Vultr IP ranges & what they mean for fraud
Vultr sells hourly VPS instances in dozens of regions, popular for lightweight proxies and automation runners.
How Sentinel uses these ranges
Sentinel tags traffic from these ranges with the dch (datacenter/hosting) signal in real time. The numbers above come from Vultr's own published range feed — the same feed Sentinel's verdict pipeline refreshes continuously, so a new range is scored within hours of publication, not whenever a static database ships.
Range data adds a signal; it never overrides deeper network detection. VPN exits live in datacenters, so a range hit doesn't short-circuit tunnel analysis — an IP in Vultr's ranges that is also a VPN exit gets both signals, and your policy sees the full picture in the reasons array.
Should you block Vultr traffic?
Small, cheap, many-region VPS hosts are exactly where one-off proxy exits and bot runners get spun up — and torn down before blocklists catch up.
The honest answer is: it depends on the surface. A datacenter IP on a signup, login, or checkout is a strong review signal — humans overwhelmingly arrive from residential and mobile networks. The same IP calling your API is often just a legitimate backend. Sentinel returns the raw signal so you can apply exactly that asymmetric policy instead of a blanket block.
curl -X POST https://sntlhq.com/v1/evaluate \ -H "Authorization: Bearer sk_test_sandbox" \ -H "Content-Type: application/json" \ -d '{"token":"test_datacenter"}'
The sandbox key returns the documented datacenter-verdict shape (decision, risk_score, network.datacenter) — no signup required. Details in the API docs.
Free tier: 1,000 requests/hour. No card, no expiry.