[{"data":1,"prerenderedAt":318},["ShallowReactive",2],{"docsv3-nav":3,"\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network":198},[4],{"title":5,"path":6,"stem":7,"children":8,"page":188},"V3","\u002Fdocs\u002Fv3","1.docs\u002Fv3",[9,13,17,21,38,87,189],{"title":10,"path":11,"stem":12},"Introduction","\u002Fdocs\u002Fv3\u002Fintroduction","1.docs\u002Fv3\u002F1.Introduction",{"title":14,"path":15,"stem":16},"Quick start","\u002Fdocs\u002Fv3\u002Fquick-start","1.docs\u002Fv3\u002F2.Quick start",{"title":18,"path":19,"stem":20},"Challenge flow","\u002Fdocs\u002Fv3\u002Fchallenge-flow","1.docs\u002Fv3\u002F3.Challenge flow",{"title":22,"path":23,"stem":24,"children":25},"Fundamentals","\u002Fdocs\u002Fv3\u002Ffundamentals","1.docs\u002Fv3\u002F4.fundamentals",[26,30,34],{"title":27,"path":28,"stem":29},"Signup protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F00.Signup protection",{"title":31,"path":32,"stem":33},"Login protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F01.Login protection",{"title":35,"path":36,"stem":37},"Access protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Faccess-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F02.Access protection",{"title":39,"path":40,"stem":41,"children":42},"Guides","\u002Fdocs\u002Fv3\u002Fguides","1.docs\u002Fv3\u002F5.guides",[43,47,51,55,59,63,67,71,75,79,83],{"title":44,"path":45,"stem":46},"Account sharing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-sharing-prevention","1.docs\u002Fv3\u002F5.guides\u002F1.Account sharing prevention",{"title":48,"path":49,"stem":50},"Web scraping prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fweb-scraping-prevention","1.docs\u002Fv3\u002F5.guides\u002F13.Web scraping prevention",{"title":52,"path":53,"stem":54},"Ban enforcement","\u002Fdocs\u002Fv3\u002Fguides\u002Fban-enforcement","1.docs\u002Fv3\u002F5.guides\u002F14.Ban enforcement",{"title":56,"path":57,"stem":58},"Chargeback dispute","\u002Fdocs\u002Fv3\u002Fguides\u002Fchargeback-dispute","1.docs\u002Fv3\u002F5.guides\u002F15.Chargeback dispute",{"title":60,"path":61,"stem":62},"Multi-accounting prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fmulti-accounting-prevention","1.docs\u002Fv3\u002F5.guides\u002F16.Multi-accounting prevention",{"title":64,"path":65,"stem":66},"Account takeover prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-takeover-prevention","1.docs\u002Fv3\u002F5.guides\u002F2.Account takeover prevention",{"title":68,"path":69,"stem":70},"Risky transaction prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Frisky-transaction-prevention","1.docs\u002Fv3\u002F5.guides\u002F20.Risky transaction prevention",{"title":72,"path":73,"stem":74},"Fake account detection","\u002Fdocs\u002Fv3\u002Fguides\u002Ffake-account-detection","1.docs\u002Fv3\u002F5.guides\u002F3.Fake account detection",{"title":76,"path":77,"stem":78},"Bot detection","\u002Fdocs\u002Fv3\u002Fguides\u002Fbot-detection","1.docs\u002Fv3\u002F5.guides\u002F4.Bot detection",{"title":80,"path":81,"stem":82},"Card testing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fcard-testing-prevention","1.docs\u002Fv3\u002F5.guides\u002F5.Card testing prevention",{"title":84,"path":85,"stem":86},"Incentive abuse prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fincentive-abuse-prevention","1.docs\u002Fv3\u002F5.guides\u002F9.Incentive abuse prevention",{"title":88,"path":89,"stem":90,"children":91,"page":188},"Concepts","\u002Fdocs\u002Fv3\u002Fconcepts","1.docs\u002Fv3\u002F6.concepts",[92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184],{"title":93,"path":94,"stem":95},"Evaluations","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations","1.docs\u002Fv3\u002F6.concepts\u002F01.evaluations",{"title":97,"path":98,"stem":99},"Actions","\u002Fdocs\u002Fv3\u002Fconcepts\u002Factions","1.docs\u002Fv3\u002F6.concepts\u002F02.actions",{"title":101,"path":102,"stem":103},"Signals","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals","1.docs\u002Fv3\u002F6.concepts\u002F03.signals",{"title":105,"path":106,"stem":107},"Checks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks","1.docs\u002Fv3\u002F6.concepts\u002F04.checks",{"title":109,"path":110,"stem":111},"Risks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks","1.docs\u002Fv3\u002F6.concepts\u002F05.risks",{"title":113,"path":114,"stem":115},"Verdicts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts","1.docs\u002Fv3\u002F6.concepts\u002F06.verdicts",{"title":117,"path":118,"stem":119},"Policies","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies","1.docs\u002Fv3\u002F6.concepts\u002F07.policies",{"title":121,"path":122,"stem":123},"Challenges","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchallenges","1.docs\u002Fv3\u002F6.concepts\u002F08.challenges",{"title":125,"path":126,"stem":127},"Concurrency","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency","1.docs\u002Fv3\u002F6.concepts\u002F09.concurrency",{"title":129,"path":130,"stem":131},"Impossible travel","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel","1.docs\u002Fv3\u002F6.concepts\u002F10.impossible-travel",{"title":133,"path":134,"stem":135},"Bots","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots","1.docs\u002Fv3\u002F6.concepts\u002F11.bots",{"title":137,"path":138,"stem":139},"Devices","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices","1.docs\u002Fv3\u002F6.concepts\u002F12.devices",{"title":141,"path":142,"stem":143},"Fingerprints","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints","1.docs\u002Fv3\u002F6.concepts\u002F13.fingerprints",{"title":145,"path":146,"stem":147},"People","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpeople","1.docs\u002Fv3\u002F6.concepts\u002F14.people",{"title":149,"path":150,"stem":151},"Lists","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flists","1.docs\u002Fv3\u002F6.concepts\u002F15.lists",{"title":153,"path":154,"stem":155},"Account takeover","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover","1.docs\u002Fv3\u002F6.concepts\u002F16.account-takeover",{"title":157,"path":158,"stem":159},"Account sharing","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing","1.docs\u002Fv3\u002F6.concepts\u002F17.account-sharing",{"title":161,"path":162,"stem":163},"Fake account","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account","1.docs\u002Fv3\u002F6.concepts\u002F18.fake-account",{"title":165,"path":166,"stem":167},"Scraping","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping","1.docs\u002Fv3\u002F6.concepts\u002F19.scraping",{"title":169,"path":170,"stem":171},"Linked accounts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts","1.docs\u002Fv3\u002F6.concepts\u002F20.linked-accounts",{"title":173,"path":174,"stem":175},"New IP","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip","1.docs\u002Fv3\u002F6.concepts\u002F21.ip",{"title":177,"path":178,"stem":179},"Anonymizing network","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network","1.docs\u002Fv3\u002F6.concepts\u002F22.anonymizing-network",{"title":181,"path":182,"stem":183},"Email quality","\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail","1.docs\u002Fv3\u002F6.concepts\u002F23.email",{"title":185,"path":186,"stem":187},"Velocity","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity","1.docs\u002Fv3\u002F6.concepts\u002F24.velocity",false,{"title":190,"path":191,"stem":192,"children":193,"page":188},"Advanced","\u002Fdocs\u002Fv3\u002Fadvanced","1.docs\u002Fv3\u002F7.Advanced",[194],{"title":195,"path":196,"stem":197},"Proxy setup","\u002Fdocs\u002Fv3\u002Fadvanced\u002Fproxy-setup","1.docs\u002Fv3\u002F7.Advanced\u002F1.Proxy-setup",{"id":199,"title":177,"body":200,"description":309,"extension":310,"meta":311,"navigation":312,"path":178,"rawbody":313,"seo":314,"stem":179,"__hash__":317},"docsv3\u002F1.docs\u002Fv3\u002F6.concepts\u002F22.anonymizing-network.md",{"type":201,"value":202,"toc":303},"minimark",[203,207,232,242,247,276,280],[204,205,177],"h1",{"id":206},"anonymizing-network",[208,209,210,211,215,216,220,221,220,224,227,228,231],"p",{},"An anonymizing network is anything that sits between the user and your service to hide where the connection really comes from. Rupt classifies every IP and exposes four ",[212,213,214],"a",{"href":106},"checks"," for it: ",[217,218,219],"code",{},"ip_is_vpn",", ",[217,222,223],{},"ip_is_proxy",[217,225,226],{},"ip_is_tor",", and ",[217,229,230],{},"ip_is_hosting",".",[208,233,234,235,220,238,241],{},"Using one isn't proof of bad intent. Plenty of ordinary people run a VPN for privacy or to reach their work network. But anonymizers are also the default tooling for ",[212,236,237],{"href":154},"account takeover",[212,239,240],{"href":166},"scraping",", and fraud, because hiding the source IP is step one of not getting caught.",[243,244,246],"h2",{"id":245},"the-kinds-rupt-detects","The kinds Rupt detects",[248,249,250,258,264,270],"ul",{},[251,252,253,257],"li",{},[254,255,256],"strong",{},"VPN",": a tunnel that swaps the user's real IP for the VPN server's. Consumer VPNs (NordVPN, ExpressVPN, and the like) run from datacenter ranges Rupt recognizes. Residential or mobile VPNs route through real home and carrier IPs to look like ordinary users, which makes them harder to spot and a favorite of higher-effort fraud.",[251,259,260,263],{},[254,261,262],{},"Proxy",": a relay that forwards requests on the user's behalf. Open and rotating proxies are the workhorses of scraping, since they spread traffic across many addresses to dodge rate limits.",[251,265,266,269],{},[254,267,268],{},"Tor",": the onion network. Traffic exits through public Tor nodes that are easy to identify, so a Tor exit IP is unambiguous about wanting anonymity.",[251,271,272,275],{},[254,273,274],{},"Hosting \u002F datacenter",": the IP belongs to a cloud provider, not a residential ISP. Real customers rarely browse from a server, so datacenter traffic is one of the strongest automation tells.",[243,277,279],{"id":278},"using-it","Using it",[208,281,282,283,286,287,290,291,294,295,298,299,302],{},"Each flag is its own ",[212,284,285],{"href":118},"policy"," condition, so you can treat them differently. A common pattern is to tolerate VPNs (real users have them) but challenge or block Tor and datacenter traffic on sensitive ",[212,288,289],{"href":98},"actions",". The flags also weight into ",[212,292,293],{"href":110},"risk"," scores: an anonymizer turns an otherwise ordinary ",[212,296,297],{"href":174},"new IP"," or ",[212,300,301],{"href":130},"impossible travel"," event into a much sharper signal.",{"title":304,"searchDepth":305,"depth":305,"links":306},"",2,[307,308],{"id":245,"depth":305,"text":246},{"id":278,"depth":305,"text":279},"[object Object]","md",{},true,"---\ntitle: Anonymizing network\ndescription: An anonymizing network hides the true origin of a connection: VPN, proxy, Tor, or hosting\u002Fdatacenter IP. Rupt classifies the IP and feeds the result into account takeover and scraping detection.\n---\n\n# Anonymizing network\n\nAn anonymizing network is anything that sits between the user and your service to hide where the connection really comes from. Rupt classifies every IP and exposes four [checks](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks) for it: `ip_is_vpn`, `ip_is_proxy`, `ip_is_tor`, and `ip_is_hosting`.\n\nUsing one isn't proof of bad intent. Plenty of ordinary people run a VPN for privacy or to reach their work network. But anonymizers are also the default tooling for [account takeover](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover), [scraping](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping), and fraud, because hiding the source IP is step one of not getting caught.\n\n## The kinds Rupt detects\n\n- **VPN**: a tunnel that swaps the user's real IP for the VPN server's. Consumer VPNs (NordVPN, ExpressVPN, and the like) run from datacenter ranges Rupt recognizes. Residential or mobile VPNs route through real home and carrier IPs to look like ordinary users, which makes them harder to spot and a favorite of higher-effort fraud.\n- **Proxy**: a relay that forwards requests on the user's behalf. Open and rotating proxies are the workhorses of scraping, since they spread traffic across many addresses to dodge rate limits.\n- **Tor**: the onion network. Traffic exits through public Tor nodes that are easy to identify, so a Tor exit IP is unambiguous about wanting anonymity.\n- **Hosting \u002F datacenter**: the IP belongs to a cloud provider, not a residential ISP. Real customers rarely browse from a server, so datacenter traffic is one of the strongest automation tells.\n\n## Using it\n\nEach flag is its own [policy](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies) condition, so you can treat them differently. A common pattern is to tolerate VPNs (real users have them) but challenge or block Tor and datacenter traffic on sensitive [actions](\u002Fdocs\u002Fv3\u002Fconcepts\u002Factions). The flags also weight into [risk](\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks) scores: an anonymizer turns an otherwise ordinary [new IP](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip) or [impossible travel](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel) event into a much sharper signal.\n",{"title":177,"description":315},{"An anonymizing network hides the true origin of a connection":316},"VPN, proxy, Tor, or hosting\u002Fdatacenter IP. Rupt classifies the IP and feeds the result into account takeover and scraping detection.","-81GtOBVotp9QWam5T_y6bIcRQmvnyjmSHC8vD8vrbc",1780344893640]