Python SDK · Feature

Detect VPN, Proxy & Tor in Python

Q: How do I detect a VPN or proxy in Python?

Call client.lookup(ip) and read the suspicious_factors dict. It has boolean flags is_vpn, is_proxy, is_tor_node, is_datacenter, is_spam, is_crawler and is_threat on every lookup, so no extra request is needed.

Q: How do I check if an IP is a Tor exit node?

Use client.tor_check(ip). It returns is_tor and tor_node_count, checked against the live Tor node list. The is_tor_node flag on a normal lookup also covers this without a second call.

Q: Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors flags come back on every geolocation lookup at no extra cost, so a single client.lookup(ip) gives you both location and threat signals. Use tor_check only when you want the explicit Tor node count.

Catch traffic that hides behind anonymizers. Every lookup already returns the suspicious_factors flags for proxy, VPN, Tor, datacenter, spam, and crawler — and the dedicated tor_check method adds live Tor exit-node confirmation. No extra call, no extra cost per screen.

Get free API key Python SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

Anonymizer detection, built into every lookup

Fraudsters, scrapers, and abusers routinely mask their real IP behind a VPN, an open proxy, the Tor network, or a cloud/datacenter host. ip-api.io maintains these lists in real time and returns a boolean for each on every IP lookup, so you can require step-up verification or block outright — without bolting on a separate service.

Prerequisites

Python 3.8+ with ip-api-io installed
A free ip-api.io API key

No dedicated call needed — the flags ride along with a normal lookup.

import os
from ipapi_io import IpApiClient

client = IpApiClient(api_key=os.environ["IP_API_IO_KEY"])

info = client.lookup("185.220.101.1")
f = info["suspicious_factors"]

print(f["is_vpn"])         # VPN service
print(f["is_proxy"])       # open / anonymizing proxy
print(f["is_tor_node"])    # Tor node
print(f["is_datacenter"])  # hosting / datacenter IP (often a bot)
print(f["is_spam"])        # known spam source
print(f["is_crawler"])     # known crawler / bot
print(f["is_threat"])      # listed on a threat feed

if f["is_vpn"] or f["is_proxy"] or f["is_tor_node"]:
    pass  # require step-up verification (CAPTCHA, 2FA)

A dedicated check against the live Tor node list, with a count of matching nodes.

tor = client.tor_check("185.220.101.1")

print(tor["is_tor"])          # True
print(tor["tor_node_count"])  # number of matching Tor nodes

Want one number instead of flags? Risk scoring folds all of these signals into a single 0–100 score with risk_score.

Reference

Response reference

`suspicious_factors` (all boolean)

Field	Meaning
`is_proxy`	Open or anonymizing proxy
`is_vpn`	Commercial VPN endpoint
`is_tor_node`	Part of the Tor network
`is_datacenter`	Hosting / datacenter range
`is_spam`	Known spam source
`is_crawler`	Known crawler / bot
`is_threat`	Listed on a threat feed

`TorDetection` (from `tor_check`)

Field	Type	Description
`ip`	str	The checked IP
`is_tor`	bool	Whether the IP is a Tor node
`tor_node_count`	int	Matching nodes for the IP

FAQ

Frequently asked questions

How do I detect a VPN or proxy in Python?

Call client.lookup(ip) and read the suspicious_factors dict. It has boolean flags is_vpn, is_proxy, is_tor_node, is_datacenter, is_spam, is_crawler and is_threat on every lookup, so no extra request is needed.

How do I check if an IP is a Tor exit node?

Use client.tor_check(ip). It returns is_tor and tor_node_count, checked against the live Tor node list. The is_tor_node flag on a normal lookup also covers this without a second call.

Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors flags come back on every geolocation lookup at no extra cost, so a single client.lookup(ip) gives you both location and threat signals. Use tor_check only when you want the explicit Tor node count.

Should I block all VPN and proxy traffic?

Not necessarily — many legitimate users use VPNs. A common pattern is to require step-up verification when is_vpn, is_proxy or is_tor_node is true, and reserve hard blocks for is_threat. For a single decision, use the risk score.

Start building with the ip-api.io Python SDK

Install ip-api-io, drop in your free API key, and ship in minutes — one zero-dependency client for geolocation, fraud detection, and email validation.

Get free API key Python SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The ip-api-io package is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Detect VPN, Proxy & Tor in Python

Anonymizer detection, built into every lookup

Prerequisites

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `tor_check`

Response reference

`suspicious_factors` (all boolean)

`TorDetection` (from `tor_check`)

Frequently asked questions

Start building with the ip-api.io Python SDK

Need support?

Found a bug in the SDK?

Detect VPN, Proxy & Tor in Python

Anonymizer detection, built into every lookup

Prerequisites

Read suspicious_factors on any lookup

Confirm a Tor exit node with tor_check

Response reference

suspicious_factors (all boolean)

TorDetection (from tor_check)

Frequently asked questions

Keep exploring

Start building with the ip-api.io Python SDK

Need support?

Found a bug in the SDK?

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `tor_check`

`suspicious_factors` (all boolean)

`TorDetection` (from `tor_check`)