Proxy Detection

Last updated: 4 months ago includes a custom Proxy, VPN, Tor & Datacenter detection solution. We match against a huge set of known IPs & IP Ranges belonging to known proxy & vpn services, Tor Nodes as well as datacenters. This IP & IP Range list is steadily growing and based on a variety of different sources containing recently found and used proxies and VPNs. Due to design we have a low probability of false positives and a very high matching rate for most common use cases.

Detection Design

When we started to tackle this problem we soon realized that detecting proxies & VPNs is a task that only few people tried to really solve yet. One way you often find suggested on the internet is to check against headers or do reverse lookups. Checking against headers turned out to be super unreliable, this may works for (some) transparent proxies but otherwise fails to reliable detect and even includes plenty of room for false positives. Reverse Lookups have a higher accuracy however it slows down the discovery process a lot and still includes more false positives than we want.

Now the only choice left is to maintain a list of IPs to match against. Which may sounds like a bad idea at first glance until you look into the benefits. Some Networks (like Tor, or some VPN Providers) have public lists of IPs. What allows for super accurate matching as well as an easy way to keep the information up to date. Next to that there are public abuse networks who maintain current lists, as well as hundreds of free proxy sites willing to share their proxy lists.

Combined and packed into a smart database design this allows us to match your visitors against a huge set of possible proxy and VPN IPs. Because we essentially use the same sources the majority of users use for their proxies & vpns we already cover a huge portion of the traffic we want to flag. What about the other X%? Read on.

Datacenter Flag

If a user just rents a server somewhere and runs their own proxy or vpn changes are we will not discover them in our IP list because it will not be publicly listed anywhere. However, this is where the Datacenter flag comes in. We maintain a list of thousands of IP Ranges belonging to hundreds of datacenters. Covering a huge portion of the webhosting market, and expanding regularly.

Visitors with the Datacenter flag are likely running some kind of Proxy or VPN, but also crawlers, spiders and other bots are often hosted in Datacenters and will sometimes get this flag.

Good Proxies / Bad Proxies

It is important to mention that not all Proxies and VPN connections are a bad sign. Many universities, schools & companies are using proxies & VPNs as gateways.

Flag Details

Some flags, like most Tor flags, come with additional details. These details appear when you hover the flag and contains additional Information about the Proxy/VPN gateway used. This data is purely informational and does not contain any leads to the original users.

Created 4 months ago, Updated 4 months ago Wiki Home | All Pages
Other Articles in Platform
Bot Detection - Built-in Google Analytics - Device Detection - Geo Tracking - Sovrn//Commerce (Viglink) Onboard