Detecting proxies and VPNs is essential whenever location matters — pricing, compliance, fraud. This guide covers the practical methods, their trade-offs, and how to combine them for reliable results.
Detection methods
- ASN / datacenter ranges: commercial VPNs and proxies often exit from hosting ASNs. Strong, cheap first signal. See what is an ASN.
- Known-IP lists & reputation: curated VPN/proxy ranges and DNSBL-style reputation.
- rDNS patterns: reverse DNS often reveals hosting/VPN naming.
- Port/behavioral probes: some open-proxy patterns are observable.
- Network fingerprinting: catches automation even when the IP looks clean — the key to residential proxies.
- Latency/geo consistency: measured RTT inconsistent with the claimed location hints at tunneling.
The hard case: residential proxies
Datacenter VPNs are relatively easy. Residential proxies route through real ISP connections, so IP reputation alone often misses them — see residential vs datacenter proxies. Combine IP signals with fingerprinting and velocity to catch them.
Combine signals
Any single method has false positives (a corporate VPN is a "VPN" but not fraud). The reliable approach blends signals into an explainable score and lets you set the threshold per use case. detectip.ai returns datacenter/proxy/VPN/Tor flags plus a verdict you can tune.
Act on the result
- Pricing/compliance: if masked, fall back to a safe default or ask the user.
- Fraud: raise risk, add a challenge, or require stronger verification.
FAQ
Is using a VPN proof of fraud? No — many legitimate users use VPNs. Treat it as one weighted signal.
How do I catch residential proxies? Add fingerprinting + velocity to IP checks. Try the demo.