Security API and Threat Intelligence

Detect proxy, VPN, and other threats with advanced cybersecurity solutions that deliver comprehensive cyber threat assessments. It analyzes the provided IP address to detect VPNs, proxies, and related technologies. The API calculates a threat score based on multiple attributes to reflect the overall risk level. It detects proxies, identifies their types (e.g., VPN, PROXY, RELAY), and reveals the VPN service provider.
The Security API also determines if the IP is linked to anonymous activity or associated with bot behavior. Additionally, the security data includes accurate geolocation details. This allows you to better protect your systems from malicious activities and region-based threats.

    • stringip:"18.97.14.89" ,
    • objectsecurity:Object,
      • numberthreat_score:5 ,
      • booleanis_tor:false ,
      • booleanis_proxy:false ,
      • stringproxy_type:"" ,
      • stringproxy_provider:"" ,
      • booleanis_anonymous:false ,
      • booleanis_known_attacker:false ,
      • booleanis_spam:false ,
      • booleanis_bot:false ,
      • booleanis_cloud_provider:true ,
      • stringcloud_provider:"Amazon Technologies Inc." ,
    • objectlocation:Object,
      • stringcontinent_code:"NA" ,
      • stringcontinent_name:"North America" ,
      • stringcountry_code2:"US" ,
      • stringcountry_code3:"USA" ,
      • stringcountry_name:"United States" ,
      • stringcountry_name_official:"United States of America" ,
      • stringcountry_capital:"Washington, D.C." ,
      • stringstate_prov:"Virginia" ,
      • stringstate_code:"US-VA" ,
      • stringdistrict:"Loudoun" ,
      • stringcity:"Ashburn" ,
      • stringzipcode:"20147" ,
      • stringlatitude:"39.05232" ,
      • stringlongitude:"-77.48270" ,
      • booleanis_eu:false ,
      • stringcountry_flag:"https://ipgeolocation.io/static/flags/us_64.png" ,
      • stringgeoname_id:"4744871" ,
      • stringcountry_emoji:"🇺🇸" ,
    • objectnetwork:Object,
      • objectasn:Object,
        • stringas_number:"AS14618" ,
        • stringorganization:"Amazon.com, Inc." ,
        • stringcountry:"US" ,
      • objectcompany:Object,
        • stringname:"Amazon Technologies Inc." ,

    IP Security Lookup

    This API provides a reliable proxy detection method, adding seamless VPN and proxy check capabilities. The threat score reflects the risk associated with the provided IP, ranging from 0 to 100. The API indicates whether the IP is a proxy, along with its provider, making it a powerful proxy detector tool. It also identifies if an IP address is a bot, uses Tor, sends spam, hides its identity, or performs attacks. Additionally, it shows whether the IP is linked to a cloud provider and includes the provider’s name. These features make the API a powerful and accurate proxy detection service.

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": true,
    14    "cloud_provider": "Packethub S.A."
    15  }

    IP Security With Network Details

    The API provides both the Autonomous System (AS) Number and organization details about the specified IP address. The API response provides network identification data about the IP address which enables easier detection of service providers as well as potential malicious networks.

    Enriching security data with AS number details helps detect risky patterns and supports proactive threat response. Blocking dangerous IP ranges, along with restricting access to IPs associated with specific AS numbers, organizations, or ISPs, helps enhance your cyber security posture.

    Request

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=network'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": true,
    14    "cloud_provider": "Packethub S.A."
    15  },
    16  "network": {
    17    "asn": {
    18      "as_number": "3640",
    19      "organization": "C I C E S E",
    20      "country": "MX"
    21    },
    22    "company": {
    23      "name": "Packethub S.A.",
    24    }
    25  }
    26}

    IP Security With Geolocation

    The geolocation information for the provided IP can also be included in the default response of the Security API. The geolocation data contains the country, state, city, and ZIP code, along with the latitude and longitude of the IP address. This cybersecurity intelligence helps identify region-specific threats and block high-risk IPs by location.

    Request

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": true,
    14    "cloud_provider": "Packethub S.A."
    15  },
    16  "location": {
    17    "continent_code": "OC",
    18    "continent_name": "Oceania",
    19    "country_code2": "AU",
    20    "country_code3": "AUS",
    21    "country_name": "Australia",
    22    "country_name_official": "Commonwealth of Australia",
    23    "country_capital": "Canberra",
    24    "state_prov": "Queensland",
    25    "state_code": "AU-QLD",
    26    "district": "",
    27    "city": "Brisbane",
    28    "zipcode": "4101",
    29    "latitude": "-27.47306",
    30    "longitude": "153.01421",
    31    "is_eu": false,
    32    "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
    33    "geoname_id": "10113228",
    34    "country_emoji": "🇦🇺"
    35  }
    36}

    Bulk IP Security Lookup

    Our IP Security API allows you to retrieve security details for up to 50,000 IPs at once using the bulk lookup feature. This powerful capability saves time and enables users to analyze large volumes of IP behavior patterns quickly and efficiently. Through bulk IP security lookups, organizations can detect VPN usage at scale, perform VPN checks, identify proxies, bots, and known attackers across large datasets, and automate threat detection workflows for real-time security monitoring.

    Whether you're monitoring user activity, blocking suspicious traffic, or conducting cybersecurity audits, the bulk lookup API is built to support high-performance threat intelligence operations.

    Request

    curl -X POST 'https://api.ipgeolocation.io/v2/security-bulk?apiKey=API_KEY' -H 'Content-Type: application/json' -d '{
      "ips": ["1.0.0.0", "1.0.0.1", "1.0.0.2"]
    }'

    Response in Multiple Languages

    You can retrieve the geolocation information for an IP address in the following languages:

    English FlagEnglishGerman FlagGermanRussian FlagRussianJapanese FlagJapaneseFrench FlagFrenchChinese Simplified FlagChinese SimplifiedSpanish FlagSpanishCzech FlagCzechItalian FlagItalianKorean FlagKoreanPersian FlagPersianPortuguese FlagPortuguese

    Use Cases

    Login Protection

    When a user attempts to log in, their IP address can be analyzed for threat level, proxy or VPN usage, and whether it is associated with known attackers, spam, or bots. Leveraging advanced VPN detection, this API stands out as one of the most reliable VPN detector services.

    It plays a key role in controlling unauthorized logins and reducing the risk of multiple account creation. This use case is especially important for banking platforms, SaaS applications, and any user-based systems where security and identity integrity are paramount.

    Login Protection image

    E-commerce Fraud Prevention

    During the checkout process, the API works as a reliable proxy checker by analyzing the customer’s IP address. It can detect whether the IP is associated with a VPN, proxy, Tor, bot, spam, cloud provider, or shows a suspicious location mismatch. This helps prevent fraudulent transactions, such as fake orders or the use of stolen credit cards, protecting both your business and your customers.

    Fraud Prevention image

    Real-Time Chat & Community Filtering

    Before allowing users to send messages or join live chats, you can leverage the API’s bot detection and threat analysis features to evaluate their IP address. This helps identify spammy behavior, anonymous access, or any history of malicious activity. It ensures a safer and more trustworthy environment for gaming platforms, community forums, and live chat applications.

    Chat Protection image

    Location Based Restriction

    Combining geolocation data with security analysis provides a more comprehensive defense against privacy and security threats. The combination of geolocation with IP address security features enables you to make stronger security decisions.The method proves useful in blocking specific regions that take part in harmful activities thus minimizing security threats.

    Location Based Restriction image

    AS Number Based Protection

    Our IP Security API not only provides the AS Number but also reveals the associated ASN organization and company name, along with detailed security insights and geolocation data. This empowers security teams to identify and block entire networks or specific organizations involved in malicious activity. It allows for broader, more accurate, and proactive threat mitigation through enhanced visibility and context.

    AS Number Based Protection image

    Ready to get started?Get Started with IP Security API Today

    IP Security API Documentation

    IP Security API

    IP Security API provides detailed security information for a given IP address. It detects whether the IP is associated with a proxy, Tor node, or bot, and identifies the proxy type (e.g., VPN, PROXY, RELAY) along with its VPN/proxy service provider—making it a powerful VPN checker. The API also flags IPs involved in spam activities and checks if the IP is linked to a cloud provider, including the cloud provider’s name.

    The IP Security API offers two endpoints for threat detection, supporting both single and bulk IP lookups.

    Note: For client-side calls to the endpoints mentioned below using the Request Origin (available on paid plans only), the apiKey parameter can be omitted.

    Single IP Security Lookup API

    1. Lookup With IP

    You can use the single IP lookup API to get security details of a given IP in both JSON and XML formats.The URL for this API is https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34 and its default JSON response is shown below:

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": true,
    14    "cloud_provider": "Packethub S.A."
    15  }
    16}

    2. Lookup Without an IP

    Without passing IP Address, API returns the security health details of the client device IP. You can perform this lookup using the following URL: https://api.ipgeolocation.io/v2/security?apiKey=API_KEY and its default JSON response is given below:

    Response

    1{
    2  "ip": "207.244.89.161",
    3  "security": {
    4    "threat_score": 90,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Vpnsurf VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": true,
    12    "is_bot": false,
    13    "is_cloud_provider": false,
    14    "cloud_provider": ""
    15  }
    16}

    Parameters

    You can use following parameters to customize the API response according to your requirements.

    A. Including Data (include)

    This parameter accepts multiple values: location, network, currency, time_zone, user_agent, country_metadata , hostname, liveHostname, hostnameFallbackLive

    1. Combine IP Security with Geolocation

    This parameter accepts two values: location and network. To retrieve security details along with geolocation data, set the include parameter to location like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": true,
    14    "cloud_provider": "Packethub S.A."
    15  },
    16  "location": {
    17    "continent_code": "OC",
    18    "continent_name": "Oceania",
    19    "country_code2": "AU",
    20    "country_code3": "AUS",
    21    "country_name": "Australia",
    22    "country_name_official": "Commonwealth of Australia",
    23    "country_capital": "Canberra",
    24    "state_prov": "Queensland",
    25    "state_code": "AU-QLD",
    26    "district": "",
    27    "city": "Brisbane",
    28    "zipcode": "4101",
    29    "latitude": "-27.47306",
    30    "longitude": "153.01421",
    31    "is_eu": false,
    32    "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
    33    "geoname_id": "10113228",
    34    "country_emoji": "🇦🇺"
    35  }
    36}

    2. Combine IP Security with Network Details

    To retrieve security details along with AS Number and network information, set the include parameter to network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=network'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": true,
    14    "cloud_provider": "Packethub S.A."
    15  },
    16  "network": {
    17    "asn": {
    18      "as_number": "3640",
    19      "organization": "C I C E S E",
    20      "country": "MX"
    21    },
    22    "company": {
    23      "name": "Packethub S.A.",
    24    }
    25  }
    26}

    3. Combine IP Security with Both Geolocation and Network details

    For complete security insights, you can include both geolocation data and network information of an IP address. To do this, set the Include by separating them with a comma include=location,network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for these values given below:

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location,network'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": true,
    14    "cloud_provider": "Packethub S.A."
    15  },
    16  "location": {
    17    "continent_code": "OC",
    18    "continent_name": "Oceania",
    19    "country_code2": "AU",
    20    "country_code3": "AUS",
    21    "country_name": "Australia",
    22    "country_name_official": "Commonwealth of Australia",
    23    "country_capital": "Canberra",
    24    "state_prov": "Queensland",
    25    "state_code": "AU-QLD",
    26    "district": "",
    27    "city": "Brisbane",
    28    "zipcode": "4101",
    29    "latitude": "-27.47306",
    30    "longitude": "153.01421",
    31    "is_eu": false,
    32    "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
    33    "geoname_id": "10113228",
    34    "country_emoji": "🇦🇺"
    35  },
    36  "network": {
    37    "asn": {
    38      "as_number": "3640",
    39      "name": "C I C E S E",
    40      "country": "MX"
    41    },
    42    "company": {
    43      "name": "Packethub S.A.",
    44    }
    45  }
    46}

    4. Combine IP Security with Timezone details

    Get actual time zone of particular IP along with its proxy details. For this you have to put “time_zone” keyword in include parameter like mentioned below. Time zone details are combined with default response.

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=time_zone'

    Response

    1
    2{
    3  "ip": "2.56.188.34",
    4  "security" : {
    5    "threat_score" : 80,
    6    "is_tor" : false,
    7    "is_proxy" : true,
    8    "proxy_type" : "VPN",
    9    "proxy_provider" : "Nord VPN",
    10    "is_anonymous" : true,
    11    "is_known_attacker" : true,
    12    "is_spam" : false,
    13    "is_bot" : false,
    14    "is_cloud_provider" : true,
    15    "cloud_provider" : "Packethub S.A."
    16  },
    17  "time_zone" : {
    18    "name" : "America/Chicago",
    19    "offset" : -6,
    20    "offset_with_dst" : -5,
    21    "current_time" : "2025-05-14 06:22:30.204-0500",
    22    "current_time_unix" : 1.747221750204E9,
    23    "is_dst" : true,
    24    "dst_savings" : 1,
    25    "dst_exists" : true,
    26    "dst_start" : {
    27      "utc_time" : "2025-03-09 TIME 08",
    28      "duration" : "+1H",
    29      "gap" : true,
    30      "date_time_after" : "2025-03-09 TIME 03",
    31      "date_time_before" : "2025-03-09 TIME 02",
    32      "overlap" : false
    33    },
    34    "dst_end" : {
    35      "utc_time" : "2025-11-02 TIME 07",
    36      "duration" : "-1H",
    37      "gap" : false,
    38      "date_time_after" : "2025-11-02 TIME 01",
    39      "date_time_before" : "2025-11-02 TIME 02",
    40      "overlap" : true
    41    }
    42  }
    43}

    5. Combine IP Security with User Agent

    Get the user agent of client device along with its proxy details. For this you have to provide user_agent keyword in include parameter like mentioned below. User agent information is merged with default response.

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=user_agent'

    Response

    1
    2{
    3  "ip": "2.56.188.34",
    4  "security" : {
    5    "threat_score" : 80,
    6    "is_tor" : false,
    7    "is_proxy" : true,
    8    "proxy_type" : "VPN",
    9    "proxy_provider" : "Nord VPN",
    10    "is_anonymous" : true,
    11    "is_known_attacker" : true,
    12    "is_spam" : false,
    13    "is_bot" : false,
    14    "is_cloud_provider" : true,
    15    "cloud_provider" : "Packethub S.A."
    16  },
    17"user_agent" : {
    18    "user_agent_string" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0",
    19    "name" : "Firefox",
    20    "type" : "Browser",
    21    "version" : "138.0",
    22    "version_major" : "138",
    23    "device" : {
    24      "name" : "Linux Desktop",
    25      "type" : "Desktop",
    26      "brand" : "Unknown",
    27      "cpu" : "Intel x86_64"
    28    },
    29    "engine" : {
    30      "name" : "Gecko",
    31      "type" : "Browser",
    32      "version" : "138.0",
    33      "version_major" : "138"
    34    },
    35    "operating_system" : {
    36      "name" : "Ubuntu",
    37      "type" : "Desktop",
    38      "version" : "??",
    39      "build" : "??",
    40      "version_major" : "??"
    41    }
    42  }
    43}

    6. Combine IP Security with Currency details

    Get the currency of particular IP along with its proxy details. For this you have to put “currency” keyword in include parameter like mentioned below. Currency details are combined with default response.

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=currency'

    Response

    1
    2{
    3  "ip": "2.56.188.34",
    4  "security" : {
    5    "threat_score" : 80,
    6    "is_tor" : false,
    7    "is_proxy" : true,
    8    "proxy_type" : "VPN",
    9    "proxy_provider" : "Nord VPN",
    10    "is_anonymous" : true,
    11    "is_known_attacker" : true,
    12    "is_spam" : false,
    13    "is_bot" : false,
    14    "is_cloud_provider" : true,
    15    "cloud_provider" : "Packethub S.A."
    16  },
    17  "currency" : {
    18    "code" : "USD",
    19    "name" : "US Dollar",
    20    "symbol" : "$"
    21  }
    22}

    7. Combine IP Security with Country Metadata details

    Get the country metadata of particular IP along with its proxy details. For this you have to put “country_metadata” keyword in include parameter like mentioned below. Country metadata details are combined with default response.

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=country_metadata'

    Response

    1
    2{
    3  "ip": "2.56.188.34",
    4  "security" : {
    5    "threat_score" : 80,
    6    "is_tor" : false,
    7    "is_proxy" : true,
    8    "proxy_type" : "VPN",
    9    "proxy_provider" : "Nord VPN",
    10    "is_anonymous" : true,
    11    "is_known_attacker" : true,
    12    "is_spam" : false,
    13    "is_bot" : false,
    14    "is_cloud_provider" : true,
    15    "cloud_provider" : "Packethub S.A."
    16  },
    17  "country_metadata" : {
    18    "tld" : ".us",
    19    "languages" : ["en-US", "es-US", "haw", "fr"],
    20    "calling_code" : "+1"
    21  }
    22}

    8. Combine IP Security with Hostname

    You can also retrieve the hostname associated with an IP address by providing one of the following values in the include parameter:

    1. hostname – Queries only the latest local database.
    2. liveHostname – Performs a live hostname lookup only.
    3. hostnameFallbackLive – First checks the local database, then falls back to a live lookup if no result is found.

    If the hostname cannot be resolved, the queried IP address will be returned in the hostname field.

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=195.154.221.54&include=hostname'

    Response

    1{
    2"ip" : "195.154.221.54",
    3 "hostname" : "195-154-221-54.rev.poneytelecom.eu",
    4 "security" : {
    5    "threat_score" : 50,
    6    "is_tor" : false,
    7    "is_proxy" : true,
    8    "proxy_type" : "openvpn",
    9    "proxy_provider" : "Keep Solid VPN",
    10    "is_anonymous" : true,
    11    "is_known_attacker" : false,
    12    "is_spam" : false,
    13    "is_bot" : false,
    14    "is_cloud_provider" : true,
    15    "cloud_provider" : "Scaleway"
    16  }
    17}

    9. Combine IP Security with all fields

    To retrieve a complete and detailed response from the API, you need to explicitly include all of the following fields in the include parameter:
    `location`, `network`, `currency`, `time_zone`, `user_agent`, `country_metadata`, `hostname`
    Each of these fields provides a specific layer of information, and combining them with security details ensures you receive the full scope of security data.

    Here's how you can do it

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=195.154.221.54&include=location,network,currency,time_zone,user_agent,country_metadata,hostname'

    Response

    1{
    2  "ip" : "195.154.221.54",
    3  "hostname" : "195-154-221-54.rev.poneytelecom.eu",
    4    "security" : {
    5    "threat_score" : 50,
    6    "is_tor" : false,
    7    "is_proxy" : true,
    8    "proxy_type" : "openvpn",
    9    "proxy_provider" : "Keep Solid VPN",
    10    "is_anonymous" : true,
    11    "is_known_attacker" : false,
    12    "is_spam" : false,
    13    "is_bot" : false,
    14    "is_cloud_provider" : true,
    15    "cloud_provider" : "Scaleway"
    16  },
    17  "location" : {
    18    "district" : "8e Arrondissement",
    19    "city" : "Paris",
    20    "locality" : "Paris",
    21    "zipcode" : "75008",
    22    "latitude" : "48.87135",
    23    "longitude" : "2.32115",
    24    "continent_code" : "EU",
    25    "continent_name" : "Europe",
    26    "country_code2" : "FR",
    27    "country_code3" : "FRA",
    28    "country_name" : "France",
    29    "country_name_official" : "Republic of France",
    30    "country_capital" : "Paris",
    31    "state_prov" : "Ile-de-France",
    32    "state_code" : "FR-IDF",
    33    "accuracy_radius" : "",
    34    "dma_code" : "",
    35    "is_eu" : true,
    36    "country_flag" : "https://ipgeolocation.io/static/flags/fr_64.png",
    37    "geoname_id" : "12535167",
    38    "country_emoji" : "🇫🇷"
    39  },
    40  "country_metadata" : {
    41    "tld" : ".fr",
    42    "languages" : ["fr-FR", "frp", "br", "co", "ca", "eu", "oc"],
    43    "calling_code" : "+33"
    44  },
    45  "network" : {
    46    "asn" : {
    47      "organization" : "SCALEWAY S.A.S.",
    48      "country" : "FR",
    49      "type" : "BUSINESS",
    50      "domain" : "scaleway.com",
    51      "rir" : "RIPE",
    52      "as_number" : "AS12876",
    53      "asn_name" : "AS12876",
    54      "date_allocated" : "1999-12-20",
    55      "allocation_status" : "allocated",
    56      "num_of_ipv4_routes" : "16",
    57      "num_of_ipv6_routes" : "5"
    58    },
    59    "company" : {
    60      "name" : "Scaleway",
    61      "type" : "",
    62      "domain" : ""
    63    },
    64    "connection_type" : ""
    65  },
    66  "currency" : {
    67    "code" : "EUR",
    68    "name" : "Euro",
    69    "symbol" : "€"
    70  },
    71  "time_zone" : {
    72    "name" : "Europe/Paris",
    73    "offset" : 1,
    74    "offset_with_dst" : 2,
    75    "current_time" : "2025-05-16 14:53:17.604+0200",
    76    "current_time_unix" : 1.747399997604E9,
    77    "is_dst" : true,
    78    "dst_savings" : 1,
    79    "dst_exists" : true,
    80    "dst_start" : {
    81      "utc_time" : "2025-03-30 TIME 01",
    82      "duration" : "+1H",
    83      "gap" : true,
    84      "date_time_after" : "2025-03-30 TIME 03",
    85      "date_time_before" : "2025-03-30 TIME 02",
    86      "overlap" : false
    87    },
    88    "dst_end" : {
    89      "utc_time" : "2025-10-26 TIME 01",
    90      "duration" : "-1H",
    91      "gap" : false,
    92      "date_time_after" : "2025-10-26 TIME 02",
    93      "date_time_before" : "2025-10-26 TIME 03",
    94      "overlap" : true
    95    }
    96  },
    97  "user_agent" : {
    98    "user_agent_string" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0",
    99    "name" : "Firefox",
    100    "type" : "Browser",
    101    "version" : "138.0",
    102    "version_major" : "138",
    103    "device" : {
    104      "name" : "Linux Desktop",
    105      "type" : "Desktop",
    106      "brand" : "Unknown",
    107      "cpu" : "Intel x86_64"
    108    },
    109    "engine" : {
    110      "name" : "Gecko",
    111      "type" : "Browser",
    112      "version" : "138.0",
    113      "version_major" : "138"
    114    },
    115    "operating_system" : {
    116      "name" : "Ubuntu",
    117      "type" : "Desktop",
    118      "version" : "??",
    119      "build" : "??",
    120      "version_major" : "??"
    121    }
    122  }
    123}

    B. Excluding Fields (excludes)

    You can exclude specific fields from the API response based on your requirements, except for the ip field, which is always included. For example, If you want to remove is_tor and is_cloud_provider from api response, you can put the keys in excludes parameter like this:

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&excludes=security.is_tor,security.is_cloud_provider'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75,
    5    "is_proxy": true,
    6    "proxy_type": "VPN",
    7    "proxy_provider": "Nord VPN",
    8    "is_anonymous": true,
    9    "is_known_attacker": true,
    10    "is_spam": false,
    11    "is_bot": false,
    12    "cloud_provider": "Packethub S.A."
    13  }

    This helps reduce payload size and tailors the response to your application’s needs.

    C. Get Specific Fields (fields)

    You can also retrieve only the specific fields you need from the geolocation and network details. To do this, use the fields parameter and specify the object and field names you want in the response. For example, if you only need threat_score, city and as_number in api response, you can put the keys in fields parameter, as demonstrated in the URL below. Please note that, to make this work, you need to include the objects that aren't included by default. If you're selecting specific fields from those objects (like location or network), make sure to include the full object first. Kindly refer to example given below:

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location,network&fields=security.threat_score,location.city,network.asn.as_number'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 75
    5  },
    6  "location": {
    7    "city": "Brisbane"
    8  },
    9  "network": {
    10    "asn": {
    11      "as_number": "AS62240"
    12    }
    13  }
    14}

    D. Response in Multiple Languages (lang)

    You can retrieve only the location information for an IP address from the IP Security API in any of these languages:

    • English (en)
    • German (de)
    • Russian (ru)
    • Japanese (ja)
    • French (fr)
    • Chinese Simplified (cn)
    • Spanish (es)
    • Czech (cs)
    • Italian (it)
    • Korean (ko)
    • Persian (fa)
    • Portuguese (pt)

    By default, the API responds in English. You can change the response language by passing the language code as a query parameter lang. Here is an example to get the geolocation data for IP adderss '2.56.188.34' in Chinese language:

    curl -X GET 'https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34&include=location&lang=cn'

    Response

    1{
    2  "ip": "2.56.188.34",
    3  "security": {
    4    "threat_score": 80,
    5    "is_tor": false,
    6    "is_proxy": true,
    7    "proxy_type": "VPN",
    8    "proxy_provider": "Nord VPN",
    9    "is_anonymous": true,
    10    "is_known_attacker": true,
    11    "is_spam": false,
    12    "is_bot": false,
    13    "is_cloud_provider": false,
    14    "cloud_provider": ""
    15  },
    16  "location": {
    17    "continent_code": "NA",
    18    "continent_name": "北美洲",
    19    "country_code2": "US",
    20    "country_code3": "USA",
    21    "country_name": "美国",
    22    "country_name_official": "",
    23    "country_capital": "",
    24    "state_prov": "德克萨斯州",
    25    "state_code": "US-TX",
    26    "district": "達拉斯縣",
    27    "city": "達拉斯縣",
    28    "zipcode": "75207",
    29    "latitude": "32.78916",
    30    "longitude": "-96.82170",
    31    "is_eu": false,
    32    "country_flag": "https://ipgeolocation.io/static/flags/us_64.png",
    33    "geoname_id": "7181768",
    34    "country_emoji": "🇺🇸"
    35  }
    36}

    Note: Paid plan subscribers are the only ones who can receive responses in languages other than English. All other plans receive responses only in English.

    Bulk IP Security Lookup API

    The Bulk IP Security Lookup API allows you to retrieve security details for up to 50,000 IP addresses in a single request. It supports the same customization parameters as the Single IP Security Lookup API, enabling you to tailor the response to your needs. You can find the API endpoint and a sample JSON response below.

    curl -X POST 'https://api.ipgeolocation.io/v2/security-bulk?apiKey=API_KEY&include=location,network&fields=location.city,network.asn.as_number' \
    -H 'Content-Type: application/json' \
    -d '{ "ips": ["2.56.188.34", "2.56.188.35"] }'

    Response

    1[
    2    {
    3        "ip": "2.56.188.34",
    4        "security": {
    5            "threat_score": 75,
    6            "is_tor": false,
    7            "is_proxy": true,
    8            "proxy_type": "VPN",
    9            "proxy_provider": "Nord VPN",
    10            "is_anonymous": true,
    11            "is_known_attacker": true,
    12            "is_spam": false,
    13            "is_bot": false,
    14            "is_cloud_provider": true,
    15            "cloud_provider": "Packethub S.A."
    16        },
    17        "location": {
    18            "city": "Los Angeles"
    19        },
    20        "network": {
    21            "asn": {
    22                "as_number": "AS62240"
    23            }
    24        }
    25    },
    26    {
    27        "ip": "2.56.188.35",
    28        "security": {
    29            "threat_score": 75,
    30            "is_tor": false,
    31            "is_proxy": true,
    32            "proxy_type": "VPN",
    33            "proxy_provider": "Nord VPN",
    34            "is_anonymous": true,
    35            "is_known_attacker": true,
    36            "is_spam": false,
    37            "is_bot": false,
    38            "is_cloud_provider": true,
    39            "cloud_provider": "Packethub S.A."
    40        },
    41        "location": {
    42            "city": "Los Angeles"
    43        },
    44        "network": {
    45            "asn": {
    46                "as_number": "AS62240"
    47            }
    48        }
    49    }
    50]

    Reference to IPGeolocation API Response

    Below, we provide separate tables for each JSON object in the response, listing all possible fields available across the security endpoint.

    Standalone fields reference

    FieldTypeDescriptionCan be empty?
    ipstringIP address that is used to lookup security information.No
    hostnamestringHostname of the IP address used to query IP Security API.No

    security json object reference

    FieldTypeDescriptionCan be empty?
    threat_scorenumberIP address’ threat score. It ranges from 0 to 100. 100 indicates highest threat and vice versa for lower score.No
    is_torbooleanIndicates if the IP address is being consumed on a Tor endpoint.No
    is_proxybooleanIndicates if the IP address belongs to a proxy network.No
    proxy_typestringType of the proxy network if the IP address belongs to a proxy network.Yes
    proxy_providerstringName of the proxy provider, if the IP address belongs to a proxy network.Yes
    is_anonymousbooleanIndicates if the IP address is being used anonymously.No
    is_known_attackerbooleanIndicates if the IP address is enlisted as an attacking IP address.No
    is_spambooleanIndicates if the IP address is enlisted as a spam IP address.No
    is_botbooleanIndicates if the IP address is enlisted as a bot IP address.No
    is_cloud_providerbooleanIndicates if the IP address belongs to a cloud provider (computing infrastructure providers).No
    cloud_providerbooleanName of the Cloud Provider, if the IP address belongs to a cloud provider.Yes

    location json object reference

    FieldTypeDescriptionCan be empty?
    continent_codestring2-letter code of the continent.No
    continent_namestringName of the continent.No
    country_code2stringCountry code (ISO 3166-1 alpha-2) of the country.No
    country_code3stringCountry code (ISO 3166-1 alpha-3) of the country.No
    country_namestringName of the country.No
    country_name_officialstringOfficial name (ISO 3166) of the country.No
    country_capitalstringName of the country’s capital.No
    state_provstringName of the state/province/region.Yes
    state_codestringCode of the state/province/region.Yes
    districtstringName of the district or county.Yes
    citystringName of the city.Yes
    zipcodestringZIP/Postal code of the place.Yes
    latitudestringLatitude of the place.No
    longitudestringLongitude of the place.No
    is_eubooleanIs the country belong to European Union?No
    country_flagstringURL to get the country flag.No
    geoname_idstringGeoname ID of the place fromgeonames.orgYes
    country_emojistringEmoji of the Country flag.Yes

    network json object reference

    FieldTypeDescriptionCan be empty?
    asn.as_numberstringAutonomous system number of the autonomous system, to which IP address belongs to.Yes
    asn.organizationstringLegal Full Name of AS organization holding the IP address.Yes
    asn.countrystringName of the country, ASN is residing.Yes
    company.namestringName of the company/ISP holding the IP address.No

    currency json object reference

    FieldTypeDescriptionCan be empty?
    codestringCurrency code (ISO 4217).No
    namestringCurrency name (ISO 4217).No
    symbolstringCurrency symbol.No

    country_metadata json object reference

    FieldTypeDescriptionCan be empty?
    calling_codestringCalling code/Dialing code of the country.No
    tldstringTop Level Domain Name (TLD) of the country, which is also called ccTLD.No
    languageslist of stringsList of the languages’ codes, spoken in the country.No

    time_zone json object reference

    FieldTypeDescriptionCan be empty?
    namestringName (ISO 8601) of the time zone.No
    offsetnumberTime zone offset from UTC.No
    offset_with_dstnumberTime zone with DST offset from UTC.No
    current_timestringCurrent time in ‘yyyy-MM-dd HH:mm:ss.SSS±ZZZ’ format.No
    current_time_unixfloatCurrent time in seconds since 1970.No
    is_dstbooleanIs the time zone in daylight savings?No
    dst_savingsnumberTotal daylight savings.No
    dst_existsbooleanIndicates whether Daylight Saving Time (DST) is observed in the region. If true, the dst_start and dst_end objects will include detailed DST transition information.No
    dst_start.utc_timestringThe date and time in UTC when DST begins.No
    dst_start.durationstringThe time change that occurs when DST starts.No
    dst_start.gapbooleanIs there a gap when the clocks jump forward or not.No
    dst_start.date_time_afterstringThe local date and time that immediately follows the start of DST.No
    dst_start.date_time_beforestringThe local date and time immediately before DST begins.No
    dst_start.overlapbooleanWhether there is an overlap of time due to clocks being set back when DST starts.No
    dst_end.utc_timestringThe date and time in UTC when DST ends.No
    dst_end.durationstringThe time change that occurs when DST ends.No
    dst_end.gapbooleanIs there a gap when the clocks jump backward or not.No
    dst_end.date_time_afterstringThe local date and time that immediately follows the ends of DST.No
    dst_end.date_time_beforestringThe local date and time immediately before DST ends.No
    dst_end.overlapbooleanWhether there is an overlap of time due to clocks being set back when DST ends.No

    user_agent json object reference

    FieldTypeDescriptionCan be empty?
    user_agent_stringstringUser-Agent string passed along with the query in the 'User-Agent' header.No
    namestringUser-Agent Name.No
    typestringUser-Agent Class.No
    versionstringUser-Agent Version.No
    version_majorstringUser-Agent Version Major.No
    device.namestringDevice Name.No
    device.typestringDevice Type.No
    device.brandstringDevice Brand.No
    device.cpustringDevice CPU Model.No
    engine.namestringLayout Engine NameNo
    engine.typestringLayout Engine ClassNo
    engine.versionstringLayout Engine Version.No
    engine.version_majorstringLayout Engine Version Major.No
    operating_system.namestringOperating System Name.No
    operating_system.typestringOperating System Class.No
    operating_system.versionstringOperating System Version.No
    operating_system.version_majorstringOperating System Version Major.No
    operating_system.buildstringOperating System Version Major.No

    Error Codes

    IP Security API returns HTTP status code 200 for a successful API request along with the response.

    While, in case of a bad or invalid request, IP Security API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.

    Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:

    HTTP StatusDescription
    400
    Bad Request

    It is returned for one of the following reasons:

    • If the provided IPv4, IPv6 address, or domain name is invalid.

    • If special character(s) ( ) [ ] { } | ^ ` is passed in the API URL either as paramter or its value. Specially in case of API key.

    • If the IP addresses JSON list is empty, or the provided JSON does not have 'ips' field while querying /security-bulk endpoint.

    • If more than 50,000 IP addresses are provided while quering from /security-bulk endpoint.

    401
    Unauthorized

    It is returned for one of the following reasons:

    • If API key (as apiKey URL parameter) is missing from the request to IP Security API.

    • If an invalid (a random value) API key is provided.

    • If the API request is made from an unverified ipgeolocation.io account.

    • If your account has been disabled or locked to use by the admin due to abuse or illegal activity.

    • When the request to IP Security API is made using API key for a database subscription

    • When the request to IP Security API is made on the 'paused' subscription.

    • If you’re making API requests after your subscription trial has been expired.

    • If your active until date has passed and you need to upgrade your account.

    • If bulk IP to security look-ups endpoint is called using free subscription API key.

    404
    Not Found

    It is returned for one of the following reasons:

    • If the IPv4, IPv6, or domain name does not not exists in our database.

    • If the IPv4, IPv6, or domain name is passed as a path variable, instead of url parameter as ip=.

    • If the wrong endpoint is called, that does not exists in our API.

    405
    Method Not Allowed
    • If wrong HTTP request method is used for calling the endpoints. Only GET and POST methods are allowed. POST method for /security-bulk  endpoint and GET method for /security endpoint requests.

    413
    Content Too Large
    • If the passed data in the POST requests is more than the limit of the API.

    415
    Unsupported Media Type
    • If the payload for IPs in /security-bulk endpoint is mising, or the content type is not mentioned as JSON.

    423
    Locked
    • If the passed IP address is from a bogon ip ranges, or is part of a private network.

    429
    Too Many Requests

    It is returned for one of the following reasons:

    • If the API usage limit has reached for the free subscriptions, or paid subscriptions with the status 'past due', 'deleted' or 'trial expired'.

    • If the surcharge API usage limit has reached against the subscribed plan.

    499
    Client Closed Request
    • If the client has set the very short request or connection timeout, leading to the server closing the request prematurely.

    5XX
    Server Side Error
    • If a 500 (Internal Server Error), 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout), or 505 (HTTP Version Not Supported) status code is returned, it indicates an issue on our end. Please contact us with your request at support@ipgeolocation.io for further assistance.

    API SDKs

    To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.

    Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:

    Security API FAQs

    What is cyber threat intelligence?
    What is Proxy?
    What is VPN?
    What is TOR?
    What are the differences between Proxy, VPN, and TOR?
    Is a VPN better than a proxy?
    How to get Free VPN/Proxy IPs data?
    How to check if IP Address is VPN/Proxy?
    How can I get VPN/Proxy database?
    What information is included in IP Security API?
    Does the IP Security API support batch IP address lookups?
    How frequently is the Security data updated?
    Can I get sample VPN/Proxy data to evaluate its quality?