Paste a list of IP addresses and instantly get geolocation, VPN detection, proxy flagging, Tor node identification, and threat intelligence for every IP. One API call. JSON results. No sign-up required.
Enter IP addresses — one per line or comma-separated
Each IP in your batch is analyzed across geolocation, threat intelligence, and network classification — concurrently, in milliseconds.
Submit up to 100 IP addresses in a single API call. Duplicates are automatically removed — you only pay for unique IPs processed.
IPs are processed concurrently — a batch of 100 completes in the same time as a single lookup. Cached results return in under 50ms.
Identifies HTTP, HTTPS, and SOCKS proxies including transparent, anonymous, and elite proxy types. 99.5% accuracy, under 0.1% false positive rate.
Detects commercial VPN providers, corporate VPN gateways, and self-hosted VPN servers. Coverage across 2,000+ VPN providers and 50M+ IP ranges.
Country at 99.8% accuracy, city-level at 85–95%. Returns country, city, region, coordinates, ZIP code, timezone, and real-time local time.
Real-time Tor exit node identification from official consensus data. Threat intelligence from 50+ global feeds — malware C&C, botnets, DDoS sources.
Integrate batch IP intelligence directly into your application. A single POST request returns geolocation and security data for up to 100 IPs.
https://ip-api.io/api/v1/ip/batch
?api_key=YOUR_KEY
Accepts a JSON array of IP addresses. Processes all IPs concurrently and returns a results map keyed by IP. API key is optional — anonymous requests are rate-limited by your IP address.
{
"ips": [
"8.8.8.8",
"1.1.1.1",
"203.0.113.195"
]
}{
"results": {
"8.8.8.8": {
"ip": "8.8.8.8",
"suspicious_factors": {
"is_proxy": false,
"is_tor_node": false,
"is_spam": false,
"is_crawler": false,
"is_datacenter": true,
"is_vpn": false,
"is_threat": false
},
"location": {
"country": "United States",
"country_code": "US",
"city": "Mountain View",
"latitude": 37.4056,
"longitude": -122.0775,
"zip": "94043",
"timezone": "America/Los_Angeles",
"local_time": "2024-01-15T10:30:00-08:00",
"local_time_unix": 1705340400,
"is_daylight_savings": false
}
}
},
"total_processed": 3,
"successful_lookups": 3,
"failed_lookups": 0
}results
Map of IP → full intelligence object (geolocation + security flags)
total_processed
Number of unique IPs that were processed
successful_lookups
IPs that returned a geolocation result
failed_lookups
IPs that could not be resolved (private ranges, etc.)
suspicious_factors
Security flags: is_proxy, is_vpn, is_tor_node, is_threat, is_spam, is_datacenter, is_crawler
location
Geolocation: country, city, coordinates, zip, timezone, local_time
curl -X POST "https://ip-api.io/api/v1/ip/batch?api_key=YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"ips": ["8.8.8.8", "1.1.1.1", "203.0.113.195"]}'const response = await fetch(
"https://ip-api.io/api/v1/ip/batch?api_key=YOUR_KEY",
{
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ ips: ["8.8.8.8", "1.1.1.1", "203.0.113.195"] })
}
);
const data = await response.json();
for (const [ip, info] of Object.entries(data.results)) {
const sf = info.suspicious_factors;
const risk = sf.is_proxy || sf.is_vpn || sf.is_tor_node || sf.is_threat;
console.log(`${ip}: ${info.location.country} — ${risk ? "RISK" : "Clean"}`);
}import requests
response = requests.post(
"https://ip-api.io/api/v1/ip/batch",
params={"api_key": "YOUR_KEY"},
json={"ips": ["8.8.8.8", "1.1.1.1", "203.0.113.195"]}
)
data = response.json()
for ip, info in data["results"].items():
sf = info["suspicious_factors"]
risk = sf["is_proxy"] or sf["is_vpn"] or sf["is_tor_node"] or sf["is_threat"]
country = info["location"].get("country", "Unknown")
print(f"{ip}: {country} — {'RISK' if risk else 'Clean'}")$ips = ["8.8.8.8", "1.1.1.1", "203.0.113.195"];
$ch = curl_init("https://ip-api.io/api/v1/ip/batch?api_key=YOUR_KEY");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(["ips" => $ips]));
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json"]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
foreach ($response["results"] as $ip => $info) {
$sf = $info["suspicious_factors"];
$risk = $sf["is_proxy"] || $sf["is_vpn"] || $sf["is_tor_node"] || $sf["is_threat"];
$country = $info["location"]["country"] ?? "Unknown";
echo "$ip: $country — " . ($risk ? "RISK" : "Clean") . "\n";
}require "net/http"
require "json"
require "uri"
uri = URI("https://ip-api.io/api/v1/ip/batch?api_key=YOUR_KEY")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request["Content-Type"] = "application/json"
request.body = { ips: ["8.8.8.8", "1.1.1.1", "203.0.113.195"] }.to_json
data = JSON.parse(http.request(request).body)
data["results"].each do |ip, info|
sf = info["suspicious_factors"]
risk = sf["is_proxy"] || sf["is_vpn"] || sf["is_tor_node"] || sf["is_threat"]
country = info.dig("location", "country") || "Unknown"
puts "#{ip}: #{country} — #{risk ? "RISK" : "Clean"}"
endStart using IP-API.io to make your website safer and more user-friendly. Keep out unwanted bots, show visitors content that's relevant to where they are, and spot risky IP addresses quickly. It's perfect for making online shopping more personal and keeping your site secure. Get started today with one of the plans!
Everything you need to know about bulk IP lookup.
You can look up up to 100 IP addresses per batch request. The interactive tool on this page
accepts one IP per line or comma-separated. For the API, send a JSON object with an
ips array containing up to 100 addresses in a single
POST to https://ip-api.io/api/v1/ip/batch.
No API key is required for basic use — the tool works immediately using IP-based rate limiting.
For higher limits and production use, add your API key as the api_key query
parameter: POST /api/v1/ip/batch?api_key=YOUR_KEY. Free and paid plans
are available; paid plans offer significantly higher rate limits and guaranteed SLAs.
For each IP address the batch returns full intelligence data: geolocation (country, city, region, latitude, longitude, ZIP code, timezone, local time), and security flags (proxy detection, VPN detection, Tor node identification, spam source, threat intelligence, datacenter classification). Results are returned as a JSON map keyed by IP address, along with batch statistics (total processed, successful, failed).
API credits are deducted only after a batch completes successfully — one credit per unique IP address. If the request fails, your quota is insufficient, or the service returns an error, no credits are charged. Duplicate IPs submitted in the same request are automatically deduplicated: submitting the same IP five times counts as one lookup.
Both IPv4 (e.g., 8.8.8.8) and IPv6
(e.g., 2001:4860:4860::8888) addresses are supported. Invalid IP formats
are rejected with HTTP 400 before any processing occurs — no credits are charged.
Private ranges (10.x.x.x, 192.168.x.x, etc.) are valid IP addresses and will be
processed, but may return limited geolocation data.
Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.
Contact SupportCustomize your experience with tailored plans that fit your IP security and geolocation needs.
Email Us