Where do monitoring requests come from?

All checks are performed from Moscow, Russia (Yandex Cloud, ru-central1 datacenter). Monitoring server IP: 89.169.151.28 — add it to your firewall allowlist if needed. More locations in Europe and Asia Pacific are planned.

Documentation

Complete guide to setting up website monitoring with PingZen. API documentation, code examples, and best practices.

MTProxy Monitoring

Monitor Telegram MTProto Proxy servers with PingZen. MTProxy uses the proprietary MTProto protocol with Fake TLS obfuscation to bypass DPI censorship. PingZen performs cryptographic handshake validation to verify your proxy is alive and accepts your secret.

How It Works

PingZen connects to your MTProxy server via TCP (usually port 443)
For EE secrets (Fake TLS): sends a TLS 1.3 ClientHello with HMAC-SHA256 authentication embedded in the Random field
The proxy responds with a ServerHello containing its own HMAC — PingZen validates this cryptographically
After FakeTLS handshake, sends an obfuscated2 init payload (AES-256-CTR encrypted) inside TLS Application Data
For DD/plain secrets: sends an MTProto req_pq handshake through the proxy to Telegram servers — if a valid response returns, the proxy is alive and relaying correctly

Check Levels

PingZen performs multi-level validation depending on your secret format:

FakeTLS HMAC (EE secrets)

Cryptographic proof that the proxy knows your secret. Detects domain fronting (wrong secret → proxy forwards to real website). Most reliable for modern proxies.

Obfuscated2 + MTProto Handshake (DD/plain secrets)

Sends AES-256-CTR encrypted init payload, then performs a full MTProto handshake (req_pq) through the proxy to Telegram servers. A valid response cryptographically proves the proxy relays traffic correctly.

TCP Connectivity

Basic TCP port check. Confirms the server is reachable but cannot verify secret validity.

Secret Formats

MTProxy supports three secret formats. Modern proxies use EE (Fake TLS) almost exclusively:

Plain (32 hex chars)

Original format. 16-byte secret without obfuscation prefix. Easily detectable by DPI. Example: cafe1234cafe1234cafe1234cafe1234

DD (dd + 32 hex chars)

Padded intermediate mode. Adds random padding to packet sizes, making DPI fingerprinting harder. Example: ddcafe1234cafe1234cafe1234cafe1234

EE (ee + 32 hex + domain hex)

Fake TLS mode — the current standard. Traffic looks like HTTPS to the specified domain. Example: ee0123456789abcdef0123456789abcdef676f6f676c652e636f6d (domain: google.com)

Configuration

Server Address

Hostname or IP address with port (e.g., proxy.example.com:443). Default port: 443.

Secret

Your MTProxy secret in hex or base64 format. Supports three formats: plain (32 hex chars), DD (dd + 32 hex), and EE (ee + 32 hex + hex-encoded domain) for Fake TLS mode.

Use Cases

Monitor Telegram proxy servers for your community
Verify that your MTProxy secret is accepted
Detect when proxies are blocked by ISP/DPI
Track uptime of proxy infrastructure in censored regions
Monitor domain fronting effectiveness (EE secrets)

SOCKS5 vs MTProxy

Both protocols can proxy Telegram traffic, but they differ significantly in DPI resistance:

Feature	SOCKS5	MTProxy
DPI Resistance	None — RFC 1928 handshake is fingerprinted	High — Fake TLS looks like regular HTTPS
Traffic Scope	Any TCP/UDP application	Telegram only
Authentication	Username/password (RFC 1929)	16-byte shared secret (HMAC-SHA256)
Port	1080 (default)	443 (mimics HTTPS)
Secret Validation	Protocol handshake	Cryptographic HMAC proof
Domain Fronting	Not applicable	Built-in — invalid clients see real website

Key Features

Cryptographic handshake validation (not just TCP port check)
FakeTLS (EE) HMAC-SHA256 verification
Support for all secret formats: plain, DD, and EE
Domain fronting detection for EE secrets
Human-readable error messages for handshake failures
SSRF protection — private IP targets are blocked
Zero external dependencies — pure Python asyncio sockets
End-to-end verification for DD/plain secrets via MTProto req_pq handshake through the proxy to Telegram DC
Works with mtg, mtprotoproxy, Erlang mtproto_proxy, and other MTProxy servers

Common Questions

What protocols can I monitor?

PingZen supports 23 protocols: HTTP/HTTPS, WebSocket (WS/WSS), TCP, UDP, ICMP Ping, gRPC, DNS, WHOIS, SSL certificates, Email (SMTP/IMAP/POP3), FTP/FTPS, DNSBL, PageSpeed, SOCKS5, MTProxy, API Check, and Transaction. You can monitor websites, APIs, servers, databases, and any network service.

How fast can I get alerts?

Telegram alerts are delivered within 1-2 seconds of detection. Slack and Discord notifications arrive almost instantly. You can configure multiple alert channels for redundancy.

Can I organize monitors by project?

Yes! PingZen supports workspaces, which let you organize monitors by project, environment, or team. Each workspace can have its own alert configurations and team members.

Is there an API for automation?

Absolutely. PingZen provides a full REST API with OpenAPI documentation. You can create, update, and delete monitors programmatically.

How do status pages work?

Status pages are public, branded pages showing your services' uptime. You can display real-time status and allow customers to subscribe for updates.

What happens if I reach my monitor limit?

We'll notify you when approaching your limit. You can pause some monitors or contact us for increased capacity. We never stop monitoring without warning, ensuring your critical services stay protected.

Ready to stop missing downtime?

Join thousands of teams who trust PingZen. Setup takes 30 seconds.

Start Free