⚠️ High-Risk ASNs & Threat Sources
Explore Autonomous System Numbers (ASNs) frequently associated with abuse, VPN/proxy services, and malicious activity based on our threat intelligence feeds.
Note: Being listed as "high-risk" doesn't mean all IPs from these ASNs are malicious. These networks often host legitimate services alongside potentially abusive ones. Always verify individual IP reputation.
High-Risk Autonomous Systems
Common VPS provider used for abuse due to easy provisioning
Sample IPs from this ASN
Large cloud provider frequently used for hosting malicious infrastructure
VPS provider with streamlined signup often abused by threat actors
Sample IPs from this ASN
Popular VPS provider for both legitimate and malicious use
Sample IPs from this ASN
European hosting provider often used for bulletproof hosting
Sample IPs from this ASN
Large European hosting provider with diverse abuse patterns
Chinese cloud provider with global presence
Hosting provider associated with VPN and proxy services
Sample IPs from this ASN
Known for hosting VPN exit nodes and proxy services
Sample IPs from this ASN
Amsterdam datacenter commonly used for European abuse operations
Sample IPs from this ASN
Russian hosting provider frequently associated with Tor nodes and proxy services
Sample IPs from this ASN
GCP infrastructure used for bot hosting, credential stuffing, and scraping
Sample IPs from this ASN
CDN and proxy service — traffic origin is masked behind Cloudflare IPs
Sample IPs from this ASN
CDN provider — IPs may mask origin of automated traffic
Sample IPs from this ASN
GCP compute instances frequently used for automated attacks and scraping
Sample IPs from this ASN
Large cloud platform used for hosting malicious infrastructure at scale
Sample IPs from this ASN
Budget hosting provider popular with spammers and botnet operators
Sample IPs from this ASN
Hosting provider associated with scan and abuse traffic
Sample IPs from this ASN
Major Chinese ISP — source of large-scale scanning and brute force activity
Sample IPs from this ASN
Chinese ISP frequently associated with automated scanning activity
Sample IPs from this ASN
Korean ISP — occasional source of credential stuffing campaigns
Sample IPs from this ASN
Russian tech company — Yandex bot and cloud infrastructure
Sample IPs from this ASN
Budget hosting provider with high abuse rates due to easy signup
Sample IPs from this ASN
Affordable VPS provider frequently used for proxy and bot infrastructure
Sample IPs from this ASN
Hosting provider with mixed legitimate and malicious traffic
Sample IPs from this ASN
Dutch hosting provider associated with bulletproof hosting services
Sample IPs from this ASN
Chinese cloud provider with limited abuse controls
Sample IPs from this ASN
Privacy-focused hosting provider popular with anonymity services
Sample IPs from this ASN
Major transit provider — source of diverse traffic including abuse
Sample IPs from this ASN
Internet backbone and tunnel broker — used for IPv6 tunneled abuse
Sample IPs from this ASN
Hosting provider associated with VPN exit nodes and proxy services
Sample IPs from this ASN
European hosting provider known for Tor relay hosting
Sample IPs from this ASN
Hosting provider associated with proxy and VPN services
Sample IPs from this ASN
Major backbone provider — carries diverse traffic including botnet C2
Sample IPs from this ASN
US telecom — residential IPs occasionally used in credential stuffing
Sample IPs from this ASN
Known Tor exit node hosting ASN under Datacamp umbrella
Sample IPs from this ASN
Ad-blocking DNS provider — signals non-standard DNS configuration
Sample IPs from this ASN
Major Chinese cloud provider — source of large-scale scraping and bot traffic
Sample IPs from this ASN
Chinese cloud provider with growing global footprint — used for automated attacks
Sample IPs from this ASN
German hosting provider known for Tor relay and VPN exit node hosting
Sample IPs from this ASN
Swedish hosting provider frequently used for Tor relays and proxy services
Sample IPs from this ASN
Hosting provider associated with bulletproof hosting and cybercrime infrastructure
Sample IPs from this ASN
Dedicated ASN for Tor relay and exit node infrastructure
Sample IPs from this ASN
Privacy-focused VPS provider popular for Tor relays and anonymity services
Sample IPs from this ASN
French cloud provider with affordable instances frequently used for abuse infrastructure
Sample IPs from this ASN
Chinese CDN and hosting provider with global edge — used for automated scraping and bot traffic
Sample IPs from this ASN
Luxembourg-based global hosting and CDN — proxy and VPN exit node hosting
Sample IPs from this ASN
Cloud VPS provider with easy provisioning — abused for credential stuffing and scraping
Sample IPs from this ASN
UK hosting provider known for VPN exit node and proxy infrastructure hosting
Sample IPs from this ASN
Hosting provider associated with bulletproof hosting and phishing infrastructure
Sample IPs from this ASN
Dutch hosting provider with abuse-tolerant policies — proxy and botnet infrastructure
Sample IPs from this ASN
Chinese search and cloud giant — operates public DNS (180.76.76.76) and cloud infrastructure
Sample IPs from this ASN
Largest domain registrar and hosting provider — mixed legitimate and abuse traffic
Sample IPs from this ASN
Major CDN provider — traffic origin masked behind Akamai edge servers, commonly searched IP ranges
Sample IPs from this ASN
Enterprise cloud provider increasingly used for automated scanning and bot hosting
Sample IPs from this ASN
Primary AWS US-East ASN — highest volume of cloud-hosted abuse traffic globally
Sample IPs from this ASN
Chinese cloud computing division — source of large-scale scraping and credential stuffing
Sample IPs from this ASN
US hosting provider with high abuse rates — frequently hosts proxy and VPN infrastructure
Sample IPs from this ASN
Florida-based bare metal hosting — used for botnet C2 and scan infrastructure
Sample IPs from this ASN
Japanese hosting provider — source of automated scanning and brute force attempts
Sample IPs from this ASN
Chinese cloud provider with global nodes — limited abuse controls, bot hosting
Sample IPs from this ASN
US division of Contabo — affordable VPS frequently used for proxy and bot infrastructure
Sample IPs from this ASN
Hosting provider known for VPN exit nodes and residential proxy infrastructure
Sample IPs from this ASN
Indian national ISP — large IP space with significant automated scanning activity
Sample IPs from this ASN
Social media platform infrastructure — IPs commonly looked up in abuse investigations
Sample IPs from this ASN
Social media and advertising infrastructure — IPs searched in bot and scraper investigations
Sample IPs from this ASN
Major European hosting provider — shared hosting frequently abused for phishing and spam
Sample IPs from this ASN
Major shared hosting provider — parent of Bluehost, HostGator, and HostMonster
Sample IPs from this ASN
Chinese global carrier — source of large-scale scanning and brute force activity
Sample IPs from this ASN
Major Chinese metropolitan ISP — high-volume scanning and credential stuffing source
Sample IPs from this ASN
Norwegian hosting provider known for Tor relay and privacy service hosting
Sample IPs from this ASN
Major hosting provider with global infrastructure — used for proxy, VPN, and bot hosting
Sample IPs from this ASN
Major global backbone and transit provider — carries diverse traffic including abuse
Sample IPs from this ASN
Japanese cloud and hosting provider — source of automated scanning from Asia-Pacific
Sample IPs from this ASN
US budget hosting provider — frequently used for proxy infrastructure and abuse
Sample IPs from this ASN
Largest US cable ISP — residential IPs used in credential stuffing and account takeover attacks
Sample IPs from this ASN
Major US telecom — residential and mobile IPs involved in large-scale bot traffic
Sample IPs from this ASN
Major US backbone and ISP — carries diverse traffic including abuse from residential and enterprise customers
Sample IPs from this ASN
Largest European telecom — French residential IPs frequently seen in bot and scraping traffic
Sample IPs from this ASN
Turkish national ISP — large IP space with significant scanning and brute force activity
Sample IPs from this ASN
Major Japanese ISP and mobile carrier — residential IPs in bot and credential stuffing campaigns
Sample IPs from this ASN
US hosting provider frequently abused for proxy, VPN exit node, and botnet infrastructure
Sample IPs from this ASN
German hosting provider known for Tor relay and exit node hosting
Sample IPs from this ASN
Popular public DNS resolver (208.67.222.222) — queries from this ASN indicate non-standard DNS configuration
Sample IPs from this ASN
Privacy-focused public DNS resolver (9.9.9.9) — signals security-conscious or anonymity-seeking users
Sample IPs from this ASN
Family-safe DNS filtering service (185.228.168.9) — DNS resolver with content filtering
Sample IPs from this ASN
Internet-wide security scanner — all traffic from this ASN is automated reconnaissance
Sample IPs from this ASN
Third-largest US cable ISP — residential IPs used in credential stuffing and account takeover
Sample IPs from this ASN
Major Chinese metropolitan ISP — high-volume scanning and brute force source from Shanghai region
Sample IPs from this ASN
Large Chinese mobile ISP — significant automated scanning and credential stuffing activity
Sample IPs from this ASN
Major Indian and global backbone provider — carries diverse traffic including large-scale scanning
Sample IPs from this ASN
Major European cable ISP operating across 10+ countries — residential IPs in bot and abuse traffic
Sample IPs from this ASN
Major UK broadband ISP — residential IPs seen in credential stuffing and automated abuse
Sample IPs from this ASN
Largest Italian ISP and backbone — residential and business IPs in scanning and abuse traffic
Russian national telecom — largest Russian ISP, significant source of scanning and brute force activity
Sample IPs from this ASN
Consumer tech giant — iCloud Private Relay, Apple CDN, and services infrastructure commonly looked up
Sample IPs from this ASN
Developer platform — IPs frequently searched for webhook allowlists and CI/CD configuration
Sample IPs from this ASN
Third-largest US mobile carrier — residential and mobile IPs in credential stuffing and bot traffic
Sample IPs from this ASN
Cloud WAF and CDN provider — traffic origin masked behind Imperva security infrastructure
Sample IPs from this ASN
Hosts millions of WordPress.com sites — source of Jetpack, Akismet, and wp-cron traffic
Sample IPs from this ASN
Major managed cloud and hosting provider — infrastructure used for both legitimate and abuse traffic
Sample IPs from this ASN
Los Angeles hosting provider with high abuse rates — proxy, botnet, and scanning infrastructure
Sample IPs from this ASN
Developer deployment platform — IPs searched for CDN edge node identification and allowlisting
Sample IPs from this ASN
Major CDN provider — serves content for thousands of websites, traffic origin masked
Sample IPs from this ASN
Live streaming platform — IPs commonly looked up in bot and viewbot investigations
Sample IPs from this ASN
Major US managed hosting provider — dedicated servers and VPS used for diverse workloads
Sample IPs from this ASN
Hosting provider known for VPN exit node and residential proxy infrastructure
Sample IPs from this ASN
German non-profit operating high-bandwidth Tor exit relays — 109.70.100.0/24 range frequently appears in Tor exit node lookups
Sample IPs from this ASN
Bulletproof hosting provider (UK/Russia) sanctioned for hosting malware, ransomware, and infostealer infrastructure — supplements AS60729 Aeza Network
Sample IPs from this ASN
US budget hosting and VPS provider with high abuse rates — proxy, VPN, and scanning infrastructure
Sample IPs from this ASN
Major Russian cloud and dedicated server provider — source of large-scale scanning and bot hosting
Sample IPs from this ASN
Russian registrar and shared hosting provider — frequently abused for phishing and spam campaigns
Sample IPs from this ASN
Bare-metal cloud provider popular with developers — IP ranges searched for allowlisting and abuse investigation
Sample IPs from this ASN
US budget VPS and hosting provider with easy signup — frequently abused for proxy, scraping, and bot infrastructure
Sample IPs from this ASN
DDoS-protected hosting provider — frequently flagged for hosting proxy, botnet C2, and abuse infrastructure
Sample IPs from this ASN
Dallas-based dedicated server provider — source of scanning and proxy hosting traffic
Sample IPs from this ASN
US dedicated server and colocation provider with high abuse rates — proxy and scanning infrastructure
Sample IPs from this ASN
US budget dedicated server provider — abuse-heavy, hosts proxy, VPN, and scanning infrastructure
Sample IPs from this ASN
Major US managed cloud and hosting provider — supplements AS27411, mixed legitimate and abuse traffic
Sample IPs from this ASN
German VPS and dedicated server provider with affordable plans — used for proxy and bot infrastructure
Sample IPs from this ASN
German hosting provider operating WebTropia — VPS and dedicated servers used for abuse infrastructure
Sample IPs from this ASN
Major US cable ISP (Spectrum) — residential IPs used in credential stuffing and account takeover attacks
Sample IPs from this ASN
Major US broadband ISP — residential IPs seen in bot traffic and credential stuffing campaigns
Largest US mobile carrier — mobile IPs in large-scale bot, scraping, and account fraud traffic
Sample IPs from this ASN
Largest German ISP — residential and business IPs in scanning, bot, and credential stuffing traffic
Sample IPs from this ASN
Major Indian ISP and mobile carrier — large IP space with significant automated scanning activity
Sample IPs from this ASN
Largest Indian mobile ISP by subscribers — huge IP space, source of bot and credential stuffing traffic
Major Russian mobile and broadband ISP — significant source of scanning and brute force activity
Sample IPs from this ASN
Major Russian mobile carrier — large mobile IP space involved in automated scanning and bot traffic
Sample IPs from this ASN
Threat Categories
Our threat intelligence covers multiple categories of potentially risky IP addresses.
Tor Exit Nodes
IP addresses acting as Tor network exit points
VPN Endpoints
Known commercial and residential VPN service endpoints
Open Proxies
Public proxy servers and relay endpoints
Botnet C2
Known command and control infrastructure
Spam Sources
IPs identified in email spam campaigns
Port Scanners
IPs performing reconnaissance and port scanning
Understanding Risk Levels
Networks with significant abuse history, often used for VPN/proxy services with minimal verification.
Large cloud providers where abuse occurs but represents a small fraction of overall traffic.
Networks with occasional abuse reports but generally good reputation and responsive abuse handling.