VPN Detection: How to detect if an IP address is using a VPN

How to detect if an IP addresses is using a VPN

The truth of the matter is that by default, there is no easy way of detecting whether a user is using a VPN or not, unless the IP address that is being used has been identified as part of a VPN. In order to identify yours, use our tool to see what is your IP address and location.

That said, there are several methods used by network engineers including sniffing large numbers of packets and noticing whether some or all of the traffic coming through is encrypted.While it is common for many internet tools to be using some form of encryption, if every bit of traffic coming through is encrypted, it is a fairly good sign that the user is using a VPN.

Most VPN networks use a fixed set of IP addresses. Over time, these addresses get identified by network engineers and these are eventually provided to lists which are stored in central databases. 

First you need to get IP address itself. Depending on the language or framework you're using, Abstract as a few recommended guides for that, such as "how to get an IP address in Ruby on Javascript", "how to get an IP address in PHP", "how to get an IP address in Ruby on Rails", and "how to get an IP address in jQuery".

Using an API to detect whether a VPN is being used

The good news is that you can make use of a large amount of work that has been done by others; there are common databases of known VPN IP addresses. While these will not catch every single example of a VPN (if they did, the point of using a VPN would become moot.Many people would simply not use them), you can still identify if a significant part of your traffic is using these tools. The methods for detecting a VPN are similar for the methods of detecting if an IP address is using a proxy.

The easiest way of identifying whether at least some of your traffic is using a VPN is to use an API like AbstractAPI’s geolocation tool.

By signing up for their free service, you can get an API key, and by using something as simple as a snippet of jQuery code on your site, you can get a wide range of information about the user.

Just enter a similar snippet of code to this into your site:

$.getJSON("https://ipgeolocation.abstractapi.com/v1/?api_key=YOUR_UNIQUE_API_KEY", function(data) { 
       console.log(data.ip_address);
       console.log(data.security);
   })

You can get a large amount of information. The API has many parameters you can use, but the data.security will provide information about whether the user is using a VPN.

Below is an example of some of the output you will receive(note, to get all of the below parameters you would need to request them individually, however the security entry will tell you whether the user is using a known VPN:

{
  "ip_address": "141.126.251.125",
  "city": "Chicopee",
  "city_geoname_id": 4933002,
  "region": "Massachusetts",
  "region_iso_code": "MA",
  "region_geoname_id": 6254926,
  "postal_code": "01020",
  "country": "United States",
  "country_code": "US",
  "country_geoname_id": 6252001,
  "country_is_eu": false,
  "continent": "North America",
  "continent_code": "NA",
  "continent_geoname_id": 6255149,
  "longitude": -72.5737,
  "latitude": 42.1754,
  "security": {
    "is_vpn": false
  },
  "timezone": {
    "name": "America/New_York",
    "abbreviation": "EST",
    "gmt_offset": -5,
    "current_time": "13:02:35",
    "is_dst": false
  },
  "flag": {
    "emoji": "🇺🇸",
    "unicode": "U+1F1FA U+1F1F8",
    "png": "https://static.abstractapi.com/country-flags/US_flag.png",
    "svg": "https://static.abstractapi.com/country-flags/US_flag.svg"
  },
  "currency": {
    "currency_name": "USD",
    "currency_code": "USD"
  },
  "connection": {
    "autonomous_system_number": 20115,
    "autonomous_system_organization": "Charter Communications",
    "connection_type": "Corporate",
    "isp_name": "Charter Communications",
    "organizaton_name": "Spectrum"
  }
}