IP Threat Detection
Check if an IP belongs to a VPN, proxy, Tor node, or datacenter
/v1/geo/ip-threat
curl "https://geo.toolkitapi.io/v1/geo/ip-threat?ip=185.220.101.1"
import httpx
resp = httpx.get(
"https://geo.toolkitapi.io/v1/geo/ip-threat?ip=185.220.101.1",
)
print(resp.json())
const resp = await fetch("https://geo.toolkitapi.io/v1/geo/ip-threat?ip=185.220.101.1", {
});
const data = await resp.json();
console.log(data);
# See curl example
{
"ip": "185.220.101.1",
"is_anonymous": true,
"is_anonymous_vpn": false,
"is_hosting_provider": false,
"is_public_proxy": false,
"is_residential_proxy": false,
"is_tor_exit_node": true,
"is_datacenter": false,
"threat_score": 40,
"asn": 205100,
"asn_name": "F3 Netze e.V."
}
Try It Live
Description
How to Use
1. Pass the IP address to check in the `ip` query parameter.
2. Send a GET request and inspect the boolean flags (`is_tor_exit_node`, `is_anonymous_vpn`, etc.).
3. Use the `threat_score` field (0–100) for quick risk triage — scores above 30 typically warrant additional verification.
4. Combine with the IP Geolocation Lookup endpoint for a complete risk profile including geographic context.
About This Tool
Use IP Threat Detection to determine whether a given IP address is associated with anonymisation services such as VPNs, public proxies, Tor exit nodes, residential proxies, or datacenter hosting. The endpoint returns boolean flags for each category plus a composite threat score from 0 (clean) to 100 (highest risk).
This is essential for fraud prevention, bot detection, and security workflows where you need to assess the trustworthiness of an incoming connection before processing a transaction or granting access.
The threat data is derived from MaxMind's Anonymous IP database combined with ASN-based datacenter heuristics.
Why Use This Tool
- Fraud prevention — Block or flag transactions from high-risk IPs
- Bot detection — Identify automated traffic from datacenter and proxy IPs
- Account security — Require additional verification for logins from anonymous networks
- Content protection — Restrict access to geo-fenced content when VPN usage is detected
- Compliance — Enforce sanctions screening by identifying traffic masking techniques
Frequently Asked Questions
How is the threat score calculated?
How often is the threat data updated?
Can clean IPs still have a non-zero threat score?
Start using IP Threat Detection now
Get your free API key and make your first request in under a minute.