Risk Engine

IP & VPN
Tracking System

Real-time VPN, proxy, and TOR detection with IP reputation scoring, geo-restriction enforcement, and shared-IP multi-account flagging — every login screened before access is granted to your prop firm platform.

Book a Demo Rules Library
99.9%
VPN Detection Rate
<50ms
IP Screening Time
190+
Countries Mapped
VPN Access Blocked
IP Reputation: High Risk
IP Screening Log — Live
185.220.101.x Netherlands TOR Exit
104.21.14.x United States VPN (NordVPN)
91.108.4.x Russia Geo-Restricted
94.103.92.x Germany Proxy (Datacenter)
82.46.19.x United Kingdom Clean (Residential)
Capabilities

Every Network Threat Vector Screened

VPN, proxy, TOR, datacenter routing, geo-restriction, and shared-IP clustering — every login evaluated before access reaches your platform.

VPN Provider Detection
Cross-reference login IPs against a continuously updated database of 1,000+ VPN provider IP ranges — NordVPN, ExpressVPN, Mullvad, Surfshark, and commercial VPN infrastructure detected on first connection.
TOR Exit Node Blocking
Real-time lookup against the official TOR exit node consensus and extended relay lists. All TOR-routed logins are blocked instantly — with the block reason logged against the account for compliance audit.
Datacenter & Proxy Detection
Distinguish residential IPs from datacenter-hosted proxies, cloud server IPs (AWS, GCP, Azure), and commercial proxy services. Datacenter IPs are flagged and optionally blocked — configurable by account type and risk tier.
Geo-Restriction Enforcement
Block or flag logins from sanctioned countries, restricted jurisdictions, or territories excluded from your terms of service. Country-level controls with sub-region granularity for complex regulatory requirements.
Threat Coverage

What We Detect & Block

Six distinct network threat categories — each with independent detection logic, configurable enforcement, and dedicated audit logging.

VPN
Commercial VPN Services
Logins routed through consumer VPN providers — NordVPN, ExpressVPN, Surfshark, PIA, Mullvad, and 1,000+ more. Database updated daily with new provider IP ranges and server additions.
Proxy
Datacenter & Residential Proxies
HTTP, SOCKS4, and SOCKS5 proxies hosted in commercial datacenters or on residential proxy networks (LimeProxies, Smartproxy, Bright Data). Identified by ASN classification and abuse-score databases.
TOR
TOR Network Exit Nodes
All TOR relay exit nodes listed in the official consensus and community-maintained extended lists. Checked in real time on every login — new TOR exit node registrations propagated within minutes.
Geo
Sanctioned & Restricted Jurisdictions
OFAC-sanctioned countries, FATF grey/black list jurisdictions, and custom-restricted territories configured per your regulatory requirements. Logins from these locations blocked at authentication before platform access.
Shared IP
Multi-Account Shared Access
Three or more distinct accounts logging in from the same IP address within a configurable time window — flagged as a potential account farm or credential-sharing operation, integrated with the Multi-Account Behavior module.
Reputation
High-Risk IP Reputation
IPs with documented abuse history — previous fraud incidents, bot traffic, spam sending, or malware hosting — scored via aggregated reputation databases and weighted into the account's overall risk profile.
How It Works

Every Login Screened in Under 50ms

A layered network intelligence pipeline — lookup, score, enforce — before the dashboard even loads.

1
IP Extraction on Login
The client IP is extracted on every authentication event — account login, API call, and trading platform connection. Both IPv4 and IPv6 are supported, with proxy header inspection to detect X-Forwarded-For spoofing attempts.
2
Multi-Database Lookup
The IP is simultaneously queried against VPN provider ranges, TOR exit node lists, datacenter ASN databases, abuse reputation feeds, and geo-location databases — all in parallel within the 50ms window.
3
Risk Score Calculation
Results from all lookups are aggregated into a composite IP risk score (0–100). VPN and TOR detections score immediately critical; datacenter IPs score high; residential IPs with abuse history score medium based on severity.
4
Geo & Sanction Check
The resolved country is checked against your configured restriction list and the global OFAC/FATF sanction lists. Mismatches between claimed jurisdiction and IP geolocation are flagged as potential KYC circumvention attempts.
5
Shared-IP Account Cluster Check
The IP is compared against the login history of all accounts in your firm. If 3+ accounts share the same IP within your configured time window, a shared-access flag is raised and passed to the Multi-Account Behavior module.
6
Enforcement & Audit
Based on the composite score and your configured thresholds, the login is allowed, warned, blocked, or escalated to the operator review queue. Every decision is written to the immutable IP audit log with full signal detail.
IP / VPN Risk Dashboard
Account #5512 — 185.220.101.xTOR ExitBlocked
Account #8841 — 104.21.14.xVPN Score: 98Blocked
Account #7701 — 91.108.4.xGeo: RestrictedBlocked
Account #3305 — 94.103.92.xDatacenter IPFlagged
Account #1101 — 82.46.19.xRisk Score: 3Clean
Full Control

Your Policy. Your Thresholds.

Not every firm has the same geo policy or VPN tolerance. Configure every parameter from the admin panel — which countries to restrict, which IP types to allow, and what risk score triggers which action — per account tier.

  • Allow, warn, or block independently for VPN / TOR / Proxy / Geo threats
  • Different policies for challenge vs. funded — stricter enforcement at payout stage
  • Whitelist specific IPs or IP ranges — office IPs, institutional traders, support staff
  • Export full IP history per account — ready for KYC audits or regulatory requests
99.9%
VPN / TOR Detection
Accuracy Rate
<50ms
IP Screening Time
Per Login Event
190+
Countries & Territories
Geo-Mapped
6
Threat Categories
Screened Per Login
Get Started

Screen Every Login.
Allow Only Legitimate Access.

VPNs and proxies are used to bypass geo-restrictions, hide multi-account operations, and circumvent KYC. Deploy the IP tracking system and close those gaps before they become payouts.

Book a Demo Explore Platform
99.9% VPN Detection
TOR Exit Blocking
Sub-50ms Screening
Full IP Audit Trail