Log In Start Free →
IP INTELLIGENCE · REAL-TIME · MULTI-LAYER

See through every VPN.
Detect every proxy.

Prynt identifies VPNs, proxies, Tor nodes, and datacenter IPs in real time using multi-signal analysis. Know when users are masking their true location -- without blocking legitimate privacy users.

Start Detecting VPNs → View Documentation
99.2%
VPN detection rate
800+
Providers covered
12
Proxy types detected
0.03%
False positive rate
What We Detect

Every anonymization method. Classified.

Prynt doesn't just flag "VPN or not" -- it classifies the exact anonymization type, provider, and risk level so you can make intelligent decisions.

🛡️
Commercial VPNsHigh

Major consumer VPN services used by millions. While often used for privacy, they're also used to bypass geo-restrictions and mask fraudulent activity.

NordVPN (5,500+ servers)
ExpressVPN (3,000+ servers)
Surfshark, PIA, CyberGhost
Mullvad, ProtonVPN, IPVanish
🏠
Residential ProxiesCritical

Traffic routed through real residential IPs, making it appear to come from legitimate homes. The hardest anonymization method to detect -- and the most abused by fraudsters.

Bright Data residential pools
Oxylabs residential network
SmartProxy, IPRoyal
P2P SDK-based proxy networks
🏢
Datacenter ProxiesHigh

IPs hosted in cloud infrastructure and datacenters. These aren't residential connections -- they're servers pretending to be users. Common in scraping and automated fraud.

AWS, GCP, Azure ranges
DigitalOcean, Linode, Vultr
Hetzner, OVH, Leaseweb
Private hosting providers
🧅
Tor Exit NodesCritical

Traffic routed through the Tor onion network. Exit nodes are publicly listed, but new relays appear constantly. Prynt tracks the full Tor directory in real time.

Standard Tor exit relays
Tor bridge nodes
Tor-over-VPN chaining
Snowflake/meek transports
🔌
SOCKS5 ProxiesHigh

General-purpose proxy protocol supporting any traffic type. Commonly used in credential stuffing tools and account checkers due to their speed and flexibility.

Public SOCKS5 lists
Private/premium SOCKS5
SSH tunnels (dynamic port)
Shadowsocks (SS/SSR)
👤
Anonymous ProxiesMedium

HTTP/HTTPS proxies that strip identifying headers and mask the original IP. Used for web scraping, ad verification, and circumventing access controls.

Elite/high-anonymity proxies
Transparent proxies
Web-based proxy services
CGI proxy gateways
Detection Pipeline

Six signals. One verdict. Under 20ms.

Every request passes through a multi-stage analysis pipeline that combines IP intelligence with behavioral and environmental signals.

STEP 01
🔍
IP Analysis
ASN lookup, IP range classification, hosting provider identification, geolocation enrichment
STEP 02
🗂️
Provider Matching
Cross-reference against 800+ known VPN/proxy providers, updated hourly from active scanning
STEP 03
🕐
Timezone Comparison
Compare IP-inferred timezone against browser-reported timezone and system locale settings
STEP 04
📡
WebRTC Leak Detection
Probe for WebRTC local/public IP leaks that reveal the true IP behind VPN tunnels
STEP 05
🧠
Behavioral Correlation
Correlate connection patterns, DNS behavior, and MTU/TTL analysis for tunnel detection
STEP 06
Verdict
Final classification with type, provider, confidence score, and risk assessment
API Response

Structured intelligence you can act on.

Every identification returns a detailed VPN/proxy result. Use the structured fields to make nuanced decisions -- not just block/allow.

vpn.detectedboolean
Whether the visitor is connecting through a VPN service. Returns true when a VPN tunnel is identified with high confidence. Use as the primary gating signal for VPN-sensitive flows.
vpn.providerstring | null
The identified VPN provider name when matched against the known provider database. Examples: "NordVPN", "ExpressVPN", "Mullvad", "ProtonVPN". Null when the provider cannot be identified.
vpn.typeenum
Classification of the VPN type. Values: commercial, corporate, self_hosted, unknown. Corporate VPNs can be allowlisted to avoid blocking enterprise users.
proxy.detectedboolean
Whether the visitor is connecting through a proxy server. Independent of VPN detection -- a connection can be both VPN and proxy (e.g., VPN with SOCKS5 chaining).
proxy.typeenum
Classification of the proxy type. Values: residential, datacenter, tor, socks5, http, none.
timezone.mismatchboolean
Whether the browser-reported timezone differs from the IP-inferred timezone. A strong secondary signal -- timezone mismatches occur in 94% of VPN sessions but only 3% of legitimate sessions.
ip.datacenterboolean
Whether the IP originates from a known datacenter or hosting provider. Datacenter IPs are almost never used by legitimate end users browsing the web.
ip.geolocationobject
Geographic details for the IP address including country, region, city, latitude/longitude, and ISP name. Compare against claimed location to detect geo-spoofing attempts.
VPN/Proxy detection responseVPN SIGNAL
{
  "vpn": {
    "detected": true,
    "provider": "NordVPN",
    "type": "commercial",
    "confidence": 0.992,
    "protocol": "WireGuard"
  },
  "proxy": {
    "detected": false,
    "type": "none"
  },
  "tor": {
    "detected": false,
    "exitNode": false,
    "relayNode": false
  },
  "timezone": {
    "mismatch": true,
    "ipTimezone": "America/Panama",
    "browserTimezone": "Europe/Berlin",
    "offsetDifference": 7
  },
  "ip": {
    "address": "185.93.xxx.xxx",
    "datacenter": true,
    "asn": 212238,
    "isp": "Datacamp Limited",
    "geolocation": {
      "country": "PA",
      "city": "Panama City",
      "latitude": 8.9824,
      "longitude": -79.5199
    }
  },
  "webrtcLeak": {
    "detected": false,
    "localIp": null
  }
}
Use Cases

Know when location matters.

VPN detection isn't about blocking privacy -- it's about understanding risk when location is material to the decision.

🔐

Account Security

Detect when login attempts come from VPNs or proxies that don't match the user's established location pattern. Trigger step-up authentication when risk is elevated -- not on every login.

Login flowsStep-up authRisk scoring
🌍

Geo-Restriction Enforcement

Enforce geographic licensing agreements and content distribution rights. Know when users are circumventing regional restrictions with VPNs -- essential for streaming, gaming, and regulated content.

StreamingLicensingRegional pricing
💳

Payment Fraud Prevention

Flag transactions where the payment IP doesn't match the billing country or where VPN/proxy usage correlates with stolen card usage patterns. Reduce chargebacks without increasing friction for legitimate buyers.

CheckoutCard testingChargebacks
📋

Compliance & KYC

Satisfy regulatory requirements by detecting when users access services from sanctioned regions while masking their location. Critical for fintech, crypto, and online gambling platforms operating under strict jurisdictional rules.

OFAC screeningJurisdictionAudit trails
Accuracy

Prynt vs. IP-only detection.

Most VPN detection tools rely solely on IP databases. Prynt combines IP intelligence with behavioral analysis, timezone validation, and WebRTC probing for unmatched accuracy.

Anonymization Type IP-Only Detection Prynt Improvement
Commercial VPNs (known providers) ~85% 99.2% +14.2%
Self-hosted / private VPNs ~20% 91.4% +71.4%
Residential proxies ~12% 87.6% +75.6%
Datacenter proxies ~95% 99.8% +4.8%
Tor exit nodes ~92% 99.5% +7.5%
SOCKS5 proxies ~30% 94.1% +64.1%
Corporate VPNs (allowlisting) ~15% 96.3% +81.3%
False positive rate ~2.1% 0.03% 70x better

Unmask your first VPN in 5 minutes.

Free plan includes VPN & proxy detection. No credit card required.

Start Free Trial → View VPN Detection Docs