▓▒░ /vpn-detector ░▒▓

VPN Detector

Instant check whether your connection is going through a VPN, proxy, or datacenter network. The same techniques streaming sites use to spot you.

★ isvpnworking.com - Live Status Window
_
×
⚡ live status check ⚡
checking . . .
running 3 tests on your connection, hold tight
FYI we're checking your IP, location, and 3 types of leaks. all in your browser, nothing sent to us.
visible IP →
they think you're in →
VPN brand detected →
tested at →
--:--:--
┌─ LEAK DETECTION RESULTS ─┐
▸ webrtc test peer-to-peer ip leak
running…
▸ dns test domain query leak
running…
▸ ipv6 test protocol exposure
running…
★ TOP PICKS ★

VPNs that actually don't leak.

tested by us · using our own tool · we're picky
#1 BEST
NordVPN
$3.39/mo
our paranoid friend uses this one
click me ↗
#2 CHEAP
Surfshark
$2.49/mo
unlimited devices, decent speed
click me ↗
#3 ANON
Mullvad
$5/mo
accepts cash. literal envelopes.
click me ↗
★ How VPN detection actually works
_
×

Quick version: VPN detection isn't magic. It's a few cheap signals stacked together until the answer is obvious. Same tricks Netflix uses, same tricks we use - we just show our work.

The four signals

1. IP organization name

Every IP block on the internet is registered to an organization, listed in public WHOIS and ASN databases. When IP 91.219.235.4 shows up at our server, we look up its org and find NordVPN. Or M247 (a hosting company that NordVPN/CyberGhost rent from). Or Datacamp Limited (CyberGhost again). That's a strong VPN signal - residential ISPs don't have those names. The full list of "known VPN org names" is in our detection logic; we update it as we encounter new ones.

2. Timezone vs. browser timezone

Your operating system has a timezone. Intl.DateTimeFormat().resolvedOptions().timeZone in JavaScript reads it. Your IP, geolocated, also has a timezone (the one for that city). If they don't match - the IP says "Amsterdam, Europe/Amsterdam" but your browser says "America/Los_Angeles" - that's a tell. You're not magically present in two timezones. Either you traveled and didn't change your laptop, or you're using a VPN.

This signal alone has false positives (frequent travelers, expats, people whose laptops never adjusted timezone after moving) so we weight it 0.4 not 1.0.

3. Browser language vs. country

navigator.language tells us your browser's preferred locale - often en-US, de-DE, ru-RU. The country code suffix should roughly match the country your IP is in. If you're connecting from JP with en-US, that's an English-keyboard user routing through Japan - possible (expat) but more often a VPN.

Lowest-weight signal because lots of people legitimately have a US/UK English keyboard while living abroad. Worth 0.2 in our score.

4. Datacenter heuristic

If the org name contains "hosting", "cloud", "server", "datacenter" - and isn't on our explicit VPN-org list - it's still suspicious. AWS, DigitalOcean, Hetzner, OVH, Vultr all return strings like that. Residential ISPs return things like "Comcast Cable" or "Deutsche Telekom Privatkunden". The datacenter heuristic catches mid-tier and corporate VPNs that don't show up in our explicit list.

How streaming services do it differently

Netflix and similar services use commercial detection feeds (IPQualityScore, MaxMind, ipinfo.io Privacy, Spur, Digital Element) that go beyond the public org-name check. Those feeds:

  • Maintain real-time inventories of every consumer VPN's current IP range, refreshed hourly
  • Tag residential proxies (rotating IPs that look like home connections but are actually proxies)
  • Score IPs by historical "abuse" - if the IP has been used for VPN-style activity recently, score is high
  • Detect TLS fingerprint anomalies that indicate a forwarding proxy
  • Use ML on connection-pattern data to flag suspicious IPs even before they're catalogued

That's why a VPN can pass our test (we don't pay for those feeds) but fail Netflix's (they do). If you want to stream, you need a VPN that actively rotates through residential-style IPs - currently best with NordVPN's "obfuscated servers", Surfshark's "MultiHop", or smaller providers like AstrillVPN.

What you can do with this test

  • Confirm a new VPN is working - install, connect, check here. If we say "VPN", you're at least invisible to the basic check.
  • Test if a free VPN extension actually does anything - many "free VPN" Chrome extensions are dead or don't actually proxy traffic.
  • Diagnose Netflix blocks - if our test says "no VPN" but Netflix still blocks you, the IP got burned through other detection. Switch servers.
  • Sanity-check before sensitive activity - quick visual confirmation the VPN is doing its job before logging into a sensitive account or torrenting.

Bottom line

Free VPN detectors give a fast yes/no using the same public signals streaming services started with. They're not a replacement for paid detection feeds, but they're enough to catch dead VPNs and verify a working one. Use this to confirm before you trust.

FAQ
How accurate is a free VPN detector? [+]

For mainstream consumer VPNs (NordVPN, Surfshark, ExpressVPN, ProtonVPN, Mullvad, CyberGhost, PIA), accuracy is very high - their IP ranges are well-known and tagged in public databases within hours of allocation. For tiny or fresh VPN providers, accuracy drops because their IPs haven't been classified yet. Commercial detection services (IPQualityScore, ipinfo.io Privacy, MaxMind) charge $99-999/mo for higher accuracy, faster updates, and proxy/residential-VPN detection. We use the free chain that catches ~90% of consumer VPNs.

What's the difference between a VPN, a proxy, and a 'datacenter IP'? [+]

VPN: encrypted tunnel, routes ALL your traffic through a remote server. Proxy: usually only routes browser traffic, often unencrypted, easier to detect. Datacenter IP: any IP that belongs to a server hosting company (AWS, DigitalOcean, Hetzner, OVH, Vultr) rather than a residential ISP. All three look similar from a website's view, all three trigger 'we noticed you're using a VPN' messages on Netflix and similar.

Why did the detector say I'm not using a VPN when I clearly am? [+]

Three common reasons: (1) Your VPN uses a residential-IP rotation (some premium services do this) - those are designed to look like home connections; (2) The VPN's IP block is too new to be in public datacenter databases yet; (3) You're using a VPN extension or 'private browsing' feature that only routes browser traffic, not the OS. None of these mean you're unprotected, just that detection is hard from this side.

Why did it say I'm using a VPN when I'm not? [+]

False positives happen when your ISP routes traffic through a hosting-company-classified network (some mobile carriers' transit networks look like 'cloud' to ASN databases), or when you're connected through a corporate VPN that's mistaken for a consumer VPN, or when the timezone-language-country signals coincidentally don't match (e.g., US English keyboard while traveling in Europe).

Can a website actually block VPN users? [+]

Yes, easily. Streaming services (Netflix, Hulu, BBC iPlayer, Disney+) buy commercial detection feeds and block known VPN IP ranges. Banks and payment processors (Stripe, Wise, neobanks) often refuse VPN connections for fraud reasons. Online casinos block VPNs to enforce regional licensing. The block lists update within hours of new VPN IPs being detected, so even paid VPNs constantly burn through IP ranges.