IPScanner
Location Attestation

Prove where your users really are, and prove you checked.

Age-gate and geo laws now demand proportionate measures to verify location, plus proof that you took them. Provenance flags VPN, proxy and Tor masking, enforces per-jurisdiction policy, and seals every check into a tamper-evident audit log built for regulators.

8
anonymizer classes detected
SHA-256
hash-chained audit entries
< 1 req
server-side gate integration
Per-law
Utah, UK and EU policy presets
POST/v1/provenance/check

request

{
  "ip": "203.0.113.24",
  "claimed_jurisdiction": "us-ut",
  "request_context": { "gate": "age-verification" }
}

response

{
  "network_origin": "vpn",
  "anonymized": true,
  "method": "ip_state:vpn",
  "confidence": 0.9,
  "policy_action": "block",
  "attestation_id": 80421
}
Why now

The liability shifted to you

Utah SB 73, the UK Online Safety Act and a wave of EU and US age-assurance rules make the operator liable for letting masked or out-of-jurisdiction users through your gate. A naive IP geolocation check fails the moment a user turns on a VPN, and you have nothing to show you tried.

  • Forced buyers and fixed deadlines, because non-compliance carries real fines and platform risk.
  • A VPN or residential proxy defeats plain geolocation, so you need anonymizer detection.
  • Regulators ask for evidence of proportionate measures, not a yes or no flag.
  • Audit logs that can be silently edited prove nothing, so the record must be tamper-evident.
How it works

One call at the gate, a defensible record behind it

Provenance runs on the shared detection engine, then seals the outcome into evidence.

Network-origin detection

Classifies each IP as VPN, residential proxy, datacenter, Tor, hosting or clean residential, the masking a plain geo lookup misses.

Per-jurisdiction policy

Utah, UK and EU rules differ, so Provenance maps the verdict to allow, step up or block under the law that applies to the request.

Hash-chained audit log

Every check is sealed as sha256 of the previous hash and the payload. Edit any historical row and the whole chain breaks on verification.

Evidence export

Export a signed CSV for any date range showing you applied proportionate measures, complete with a chain-verification header for regulators.

Daily anchoring

A daily root hash seals the chain head, so the log is provably append-only as of each day.

Drop-in at the gate

One server-side call at your age or geo gate, plus an optional JS snippet to supply request context. No personal data required.

Policy actions

A clear action for every request

The jurisdiction policy turns the network-origin verdict into an enforceable decision.

Allow

Clean residential origin in an allowed jurisdiction, so the user passes through.

Step Up

Masked or ambiguous origin that should be escalated to stronger verification before access.

Block

Anonymized origin under a strict regime such as Utah or the UK, so the request is denied and the reason logged.

API

One request. A verdict and an attestation id.

Call it server-side at your gate. The attestation id points to the sealed audit entry.

POST/v1/provenance/check

request

{
  "ip": "203.0.113.24",
  "claimed_jurisdiction": "us-ut",
  "request_context": { "gate": "age-verification" }
}

response

{
  "network_origin": "vpn",
  "anonymized": true,
  "method": "ip_state:vpn",
  "confidence": 0.9,
  "policy_action": "block",
  "attestation_id": 80421
}
Use cases

Where Provenance is required

Age-restricted platforms

Adult content, gambling and alcohol sites under Utah SB 73 and UK age-assurance duties.

Regulated geo-licensing

iGaming and streaming rights that must keep out-of-territory and masked users out.

Audit and legal teams

Produce defensible evidence of proportionate measures on demand for a regulator or court.

KYC and onboarding

Flag VPN and proxy masking at signup before it contaminates downstream identity checks.

FAQ

Questions, answered

Provenance gives you two of the things these laws demand: a proportionate technical measure that detects VPN, proxy and Tor masking and enforces per-jurisdiction policy, and a tamper-evident record proving you applied it. It is a compliance control rather than legal advice, so pair it with your age-assurance vendor and counsel, and use the evidence export to demonstrate the measures you took.

Ship Provenance this week

One REST call, a free tier to start, and the same engine behind every IPScanner lookup.

No credit card to start