Java SDK · Feature

Detect VPN, Proxy & Tor in Java

Q: How do I detect a VPN or proxy in Java?

Call client.lookup(ip) and read the suspiciousFactors() record. It has boolean accessors isVpn(), isProxy(), isTorNode(), isDatacenter(), isSpam(), isCrawler() and isThreat() on every lookup, so no extra request is needed.

Q: How do I check if an IP is a Tor exit node?

Use client.torCheck(ip). It returns isTor() and torNodeCount(), checked against the live Tor node list. The isTorNode() accessor on a normal lookup also covers this without a second call.

Q: Do I need a separate call to get VPN and proxy flags?

No. The suspiciousFactors() accessors come back on every geolocation lookup at no extra cost, so a single client.lookup(ip) gives you both location and threat signals. Use torCheck only when you want the explicit Tor node count.

Catch traffic that hides behind anonymizers. Every lookup already returns the suspiciousFactors() accessors for proxy, VPN, Tor, datacenter, spam, and crawler — and the dedicated torCheck method adds live Tor exit-node confirmation. No extra call, no extra cost per screen.

Get free API key Java SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

Anonymizer detection, built into every lookup

Fraudsters, scrapers, and abusers routinely mask their real IP behind a VPN, an open proxy, the Tor network, or a cloud/datacenter host. ip-api.io maintains these lists in real time and returns a boolean for each on every IP lookup, so you can require step-up verification or block outright — without bolting on a separate service.

Prerequisites

A Java 17+ project with io.ip-api:ipapi added
A free ip-api.io API key

No dedicated call needed — the accessors ride along with a normal lookup.

IpApiClient client = IpApiClient.builder()
        .apiKey(System.getenv("IP_API_IO_KEY"))
        .build();

IpInfo info = client.lookup("185.220.101.1");
var f = info.suspiciousFactors();

System.out.println(f.isVpn());        // VPN service
System.out.println(f.isProxy());      // open / anonymizing proxy
System.out.println(f.isTorNode());    // Tor node
System.out.println(f.isDatacenter()); // hosting / datacenter IP (often a bot)
System.out.println(f.isSpam());       // known spam source
System.out.println(f.isCrawler());    // known crawler / bot
System.out.println(f.isThreat());     // listed on a threat feed

if (f.isVpn() || f.isProxy() || f.isTorNode()) {
    // require step-up verification (CAPTCHA, 2FA)
}

A dedicated check against the live Tor node list, with a count of matching nodes.

var tor = client.torCheck("185.220.101.1");

System.out.println(tor.isTor());        // true
System.out.println(tor.torNodeCount()); // number of matching Tor nodes

Want one number instead of flags? Risk scoring folds all of these signals into a single 0–100 score with riskScore(ip).

Reference

Response reference

`suspiciousFactors()` (all boolean)

Accessor	Meaning
`isProxy()`	Open or anonymizing proxy
`isVpn()`	Commercial VPN endpoint
`isTorNode()`	Part of the Tor network
`isDatacenter()`	Hosting / datacenter range
`isSpam()`	Known spam source
`isCrawler()`	Known crawler / bot
`isThreat()`	Listed on a threat feed

`TorDetection` (from `torCheck`)

Accessor	Type	Description
`ip()`	String	The checked IP
`isTor()`	boolean	Whether the IP is a Tor node
`torNodeCount()`	int	Matching nodes for the IP

FAQ

Frequently asked questions

How do I detect a VPN or proxy in Java?

Call client.lookup(ip) and read the suspiciousFactors() record. It has boolean accessors isVpn(), isProxy(), isTorNode(), isDatacenter(), isSpam(), isCrawler() and isThreat() on every lookup, so no extra request is needed.

How do I check if an IP is a Tor exit node?

Use client.torCheck(ip). It returns isTor() and torNodeCount(), checked against the live Tor node list. The isTorNode() accessor on a normal lookup also covers this without a second call.

Do I need a separate call to get VPN and proxy flags?

No. The suspiciousFactors() accessors come back on every geolocation lookup at no extra cost, so a single client.lookup(ip) gives you both location and threat signals. Use torCheck only when you want the explicit Tor node count.

Should I block all VPN and proxy traffic?

Not necessarily — many legitimate users use VPNs. A common pattern is to require step-up verification when isVpn(), isProxy() or isTorNode() is true, and reserve hard blocks for isThreat(). For a single decision, use the risk score.

Start building with the ip-api.io Java SDK

Add io.ip-api:ipapi to your build, drop in your free API key, and ship in minutes — one client for geolocation, fraud detection, and email validation.

Get free API key Java SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The io.ip-api:ipapi library is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Detect VPN, Proxy & Tor in Java

Anonymizer detection, built into every lookup

Prerequisites

Read `suspiciousFactors()` on any lookup

Confirm a Tor exit node with `torCheck`

Response reference

`suspiciousFactors()` (all boolean)

`TorDetection` (from `torCheck`)

Frequently asked questions

Start building with the ip-api.io Java SDK

Need support?

Found a bug in the SDK?

Detect VPN, Proxy & Tor in Java

Anonymizer detection, built into every lookup

Prerequisites

Read suspiciousFactors() on any lookup

Confirm a Tor exit node with torCheck

Response reference

suspiciousFactors() (all boolean)

TorDetection (from torCheck)

Frequently asked questions

Keep exploring

Start building with the ip-api.io Java SDK

Need support?

Found a bug in the SDK?

Read `suspiciousFactors()` on any lookup

Confirm a Tor exit node with `torCheck`

`suspiciousFactors()` (all boolean)

`TorDetection` (from `torCheck`)