Proxies and VPNs are an essential tool for web developers and marketers to access online content from different geolocations. They also serve as a popular cybersecurity tool to filter out malicious websites and block malware and spyware.

Despite the fact that proxies and VPNs are often used for good, they aren’t immune to fraud or abuse. Fraudsters and cybercriminals use them to mask their identity, spoof their IP addresses, or bypass network protections. Moreover, a small percentage of users might use proxies or VPNs to evade content access restrictions enabled by digital rights management (DRM) strategies and systems.

To weed out risky users, we can implement our IP detection API into your payment portals and processing systems to automatically detect & block fraudulent transactions originating from compromised devices. This can be especially useful in e-commerce & sales, lead generation, affiliate & advertising agencies, software developers, and mass email marketers.

In addition to preventing fraud, our proxy detection API can help you understand your user’s intentions. It’s important to know whether your user is a good or bad user, so you can avoid exposing them to your network and letting them exploit your system.

IPQS’s proxy detection API documentation uses proprietary honeypots & traps, blacklists, forensic analysis, and client feedback loops to detect high risk users in a way that is much more accurate than other anti-fraud services. It’s the best way to confidently identify proxies, VPNs, and other IP connections that are associated with fraudulent activity.

The first step is to detect if the IP address is an active connection. We do this by calculating an IP reputation score. This score is based on the behavior of the IP address over time and is recomputed live with the latest available data for accuracy.

Another useful data point is location, which can reveal a user’s real-time physical location. This information is often accurate within 25 miles of the user’s physical location, and can be used to identify potentially dangerous users.

A third way to determine if an IP address is an active proxy is by checking the IP’s IP range. Some proxies will have an assigned range from an Internet Service Provider (ISP), while others might be part of a data center, like AWS.

If the IP address is part of a data center, it’s usually easier to determine if it’s an active connection because there’s a clear difference between the IP range and the physical location of the IP. Some proxies also change their IP address on a regular basis, which is not a good sign for any type of network or security system.

Alternatively, you can check the IP address’s reputation based on other factors such as device fingerprinting, transaction details, and personal information. This method is often faster and more effective than checking the IP address alone, but it may still produce false-positives.

You can also perform a ping test to see if an IP has a good connection speed. This can be used to identify a user’s physical location, but it isn’t always helpful for detecting proxies because ping tests don’t work well with them. In that case, you can try to detect if the IP is an active proxy by looking for patterns in the way the proxy works, such as the use of a proxy switcher or a specific IP address.