Detecting VPNs, Proxies, and Tor Exit Nodes via API

IP Intelligence

Why Anonymous Traffic Detection Matters

VPNs, proxies, and Tor exit nodes are legitimate privacy tools — but they're also used to bypass geo-restrictions, commit fraud, and abuse free-tier services. Detecting anonymous traffic lets you apply appropriate friction without blocking legitimate users.

VPN Detection

VPNs route traffic through a server in another location. Detection relies on:

  • ASN analysis — VPN providers have recognisable Autonomous System Numbers
  • IP reputation databases — known VPN exit IPs are tracked and flagged
  • Hostname patterns — hostnames like vpn-us-1.nordvpn.com are telltale

Proxy Detection

Open proxies and datacenter IPs (AWS, DigitalOcean, Vultr) are used for automated traffic. The API checks whether the IP belongs to a hosting provider rather than a residential or business ISP.

Tor Exit Node Detection

Tor exit node IPs are publicly listed by the Tor Project and updated regularly. The API checks against this list in real time.

API Usage

curl -X POST https://api.toolkitapi.io/v1/geo/ip-intelligence \
  -H "X-API-Key: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"ip": "198.51.100.1"}'
{
  "ip": "198.51.100.1",
  "country": "US",
  "city": "New York",
  "is_vpn": true,
  "is_proxy": false,
  "is_tor": false,
  "is_datacenter": true,
  "threat_score": 75,
  "isp": "NordVPN"
}

Risk-Based Responses

Rather than blocking all anonymous traffic, use the threat_score to apply graduated responses:

Score Suggested action
0–30 Allow
31–60 Add CAPTCHA or step-up auth
61–80 Require email verification
81–100 Block or manual review

This approach minimises false positives while deterring automated abuse.

Try it out

Browse Tools →

More from the Blog