CustomersPricingBlogAbout
Changelog
Log inStart for free
Back to All
Added

Detect VPN traffic with new IP intelligence

about 2 hours ago by Sebastian Wallin

Recently we launched Residential Proxy detection and richer IP tunnel intelligence . Now we're extending that same foundation to VPNs. VPN use isn't proof of fraud on its own, but together with other indicators like a high risk score or a new device, it's a strong sign of an attacker trying to cover their tracks.

The new vpn_access signal triggers when a request comes from an IP recently seen on a known VPN provider's network. It's visible and filterable in the Dashboard, and exposed in the API response signals.

Like with proxies, VPNs show up in the ip.tunnels payload, with the provider as operator and a last_seen_at timestamp for when we last confirmed VPN activity on that IP. We already cover a large share of the most popular providers, and we're adding more over time.

Check out this and all the other signals in our documentation.

Example API response:

{
  "ip": {
    "address": "185.253.162.22",
    "connection": "datacenter",
    "tunnels": [
      {
        "type": "proxy",
        "operator": "Private Internet Access",
        "proxy_type": "vpn",
        "last_seen_at": "2026-06-16T18:00:00Z"
      }
    ],
		// ...
  },
  "signals": {
    "vpn_access": {}
  }
}