Documentation Index
Fetch the complete documentation index at: https://rocks.docs.rive.wtf/llms.txt
Use this file to discover all available pages before exploring further.
Every API key is tied to one IP. To apply for a key, DM southctrl on Discord.
Use the endpoint path below, replace the required params, and send Authorization: Bearer YOUR_API_KEY.
Quick Start
Choose an IP
Use an IPv4 or IPv6 address like 1.1.1.1.
Call the lookup route
Send a request to /api/ip?ip=....
Use the result
Read location, network, and threat detection details from the response.
Good for moderation tools, logging, fraud detection, and network checks.
Lookup IP Address
Get geolocation, ISP, network, and threat intelligence for any IPv4 or IPv6 address.
Endpoint
Query Parameters
IPv4 or IPv6 address (e.g. 1.1.1.1).
Example Request
curl -X GET "https://rocks.rive.wtf/api/ip?ip=1.1.1.1" \
-H "Authorization: Bearer YOUR_API_KEY"
Example Response
{
"success": true,
"data": {
"ip": "1.1.1.1",
"country": "Australia",
"countryCode": "AU",
"region": "NSW",
"regionName": "New South Wales",
"city": "Sydney",
"zip": "1001",
"lat": -33.8688,
"lon": 151.209,
"timezone": "Australia/Sydney",
"currency": {
"name": "Dollar",
"code": "AUD",
"symbol": "A$"
},
"asn": "AS13335",
"isp": "Cloudflare, Inc.",
"org": "Cloudflare, Inc.",
"hostname": "one.one.one.one",
"networkType": "Hosting",
"range": "1.1.1.0/24",
"proxy": false,
"vpn": false,
"tor": false,
"hosting": true,
"scraper": false,
"compromised": false,
"anonymous": false,
"risk": 33,
"confidence": 100,
"suspicious": true,
"lastUpdated": "2026-04-24T20:00:48Z",
"queryTime": 3
}
}
Response Fields
Whether the lookup was successful.
IP data object.
Full country name (e.g. "Australia").
ISO 3166-1 alpha-2 country code (e.g. "AU").
Region/state code (e.g. "NSW").
Full region/state name (e.g. "New South Wales").
IANA timezone identifier (e.g. "Australia/Sydney").
Currency for the IP’s country.
Currency name (e.g. "Dollar").
ISO 4217 currency code (e.g. "AUD").
Currency symbol (e.g. "A$").
Autonomous System number (e.g. "AS13335").
Internet Service Provider name (e.g. "Cloudflare, Inc.").
Organisation associated with the IP.
Reverse DNS hostname if available (e.g. "one.one.one.one").
Connection type — one of "Residential", "Business", "Hosting", "Mobile".
CIDR range the IP belongs to (e.g. "1.1.1.0/24").
Whether the IP is a known proxy.
Whether the IP is a known VPN exit node.
Whether the IP is a Tor exit node.
Whether the IP belongs to a hosting provider or datacenter.
Whether the IP has been flagged as a web scraper.
Whether the IP has been flagged as compromised.
Whether the IP uses anonymisation services.
Risk score from 0 (clean) to 100 (high risk).
Confidence in the detection result, 0–100.
true if any threat flag is set or risk > 0. Convenience field.
ISO 8601 timestamp of when proxycheck.io last updated this record.
Time in milliseconds proxycheck.io took to process the request.
Error Responses
| Status | Meaning |
|---|
400 | Missing or invalid ip parameter |
404 | IP address not found or lookup failed |
502 | Upstream proxycheck.io request failed |
Private IP ranges (e.g. 192.168.x.x, 10.x.x.x, 127.0.0.1) will return a 404 as they cannot be geolocated.
