The Velprove monitoring bot
Velprove is an uptime monitoring service. To tell whether a website or API is up, our monitors send real requests to it from 5 regions around the world. If you have reached this page from a request in your logs, this is who we are, what we do, and how to handle our traffic.
What this bot does
It performs uptime and health checks. When someone sets up a monitor in Velprove for a URL or API endpoint, our bot requests that exact endpoint on a schedule and records whether it responded correctly and how fast. It checks only what it was pointed at. It does not crawl your whole site, does not follow links between pages, does not scrape content, and does not submit forms. The requests are lightweight and low volume per target.
How to identify it
HTTP and API checks send the user agent Velprove/1.0 (+https://velprove.com/bot). Every request reaches you over IPv4 from one of our 5 regional probes, and each source IP has forward-confirmed reverse DNS ending in .probe.velprove.com. The live IP and hostname list, kept current automatically, is at velprove.com/ips (also as JSON and plain text).
Velprove's no-code browser login monitors drive a real Chromium browser to sign in the way an actual user would, so they send a standard browser user agent on purpose, not a bot one. Identify those by source IP and reverse DNS, not by user agent. Every check, either way, comes only from the probe IPs above.
How to allow it through a firewall or WAF
If our checks are blocked or challenged, you will get downtime alerts for a site that is actually fine. The cleanest fix is to trust us by hostname using FCrDNS (any source ending in .probe.velprove.com), which keeps working even as our IPs rotate. If your firewall cannot match on hostnames, allow the IPv4 addresses instead. Both methods, with copy-paste steps and a live machine-readable list, are on the IP allowlist page.
Frequently asked questions
Is this bot safe to allow through my firewall?
Yes. The Velprove bot only sends lightweight requests to the exact URLs and endpoints that someone configured a monitor for. It does not crawl your whole site, does not follow links across your pages, does not submit forms, and does not try to access anything it was not pointed at. Its purpose is to detect downtime, nothing else. Allowing it means you get accurate uptime alerts instead of false outages caused by a firewall blocking the check.
How do I confirm a request really came from Velprove?
Take the source IPv4 of the request and do a reverse DNS (PTR) lookup. A real Velprove monitor resolves to a hostname ending in .probe.velprove.com. Then look that hostname back up and confirm it returns the exact IPv4 you started with. Both directions must agree. This is forward-confirmed reverse DNS (FCrDNS), and an impostor who does not control our DNS cannot fake both halves. The full hostname and IP list is at velprove.com/ips.
What user agent does it send?
HTTP and API monitors send Velprove/1.0 (+https://velprove.com/bot). The no-code browser login monitors drive a real Chromium browser to test your login the way a real user would, so they present a standard browser user agent rather than a bot one. Identify those by source IP and forward-confirmed reverse DNS (.probe.velprove.com), not by user agent. Either way, every check comes only from our published probe IPs.
How do I stop Velprove from checking a URL?
If the URL is one you set up to monitor, delete or pause that monitor in your Velprove dashboard. If you believe a site you own is being checked without your involvement (for example through our public Website Checker tool) and you want it excluded, contact support@velprove.com and we will handle it.
Contact
Questions about our traffic, or want a site excluded? Email support@velprove.com. Operated by Technologies Velprove Inc.