⚠️ High-Risk ASNs & Threat Sources
Explore Autonomous System Numbers (ASNs) frequently associated with abuse, VPN/proxy services, and malicious activity based on our threat intelligence feeds.
Note: Being listed as "high-risk" doesn't mean all IPs from these ASNs are malicious. These networks often host legitimate services alongside potentially abusive ones. Always verify individual IP reputation.
High-Risk Autonomous Systems
Common VPS provider used for abuse due to easy provisioning
Sample IPs from this ASN
Large cloud provider frequently used for hosting malicious infrastructure
VPS provider with streamlined signup often abused by threat actors
Sample IPs from this ASN
Popular VPS provider for both legitimate and malicious use
Sample IPs from this ASN
European hosting provider often used for bulletproof hosting
Sample IPs from this ASN
Large European hosting provider with diverse abuse patterns
Chinese cloud provider with global presence
Hosting provider associated with VPN and proxy services
Sample IPs from this ASN
Known for hosting VPN exit nodes and proxy services
Sample IPs from this ASN
Amsterdam datacenter commonly used for European abuse operations
Sample IPs from this ASN
Russian hosting provider frequently associated with Tor nodes and proxy services
Sample IPs from this ASN
GCP infrastructure used for bot hosting, credential stuffing, and scraping
Sample IPs from this ASN
CDN and proxy service — traffic origin is masked behind Cloudflare IPs
Sample IPs from this ASN
CDN provider — IPs may mask origin of automated traffic
Sample IPs from this ASN
GCP compute instances frequently used for automated attacks and scraping
Sample IPs from this ASN
Large cloud platform used for hosting malicious infrastructure at scale
Sample IPs from this ASN
Budget hosting provider popular with spammers and botnet operators
Sample IPs from this ASN
Hosting provider associated with scan and abuse traffic
Sample IPs from this ASN
Major Chinese ISP — source of large-scale scanning and brute force activity
Sample IPs from this ASN
Chinese ISP frequently associated with automated scanning activity
Sample IPs from this ASN
Korean ISP — occasional source of credential stuffing campaigns
Sample IPs from this ASN
Russian tech company — Yandex bot and cloud infrastructure
Sample IPs from this ASN
Budget hosting provider with high abuse rates due to easy signup
Sample IPs from this ASN
Affordable VPS provider frequently used for proxy and bot infrastructure
Sample IPs from this ASN
Hosting provider with mixed legitimate and malicious traffic
Sample IPs from this ASN
Dutch hosting provider associated with bulletproof hosting services
Sample IPs from this ASN
Chinese cloud provider with limited abuse controls
Sample IPs from this ASN
Privacy-focused hosting provider popular with anonymity services
Sample IPs from this ASN
Major transit provider — source of diverse traffic including abuse
Sample IPs from this ASN
Internet backbone and tunnel broker — used for IPv6 tunneled abuse
Sample IPs from this ASN
Hosting provider associated with VPN exit nodes and proxy services
Sample IPs from this ASN
European hosting provider known for Tor relay hosting
Sample IPs from this ASN
Hosting provider associated with proxy and VPN services
Sample IPs from this ASN
Major backbone provider — carries diverse traffic including botnet C2
Sample IPs from this ASN
US telecom — residential IPs occasionally used in credential stuffing
Sample IPs from this ASN
Known Tor exit node hosting ASN under Datacamp umbrella
Sample IPs from this ASN
Ad-blocking DNS provider — signals non-standard DNS configuration
Sample IPs from this ASN
Major Chinese cloud provider — source of large-scale scraping and bot traffic
Sample IPs from this ASN
Chinese cloud provider with growing global footprint — used for automated attacks
Sample IPs from this ASN
German hosting provider known for Tor relay and VPN exit node hosting
Sample IPs from this ASN
Swedish hosting provider frequently used for Tor relays and proxy services
Sample IPs from this ASN
Hosting provider associated with bulletproof hosting and cybercrime infrastructure
Sample IPs from this ASN
Dedicated ASN for Tor relay and exit node infrastructure
Sample IPs from this ASN
Privacy-focused VPS provider popular for Tor relays and anonymity services
Sample IPs from this ASN
French cloud provider with affordable instances frequently used for abuse infrastructure
Sample IPs from this ASN
Chinese CDN and hosting provider with global edge — used for automated scraping and bot traffic
Sample IPs from this ASN
Luxembourg-based global hosting and CDN — proxy and VPN exit node hosting
Sample IPs from this ASN
Cloud VPS provider with easy provisioning — abused for credential stuffing and scraping
Sample IPs from this ASN
UK hosting provider known for VPN exit node and proxy infrastructure hosting
Sample IPs from this ASN
Hosting provider associated with bulletproof hosting and phishing infrastructure
Sample IPs from this ASN
Dutch hosting provider with abuse-tolerant policies — proxy and botnet infrastructure
Sample IPs from this ASN
Chinese search and cloud giant — operates public DNS (180.76.76.76) and cloud infrastructure
Sample IPs from this ASN
Largest domain registrar and hosting provider — mixed legitimate and abuse traffic
Sample IPs from this ASN
Threat Categories
Our threat intelligence covers multiple categories of potentially risky IP addresses.
Tor Exit Nodes
IP addresses acting as Tor network exit points
VPN Endpoints
Known commercial and residential VPN service endpoints
Open Proxies
Public proxy servers and relay endpoints
Botnet C2
Known command and control infrastructure
Spam Sources
IPs identified in email spam campaigns
Port Scanners
IPs performing reconnaissance and port scanning
Understanding Risk Levels
Networks with significant abuse history, often used for VPN/proxy services with minimal verification.
Large cloud providers where abuse occurs but represents a small fraction of overall traffic.
Networks with occasional abuse reports but generally good reputation and responsive abuse handling.