ConnGuard
Device signal
Device info, OS, screen size, etc.
Connection signal
IP reputation, VPN, proxy, ASN, etc.
Browser signal
Browser data, plugins, language, etc.
Behaviour signal
Interactions, mouse movement, patterns.

One connection,
many signals

The instant a visitor connects, ConnGuard reads their device, network, browser and behaviour.

AI + Rules Engine

Real-time risk analysis
  • AI scoring
  • Custom rules
  • Risk thresholds
  • Real-time decisions
IP:*.***.**.*
User-Agent:Android 13 · Chrome MobileHigh Risk
Observed FP:Windows desktop stack via proxy
01Fingerprint the stack Mismatch detected
Multiple inconsistencies found Score: 0 / 33
TCP TTL118 observed · 128 expected (Windows) · ~10 proxy hopsMismatch
Window Size64240 · typical Windows/Chromium patternMismatch
MSS / MTUMSS 1460 · MTU 1500 (broadband/proxy path)Suspicious
TLS FingerprintChrome Desktop-like JA3 ≠ Android Chrome UAMismatch
Viewport1920×1080 desktop viewport, not mobileMismatch
Passive TCP fingerprint — does not match Android
118:64240:1460:8:M,N,N,S,T:df,id+:syn
Android baseline expects TTL 64 · this is a Windows TTL 118 signature
Verdict Spoofed Android User-AgentReal connection appears to originate from Windows through a proxy
02Cross-check signals High risk
example.com
Access blocked
This connection was flagged as high-risk
and stopped before the page loaded.
HTTP 403 · Forbidden
Why it's different

Network-layer signals vs surface-level checks

Block-lists and JavaScript challenges only see what a client chooses to reveal — and modern bots reveal whatever they like. ConnGuard reads the network stack itself, which is far harder to fake.

ConnGuard Block-lists & JS
Detects fresh & residential proxies
Sees through VPNs & spoofed locale
Works with JS disabled or spoofed
Resists headless browsers & solvers
No cookies, tracking or list upkeep
Verdict before the page renders

Why JavaScript alone isn't enough

JS challenges run inside the client — exactly where an attacker has full control. Headless browsers, patched runtimes and CAPTCHA-solving farms execute your script and return whatever values pass; privacy modes and bot frameworks disable or spoof it entirely.

ConnGuard instead reads TCP/IP, TLS and HTTP/3 fingerprints plus RTT, ASN and locale at the network layer — observed, not self-reported — together with proprietary behavioral and network-detail analysis that's far harder to forge. The verdict never depends on code the attacker can rewrite.

TCP/IP TLS / JA4 HTTP/3
QUIC RTT ASN Locale Behavioral
patterns Proprietary
network
heuristics

Built for performance and scale

RustMemory safe. Blazing fast.
Built for reliability.
eBPFKernel-level visibility.
Zero overhead.
Pricing

Simple, usage-based
pricing

Every setup is different — so every plan is tailored. Our managers are always happy to talk through your traffic, scale and needs, and shape terms that fit.

Pay as you grow
from$1/ 10 GB traffic

No fixed contracts. Volume discounts and custom terms are discussed individually.

  • Pay only for the traffic you analyse
  • Custom thresholds & rules included
  • Individual terms for high volume
  • Direct line to a dedicated manager
Talk to us
Get in touch

Let's protect your
connections together

Have questions about ConnGuard or want to see it in action?
We're here to help.

Email us We'll get back to you shortly. Write an email WhatsApp Chat with us
on WhatsApp Telegram Chat with us
on Telegram
Enterprise-readyBuilt for high-scale environments
Privacy firstNo cookies, no tracking, no block-lists
Real-time protectionInstant risk scoring based on multiple signals