Providing accurate anonymous IP detection data is our priority, first and foremost.
If you explore our IP to Privacy Detection, aka anonymous IP database, sometimes you will find that we don’t provide information regarding the name of the privacy service provider. Some customers would like to know which big VPN provider is behind the service. But unfortunately, if the privacy service provider’s name is missing, it makes it difficult to know the answer to the question. Therefore, we occasionally receive questions about why our IP privacy database does not always provide the service provider’s name.
This is a valid question, but the answer is not so simple. Even though we currently provide the names of close to 100 privacy service providers, we often don’t associate IP addresses with individual privacy service providers.
So, let’s take a step back and understand how we recognize anonymous IP addresses.
How the IP to Privacy database works?
As you probably know, IPinfo’s data is backed by a global probe network infrastructure called, ProbeNet. Through our ProbeNet, we run internet-wide scans. Through these internet scans, we can detect certain anomalous behavior from IP addresses. Based on this behavior, we can deem an IP address to be an anonymous IP address.
In our custom IP to Privacy Extended Database, we showcase some of our research methodologies.
| Fields | Example | Description |
|---|---|---|
| start_ip | 62.182.99.0 | First IP address of the range |
| end_ip | 62.182.99.255 | Last IP address of the range |
| hosting | False | Indicates hosting service IP address (data center, cloud service, bots, scrapers, etc.) |
| proxy | False | IP address associated with a proxy service |
| tor | False | Tor exit node IP address |
| vpn | True | IP address associated with a VPN service |
| relay | False | Private relay service IP address (Apple relay, Cloudflare, Akamai etc.) |
| vpn_name | NordVPN | Name of the privacy service provider includes VPN, Proxy and Relay service providers names |
| anycast | False | True: if IP is identified as being any anycast IP, that could map to multiple physical servers in different locations |
| census | True | True: if we’ve identified VPN software running on this IP as part of our internet wide scan (successful openvpn or ipsec handshake) |
| device_activity | True | True: if we’ve seen VPN-like behavior (multiple devices, multiple locations etc) |
| whois | False | True: if we’ve seen vpn provider attributes in the IP whois data (eg. provider name) |
| vpn_config | True | True: if we’ve identified this IP in a VPN config file |
| census_port | 500 | Port number we’ve identified VPN software running on |
Our core anonymous IP detection method involves behavior-based detection. This allows us to make sure we identify the highest number of anonymous IP addresses and ensure our promise of the highest quality of data accuracy.
Some data provider uses a privacy service association detection model that only captures a small subset of anonymous IP address data.
Can I use only the rows that provide the service field?
No, it would be best if you did not do that. If you remove all the rows where the service information is missing, you will be removing a lot of valid anonymous IP data information.
Can multiple VPNs share a single IP?
Yes, they can. If you look at the ASN data of anonymous IP addresses, you will sometimes find that there are specialized organizations that provide IP addresses and hosting services to VPN companies. This can result in situations where one IP can be associated with multiple privacy service providers.
So, if a customer is using the X privacy service provider, but that IP is shared across the X and Y providers, and if we show the Y provider in our privacy data, the customer might think we are providing the wrong data.
Again, accuracy is our highest priority above all. Therefore, we have chosen not to share either of this information and instead ask customers to engage in an open discussion about the methodology for privacy detection.
That is why we offer our IP to Privacy Extended Database. Contact our sales team if you would like to know more about this database.
But I need some level of organizational context to IP addresses.
If you need some organizational context to these anonymous IP addresses, you can get insights from the following data:
- IP to Company API or IP to Company database: The IP to Company data shows you the organization that is using those IP addresses to run an operation or a business. This is the best dataset that complements the privacy dataset, as it shows companies and organizations that operate the IP address.
- ASN API or ASN database: The ASN API service and ASN database services will give you detailed ASN information along with all the other IP range an ASN owns. Even though a company might own the IP address, another company might use it to provide privacy servers from their infrastructure. To get that information use the IP to Company dataset.
- IP to Abuse Contact database: The abuse contact database will give you insight into who to file a complaint against when you come across malicious activities from an anonymous IP address.
- Free IP to ASN database: The open access IP to the ASN database will show who actually owns the IP address.
All these databases are available on our Snowflake listing. For example, the following, table of anonymous IP look up data was created in Snowflake. The output you see is created by joining the IP privacy data and IP company data.
In conclusion
It does not take much to create an IP privacy service company. You can simply open a website and communicate with a specialized hosting provider who will build and support your entire tech infrastructure. Detecting privacy services at our scale is very difficult, and we are content with the compromises we make to ensure accurate data.
By utilizing our company, ASN, and abuse contact databases, users have access to a wide variety of organizational contexts as opposed to just knowing the name of an IP privacy company, which ultimately holds little meaning in attack surface mapping.