VPN Detection
Identify commercial VPN traffic with high confidence—instantly.
We offer a VPN blocklist composed of commercial vpn exit nodes as well as reputation scoring so you can flag VPN traffic even when an IP hasn’t hit our list yet.
What we return (VPN-only)
| Field | Description |
|---|---|
is_vpn | true if the IP is an exit-node of a commercial VPN service. (Business & Enterprise; ~2-6M IPs refreshed daily.) |
scores.vpn_score | 0–100 probability that the IP is a commercial VPN exit-node. |
How to use them together
- Block/step-up auth when
is_vpn = true. - Treat
vpn_scoreas a risk signal whenis_vpn = false(e.g., add friction above your chosen threshold).
API: Quick Start
Get the boolean (and related threat fields)
cURL
curl "https://api.ipdata.co/<IP>/threat?api-key=APIKEY"
Sample (excerpt)
{
"is_vpn": false,
"blocklists": [],
"is_threat": false
}
Get the probability score
cURL
curl "https://api.ipdata.co/<IP>?api-key=APIKEY"
Sample (excerpt)
{
"ip": "<IP>",
"threat": {
"is_vpn": false,
"scores": {
"vpn_score": 0
}
}
}
Tip: Use
/threatfor lightweight checks, and the full/<IP>endpoint when you also needscores.vpn_scoreand other context.
FAQs
What’s the difference between is_vpn and vpn_score?
is_vpn is a high-confidence flag for commercial VPN exit-nodes we continuously track (~2-6M IPs). vpn_score is a probability based on machine learning signals—even if the IP isn’t in our VPN list yet.
Why doesn’t this detect my self-hosted VPN?
We target commercial VPN exit-nodes, not self-hosted setups. Self-hosted VPNs often have low vpn_score. If hosted in public cloud, the IP may still look risky in your broader risk model.
Updated about 16 hours ago