API GET
https://api.whoisfreaks.com/v1.0/security?apiKey=API_KEY&ip=8.8.8.8
The Security API delivers dependable VPN & proxy detection, pinpointing the anonymizer type and even naming the underlying proxy or cloud provider in one seamless check.
Our composite threat score rolls VPN/proxy use, Tor exit status, bot activity, spam history, and other risk signals into one decisive metric—enough to flag a suspicious IP instantly.
We provide the AS Number and organization details about an IP address which enables easier detection of service providers as well as potential malicious networks.
Use our Bulk Security Lookup endpoint to perform batch lookup of multiple IPs in one go. One request can have up to 100 IPs. Both IPv4 and IPv6 are supported.
{
"ips":[
"1.1.1.1",
"2.2.2.2",
"8.8.8.8"
]
}
Threat intelligence in the cyber domain refers to the process of collecting, analyzing, and interpreting data related to potential cyber threats. Today, organizations use this intelligence to anticipate attacks by transforming raw data into actionable insights that help protect against malicious actors. A threat intelligence system works much like a weather alert system—providing early warnings in the digital space. It enables organizations to identify threats in advance, understand the intent behind cyberattacks, and take proactive steps to strengthen their defenses.
Cyber threat intelligence works by systematically gathering and analyzing data from various sources to identify potential cyber threats and vulnerabilities. The process typically involves four key stages:
Overall, cyber threat intelligence turns raw information into actionable insights, helping organizations detect threats early, understand attack motives, and improve their security posture.
A proxy server acts as an intermediary between a user's device and the target website. When a user sends a request, it first goes to the proxy server, which then forwards the request to the destination site. The response from the website is sent back through the proxy and finally delivered to the user's device. While it masks the user's original IP address, it typically doesn’t encrypt the data being transmitted. Proxies are commonly used to bypass geo-restrictions or access region-specific content.
A VPN (Virtual Private Network) is a service that encrypts your internet traffic by creating a secure tunnel between your device and a remote server. This process hides your real IP address and routes your data through the VPN server, making it appear as if you're browsing from a different location. Unlike a proxy, a VPN not only masks your IP and changes your virtual location but also ensures your online activity and sensitive data remain private and protected from prying eyes, offering a higher level of anonymity and security.
Tor (The Onion Router) is an open-source network designed to enhance online privacy by offering multiple layers of anonymity. It works by encrypting user requests in several layers and routing them through a random sequence of volunteer-operated servers known as nodes. This process hides the user's original IP address and makes it extremely difficult to trace the origin and destination of the traffic. The layered encryption—similar to the layers of an onion—ensures strong anonymity, making Tor a popular choice for users seeking to keep their online activities private.
TOR differs from VPNs and proxies primarily in how it routes and protects your internet traffic. TOR uses multiple layers of encryption and sends your data through a series of volunteer-run nodes, making it very difficult to trace the origin or destination of your traffic. This multi-hop design provides strong anonymity but can slow down browsing speeds.
In contrast, VPNs route your traffic through a single encrypted tunnel to a trusted server, masking your IP address and encrypting your data, which offers both privacy and better speed than TOR. Proxies simply act as intermediaries that forward your requests but usually don’t encrypt your data, offering less privacy and security.
Overall, TOR emphasizes anonymity through layered routing and encryption, VPNs focus on privacy and secure connections with better performance, and proxies mainly provide IP masking without strong encryption.
Choose a proxy for basic IP masking, a VPN for secure and private internet use with decent performance, and TOR when anonymity is the top priority despite slower speeds.
A VPN provides significantly better security than a proxy because it encrypts all your internet traffic, protecting your data from interception and eavesdropping. This encryption ensures that your online activities and sensitive information remain private, even on unsecured networks like public Wi-Fi.
On the other hand, a proxy only masks your IP address by routing your traffic through an intermediary server but usually doesn’t encrypt your data. This means your information can still be exposed to hackers or surveillance.
In summary, if security and privacy are important, a VPN is the better choice over a proxy.
Many services offer VPN IP data, but ipgeolocation.io stands out by providing accurate and comprehensive information on VPN and proxy IPs, including details on spam, bots, TOR nodes, attackers, and anonymous IPs. The data is enriched with the names of proxy providers and cloud providers linked to each IP address. Additionally, it includes detailed location and network information, making it one of the most reliable sources for VPN and proxy data.
To check if an IP address is associated with a VPN or proxy, you can use specialized IP intelligence services or databases that track and categorize IP addresses. These services analyze various factors such as IP ownership, usage patterns, and known VPN or proxy provider ranges. When you submit an IP address to such a service, it compares the address against its updated lists of VPNs, proxies, TOR nodes, and other anonymizing networks.
Additionally, some methods include checking for unusual traffic behavior, repeated requests from the same IP in short intervals, or IP addresses registered to data centers rather than residential ISPs—common indicators of VPN or proxy use.
Using an API like the Security API from ipgeolocation.io can automate this process by providing real-time identification of VPN, proxy, and other suspicious IP addresses, helping you determine their status accurately and efficiently.
The Security API delivers comprehensive security information for a given IP address, including a threat score based on various security factors. It identifies whether the IP is a proxy and specifies the proxy type (such as VPN, PROXY, RELAY, OPENVPN, WIREGUARD, PRIVATEVPN). The API also provides details about the proxy provider, and flags if the IP is associated with TOR, bots, spam, anonymity, attackers, or cloud providers, along with the name of the cloud provider when applicable.
Yes, the Security API supports bulk IP lookups, allowing you to query up to 100 IP addresses in a single request. All IP addresses included in the batch will be counted toward your overall API usage.
The data in our Security API is updated daily, every 24 hours. We also offer downloadable databases that are refreshed weekly and monthly, giving you access to the most current security details.
We will provide 500 API credits to new users and yes, those credits have a rate-limiting of 10 requests per minute for Live APIs, 5 requests per minute for Bulk Domain Lookup, and 1 request per minute for Reverse/Historical Endpoints.
Yes, we have rate limiting on requests being made on all of our paid plans. The requests limit is shown in the following table.
The Table is divided into three types of plans:
| Credits | Live-rpm | Bulk-rpm | Historical/Reverse-rpm |
|---|---|---|---|
| 5000 | 20 | 8 | 3 |
| 15000 | 35 | 12 | 5 |
| 50000 | 80 | 20 | 10 |
| 150000 | 120 | 25 | 15 |
| 450000 | 150 | 35 | 20 |
| 1000000 | 200 | 50 | 25 |
| 3000000 | 300 | 70 | 35 |
| Credits | Live-rpm | Bulk-rpm | Historical/Reverse-rpm |
|---|---|---|---|
| 5000 | 20 | 8 | 3 |
| 15000 | 35 | 12 | 5 |
| 50000 | 80 | 20 | 10 |
| 150000 | 120 | 25 | 15 |
| 450000 | 150 | 35 | 20 |
| 1000000 | 200 | 50 | 25 |
| 3000000 | 300 | 70 | 35 |
In case, the request per minute exceeds, it'll throw an error with HTTP error code of 429.
Yes, there are following three header parameters in the response:
