VPN & Proxy Detection
Detect if an IP address belongs to a VPN, proxy, Tor exit node, or hosting provider. Returns threat scores and fraud indicators for fraud prevention, risk assessment, and bot detection.
Overview
Use Cases
- Fraud prevention in e-commerce and fintech
- Risk scoring for user authentication
- Bot and crawler detection
- Compliance and regulatory requirements
- Content access restrictions (geo-blocking circumvention)
Features
VPN provider detection
Public and web proxy detection
Tor exit node identification
Data-center and hosting provider detection
Threat level scoring
Fraud score (0-100) based on IP2Proxy database
Autonomous System (ASN) organization lookup
API Endpoints
Check IP Address
Analyze an IP address to determine if it's a VPN, proxy, Tor exit node, or hosting provider. Returns detailed threat indicators and scores.
GET
https://api.requiems.xyz/v1/tech/ip/vpn/{ip}
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| ip | string |
Required | The IP address to check (supports IPv4 and IPv6) |
Try it out
Live DemoRequest
The IP address to check (supports IPv4 and IPv6)
Sending request...
Response Fields
| Field | Type | Description |
|---|---|---|
| ip | string |
The analyzed IP address |
| is_vpn | boolean |
True when the IP belongs to a known VPN provider |
| is_proxy | boolean |
True when the IP is a known public or web proxy |
| is_tor | boolean |
True when the IP is a known Tor exit node |
| is_hosting | boolean |
True when the IP belongs to a data-centre or hosting provider (DCH) |
| score | integer |
Raw threat score (0-9+). Tor contributes 3, VPN or Proxy each contribute 2, Hosting contributes 1 |
| threat | integer |
Threat level derived from score: 0 = None, 1 = Low, 2β3 = Medium, 4β5 = High, 6+ = Critical |
| fraud_score | integer |
Fraud risk score from 0 (no risk) to 100 (high risk). Available when using IP2Proxy PX5 or higher |
| asn_org | string |
Organization name owning the Autonomous System containing the IP (e.g. "DIGITALOCEAN-ASN") |
Code Examples
curl "https://api.requiems.xyz/v1/tech/ip/vpn/8.8.8.8" \
-H "requiems-api-key: YOUR_API_KEY"import requests
url = "https://api.requiems.xyz/v1/tech/ip/vpn/8.8.8.8"
headers = {"requiems-api-key": "YOUR_API_KEY"}
response = requests.get(url, headers=headers)
print(response.json())const response = await fetch('https://api.requiems.xyz/v1/tech/ip/vpn/8.8.8.8', {
headers: { 'requiems-api-key': 'YOUR_API_KEY' }
});
const data = await response.json();
console.log(data.data.is_vpn, data.data.threat);require 'net/http'
uri = URI('https://api.requiems.xyz/v1/tech/ip/vpn/8.8.8.8')
request = Net::HTTP::Get.new(uri)
request['requiems-api-key'] = 'YOUR_API_KEY'
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end
puts JSON.parse(response.body)Error Responses
bad_request
The IP address is missing or invalid
internal_error
Unexpected server error
Frequently Asked Questions
The API uses the IP2Proxy database for VPN, proxy, Tor, and hosting detection. ASN information is retrieved from a separate MaxMind ASN database.
The score is calculated as: Tor (+3), VPN (+2), Proxy (+2), Hosting (+1). The threat level is derived from this: 0=None, 1=Low, 2-3=Medium, 4-5=High, 6+=Critical.
The fraud_score is only available when using IP2Proxy database tier PX5 or higher. Lower tiers return 0, indicating the value is unavailable for the current database.
Yes, both IPv4 and IPv6 addresses are fully supported.