PHP SDK · Feature

Detect VPN, Proxy & Tor in PHP

Q: How do I detect a VPN or proxy in PHP?

Call $client->lookup($ip) and read the suspicious_factors array. It has boolean flags is_vpn, is_proxy, is_tor_node, is_datacenter, is_spam, is_crawler and is_threat on every lookup, so no extra request is needed.

Q: How do I check if an IP is a Tor exit node?

Use $client->torCheck($ip). It returns is_tor and tor_node_count, checked against the live Tor node list. The is_tor_node flag on a normal lookup also covers this without a second call.

Q: Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors flags come back on every geolocation lookup at no extra cost, so a single $client->lookup($ip) gives you both location and threat signals. Use torCheck only when you want the explicit Tor node count.

Catch traffic that hides behind anonymizers. Every lookup already returns the suspicious_factors flags for proxy, VPN, Tor, datacenter, spam, and crawler — and the dedicated torCheck method adds live Tor exit-node confirmation. No extra call, no extra cost per screen.

Get free API key PHP SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

Anonymizer detection, built into every lookup

Fraudsters, scrapers, and abusers routinely mask their real IP behind a VPN, an open proxy, the Tor network, or a cloud/datacenter host. ip-api.io maintains these lists in real time and returns a boolean for each on every IP lookup, so you can require step-up verification or block outright — without bolting on a separate service.

Prerequisites

PHP 8.1+ with ip-api-io/ipapi-php installed
A free ip-api.io API key

No dedicated call needed — the flags ride along with a normal lookup.

<?php

use IpApiIo\Client;

$client = new Client(apiKey: getenv('IP_API_IO_KEY'));

$info = $client->lookup('185.220.101.1');
$f = $info['suspicious_factors'];

var_dump($f['is_vpn']);        // VPN service
var_dump($f['is_proxy']);      // open / anonymizing proxy
var_dump($f['is_tor_node']);   // Tor node
var_dump($f['is_datacenter']); // hosting / datacenter IP (often a bot)
var_dump($f['is_spam']);       // known spam source
var_dump($f['is_crawler']);    // known crawler / bot
var_dump($f['is_threat']);     // listed on a threat feed

if ($f['is_vpn'] || $f['is_proxy'] || $f['is_tor_node']) {
    // require step-up verification (CAPTCHA, 2FA)
}

A dedicated check against the live Tor node list, with a count of matching nodes.

$tor = $client->torCheck('185.220.101.1');

var_dump($tor['is_tor']);         // true
echo $tor['tor_node_count'];      // number of matching Tor nodes

Want one number instead of flags? Risk scoring folds all of these signals into a single 0–100 score with riskScore.

Reference

Response reference

`suspicious_factors` (all boolean)

Field	Meaning
`is_proxy`	Open or anonymizing proxy
`is_vpn`	Commercial VPN endpoint
`is_tor_node`	Part of the Tor network
`is_datacenter`	Hosting / datacenter range
`is_spam`	Known spam source
`is_crawler`	Known crawler / bot
`is_threat`	Listed on a threat feed

`torCheck` response

Field	Type	Description
`ip`	string	The checked IP
`is_tor`	bool	Whether the IP is a Tor node
`tor_node_count`	int	Matching nodes for the IP

FAQ

Frequently asked questions

How do I detect a VPN or proxy in PHP?

Call $client->lookup($ip) and read the suspicious_factors array. It has boolean flags is_vpn, is_proxy, is_tor_node, is_datacenter, is_spam, is_crawler and is_threat on every lookup, so no extra request is needed.

How do I check if an IP is a Tor exit node?

Use $client->torCheck($ip). It returns is_tor and tor_node_count, checked against the live Tor node list. The is_tor_node flag on a normal lookup also covers this without a second call.

Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors flags come back on every geolocation lookup at no extra cost, so a single $client->lookup($ip) gives you both location and threat signals. Use torCheck only when you want the explicit Tor node count.

Should I block all VPN and proxy traffic?

Not necessarily — many legitimate users use VPNs. A common pattern is to require step-up verification when is_vpn, is_proxy or is_tor_node is true, and reserve hard blocks for is_threat. For a single decision, use the risk score.

Start building with the ip-api.io PHP SDK

Run composer require ip-api-io/ipapi-php, drop in your free API key, and ship in minutes — one zero-dependency client for geolocation, fraud detection, and email validation.

Get free API key PHP SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The ip-api-io/ipapi-php package is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Detect VPN, Proxy & Tor in PHP

Anonymizer detection, built into every lookup

Prerequisites

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `torCheck`

Response reference

`suspicious_factors` (all boolean)

`torCheck` response

Frequently asked questions

Start building with the ip-api.io PHP SDK

Need support?

Found a bug in the SDK?

Detect VPN, Proxy & Tor in PHP

Anonymizer detection, built into every lookup

Prerequisites

Read suspicious_factors on any lookup

Confirm a Tor exit node with torCheck

Response reference

suspicious_factors (all boolean)

torCheck response

Frequently asked questions

Keep exploring

Start building with the ip-api.io PHP SDK

Need support?

Found a bug in the SDK?

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `torCheck`

`suspicious_factors` (all boolean)

`torCheck` response