",
18    "continent_name": "Oceania",
19    "country_code2": "AU",
20    "country_code3": "AUS",
21    "country_name": "Australia",
22    "country_name_official": "Commonwealth of Australia",
23    "country_capital": "Canberra",
24    "state_prov": "Queensland",
25    "state_code": "AU-QLD",
26    "district": "",
27    "city": "Brisbane",
28    "zipcode": "4101",
29    "latitude": "-27.47306",
30    "longitude": "153.01421",
31    "is_eu": false,
32    "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
33    "geoname_id": "10113228",
34    "country_emoji": "🇦🇺"
35  }
36}

2. Combine IP Security with Network Details

To retrieve security details along with AS Number and network information, set the include parameter to network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=network'

Response

1{
2  "ip": "2.56.188.34",
3  "security": {
4    "threat_score": 75,
5    "is_tor": false,
6    "is_proxy": true,
7    "proxy_type": "VPN",
8    "proxy_provider": "Nord VPN",
9    "is_anonymous": true,
10    "is_known_attacker": true,
11    "is_spam": false,
12    "is_bot": false,
13    "is_cloud_provider": true,
14    "cloud_provider": "Packethub S.A."
15  },
16  "network": {
17    "asn": {
18      "as_number": "3640",
19      "organization": "C I C E S E",
20      "country": "MX"
21    },
22    "company": {
23      "name": "Packethub S.A.",
24    }
25  }
26}

3. Combine IP Security with Both Geolocation and Network details

For complete security insights, you can include both geolocation data and network information of an IP address. To do this, set the Include by separating them with a comma include=location,network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for these values given below:

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location,network'

Response

1{
2  "ip": "2.56.188.34",
3  "security": {
4    "threat_score": 75,
5    "is_tor": false,
6    "is_proxy": true,
7    "proxy_type": "VPN",
8    "proxy_provider": "Nord VPN",
9    "is_anonymous": true,
10    "is_known_attacker": true,
11    "is_spam": false,
12    "is_bot": false,
13    "is_cloud_provider": true,
14    "cloud_provider": "Packethub S.A."
15  },
16  "location": {
17    "continent_code": "OC",
18    "continent_name": "Oceania",
19    "country_code2": "AU",
20    "country_code3": "AUS",
21    "country_name": "Australia",
22    "country_name_official": "Commonwealth of Australia",
23    "country_capital": "Canberra",
24    "state_prov": "Queensland",
25    "state_code": "AU-QLD",
26    "district": "",
27    "city": "Brisbane",
28    "zipcode": "4101",
29    "latitude": "-27.47306",
30    "longitude": "153.01421",
31    "is_eu": false,
32    "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
33    "geoname_id": "10113228",
34    "country_emoji": "🇦🇺"
35  },
36  "network": {
37    "asn": {
38      "as_number": "3640",
39      "name": "C I C E S E",
40      "country": "MX"
41    },
42    "company": {
43      "name": "Packethub S.A.",
44    }
45  }
46}

4. Combine IP Security with Timezone details

Get actual time zone of particular IP along with its proxy details. For this you have to put “time_zone” keyword in include parameter like mentioned below. Time zone details are combined with default response.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=time_zone'

Response

1
2{
3  "ip": "2.56.188.34",
4  "security" : {
5    "threat_score" : 80,
6    "is_tor" : false,
7    "is_proxy" : true,
8    "proxy_type" : "VPN",
9    "proxy_provider" : "Nord VPN",
10    "is_anonymous" : true,
11    "is_known_attacker" : true,
12    "is_spam" : false,
13    "is_bot" : false,
14    "is_cloud_provider" : true,
15    "cloud_provider" : "Packethub S.A."
16  },
17  "time_zone" : {
18    "name" : "America/Chicago",
19    "offset" : -6,
20    "offset_with_dst" : -5,
21    "current_time" : "2025-05-14 06:22:30.204-0500",
22    "current_time_unix" : 1.747221750204E9,
23    "is_dst" : true,
24    "dst_savings" : 1,
25    "dst_exists" : true,
26    "dst_start" : {
27      "utc_time" : "2025-03-09 TIME 08",
28      "duration" : "+1H",
29      "gap" : true,
30      "date_time_after" : "2025-03-09 TIME 03",
31      "date_time_before" : "2025-03-09 TIME 02",
32      "overlap" : false
33    },
34    "dst_end" : {
35      "utc_time" : "2025-11-02 TIME 07",
36      "duration" : "-1H",
37      "gap" : false,
38      "date_time_after" : "2025-11-02 TIME 01",
39      "date_time_before" : "2025-11-02 TIME 02",
40      "overlap" : true
41    }
42  }
43}

5. Combine IP Security with User Agent

Get the user agent of client device along with its proxy details. For this you have to provide user_agent keyword in include parameter like mentioned below. User agent information is merged with default response.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=user_agent'

Response

1
2{
3  "ip": "2.56.188.34",
4  "security" : {
5    "threat_score" : 80,
6    "is_tor" : false,
7    "is_proxy" : true,
8    "proxy_type" : "VPN",
9    "proxy_provider" : "Nord VPN",
10    "is_anonymous" : true,
11    "is_known_attacker" : true,
12    "is_spam" : false,
13    "is_bot" : false,
14    "is_cloud_provider" : true,
15    "cloud_provider" : "Packethub S.A."
16  },
17"user_agent" : {
18    "user_agent_string" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0",
19    "name" : "Firefox",
20    "type" : "Browser",
21    "version" : "138.0",
22    "version_major" : "138",
23    "device" : {
24      "name" : "Linux Desktop",
25      "type" : "Desktop",
26      "brand" : "Unknown",
27      "cpu" : "Intel x86_64"
28    },
29    "engine" : {
30      "name" : "Gecko",
31      "type" : "Browser",
32      "version" : "138.0",
33      "version_major" : "138"
34    },
35    "operating_system" : {
36      "name" : "Ubuntu",
37      "type" : "Desktop",
38      "version" : "??",
39      "build" : "??",
40      "version_major" : "??"
41    }
42  }
43}

6. Combine IP Security with Currency details

Get the currency of particular IP along with its proxy details. For this you have to put “currency” keyword in include parameter like mentioned below. Currency details are combined with default response.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=currency'

Response

1
2{
3  "ip": "2.56.188.34",
4  "security" : {
5    "threat_score" : 80,
6    "is_tor" : false,
7    "is_proxy" : true,
8    "proxy_type" : "VPN",
9    "proxy_provider" : "Nord VPN",
10    "is_anonymous" : true,
11    "is_known_attacker" : true,
12    "is_spam" : false,
13    "is_bot" : false,
14    "is_cloud_provider" : true,
15    "cloud_provider" : "Packethub S.A."
16  },
17  "currency" : {
18    "code" : "USD",
19    "name" : "US Dollar",
20    "symbol" : "$"
21  }
22}

7. Combine IP Security with Country Metadata details

Get the country metadata of particular IP along with its proxy details. For this you have to put “country_metadata” keyword in include parameter like mentioned below. Country metadata details are combined with default response.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=country_metadata'

Response

1
2{
3  "ip": "2.56.188.34",
4  "security" : {
5    "threat_score" : 80,
6    "is_tor" : false,
7    "is_proxy" : true,
8    "proxy_type" : "VPN",
9    "proxy_provider" : "Nord VPN",
10    "is_anonymous" : true,
11    "is_known_attacker" : true,
12    "is_spam" : false,
13    "is_bot" : false,
14    "is_cloud_provider" : true,
15    "cloud_provider" : "Packethub S.A."
16  },
17  "country_metadata" : {
18    "tld" : ".us",
19    "languages" : ["en-US", "es-US", "haw", "fr"],
20    "calling_code" : "+1"
21  }
22}

8. Combine IP Security with Hostname

You can also retrieve the hostname associated with an IP address by providing one of the following values in the include parameter:

hostname – Queries only the latest local database.
liveHostname – Performs a live hostname lookup only.
hostnameFallbackLive – First checks the local database, then falls back to a live lookup if no result is found.

If the hostname cannot be resolved, the queried IP address will be returned in the hostname field.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=195.154.221.54&include=hostname'

Response

1{
2"ip" : "195.154.221.54",
3 "hostname" : "195-154-221-54.rev.poneytelecom.eu",
4 "security" : {
5    "threat_score" : 50,
6    "is_tor" : false,
7    "is_proxy" : true,
8    "proxy_type" : "openvpn",
9    "proxy_provider" : "Keep Solid VPN",
10    "is_anonymous" : true,
11    "is_known_attacker" : false,
12    "is_spam" : false,
13    "is_bot" : false,
14    "is_cloud_provider" : true,
15    "cloud_provider" : "Scaleway"
16  }
17}

9. Combine IP Security with all fields

To retrieve a complete and detailed response from the API, you need to explicitly include all of the following fields in the include parameter:
`location`, `network`, `currency`, `time_zone`, `user_agent`, `country_metadata`, `hostname`
Each of these fields provides a specific layer of information, and combining them with security details ensures you receive the full scope of security data.

Here's how you can do it

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=195.154.221.54&include=location,network,currency,time_zone,user_agent,country_metadata,hostname'

Response

1{
2  "ip" : "195.154.221.54",
3  "hostname" : "195-154-221-54.rev.poneytelecom.eu",
4    "security" : {
5    "threat_score" : 50,
6    "is_tor" : false,
7    "is_proxy" : true,
8    "proxy_type" : "openvpn",
9    "proxy_provider" : "Keep Solid VPN",
10    "is_anonymous" : true,
11    "is_known_attacker" : false,
12    "is_spam" : false,
13    "is_bot" : false,
14    "is_cloud_provider" : true,
15    "cloud_provider" : "Scaleway"
16  },
17  "location" : {
18    "district" : "8e Arrondissement",
19    "city" : "Paris",
20    "locality" : "Paris",
21    "zipcode" : "75008",
22    "latitude" : "48.87135",
23    "longitude" : "2.32115",
24    "continent_code" : "EU",
25    "continent_name" : "Europe",
26    "country_code2" : "FR",
27    "country_code3" : "FRA",
28    "country_name" : "France",
29    "country_name_official" : "Republic of France",
30    "country_capital" : "Paris",
31    "state_prov" : "Ile-de-France",
32    "state_code" : "FR-IDF",
33    "accuracy_radius" : "",
34    "dma_code" : "",
35    "is_eu" : true,
36    "country_flag" : "https://ipgeolocation.io/static/flags/fr_64.png",
37    "geoname_id" : "12535167",
38    "country_emoji" : "🇫🇷"
39  },
40  "country_metadata" : {
41    "tld" : ".fr",
42    "languages" : ["fr-FR", "frp", "br", "co", "ca", "eu", "oc"],
43    "calling_code" : "+33"
44  },
45  "network" : {
46    "asn" : {
47      "organization" : "SCALEWAY S.A.S.",
48      "country" : "FR",
49      "type" : "BUSINESS",
50      "domain" : "scaleway.com",
51      "rir" : "RIPE",
52      "as_number" : "AS12876",
53      "asn_name" : "AS12876",
54      "date_allocated" : "1999-12-20",
55      "allocation_status" : "allocated",
56      "num_of_ipv4_routes" : "16",
57      "num_of_ipv6_routes" : "5"
58    },
59    "company" : {
60      "name" : "Scaleway",
61      "type" : "",
62      "domain" : ""
63    },
64    "connection_type" : ""
65  },
66  "currency" : {
67    "code" : "EUR",
68    "name" : "Euro",
69    "symbol" : "€"
70  },
71  "time_zone" : {
72    "name" : "Europe/Paris",
73    "offset" : 1,
74    "offset_with_dst" : 2,
75    "current_time" : "2025-05-16 14:53:17.604+0200",
76    "current_time_unix" : 1.747399997604E9,
77    "is_dst" : true,
78    "dst_savings" : 1,
79    "dst_exists" : true,
80    "dst_start" : {
81      "utc_time" : "2025-03-30 TIME 01",
82      "duration" : "+1H",
83      "gap" : true,
84      "date_time_after" : "2025-03-30 TIME 03",
85      "date_time_before" : "2025-03-30 TIME 02",
86      "overlap" : false
87    },
88    "dst_end" : {
89      "utc_time" : "2025-10-26 TIME 01",
90      "duration" : "-1H",
91      "gap" : false,
92      "date_time_after" : "2025-10-26 TIME 02",
93      "date_time_before" : "2025-10-26 TIME 03",
94      "overlap" : true
95    }
96  },
97  "user_agent" : {
98    "user_agent_string" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0",
99    "name" : "Firefox",
100    "type" : "Browser",
101    "version" : "138.0",
102    "version_major" : "138",
103    "device" : {
104      "name" : "Linux Desktop",
105      "type" : "Desktop",
106      "brand" : "Unknown",
107      "cpu" : "Intel x86_64"
108    },
109    "engine" : {
110      "name" : "Gecko",
111      "type" : "Browser",
112      "version" : "138.0",
113      "version_major" : "138"
114    },
115    "operating_system" : {
116      "name" : "Ubuntu",
117      "type" : "Desktop",
118      "version" : "??",
119      "build" : "??",
120      "version_major" : "??"
121    }
122  }
123}

B. Excluding Fields (excludes)

You can exclude specific fields from the API response based on your requirements, except for the ip field, which is always included. For example, If you want to remove is_tor and is_cloud_provider from api response, you can put the keys in excludes parameter like this:

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&excludes=security.is_tor,security.is_cloud_provider'

Response

1{
2  "ip": "2.56.188.34",
3  "security": {
4    "threat_score": 75,
5    "is_proxy": true,
6    "proxy_type": "VPN",
7    "proxy_provider": "Nord VPN",
8    "is_anonymous": true,
9    "is_known_attacker": true,
10    "is_spam": false,
11    "is_bot": false,
12    "cloud_provider": "Packethub S.A."
13  }

This helps reduce payload size and tailors the response to your application’s needs.

C. Get Specific Fields (fields)

You can also retrieve only the specific fields you need from the geolocation and network details. To do this, use the fields parameter and specify the object and field names you want in the response. For example, if you only need threat_score, city and as_number in api response, you can put the keys in fields parameter, as demonstrated in the URL below. Please note that, to make this work, you need to include the objects that aren't included by default. If you're selecting specific fields from those objects (like location or network), make sure to include the full object first. Kindly refer to example given below:

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location,network&fields=security.threat_score,location.city,network.asn.as_number'

Response

1{
2  "ip": "2.56.188.34",
3  "security": {
4    "threat_score": 75
5  },
6  "location": {
7    "city": "Brisbane"
8  },
9  "network": {
10    "asn": {
11      "as_number": "AS62240"
12    }
13  }
14}

D. Response in Multiple Languages (lang)

You can retrieve only the location information for an IP address from the IP Security API in any of these languages:

English (en)
German (de)
Russian (ru)
Japanese (ja)
French (fr)
Chinese Simplified (cn)
Spanish (es)
Czech (cs)
Italian (it)
Korean (ko)
Persian (fa)
Portuguese (pt)

By default, the API responds in English. You can change the response language by passing the language code as a query parameter lang. Here is an example to get the geolocation data for IP adderss '2.56.188.34' in Chinese language:

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location&lang=cn'

Response

1{
2  "ip": "2.56.188.34",
3  "security": {
4    "threat_score": 80,
5    "is_tor": false,
6    "is_proxy": true,
7    "proxy_type": "VPN",
8    "proxy_provider": "Nord VPN",
9    "is_anonymous": true,
10    "is_known_attacker": true,
11    "is_spam": false,
12    "is_bot": false,
13    "is_cloud_provider": false,
14    "cloud_provider": ""
15  },
16  "location": {
17    "continent_code": "NA",
18    "continent_name": "北美洲",
19    "country_code2": "US",
20    "country_code3": "USA",
21    "country_name": "美国",
22    "country_name_official": "",
23    "country_capital": "",
24    "state_prov": "德克萨斯州",
25    "state_code": "US-TX",
26    "district": "達拉斯縣",
27    "city": "達拉斯縣",
28    "zipcode": "75207",
29    "latitude": "32.78916",
30    "longitude": "-96.82170",
31    "is_eu": false,
32    "country_flag": "https://ipgeolocation.io/static/flags/us_64.png",
33    "geoname_id": "7181768",
34    "country_emoji": "🇺🇸"
35  }
36}

Note: Paid plan subscribers are the only ones who can receive responses in languages other than English. All other plans receive responses only in English.

Bulk IP Security Lookup API

The Bulk IP Security Lookup API allows you to retrieve security details for up to 50,000 IP addresses in a single request. It supports the same customization parameters as the Single IP Security Lookup API, enabling you to tailor the response to your needs. You can find the API endpoint and a sample JSON response below.

Curl

Java

JQuery

Javascript

Node.js

PHP

Python

Swift

Ruby

curl -X POST 'https://api.ipgeolocation.io/v2/security-bulk?apiKey=API_KEY&include=location,network&fields=location.city,network.asn.as_number' \
-H 'Content-Type: application/json' \
-d '{ "ips": ["2.56.188.34", "2.56.188.35"] }'

Response

1[
2    {
3        "ip": "2.56.188.34",
4        "security": {
5            "threat_score": 75,
6            "is_tor": false,
7            "is_proxy": true,
8            "proxy_type": "VPN",
9            "proxy_provider": "Nord VPN",
10            "is_anonymous": true,
11            "is_known_attacker": true,
12            "is_spam": false,
13            "is_bot": false,
14            "is_cloud_provider": true,
15            "cloud_provider": "Packethub S.A."
16        },
17        "location": {
18            "city": "Los Angeles"
19        },
20        "network": {
21            "asn": {
22                "as_number": "AS62240"
23            }
24        }
25    },
26    {
27        "ip": "2.56.188.35",
28        "security": {
29            "threat_score": 75,
30            "is_tor": false,
31            "is_proxy": true,
32            "proxy_type": "VPN",
33            "proxy_provider": "Nord VPN",
34            "is_anonymous": true,
35            "is_known_attacker": true,
36            "is_spam": false,
37            "is_bot": false,
38            "is_cloud_provider": true,
39            "cloud_provider": "Packethub S.A."
40        },
41        "location": {
42            "city": "Los Angeles"
43        },
44        "network": {
45            "asn": {
46                "as_number": "AS62240"
47            }
48        }
49    }
50]

Reference to IPGeolocation API Response

Below, we provide separate tables for each JSON object in the response, listing all possible fields available across the security endpoint.

• Standalone fields reference

Field	Type	Description	Can be empty?
ip	string	IP address that is used to lookup security information.	No
hostname	string	Hostname of the IP address used to query IP Security API.	No

• `security` json object reference

Field	Type	Description	Can be empty?
threat_score	number	IP address’ threat score. It ranges from 0 to 100. 100 indicates highest threat and vice versa for lower score.	No
is_tor	boolean	Indicates if the IP address is being consumed on a Tor endpoint.	No
is_proxy	boolean	Indicates if the IP address belongs to a proxy network.	No
proxy_type	string	Type of the proxy network if the IP address belongs to a proxy network.	Yes
proxy_provider	string	Name of the proxy provider, if the IP address belongs to a proxy network.	Yes
is_anonymous	boolean	Indicates if the IP address is being used anonymously.	No
is_known_attacker	boolean	Indicates if the IP address is enlisted as an attacking IP address.	No
is_spam	boolean	Indicates if the IP address is enlisted as a spam IP address.	No
is_bot	boolean	Indicates if the IP address is enlisted as a bot IP address.	No
is_cloud_provider	boolean	Indicates if the IP address belongs to a cloud provider (computing infrastructure providers).	No
cloud_provider	boolean	Name of the Cloud Provider, if the IP address belongs to a cloud provider.	Yes

• `location` json object reference

Field	Type	Description	Can be empty?
continent_code	string	2-letter code of the continent.	No
continent_name	string	Name of the continent.	No
country_code2	string	Country code (ISO 3166-1 alpha-2) of the country.	No
country_code3	string	Country code (ISO 3166-1 alpha-3) of the country.	No
country_name	string	Name of the country.	No
country_name_official	string	Official name (ISO 3166) of the country.	No
country_capital	string	Name of the country’s capital.	No
state_prov	string	Name of the state/province/region.	Yes
state_code	string	Code of the state/province/region.	Yes
district	string	Name of the district or county.	Yes
city	string	Name of the city.	Yes
zipcode	string	ZIP/Postal code of the place.	Yes
latitude	string	Latitude of the place.	No
longitude	string	Longitude of the place.	No
is_eu	boolean	Is the country belong to European Union?	No
country_flag	string	URL to get the country flag.	No
geoname_id	string	Geoname ID of the place fromgeonames.org	Yes
country_emoji	string	Emoji of the Country flag.	Yes

• `network` json object reference

Field	Type	Description	Can be empty?
asn.as_number	string	Autonomous system number of the autonomous system, to which IP address belongs to.	Yes
asn.organization	string	Legal Full Name of AS organization holding the IP address.	Yes
asn.country	string	Name of the country, ASN is residing.	Yes
company.name	string	Name of the company/ISP holding the IP address.	No

• `currency` json object reference

Field	Type	Description	Can be empty?
code	string	Currency code (ISO 4217).	No
name	string	Currency name (ISO 4217).	No
symbol	string	Currency symbol.	No

• `country_metadata` json object reference

Field	Type	Description	Can be empty?
calling_code	string	Calling code/Dialing code of the country.	No
tld	string	Top Level Domain Name (TLD) of the country, which is also called ccTLD.	No
languages	list of strings	List of the languages’ codes, spoken in the country.	No

• `time_zone` json object reference

Field	Type	Description	Can be empty?
name	string	Name (ISO 8601) of the time zone.	No
offset	number	Time zone offset from UTC.	No
offset_with_dst	number	Time zone with DST offset from UTC.	No
current_time	string	Current time in ‘yyyy-MM-dd HH:mm:ss.SSS±ZZZ’ format.	No
current_time_unix	float	Current time in seconds since 1970.	No
is_dst	boolean	Is the time zone in daylight savings?	No
dst_savings	number	Total daylight savings.	No
dst_exists	boolean	Indicates whether Daylight Saving Time (DST) is observed in the region. If `true`, the `dst_start` and `dst_end` objects will include detailed DST transition information.	No
dst_start.utc_time	string	The date and time in UTC when DST begins.	No
dst_start.duration	string	The time change that occurs when DST starts.	No
dst_start.gap	boolean	Is there a gap when the clocks jump forward or not.	No
dst_start.date_time_after	string	The local date and time that immediately follows the start of DST.	No
dst_start.date_time_before	string	The local date and time immediately before DST begins.	No
dst_start.overlap	boolean	Whether there is an overlap of time due to clocks being set back when DST starts.	No
dst_end.utc_time	string	The date and time in UTC when DST ends.	No
dst_end.duration	string	The time change that occurs when DST ends.	No
dst_end.gap	boolean	Is there a gap when the clocks jump backward or not.	No
dst_end.date_time_after	string	The local date and time that immediately follows the ends of DST.	No
dst_end.date_time_before	string	The local date and time immediately before DST ends.	No
dst_end.overlap	boolean	Whether there is an overlap of time due to clocks being set back when DST ends.	No

• `user_agent` json object reference

Field	Type	Description	Can be empty?
user_agent_string	string	User-Agent string passed along with the query in the 'User-Agent' header.	No
name	string	User-Agent Name.	No
type	string	User-Agent Class.	No
version	string	User-Agent Version.	No
version_major	string	User-Agent Version Major.	No
device.name	string	Device Name.	No
device.type	string	Device Type.	No
device.brand	string	Device Brand.	No
device.cpu	string	Device CPU Model.	No
engine.name	string	Layout Engine Name	No
engine.type	string	Layout Engine Class	No
engine.version	string	Layout Engine Version.	No
engine.version_major	string	Layout Engine Version Major.	No
operating_system.name	string	Operating System Name.	No
operating_system.type	string	Operating System Class.	No
operating_system.version	string	Operating System Version.	No
operating_system.version_major	string	Operating System Version Major.	No
operating_system.build	string	Operating System Version Major.	No

Error Codes

IP Security API returns HTTP status code 200 for a successful API request along with the response.

While, in case of a bad or invalid request, IP Security API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.

Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:

HTTP Status	Description
400 Bad Request	It is returned for one of the following reasons: If the provided IPv4, IPv6 address, or domain name is invalid. If special character(s) ( ) [ ] { } \| ^ ` is passed in the API URL either as paramter or its value. Specially in case of API key. If the IP addresses JSON list is empty, or the provided JSON does not have 'ips' field while querying `/security-bulk` endpoint. If more than 50,000 IP addresses are provided while quering from `/security-bulk` endpoint.
401 Unauthorized	It is returned for one of the following reasons: If API key (as `apiKey` URL parameter) is missing from the request to IP Security API. If an invalid (a random value) API key is provided. If the API request is made from an unverified ipgeolocation.io account. If your account has been disabled or locked to use by the admin due to abuse or illegal activity. When the request to IP Security API is made using API key for a database subscription When the request to IP Security API is made on the 'paused' subscription. If you’re making API requests after your subscription trial has been expired. If your active until date has passed and you need to upgrade your account. If bulk IP to security look-ups endpoint is called using free subscription API key.
404 Not Found	It is returned for one of the following reasons: If the IPv4, IPv6, or domain name does not not exists in our database. If the IPv4, IPv6, or domain name is passed as a path variable, instead of url parameter as `ip=`. If the wrong endpoint is called, that does not exists in our API.
405 Method Not Allowed	If wrong HTTP request method is used for calling the endpoints. Only GET and POST methods are allowed. POST method for `/security-bulk` endpoint and GET method for `/security` endpoint requests.
413 Content Too Large	If the passed data in the POST requests is more than the limit of the API.
415 Unsupported Media Type	If the payload for IPs in `/security-bulk` endpoint is mising, or the content type is not mentioned as JSON.
423 Locked	If the passed IP address is from a bogon ip ranges, or is part of a private network.
429 Too Many Requests	It is returned for one of the following reasons: If the API usage limit has reached for the free subscriptions, or paid subscriptions with the status 'past due', 'deleted' or 'trial expired'. If the surcharge API usage limit has reached against the subscribed plan.
499 Client Closed Request	If the client has set the very short request or connection timeout, leading to the server closing the request prematurely.
5XX Server Side Error	If a `500` (Internal Server Error), `502` (Bad Gateway), `503` (Service Unavailable), `504` (Gateway Timeout), or `505` (HTTP Version Not Supported) status code is returned, it indicates an issue on our end. Please contact us with your request at support@ipgeolocation.io for further assistance.

API SDKs

To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.

Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:

Security API FAQs

What is cyber threat intelligence?

What is Proxy?

What is VPN?

What is TOR?

What are the differences between Proxy, VPN, and TOR?

Is a VPN better than a proxy?

How to get Free VPN/Proxy IPs data?

How to check if IP Address is VPN/Proxy?

How can I get VPN/Proxy database?

What information is included in IP Security API?

Does the IP Security API support batch IP address lookups?

How frequently is the Security data updated?

Can I get sample VPN/Proxy data to evaluate its quality?

Security API and Threat Intelligence

IP Security Lookup

Response

IP Security With Network Details

Request

Response

IP Security With Geolocation

Request

Response

Bulk IP Security Lookup

Request

Response in Multiple Languages

Use Cases

Login Protection

E-commerce Fraud Prevention

Real-Time Chat & Community Filtering

Location Based Restriction

AS Number Based Protection

Ready to get started?Get Started with IP Security API Today

API Documents

Database Docs

IP Security API Documentation

IP Security API

Single IP Security Lookup API

1. Lookup With IP

Response

2. Lookup Without an IP

Response

Parameters

A. Including Data (include)

1. Combine IP Security with Geolocation

Response

2. Combine IP Security with Network Details

Response

3. Combine IP Security with Both Geolocation and Network details

Response

4. Combine IP Security with Timezone details

Response

5. Combine IP Security with User Agent

Response

6. Combine IP Security with Currency details

Response

7. Combine IP Security with Country Metadata details

Response

8. Combine IP Security with Hostname

Response

9. Combine IP Security with all fields

Response

B. Excluding Fields (excludes)

Response

C. Get Specific Fields (fields)

Response

D. Response in Multiple Languages (lang)

Response

Bulk IP Security Lookup API

Response

Reference to IPGeolocation API Response

• Standalone fields reference

• security json object reference

• location json object reference

• network json object reference

• currency json object reference

• country_metadata json object reference

• time_zone json object reference

• user_agent json object reference

Error Codes

API SDKs

Security API FAQs

Table of Contents

• `security` json object reference

• `location` json object reference

• `network` json object reference

• `currency` json object reference

• `country_metadata` json object reference

• `time_zone` json object reference

• `user_agent` json object reference