Many IP proxy and VPN detection APIs use proxies and VPNs to commit attacks, such as account takeovers, carding, and phishing, with reduced risk of detection. However, legitimate users also rely on these services to protect their privacy and security. For this reason, detecting proxies and VPNs is an important step in the fraud detection process.

SEON offers a robust IP proxy and VPN detection API that checks for a variety of indicators, including residential and mobile proxies, open ports, Tor exit nodes, data centers, and hosting providers. The API also provides smart scoring that avoids false-positives from IP ranges that are commonly shared among proxies, or those that are recycled frequently.

Beyond the URL: Harnessing the Power of Domain Reputation APIs for Secure Online Interactions

A common indicator of proxy use is a mismatch between the operating system detected by the browser and that reported in packet headers. However, this method can be fooled by a wide range of factors, from network configuration changes to user agent strings. To overcome this issue, SEON uses MTU analysis, a more accurate proxy detection technique that evaluates the size of each packet in order to identify if an anomalous value is present.

Another important indicator of proxy use is when a user’s IP address location changes too rapidly. This may suggest the use of a virtual private network, where the user’s connection travels across vast geographical distances. This can be identified by analyzing the time zone changes of an IP, and by using logic to detect impossible travel times, such as moving from New York to Tokyo in seconds.