.NET SDK · Feature

Detect VPN, Proxy & Tor in .NET

Q: How do I detect a VPN or proxy in C#?

Call await client.LookupAsync(ip) and read the SuspiciousFactors object. It has boolean properties IsVpn, IsProxy, IsTorNode, IsDatacenter, IsSpam, IsCrawler and IsThreat on every lookup, so no extra request is needed.

Q: How do I check if an IP is a Tor exit node?

Use await client.TorCheckAsync(ip). It returns IsTor and TorNodeCount, checked against the live Tor node list. The IsTorNode property on a normal lookup also covers this without a second call.

Q: Do I need a separate call to get VPN and proxy flags?

No. The SuspiciousFactors properties come back on every geolocation lookup at no extra cost, so a single LookupAsync(ip) gives you both location and threat signals. Use TorCheckAsync only when you want the explicit Tor node count.

Catch traffic that hides behind anonymizers. Every LookupAsync already returns the SuspiciousFactors properties for proxy, VPN, Tor, datacenter, spam, and crawler — and the dedicated TorCheckAsync method adds live Tor exit-node confirmation. No extra call, no extra cost per screen.

Get free API key .NET SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

Anonymizer detection, built into every lookup

Fraudsters, scrapers, and abusers routinely mask their real IP behind a VPN, an open proxy, the Tor network, or a cloud/datacenter host. ip-api.io maintains these lists in real time and returns a boolean for each on every IP lookup, so you can require step-up verification or block outright — without bolting on a separate service.

Prerequisites

A .NET 6+ project with IpApiIo added
A free ip-api.io API key

No dedicated call needed — the properties ride along with a normal LookupAsync.

var client = new IpApiClient(Environment.GetEnvironmentVariable("IP_API_IO_KEY")!);

var info = await client.LookupAsync("185.220.101.1");
var f = info.SuspiciousFactors;

Console.WriteLine(f.IsVpn);        // VPN service
Console.WriteLine(f.IsProxy);      // open / anonymizing proxy
Console.WriteLine(f.IsTorNode);    // Tor node
Console.WriteLine(f.IsDatacenter); // hosting / datacenter IP (often a bot)
Console.WriteLine(f.IsSpam);       // known spam source
Console.WriteLine(f.IsCrawler);    // known crawler / bot
Console.WriteLine(f.IsThreat);     // listed on a threat feed

if (f.IsVpn || f.IsProxy || f.IsTorNode)
{
    // require step-up verification (CAPTCHA, 2FA)
}

A dedicated check against the live Tor node list, with a count of matching nodes.

var tor = await client.TorCheckAsync("185.220.101.1");

Console.WriteLine(tor.IsTor);        // True
Console.WriteLine(tor.TorNodeCount); // number of matching Tor nodes

Want one number instead of flags? Risk scoring folds all of these signals into a single 0–100 score with RiskScoreAsync.

Reference

Response reference

`SuspiciousFactors` (all bool)

Property	Meaning
`IsProxy`	Open or anonymizing proxy
`IsVpn`	Commercial VPN endpoint
`IsTorNode`	Part of the Tor network
`IsDatacenter`	Hosting / datacenter range
`IsSpam`	Known spam source
`IsCrawler`	Known crawler / bot
`IsThreat`	Listed on a threat feed

`TorDetection` (from `TorCheckAsync`)

Property	Type	Description
`Ip`	string	The checked IP
`IsTor`	bool	Whether the IP is a Tor node
`TorNodeCount`	int	Matching nodes for the IP

FAQ

Frequently asked questions

How do I detect a VPN or proxy in C#?

Call await client.LookupAsync(ip) and read the SuspiciousFactors object. It has boolean properties IsVpn, IsProxy, IsTorNode, IsDatacenter, IsSpam, IsCrawler and IsThreat on every lookup, so no extra request is needed.

How do I check if an IP is a Tor exit node?

Use await client.TorCheckAsync(ip). It returns IsTor and TorNodeCount, checked against the live Tor node list. The IsTorNode property on a normal lookup also covers this without a second call.

Do I need a separate call to get VPN and proxy flags?

No. The SuspiciousFactors properties come back on every geolocation lookup at no extra cost, so a single LookupAsync(ip) gives you both location and threat signals. Use TorCheckAsync only when you want the explicit Tor node count.

Should I block all VPN and proxy traffic?

Not necessarily — many legitimate users use VPNs. A common pattern is to require step-up verification when IsVpn, IsProxy or IsTorNode is true, and reserve hard blocks for IsThreat. For a single decision, use the risk score.

Start building with the ip-api.io .NET SDK

Run dotnet add package IpApiIo, drop in your free API key, and ship in minutes — one async client for geolocation, fraud detection, and email validation.

Get free API key .NET SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The IpApiIo package is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Detect VPN, Proxy & Tor in .NET

Anonymizer detection, built into every lookup

Prerequisites

Read `SuspiciousFactors` on any lookup

Confirm a Tor exit node with `TorCheckAsync`

Response reference

`SuspiciousFactors` (all bool)

`TorDetection` (from `TorCheckAsync`)

Frequently asked questions

Start building with the ip-api.io .NET SDK

Need support?

Found a bug in the SDK?

Detect VPN, Proxy & Tor in .NET

Anonymizer detection, built into every lookup

Prerequisites

Read SuspiciousFactors on any lookup

Confirm a Tor exit node with TorCheckAsync

Response reference

SuspiciousFactors (all bool)

TorDetection (from TorCheckAsync)

Frequently asked questions

Keep exploring

Start building with the ip-api.io .NET SDK

Need support?

Found a bug in the SDK?

Read `SuspiciousFactors` on any lookup

Confirm a Tor exit node with `TorCheckAsync`

`SuspiciousFactors` (all bool)

`TorDetection` (from `TorCheckAsync`)