Go SDK · Feature

Detect VPN, Proxy & Tor in Go

Q: How do I detect a VPN or proxy in Go?

Call client.LookupIP(ctx, ip) and read the SuspiciousFactors struct. It has boolean fields IsVPN, IsProxy, IsTorNode, IsDatacenter, IsSpam, IsCrawler and IsThreat on every lookup, so no extra request is needed.

Q: How do I check if an IP is a Tor exit node?

Use client.TorCheck(ctx, ip). It returns IsTor and TorNodeCount, checked against the live Tor node list. The IsTorNode flag on a normal lookup also covers this without a second call.

Q: Do I need a separate call to get VPN and proxy flags?

No. The SuspiciousFactors flags come back on every geolocation lookup at no extra cost, so a single client.LookupIP(ctx, ip) gives you both location and threat signals. Use TorCheck only when you want the explicit Tor node count.

Catch traffic that hides behind anonymizers. Every LookupIP already returns the SuspiciousFactors flags for proxy, VPN, Tor, datacenter, spam, and crawler — and the dedicated TorCheck method adds live Tor exit-node confirmation. No extra call, no extra cost per screen.

Get free API key Go SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

Anonymizer detection, built into every lookup

Fraudsters, scrapers, and abusers routinely mask their real IP behind a VPN, an open proxy, the Tor network, or a cloud/datacenter host. ip-api.io maintains these lists in real time and returns a boolean for each on every IP lookup, so you can require step-up verification or block outright — without bolting on a separate service.

Prerequisites

Go 1.21+ with ipapi-go installed
A free ip-api.io API key

No dedicated call needed — the flags ride along with a normal LookupIP.

client := ipapi.NewClient(ipapi.WithAPIKey(os.Getenv("IP_API_IO_KEY")))
ctx := context.Background()

info, err := client.LookupIP(ctx, "185.220.101.1")
if err != nil {
	log.Fatal(err)
}
f := info.SuspiciousFactors

fmt.Println(f.IsVPN)         // VPN service
fmt.Println(f.IsProxy)       // open / anonymizing proxy
fmt.Println(f.IsTorNode)     // Tor node
fmt.Println(f.IsDatacenter)  // hosting / datacenter IP (often a bot)
fmt.Println(f.IsSpam)        // known spam source
fmt.Println(f.IsCrawler)     // known crawler / bot
fmt.Println(f.IsThreat)      // listed on a threat feed

if f.IsVPN || f.IsProxy || f.IsTorNode {
	// require step-up verification (CAPTCHA, 2FA)
}

A dedicated check against the live Tor node list, with a count of matching nodes.

tor, _ := client.TorCheck(ctx, "185.220.101.1")

fmt.Println(tor.IsTor)        // true
fmt.Println(tor.TorNodeCount) // number of matching Tor nodes

Want one number instead of flags? Risk scoring folds all of these signals into a single 0–100 score with RiskScoreIP.

Reference

Response reference

`SuspiciousFactors` (all bool)

Field	Meaning
`IsProxy`	Open or anonymizing proxy
`IsVPN`	Commercial VPN endpoint
`IsTorNode`	Part of the Tor network
`IsDatacenter`	Hosting / datacenter range
`IsSpam`	Known spam source
`IsCrawler`	Known crawler / bot
`IsThreat`	Listed on a threat feed

`TorDetection` (from `TorCheck`)

Field	Type	Description
`IP`	string	The checked IP
`IsTor`	bool	Whether the IP is a Tor node
`TorNodeCount`	int	Matching nodes for the IP

FAQ

Frequently asked questions

How do I detect a VPN or proxy in Go?

Call client.LookupIP(ctx, ip) and read the SuspiciousFactors struct. It has boolean fields IsVPN, IsProxy, IsTorNode, IsDatacenter, IsSpam, IsCrawler and IsThreat on every lookup, so no extra request is needed.

How do I check if an IP is a Tor exit node?

Use client.TorCheck(ctx, ip). It returns IsTor and TorNodeCount, checked against the live Tor node list. The IsTorNode flag on a normal lookup also covers this without a second call.

Do I need a separate call to get VPN and proxy flags?

No. The SuspiciousFactors flags come back on every geolocation lookup at no extra cost, so a single client.LookupIP(ctx, ip) gives you both location and threat signals. Use TorCheck only when you want the explicit Tor node count.

Should I block all VPN and proxy traffic?

Not necessarily — many legitimate users use VPNs. A common pattern is to require step-up verification when IsVPN, IsProxy or IsTorNode is true, and reserve hard blocks for IsThreat. For a single decision, use the risk score.

Start building with the ip-api.io Go SDK

Run go get github.com/ip-api-io/ipapi-go, drop in your free API key, and ship in minutes — one typed, context-aware client for geolocation, fraud detection, and email validation.

Get free API key Go SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The ipapi-go module is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Detect VPN, Proxy & Tor in Go

Anonymizer detection, built into every lookup

Prerequisites

Read `SuspiciousFactors` on any lookup

Confirm a Tor exit node with `TorCheck`

Response reference

`SuspiciousFactors` (all bool)

`TorDetection` (from `TorCheck`)

Frequently asked questions

Start building with the ip-api.io Go SDK

Need support?

Found a bug in the SDK?

Detect VPN, Proxy & Tor in Go

Anonymizer detection, built into every lookup

Prerequisites

Read SuspiciousFactors on any lookup

Confirm a Tor exit node with TorCheck

Response reference

SuspiciousFactors (all bool)

TorDetection (from TorCheck)

Frequently asked questions

Keep exploring

Start building with the ip-api.io Go SDK

Need support?

Found a bug in the SDK?

Read `SuspiciousFactors` on any lookup

Confirm a Tor exit node with `TorCheck`

`SuspiciousFactors` (all bool)

`TorDetection` (from `TorCheck`)