The Scenario
Someone on the fraud team just pinged you: 2,000 new account registrations came in overnight and withdrawal access goes live in 48 hours unless flagged. The IPs are in column A of your Excel workbook. Your job is to identify which accounts registered through a VPN, Tor, or open proxy before the access window opens — and summarize the breakdown for the risk committee.
The bad version:
- Run the IPs through IP2Location's proxy detection tool in batches via the web UI, wait for each batch, download the CSVs.
- Manually combine the results in Excel, discover that the proxy-type column uses different labels between batch runs (one says "VPN" and another says "commercial"), spend time normalizing the values.
- Build the summary table by hand in a separate worksheet, realize the count formula is off because a few cells in the proxy column came back empty rather than "none", fix that.
Forty-eight hours sounds like a long time. It isn't, once you add the normalization fixes, the review meeting, and the approval chain.
The Easy Way: One Prompt in SheetXAI
SheetXAI is an AI agent that lives inside your Excel workbook. It reads the IP column and through its built-in IP2Location integration calls proxy detection across all 2,000 addresses, writes the proxy type for each, highlights the high-risk rows, and builds the summary table — in one instruction.
Run IP2Location proxy detection on all IPs in column A, count the results by proxy type in a summary table on a new worksheet called 'Proxy Breakdown', and flag high-risk rows in the source data by writing HIGH-RISK in column B for any row where proxy type is VPN or Tor.
What You Get
- Column B in the source worksheet: proxy type per IP (VPN, Tor, web proxy, or none)
- High-risk rows labeled HIGH-RISK in column B for VPN and Tor registrations
- A "Proxy Breakdown" worksheet with a count-by-proxy-type table showing VPN, Tor, web proxy, and clean totals
- Rows where detection returned no result marked clearly rather than left blank
What If the Data Is Not Quite Ready
The IP column has mixed IPv4 and IPv6 addresses
Column A contains a mix of IPv4 and IPv6 addresses. Run IP2Location proxy detection on all of them, write the proxy type to column B, and note in column C whether each was IPv4 or IPv6 so the breakdown table on "Proxy Breakdown" can separate the two.
I need to cross-reference the flagged IPs against an existing blocklist
After running proxy detection on column A and writing proxy type to column B, check each flagged HIGH-RISK row against the IP blocklist in the "Blocklist" worksheet column A — if the IP already exists there, write KNOWN in column C; if it's new, write NEW.
I need to exclude IPs that came from a verified corporate SSO provider
Before running proxy detection, remove any IPs in column A that appear in the "Trusted SSO IPs" worksheet from the analysis — move them to an "Excluded" worksheet — then run proxy detection on the remaining IPs and flag high-risk rows.
Full kill chain — filter, detect, flag, summarize, and escalate list in one prompt
Remove IPs matching the "Trusted SSO IPs" worksheet, run IP2Location proxy detection on the remaining IPs in column A, write proxy type to column B, flag HIGH-RISK in column C for VPN and Tor results, build a count-by-type summary on "Proxy Breakdown", and create an "Escalation List" worksheet with just the HIGH-RISK rows and their registration timestamps from column D.
The cleanup, detection, flagging, summary, and escalation list all come out of one prompt — nothing waiting for the previous step to finish before you can write the next formula.
Try It
Get the 7-day free trial of SheetXAI and open any registration or transaction workbook with a column of IPs, then ask it to run IP2Location proxy detection and flag the high-risk rows before your review window closes. See also bulk geolocation enrichment or go back to the IP2Location overview for the full list of what SheetXAI can do with this integration.