تخطي إلى المحتوى
POST AI agent ready /v1/vpn-detect

VPN Detect API - Flag VPN, Tor, and Datacenter IPs

Runs three checks: datacenter CIDR match (AWS, GCP, Azure, DigitalOcean, Linode blocks), Tor exit-node list, and reverse DNS keyword scan (vpn, proxy, nordvpn, expressvpn, etc.). Returns boolean flags per check, the detected cloud provider when matched, and a consolidated 0-100 risk score.

Parameters

stringrequired

IPv4 address to classify.

Code examples

curl -X POST https://api.botoi.com/v1/vpn-detect \
  -H "Content-Type: application/json" \
  -d '{"ip":"34.102.55.10"}'

When to use this API

Reject free-trial signups from datacenter IPs

Require a non-datacenter IP for free-tier signups. Cloud provider IPs (AWS, GCP, Azure) on a consumer signup flow almost always indicate bot traffic or trial-abuse automation. Paid customers in cloud contexts can still bypass with an API key.

Fraud scoring for payment flows

When a checkout request arrives from is_tor:true or risk_score above 70, route to manual review or require 3DS. Legitimate Tor users are rare in e-commerce; the signal is high-precision for fraud.

Geo-pricing enforcement

Price discrimination by country only works if users do not VPN-shop. Combine this endpoint with /v1/ip-lookup to identify when a US-priced signup comes from a VPN terminating in a cheaper region.

Frequently asked questions

What is the Tor exit node list coverage?
The endpoint checks against a sample list of well-known Tor exit nodes (not the full live list). For comprehensive Tor detection, sync the official consensus list separately. The current list catches high-traffic exits.
Which cloud providers does datacenter detection cover?
AWS, Google Cloud, Microsoft Azure, DigitalOcean, and Linode. Coverage is based on publicly documented CIDR blocks. IPs from smaller hosting providers (Hetzner, Vultr, OVH specific blocks) may not be flagged.
How is risk_score calculated?
Tor match = 90. Datacenter match = at least 60. Suspicious hostname keyword = at least 40. The highest triggered score wins. An IP with no matches scores 0.
Why is IPv6 not supported?
The CIDR tables and Tor list are IPv4-only in this implementation. Passing an IPv6 address returns IPV6_NOT_SUPPORTED.
How is this different from /v1/ip-blocklist/check?
ip-blocklist checks RFC1918/bogon/private ranges and reverse DNS keywords for general suspiciousness. vpn-detect targets commercial VPNs, Tor, and cloud datacenters specifically. Use both for layered defense.

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs