New dated release of the v3 API

February 11, 2026 Posted by proxycheck.io

Image description

We're excited to announce a major update to our ongoing v3 API beta, released today this version introduces some major new features and enhancements, as a result we've issued a new dated version which is selectable from within Customer Dashboards, or by supplying &ver=11-February-2026 with your requests to our v3 API endpoint.

What's New

Detection History Tracking

Our API now includes detection_history, providing you with a complete timeline of an IP addresses listing status. This feature shows:

  • Whether the listing is currently live or has been delisted
  • Precise timestamps in ISO 8601 format indicating when entries were or will be delisted

This historical context helps you understand the lifecycle of positive detections and we have a new query flag to view historical data.

The &history=1 flag

When you provide this flag we will show you the positive detections we've had for this address no matter how long ago they were. You can also combine this with the &days= flag to restrict the history between now and a point in the past you care about.

For example if you supply &history=1&days=7 we will show you the full positive detection history of an IP over the past 7 days even if we've delisted it from our live results. Without the &history=1 flag the &days=7 may be disregarded if we've already delisted an IP due to us not being confident about the determination anymore. We may lose confidence in a listing due to its age, this is because the listings become stale and thus inaccurate unless the data is refreshed, if we've not seen an IP acting maliciously in a while it's likely safe again and thus needs to be delisted.

In the past we allowed the &days= flag to act like a history flag, but due to misuse by customers we restricted how far back it can go to no further than our delist times for the data we hold, this &history=1 flag brings back the capability to look further back beyond our delist times whilst maintaining the metadata you need regarding the addresses delisting time so you know whether we've delisted the data before you make a final decision.

Attack History & Classification

The "new" attack_history feature delivers comprehensive intelligence about recent malicious activity. I put new in quotes because this is actually a feature from our v2 API that we've brought to the v3 API. It's simpler, more standardised and thus easier to parse programmatically. For each IP address, you'll receive:

  • A list of the attack types the IP has been observed partaking in
  • Numbered counts showing the frequency of each attack type

Gone from the v2 API is a numbered total, you can easily do this in your own programming language so it felt redundant to include in this version. This granular attack data should enable you to assess threat severity and be more granular about the addresses you allow to access your sites and services.

Enhanced Operator Intelligence

We've significantly improved the operator information section with two key enhancements:

Specific Service Classification

We now identify the exact services provided by IP address operators as an array, which means you may receive one or more of these services in the new services section of the operator data:

  • Residential proxies
  • Wireless proxies
  • Datacenter proxies
  • Residential VPNs
  • Datacenter VPNs
  • Web scraping
  • And more

Cross-Operator Detection and Display

The new additional_operators key reveals other operators we've observed controlling the same IP address. This multi-operator insight helps you:

  • Identify IP addresses with shared infrastructure
  • Detect operator networks and relationships
  • Understand when an address is experiencing broad abuse

We will always put the most common operator we see as the main/primary operator with the others as additional operators. The reason we've added this section at all is because our huge increase in residential proxy detection has revealed a lot of shared infrastructure amongst these organisations.

To put it simply, they're sharing the same pool of compromised computers and we want to show that in our data so you can more easily identify addresses you should always keep blocked, the most abused ones.

We've also updated our lookup pages to show additional operators in the top operator card section.

Some API output format changes

The biggest change regarding the API format is that the operator section will now always be present for every IP but if no operator is available you'll receive an operator: null result. This is the same for our new detection_history and attack_history sections, if data doesn't exist they'll say null too.

We've done this to keep the API response consistent and to make developers aware that there may be additional data presented even if the IP they're checking right now doesn't feature it.

Getting Started

This new dated version of the API is available right now as we mentioned at the top you can select it from within the Customer Dashboard or by supplying &ver=11-February-2026 with your requests to our v3 API endpoint. Thanks for reading and have a wonderful week!

Back