Privacy Detection
developer/v1/ip/privacyIdentifies whether an IP address is associated with a VPN provider, open proxy, Tor exit node, or datacenter/hosting provider. Uses multi-layered detection combining pre-indexed threat feeds (Tor Project, X4BNet, FireHOL) with ASN-based heuristics for 50+ known hosting and VPN autonomous systems. Returns detection flags, provider identification, and confidence scores.
What It Does
Executes a multi-layered detection pipeline: (1) KV-based lookups against pre-indexed lists of Tor exit nodes (official Tor Project bulk exit list), VPN provider IPs (X4BNet community-maintained lists), open proxies (FireHOL aggregated proxy feeds), and datacenter CIDR ranges (X4BNet datacenter lists). (2) ASN-based heuristic detection against 50+ known hosting ASNs (AWS, GCP, Azure, DigitalOcean, Hetzner, OVH, Vultr, Linode, Cloudflare) and VPN provider ASNs (NordVPN, M247). Returns boolean flags for VPN, proxy, Tor, datacenter, and residential classification with confidence scoring (50-99%) and identified provider names. Results cached for 6 hours.
Why It's Useful
Privacy detection is essential for fraud prevention (VPN/Tor IPs correlate with higher fraud rates), ad verification (datacenter IPs indicate bot traffic), and risk-based authentication (step-up verification for anonymized connections). Unlike single-source detection, the multi-layered approach reduces false negatives by combining IP-level lists with network-level ASN heuristics.
Use Cases
Payment Fraud Prevention
Flag transactions from VPN or Tor exit nodes for additional verification (3DS, manual review) before processing payments, with confidence-based thresholds to minimize friction for legitimate users.
Reduce chargebacks by 15-30% by identifying high-risk anonymization tools while keeping friction low for residential IPs.
Ad Fraud & Invalid Traffic Detection
Identify non-human traffic originating from datacenter IPs, proxy networks, and VPN providers to exclude invalid clicks and impressions from advertising campaigns.
Protect ad spend by filtering datacenter and proxy traffic flagged as General Invalid Traffic (GIVT) per MRC guidelines.
Risk-Based Authentication
Implement adaptive authentication that requires MFA for logins from VPN, Tor, or datacenter IPs while allowing passwordless flows for trusted residential connections.
Balance security and usability by calibrating authentication strength to the connection anonymity level.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip | string | Required | The IPv4 or IPv6 address to check for VPN, proxy, Tor, or datacenter associationExample: 1.2.3.4 |
Response Fields
| Field | Type | Description |
|---|---|---|
ip | string | The queried IP address |
is_vpn | boolean | Whether the IP is a known VPN endpoint (source: X4BNet, ASN heuristics) |
is_proxy | boolean | Whether the IP is a known open proxy (source: FireHOL proxy feeds) |
is_tor | boolean | Whether the IP is a Tor relay or exit node (source: Tor Project) |
is_datacenter | boolean | Whether the IP belongs to a datacenter/hosting provider (source: X4BNet, ASN heuristics) |
is_residential | boolean | Whether the IP appears to be a residential/ISP connection (no detections) |
tor_exit_node | boolean | Specifically whether this is a Tor exit node (vs relay) |
vpn_provider | string | Identified VPN provider name if detected (e.g., NordVPN, M247) |
hosting_provider | string | Identified hosting/cloud provider if detected (e.g., Amazon AWS, Google Cloud) |
confidence | number | Detection confidence score (0-100). Higher = more certain. IP list match: 85-99, ASN heuristic: 70-75, no detection: 50 |
detection_method | string | Method used: tor_exit_list, vpn_ip_list, proxy_list, datacenter_cidr, cidr_range_match, rdns_pattern, asn_hosting, asn_vpn, or no_signals |
last_updated | string | ISO 8601 timestamp of the detection check |
Code Examples
curl "https://api.edgedns.dev/v1/ip/privacy" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "ip=1.2.3.4"const response = await fetch(
'https://api.edgedns.dev/v1/ip/privacy?ip=1.2.3.4',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/ip/privacy',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'ip': '1.2.3.4'
}
)
data = response.json()
print(data)Read the full Privacy Detection guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the Privacy Detection endpoint live in the playground.