JavaScript SDK · Feature

Detect VPN, Proxy & Tor in Node.js

Q: How do I detect a VPN or proxy in Node.js?

Call await client.lookup(ip) and read the suspicious_factors object. It has boolean flags is_vpn, is_proxy, is_tor_node, is_datacenter, is_spam, is_crawler and is_threat on every lookup, so no extra request is needed.

Q: How do I check if an IP is a Tor exit node?

Use client.torCheck(ip). It returns is_tor and tor_node_count, checked against the live Tor node list. The is_tor_node flag on a normal lookup also covers this without a second call.

Q: Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors flags come back on every geolocation lookup at no extra cost, so a single client.lookup(ip) gives you both location and threat signals. Use torCheck only when you want the explicit Tor node count.

Catch traffic that hides behind anonymizers. Every lookup already returns the suspicious_factors flags for proxy, VPN, Tor, datacenter, spam, and crawler — and the dedicated torCheck method adds live Tor exit-node confirmation. No extra call, no extra cost per screen.

Get free API key JavaScript SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

Anonymizer detection, built into every lookup

Fraudsters, scrapers, and abusers routinely mask their real IP behind a VPN, an open proxy, the Tor network, or a cloud/datacenter host. ip-api.io maintains these lists in real time and returns a boolean for each on every IP lookup, so you can require step-up verification or block outright — without bolting on a separate service.

Prerequisites

Node.js 18+ with ip-api-io installed
A free ip-api.io API key

No dedicated call needed — the flags ride along with a normal lookup.

import { IpApiClient } from "ip-api-io";

const client = new IpApiClient({ apiKey: process.env.IP_API_IO_KEY });

const info = await client.lookup("185.220.101.1");
const f = info.suspicious_factors;

console.log(f.is_vpn);         // VPN service
console.log(f.is_proxy);       // open / anonymizing proxy
console.log(f.is_tor_node);    // Tor node
console.log(f.is_datacenter);  // hosting / datacenter IP (often a bot)
console.log(f.is_spam);        // known spam source
console.log(f.is_crawler);     // known crawler / bot
console.log(f.is_threat);      // listed on a threat feed

if (f.is_vpn || f.is_proxy || f.is_tor_node) {
  // require step-up verification (CAPTCHA, 2FA)
}

A dedicated check against the live Tor node list, with a count of matching nodes.

const tor = await client.torCheck("185.220.101.1");

console.log(tor.is_tor);          // true
console.log(tor.tor_node_count);  // number of matching Tor nodes

Want one number instead of flags? Risk scoring folds all of these signals into a single 0–100 score with riskScore.

Reference

Response reference

`suspicious_factors` (all boolean)

Field	Meaning
`is_proxy`	Open or anonymizing proxy
`is_vpn`	Commercial VPN endpoint
`is_tor_node`	Part of the Tor network
`is_datacenter`	Hosting / datacenter range
`is_spam`	Known spam source
`is_crawler`	Known crawler / bot
`is_threat`	Listed on a threat feed

`TorDetection` (from `torCheck`)

Field	Type	Description
`ip`	string	The checked IP
`is_tor`	boolean	Whether the IP is a Tor node
`tor_node_count`	number	Matching nodes for the IP

FAQ

Frequently asked questions

How do I detect a VPN or proxy in Node.js?

Call await client.lookup(ip) and read the suspicious_factors object. It has boolean flags is_vpn, is_proxy, is_tor_node, is_datacenter, is_spam, is_crawler and is_threat on every lookup, so no extra request is needed.

How do I check if an IP is a Tor exit node?

Use client.torCheck(ip). It returns is_tor and tor_node_count, checked against the live Tor node list. The is_tor_node flag on a normal lookup also covers this without a second call.

Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors flags come back on every geolocation lookup at no extra cost, so a single client.lookup(ip) gives you both location and threat signals. Use torCheck only when you want the explicit Tor node count.

Should I block all VPN and proxy traffic?

Not necessarily — many legitimate users use VPNs. A common pattern is to require step-up verification when is_vpn, is_proxy or is_tor_node is true, and reserve hard blocks for is_threat. For a single decision, use the risk score.

Start building with the ip-api.io JavaScript SDK

Install ip-api-io, drop in your free API key, and ship in minutes — one typed client for geolocation, fraud detection, and email validation.

Get free API key JavaScript SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The ip-api-io package is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Detect VPN, Proxy & Tor in Node.js

Anonymizer detection, built into every lookup

Prerequisites

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `torCheck`

Response reference

`suspicious_factors` (all boolean)

`TorDetection` (from `torCheck`)

Frequently asked questions

Start building with the ip-api.io JavaScript SDK

Need support?

Found a bug in the SDK?

Detect VPN, Proxy & Tor in Node.js

Anonymizer detection, built into every lookup

Prerequisites

Read suspicious_factors on any lookup

Confirm a Tor exit node with torCheck

Response reference

suspicious_factors (all boolean)

TorDetection (from torCheck)

Frequently asked questions

Keep exploring

Start building with the ip-api.io JavaScript SDK

Need support?

Found a bug in the SDK?

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `torCheck`

`suspicious_factors` (all boolean)

`TorDetection` (from `torCheck`)