Switchy
Sign up
developer-toolsapi_key

Ipinfo.io

IPinfo.io provides a comprehensive API for IP address geolocation and related data.

Verdict

Ipinfo.io gives your team instant IP intelligence inside Switchy. @mention it to geolocate visitors, detect VPNs and proxies, identify hosting providers, or pull abuse contacts for suspicious traffic. Engineers use it to debug routing issues; support teams use it to flag fraudulent signups; ops teams use it to audit access logs. You'll need an API key from Ipinfo.io (free tier covers 50k lookups/month). Batch lookups handle up to 1,000 IPs per request, so log analysis stays fast. Privacy detection flags Tor exits and datacenter IPs but won't catch every anonymizer.

Common use cases

  • Flag VPN signups during user onboarding
  • Geolocate API traffic for compliance audits
  • Identify abuse contacts for DDoS sources
  • Detect datacenter IPs in authentication logs
  • Map customer distribution by region

Integration

Vendor
Ipinfo.io
Category
developer-tools
Auth
API_KEY
Tools
7
Composio slug
ipinfo_io

Tools

  • Batch IP Lookup

    Tool to perform batch IP lookups. Use when grouping up to 1,000 IPs or URL patterns into a single POST request.

  • Batch Lite Lookup

    Tool to perform bulk Lite IP lookups. Use when you need to group up to 1000 IP or URL pattern lookups into a single request.

  • Get Abuse Contact

    Tool to retrieve abuse contact information for a specific IP address. Use when you need organizational abuse details of an IP.

  • Get Company Info for an IP

    Tool to retrieve company info for a specific IP. Use when you need organization details behind an IP.

  • Get IP Carrier Info

    Tool to get carrier information for a given IP address. Use when you need mobile carrier details.

  • Get IP Information

    Tool to retrieve detailed information about an IP address. Use when you need geolocation, ASN, and network flags for a specific IP or 'me'.

  • Get IP Privacy Details

    Tool to retrieve privacy-related flags (VPN, proxy, Tor, relay, hosting) for an IP address. Use when you need to detect anonymizing usage after confirming an IP.

Setup

Setup guide

  1. 11. Sign up at ipinfo.io and copy your API token from the dashboard. 2. In Switchy, open your workspace settings and navigate to Integrations. 3. Find Ipinfo.io in the developer tools section and click Connect. 4. Paste your API token when prompted and confirm. 5. Switchy tests the connection by querying your own IP; you'll see geolocation data if it succeeds. 6. Open any Space and type '@ipinfo.io get IP information for 8.8.8.8' to verify the MCP responds. 7. The response shows city, region, ASN, and network flags in structured format. 8. For batch jobs, upload a CSV of IPs or paste a list into the prompt and ask for batch lookup. 9. Check your Ipinfo.io dashboard to monitor monthly quota usage.

What teammates see: by default, memories from Ipinfo.io are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.

Works well with

Top models

Compatibility data appears once enough Spaces have used this MCP together with a given model.

How Switchy teams use it

Not enough Spaces yet to publish anonymised usage stats (we require ≥ 50 Spaces per week).

Starter prompts

Batch Analyze Access Logs

@ipinfo.io perform batch IP lookup for 192.0.2.1, 192.0.2.2, 192.0.2.3, 192.0.2.4
Open in a Space →

Example outputs

Illustrative - representative of the model's voice and quality, not literal recordings.

Prompt

@ipinfo look up 8.8.8.8 and tell me what organization owns it and where it's located

Output

The IP address 8.8.8.8 is owned by Google LLC (AS15169). It's geolocated to Mountain View, California, United States. The network is classified as a hosting/cloud service provider. This is one of Google's public DNS servers, so the geolocation reflects Google's data center presence rather than an end-user location.

Notes

This example shows the core IP lookup capability — geolocation, ASN, and organization data in one call. Note that IP geolocation accuracy varies by provider and IP type; cloud/hosting IPs often resolve to data center locations, not user locations. Requires a valid API key.

Prompt

@ipinfo check if 203.0.113.45 is coming from a VPN, proxy, or Tor exit node

Output

The IP 203.0.113.45 shows the following privacy flags: VPN detected (yes), proxy detected (no), Tor exit node (no), relay (no), hosting provider (yes). This suggests the traffic is likely routed through a commercial VPN service hosted on cloud infrastructure. The hosting flag indicates the IP belongs to a data center range rather than a residential ISP.

Notes

This demonstrates the privacy detection tool, useful for fraud prevention and security workflows. Detection accuracy depends on Ipinfo's threat intelligence feeds, which update regularly but may lag behind newly provisioned VPN/proxy infrastructure. Side-effect: none, this is a read-only lookup.

Prompt

@ipinfo I have a list of 50 IPs from our access logs — batch look them up and summarize which countries they're coming from

Output

Batch lookup complete for 50 IPs. Geographic distribution: 28 IPs from United States (56%), 9 from Germany (18%), 6 from United Kingdom (12%), 4 from Canada (8%), 3 from France (6%). Notable: 12 IPs (24%) are flagged as hosting/cloud providers, suggesting potential bot or automated traffic. All lookups returned successfully with full geolocation data.

Notes

This showcases the batch lookup tool, which accepts up to 1,000 IPs per request — far more efficient than individual calls. The AI synthesizes the batch response into a summary. Be aware of rate limits on your API tier; batch requests count against your monthly quota based on the number of IPs queried, not the number of API calls.

Use-case deep-dives

Fraud triage at checkout scale

When Ipinfo wins for real-time payment risk scoring

A 6-person e-commerce team sees 200 orders a day and wants to flag suspicious checkouts before fulfillment. Ipinfo's privacy detection tool catches VPN and proxy traffic in under 200ms, feeding a simple risk score that blocks 80% of chargebacks without manual review. The batch lookup handles nightly audits of the previous day's orders in one call. This works cleanly until you hit 2,000+ orders daily—at that scale, you need a dedicated fraud vendor with behavioral signals, not just IP flags. If your fraud rate is under 3% and you're staffing support part-time, Ipinfo gives you the 80/20 win without building a data pipeline.

Support ticket routing by region

When geolocation routing beats manual assignment

A 12-person SaaS support team routes inbound tickets to regional specialists (EMEA, APAC, Americas) based on customer location. Ipinfo's geolocation tool pulls city and country from the requester's IP at ticket creation, auto-tagging the ticket before it hits the queue. The company info lookup adds context when enterprise accounts open tickets from office IPs versus home networks. This setup collapses routing time from 4 minutes to 8 seconds and cuts misdirected tickets by 60%. The trade-off: if 30% of your users are on corporate VPNs that terminate in a different region, you'll need fallback logic that checks account metadata. For SMB customers on residential IPs, this is a one-call solve.

API abuse detection for freemium products

When carrier and ASN data expose bot traffic

A 3-person dev team runs a freemium API and sees 40% of requests coming from a handful of ASNs that look like cloud hosting providers, not end users. Ipinfo's carrier and ASN lookup tools identify these patterns in real time, letting the team rate-limit hosting IPs without blocking legitimate mobile or residential traffic. The abuse contact tool surfaces the upstream provider when a single actor hammers the endpoint. This catches scripted abuse at 500 requests per second before it costs real money. If your API serves mobile apps where users bounce between carrier and Wi-Fi, you'll need to tune the hosting flag threshold—residential IPs occasionally resolve as hosting when users tether. For server-to-server APIs, this is the fastest path to blocking bad actors.

Frequently asked

What does the Ipinfo.io MCP do in Switchy?

It lets your team look up IP addresses directly from chat — geolocation, ASN, company ownership, VPN detection, carrier info, and abuse contacts. You can query single IPs or batch up to 1,000 at once. Useful for security triage, fraud checks, or debugging network issues without leaving the conversation.

Do I need an Ipinfo.io account to use this MCP?

Yes. You need an Ipinfo.io API key, which means a paid or free-tier account with them. Paste the key into Switchy's auth flow once; the MCP uses it for all lookups. Free-tier keys have rate limits — check Ipinfo.io's docs if you're doing high-volume batch queries.

Can it detect if an IP is using a VPN or proxy?

Yes. The Get IP Privacy Details tool flags VPN, proxy, Tor, relay, and hosting usage. It's designed for fraud or abuse workflows where you need to know if traffic is anonymized. You'll still need to pass a valid IP first — the tool doesn't scan ranges or guess.

How is this different from just hitting Ipinfo.io's API myself?

The MCP wraps the API so your team can query IPs from chat without writing code or switching tabs. You lose nothing — all seven core endpoints are exposed. The trade-off is you're tied to Switchy's rate limits and the MCP's tool names instead of raw REST calls.

Who on the team should connect the Ipinfo.io MCP?

Whoever owns your Ipinfo.io account and has the API key. Once connected, any workspace member can invoke the tools. If you're doing security or fraud work, consider a shared service account so the key isn't tied to one person's login.

Data last verified 607 hours ago.Sources aggregated hourly to weekly. See docs/architecture/model-directory.md.