By CMunroe | Updated a year ago | Data

9.7 / 10



Service Level


Health Check




Blackbox was started as a project to replace a free service that went dark. We took many of their ideas and wrapped them into a new product. This original project used the simple (Y/N) method for notification of proxies. As such, we built a drop in replacement and that is our Legacy | V1 endpoint. We wanted to give them a nod to offering the service as free, and have included it as such. All plans we offer give unlimited free requests to this endpoint.

The original endpoint however, left a lot to be desired. This started our push into the development of the Modern | V2 endpoint. This endpoint is a paid service for those need a little more specificity in our responses. We hope this will provide those eager for a bit more control what they are after, and allow for future growth in our API.

Modern | V2

Modern requests are cached for a single day only, and then are refreshed. Caching mechanisms help improve our responsiveness and give you faster data.



Bogon detects if the IP Address is not internet routable. One such example is a local address. This address shouldn’t ever be able to reach your server from the internet but maybe possible from a local network. In these such situations, we suggest blocking the request in case the remote user is trying to spoof their connection to your server.

More Info:


These are IPs used in Google and AWS cloud services. For most user-facing applications, you should never see requests coming from this IP address. They are thus most likely bots, scrapers, or a user utilizing a cloud service as a proxy.


These are networks that are predominately used for hosting servers. One such example is Digital Ocean. In most cases, a user-facing application shouldn’t see requests coming from a hosting network. If they are, it is likely being used as a proxy by an end-user, being used for scraping, or nefarious traffic.


Plain and simple, these are addresses that are used by proxy providers, open proxies, and exploited devices on the internet that are now acting as a proxy.


These are IPs hosted by network providers that have malicious intent and have created a constant and continuous threat for a lengthy period. We highly suggest blocking any traffic marked like this. For both user, and non-user-facing applications.


Tor endpoints, commonly used to anonymize traffic. If you have a user-facing application they are most likely either trying to stay anonymous or to use this hidden identity to exploit your service.


If we find any detection to be true, we will suggest a block. This is of course a suggestion. You can code your solution to only block certain detections.

Legacy | V1

Legacy requests are cached for up to 7 days, before getting a refresh. This is namely due to detections rarely changing in that period, and caching mechanisms improving our response times significantly.


When utilizing the legacy API, it is common to do the following:

if(response != N){

However, this is not suggestable. The reason being is Error responses will also be caught in yourProxyAction().

The better method is:

if(response == Y){

Response Types


Yes, we have determined one of the above detection methods to be true.


No, we found none of the above detection methods to be true.


Error, something has gone wrong. The most common issue, is a bad IP. We should throw a 500 error along with this request.

Followers: 6
API Creator:
Rapid account: C Munroe
Log In to Rate API
Rating: 5 - Votes: 1