Protect your application with instant IP risk intelligence. Our IP Security API detects VPNs, proxies (commercial and residential), relays, Tor exit nodes, bots, spam, hosting, and abusive IPs, and returns a dynamic Threat Score (0–100) with provider attribution, confidence scores, and last seen dates when available.
ip:"216.73.216.24",
security:Object,
threat_score:5,
is_tor:false,is_proxy:false,proxy_confidence_score:0,proxy_last_seen:"",is_residential_proxy:false,is_vpn:false,vpn_confidence_score:0,vpn_last_seen:"",is_relay:false,relay_provider_name:"",is_anonymous:false,is_known_attacker:false,is_bot:false,is_spam:false,is_cloud_provider:true,cloud_provider_name:"Amazon.com, Inc.",Our VPN and proxy detection API evaluates IP risk based on various parameters and returns a Threat Score from 0 to 100 along with key risk flags, confidence scores, and last seen dates when available. It classifies traffic as VPN, PROXY (including commercial and residential proxy networks), or RELAY, and returns the provider name when available. It also flags Tor exit nodes, bots, spam sources, anonymous connections, known attacker signals, and cloud-provider hosting, including the cloud provider name when detected. By using our VPN and proxy detection software, you can stop fraud at the edge by identifying high-risk anonymous and masked traffic before it reaches your application.
Our data-driven Threat Score aggregates telemetry from active honeypots, proprietary blocklists, VPN and proxy enumeration, and real-time behavioral analysis to produce a single risk score per IP.
curl -X GET 'https://api.ipgeolocation.io/v3/security?apiKey=API_KEY&ip=2.56.188.34'1{
2 "ip": "2.56.188.34",
3 "security": {
4 "threat_score": 80,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_provider_names": [
8 "Zyte Proxy"
9 ],
10 "proxy_confidence_score": 90,
11 "proxy_last_seen": "2025-12-12",
12 "is_residential_proxy": true,
13 "is_vpn": true,
14 "vpn_provider_names": [
15 "Nord VPN"
16 ],
17 "vpn_confidence_score": 99,
18 "vpn_last_seen": "2026-01-19",
19 "is_relay": false,
20 "relay_provider_name": "",
21 "is_anonymous": true,
22 "is_known_attacker": true,
23 "is_bot": false,
24 "is_spam": false,
25 "is_cloud_provider": true,
26 "cloud_provider_name": "Packethub S.A."
27 }
28}Standard proxy detection can miss abuse routed through residential proxy networks on consumer ISP connections. Our VPN and Proxy Detection API helps you identify both datacenter-hosted proxy traffic and residential proxy networks in the same API call by returning proxy provider attribution when available (for example, Evomi or Oxylabs) and a separate is_residential_proxy flag, so you can apply the right policy for each risk profile. This capability is critical for preventing account takeovers (ATO), credential stuffing, and ad fraud, where attackers deliberately blend in behind legitimate-looking ISP assignments.
The example shows an IP tied to an ISP in the network ownership details, yet our API still flags it as a PROXY because it is being routed through a proxy provider, as indicated by the provider name, and marks it as a residential proxy when applicable via is_residential_proxy.
curl -X GET 'https://api.ipgeolocation.io/v3/security?apiKey=API_KEY&ip=152.58.153.65'1{
2 "ip": "152.58.153.65",
3 "security": {
4 "threat_score": 45,
5 "is_tor": false,
6 "is_proxy": true,
7 "proxy_provider_names": [
8 "922 Proxy"
9 ],
10 "proxy_confidence_score": 99,
11 "proxy_last_seen": "2026-01-04",
12 "is_residential_proxy": true,
13 "is_vpn": false,
14 "vpn_provider_names": [],
15 "vpn_confidence_score": 0,
16 "vpn_last_seen": "",
17 "is_relay": false,
18 "relay_provider_name": "",
19 "is_anonymous": true,
20 "is_known_attacker": false,
21 "is_bot": false,
22 "is_spam": false,
23 "is_cloud_provider": false,
24 "cloud_provider_name": ""
25 }
26}Our IP Security API allows you to retrieve security details for up to 50,000 IPs at once using the bulk lookup feature. This powerful capability saves time and enables users to analyze large volumes of IP behavior patterns quickly and efficiently. Through bulk IP security lookups, organizations can detect VPN usage at scale, perform VPN checks, identify proxies, bots, and known attackers across large datasets, and automate threat detection workflows for real-time security monitoring.
Whether you're monitoring user activity, blocking suspicious traffic, or conducting cybersecurity audits, the bulk lookup API is built to support high-performance threat intelligence operations.
curl -X POST 'https://api.ipgeolocation.io/v3/security-bulk?apiKey=API_KEY' -H 'Content-Type: application/json' -d '{
"ips": ["1.0.0.0", "1.0.0.1", "1.0.0.2"]
}1[
2 {
3 "ip": "1.0.0.0",
4 "security": {
5 "threat_score": 5,
6 "is_tor": false,
7 "is_proxy": false,
8 "proxy_provider_names": [],
9 "proxy_confidence_score": 0,
10 "proxy_last_seen": "",
11 "is_residential_proxy": false,
12 "is_vpn": false,
13 "vpn_provider_names": [],
14 "vpn_confidence_score": 0,
15 "vpn_last_seen": "",
16 "is_relay": false,
17 "relay_provider_name": "",
18 "is_anonymous": false,
19 "is_known_attacker": false,
20 "is_bot": false,
21 "is_spam": false,
22 "is_cloud_provider": true,
23 "cloud_provider_name": "Cloudflare, Inc."
24 }
25 },
26 {
27 "ip": "1.0.0.1",
28 "security": {
29 "threat_score": 5,
30 "is_tor": false,
31 "is_proxy": false,
32 "proxy_provider_names": [],
33 "proxy_confidence_score": 0,
34 "proxy_last_seen": "",
35 "is_residential_proxy": false,
36 "is_vpn": false,
37 "vpn_provider_names": [],
38 "vpn_confidence_score": 0,
39 "vpn_last_seen": "",
40 "is_relay": false,
41 "relay_provider_name": "",
42 "is_anonymous": false,
43 "is_known_attacker": false,
44 "is_bot": false,
45 "is_spam": false,
46 "is_cloud_provider": true,
47 "cloud_provider_name": "Cloudflare, Inc."
48 }
49 },
50 {
51 "ip": "1.0.0.2",
52 "security": {
53 "threat_score": 5,
54 "is_tor": false,
55 "is_proxy": false,
56 "proxy_provider_names": [],
57 "proxy_confidence_score": 0,
58 "proxy_last_seen": "",
59 "is_residential_proxy": false,
60 "is_vpn": false,
61 "vpn_provider_names": [],
62 "vpn_confidence_score": 0,
63 "vpn_last_seen": "",
64 "is_relay": false,
65 "relay_provider_name": "",
66 "is_anonymous": false,
67 "is_known_attacker": false,
68 "is_bot": false,
69 "is_spam": false,
70 "is_cloud_provider": true,
71 "cloud_provider_name": "Cloudflare, Inc."
72 }
73 }
74]When a user attempts to log in, their IP address can be analyzed for threat level, proxy or VPN usage, and whether it is associated with known attackers, spam, or bots. Leveraging advanced VPN detection, this API stands out as one of the most reliable VPN detector services.
It plays a key role in controlling unauthorized logins and reducing the risk of multiple account creation. This use case is especially important for banking platforms, SaaS applications, and any user-based systems where security and identity integrity are paramount.
During the checkout process, the API works as a reliable proxy checker by analyzing the customer’s IP address. It can detect whether the IP is associated with a VPN, proxy, Tor, bot, spam, cloud provider, or shows a suspicious location mismatch. This helps prevent fraudulent transactions, such as fake orders or the use of stolen credit cards, protecting both your business and your customers.
Before allowing users to send messages or join live chats, you can leverage the API’s bot detection and threat analysis features to evaluate their IP address. This helps identify spammy behavior, anonymous access, or any history of malicious activity. It ensures a safer and more trustworthy environment for gaming platforms, community forums, and live chat applications.
At signup, you can check the visitor’s IP address for proxy or VPN usage, anonymity signals, and bot or spam flags before creating an account. This helps you block automated registrations that often lead to credential stuffing and promo misuse. This use case is especially useful for SaaS trials, marketplaces, and consumer apps where fake signups inflate costs and reduce trust.
By integrating IP intelligence at the edge, you can identify high-risk traffic patterns before they hit your servers. The API helps differentiate between legitimate human visitors and automated botnets or scrapers designed to overwhelm your infrastructure. This allows security teams to implement granular rate limiting and ensures that system resources remain available for genuine users while blocking attacks in real time.
Enrich every request with precise geolocation and real-time threat intelligence, delivered on a global edge with a 99.99% uptime SLA. Start free and scale when you’re ready.
Get the latest in geolocation tech, straight to your inbox.
