The system is serving millions of API requests a week and growing as more people find it useful in protecting their online infrastructure.
Given an IP address, the system will return a probabilistic value (between a value of 0 and 1) of how likely the IP is a VPN / proxy / hosting / bad IP. A value of 1 means that IP is explicitly banned (a web host, VPN, or TOR node) by our dynamic lists. Otherwise, the output will return a real number value between 0 and 1, of how likely the IP is bad / VPN / proxy, which is inferred through machine learning & probability theory techniques using dynamic checks with large datasets. On average, billions of new records are parsed each month to ensure the datasets have the latest information and old records automatically expire. The system is designed to be efficient, fast, simple, and accurate.
If a value of 0.50 is returned, then it is as good as flipping a 2 sided fair coin, which implies it's not very accurate. From my personal experience, values > 0.95 should be looked at and values > 0.99 are most likely proxies. Anything below the value of 0.90 is considered as "low risk". Since a real value is returned, different levels of protection can be implemented. It is best for a system admin to test some sample datasets with this system and adjust implementation accordingly. I only recommend automated action on high values ( > 0.99 or even > 0.995 ) but it's good practice to manually review IPs that return high values. For example, mark an order as "under manual review" and don't automatically provision the product for high proxy values. Be sure to experiment with the results of this system before you use it live on your projects. If you believe the result is wrong, don't hesitate to contact me, I can tell you why. If it's an error on my end, I'll correct it. If you email me, expect a reply within 12 hours.
For a deeper understanding of how the API works and the different flags and oflags options available, please visit the API page. Standard recommendation is to start off with flags=m option if only proxy / VPN detection is needed. If flags=m does not have a noticeable impact, then use flags=b. The default query (no flags) is mostly used infront of a payment gateway to protect against fraud because bad IP detection is included.
Here are some example code to use GetIPIntel in various code formats. They mainly serve as a proof of concept and should not be implemented directly into your system.
A simple web interface lookup is available via https://getipintel.net/free-proxy-vpn-tor-ip-lookup/
No registration or sign up required, only a valid contact email is needed.
Full API Documentation URL: https://getipintel.net/free-proxy-vpn-tor-detection-api/
⚠️ If your website / service is proxied through Cloudflare, make sure you're looking up CF-Connecting-IP in the headers. Any similiar infrastructure setup should also be aware that the correct IP is looked up.
oflags=a will return the ASN number(s) of the IP that's being looked up. More information is available on the API page.oflags=i will include Google One and Google Fi VPN IPs.oflags=i for iCloud Relay Egress IPs - by definition it is still a proxy / VPN a user willingly enables, but this option will allow more flexibility on how to handle these IPs. More information is available on the API page.