VPN, Proxy & Routing Intelligence
Are You Hidden Online?
Multi-signal VPN, proxy, and TOR detection with a live trust score — scanned the moment this page loads.
Understanding Every Signal
What each detection signal above actually measures, and why no single check is enough on its own.
Detection Signals
VPN Detected, Proxy Detected & TOR Exit Node
Three independent checks. VPN detection looks at whether your ASN belongs to known VPN provider infrastructure. Proxy detection checks for known proxy service IP ranges and behavioral markers. TOR exit node detection cross-references your IP against the publicly maintained list of active TOR exit relays, which is updated frequently. Each is a yes/no result; the combination feeds into the trust score below.
Datacenter Routing Detected
A positive here means your connection exits through a datacenter IP range rather than a residential or mobile one. This covers cloud provider IPs (AWS, Azure, GCP and similar), hosting provider ranges, and dedicated VPN server infrastructure. A datacenter flag alone doesn't confirm a VPN is in use — corporate networks and some ISPs legitimately route through datacenters — but it's a strong supporting signal.
IP Classification & ASN Ownership Type
IP classification is a broader category label — residential, mobile, hosting, or proxy. ASN ownership type narrows it further to the category of organization operating your network. Together these are often enough to determine the likely nature of a connection without any active detection running at all.
Timezone Match & Language Match
These check whether your browser's reported timezone and preferred language are consistent with the country your IP is geolocated to. A mismatch — for example, a timezone set to Europe while the IP resolves to Southeast Asia — is a common signal that a VPN is routing traffic through a different region than the device is actually in. Neither alone is conclusive; both together are meaningful.
WebRTC Match
WebRTC is a browser API that can reveal your real local and public IP addresses even when a VPN is active, because it communicates directly rather than through the VPN tunnel. This field checks whether the IP WebRTC reports matches what the VPN is supposed to be presenting. A mismatch here is a WebRTC leak — one of the most common ways VPNs unintentionally expose the real IP they're supposed to be hiding.
Reverse DNS Match
Checks whether the hostname that reverse-resolves from your IP is consistent with your stated ISP or network type. VPN servers often have reverse DNS entries that reveal the provider's infrastructure naming, even when the IP itself is designed to look residential.
Fraud Score & Abuse Score
Both are derived from historical reports associated with this IP range — spam, credential-stuffing attacks, scraping, and similar abuse patterns. These scores don't reflect anything about you personally; they reflect how the IP range you're connecting from has been used by others who've connected through the same infrastructure previously. VPN and proxy IPs tend to have elevated scores because they're shared across many users with varying intentions.
Bot Detected
Flags whether the connection itself has characteristics consistent with automated rather than human browsing. This is a network-level check, distinct from the browser-level bot detection on the Fingerprinting panel — both can independently signal automation even if the other doesn't.
Trust Score
A 0–100 composite of all signals above. 100 means every signal is consistent with a normal residential or mobile connection. Lower scores reflect the number and strength of signals suggesting non-residential routing — the gauge bar's color moves from green through amber to red as confidence in non-standard routing grows.
Route Classification & Detection Flags
Route classification is the final summary label — Residential, Mobile, Datacenter, VPN, Proxy, or TOR. Detection flags lists every individual signal that fired during analysis, so you can see exactly which checks contributed to the classification rather than just accepting the final label.
Detection Source, Confidence & Paid API Consulted
Detection source names which data layer produced the primary classification. Confidence reflects how many independent signals agreed. Paid API consulted tells you whether the richer, lower-latency commercial lookup was used or whether the free-tier fallback applied — which matters for how much weight to give the fraud and abuse scores specifically.
Why No VPN Detection Is Ever Certain
The same IP can be residential and a VPN exit simultaneously
Residential proxy services route traffic through real home broadband connections, which means the ASN, IP type, and geolocation all look completely legitimate — because they are. These are among the hardest connections to classify correctly, since none of the infrastructure-based signals fire. The timezone, language, and WebRTC consistency checks are often the only available signals in these cases.
A low trust score doesn't mean you're doing something wrong
Corporate networks, university connections, satellite internet, and some mobile carriers all legitimately route through datacenter infrastructure. A trust score of 40 on an office network is expected and normal — it just reflects what the infrastructure looks like from the outside, not anything about the user's intent.