Monitor and block Proxy, VPN, TOR, abused IPS (and more) in PHP using REST-API

2020-09-24 16:15:00

Having private or sensitive sections on a web site means that fraudsters will try to take advantage of it.

While it is hard to protect a web site against every possible attack, fraudsters always hide their real location by using Proxy, VPN, and other methods...

The past few years these methods have evolved, making it harder to identify, but so did the IP detection technologies.

Our REST-API is a live database which means that checking the same IP twice in the same hour could produce different results. It is a good thing since it means the database is updated on the fly when IPs are reported to be fraudulent or dangerous.

Using FraudSentinel REST-API, you can easily incorporate IP verification mechanisms to your PHP scripts.

Our database is built from hundreds of sources, with millions of IPs, including not only a large section of Proxy, VPN, and TOR IPs but also Abused IPs, computers reported to be infected with malware, and more...

The PHP code is simple.

In this example, we used the PHP curl module, but the principle works with other libraries .

Note that you need to complete our free registration to get your REST-API token.


$curl = curl_init();
$url = "";
$token = "your api token"; // Your token available at .
$data = array(
    'ip' => $ip,
    'api_token' => $token,
    'domain' => '', // The domain to show on your dashboard .
if (!empty($cid)) $data['cid']=$cid;
$url = sprintf("%s?%s", $url, http_build_query($data));
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); // This is optional
$result = curl_exec($curl);


The results are JSON encoded for this sample we will just check the main flag.


$xFlag = false;
if ($http_code == 400 && (!empty($result))) {
    $json = json_decode($result);
    if ((!empty($json)) && isset($json->status) && $json->status == "Expired") {
        $xFlag = "Expired"; // Expired means you have exeded your number of API calls.
    } else {
        $xFlag = "Error";
} else if ($http_code != 200) {
    $xFlag = "Error";
} else {
    $json_ = $result;
    if (!empty($json_)) $json = json_decode($json_);
    if (empty($json)) {
        $xFlag = "Error";
    } else {
        if (isset($json->Flag)) $xFlag = $json->Flag;
if ((!empty($xFlag))&&$xFlag=='Block') return true;


You can look at the returned data using our IP tester form available at :

	"Flag": "Block",
	"Reason": "Dangerous",
	"IP": "",
	"GEO": "-",
	"Timestamp": 1600783927,
	"db": {
		"Non-Residential": 3,
		"Suspicious": 9,
		"BlackListed": 2,
		"Dangerous": 1,
		"Spammer": 1
	"live": {
		"karma": 0

If you have questions, please do not hesitate to contact us at .