Skip to content
Free tool

Tor Exit Node Check

Verify any IP against the official Tor Project exit list, the authoritative record of which addresses route Tor traffic onto the open internet.

The data source

Straight from the Tor Project.

There is exactly one authoritative source for Tor exit nodes: the exit list published by the Tor Project itself. GeoIPHub ingests it daily, so the detection.is_tor flag reflects the network as it stands, not a months-old snapshot. No heuristics, no guessing. An IP is flagged as a Tor exit because the Tor Project says it is one.

Exit nodes are the only part of the Tor network your servers ever see. Traffic enters through a guard relay and hops through middle relays, but it reaches your application from the exit's IP address. That is why only exits are flagged: guard and middle relays never originate connections to your service.

One distinction worth keeping: privacy relays like Apple iCloud Private Relay and Cloudflare WARP are not Tor. GeoIPHub flags them separately in detection.is_relay, so a policy written for Tor exits does not accidentally sweep up iPhone users with default settings.

Explore the full threat intelligence layer
FAQ

Frequently asked questions

Where does the Tor data come from?

From the official exit list published by the Tor Project, ingested daily. It is the same list the Tor network itself maintains, which makes it the ground truth for exit-node status.

What is the difference between an exit node and a relay?

Tor routes traffic through a guard relay, middle relays, and finally an exit node. Only the exit's IP ever connects to your servers. Separately, commercial privacy relays (iCloud Private Relay, Cloudflare WARP) are not part of Tor at all and are flagged in detection.is_relay instead of detection.is_tor.

Is Tor traffic always malicious?

No. Tor serves journalists, researchers, and privacy-conscious users alongside abusers. Treat the flag as one input: GeoIPHub folds it into the 0–100 fraud score with a recommended action, so you can step up verification for Tor traffic instead of blocking it outright.

How fresh is the verdict?

The exit list is refreshed daily. Known IPs answer from the database in under a millisecond; an IP not seen before is classified live in under 2.5 seconds and then persisted.
More free tools

Every check, one API call.

IP Lookup

The complete report for any IPv4 or IPv6 address: location, network, detections, risk score.

GET /v1/lookup/{ip}
What Is My IP

Your public IP, where it places you, and what every website can infer from it.

geo + asn + detection
VPN Detection Test

Check whether an IP is a VPN or proxy exit, with the provider named when known.

detection.is_vpn
IP Fraud Score Check

A 0–100 risk score with the exact signals that produced it.

scoring.fraud_score
Datacenter IP Check

Find out if an IP belongs to a hosting provider or cloud platform.

detection.is_hosting

Need this at scale?

Get 1,500 free API lookups a day, every field included, no credit card. These tools run on the same endpoint you would ship to production.

Get a free API keyRead the docs