IPASIS - IP Reputation and Risk Intelligence API

⚠️ High-Risk ASNs & Threat Sources

Explore Autonomous System Numbers (ASNs) frequently associated with abuse, VPN/proxy services, and malicious activity based on our threat intelligence feeds.

Note: Being listed as "high-risk" doesn't mean all IPs from these ASNs are malicious. These networks often host legitimate services alongside potentially abusive ones. Always verify individual IP reputation.

High-Risk Autonomous Systems

AS14061DigitalOcean
HIGH RISK

Common VPS provider used for abuse due to easy provisioning

AS16509Amazon.com (AWS)
MEDIUM RISK

Large cloud provider frequently used for hosting malicious infrastructure

Sample IPs from this ASN

AS20473Vultr Holdings
HIGH RISK

VPS provider with streamlined signup often abused by threat actors

AS63949Linode
MEDIUM RISK

Popular VPS provider for both legitimate and malicious use

AS24940Hetzner Online
MEDIUM RISK

European hosting provider often used for bulletproof hosting

Sample IPs from this ASN

AS16276OVH
MEDIUM RISK

Large European hosting provider with diverse abuse patterns

Sample IPs from this ASN

AS45102Alibaba Cloud
MEDIUM RISK

Chinese cloud provider with global presence

Sample IPs from this ASN

AS60068Datacamp Limited
HIGH RISK

Hosting provider associated with VPN and proxy services

AS9009M247 Ltd
HIGH RISK

Known for hosting VPN exit nodes and proxy services

Sample IPs from this ASN

AS62567DigitalOcean Amsterdam
HIGH RISK

Amsterdam datacenter commonly used for European abuse operations

Sample IPs from this ASN

AS60729Aeza Network
HIGH RISK

Russian hosting provider frequently associated with Tor nodes and proxy services

AS15169Google LLC
MEDIUM RISK

GCP infrastructure used for bot hosting, credential stuffing, and scraping

AS13335Cloudflare Inc
LOW RISK

CDN and proxy service — traffic origin is masked behind Cloudflare IPs

AS54113Fastly Inc
LOW RISK

CDN provider — IPs may mask origin of automated traffic

AS396982Google Cloud Platform
MEDIUM RISK

GCP compute instances frequently used for automated attacks and scraping

AS8075Microsoft Azure
MEDIUM RISK

Large cloud platform used for hosting malicious infrastructure at scale

Sample IPs from this ASN

AS36352ColoCrossing
HIGH RISK

Budget hosting provider popular with spammers and botnet operators

AS46562Performive LLC
HIGH RISK

Hosting provider associated with scan and abuse traffic

Sample IPs from this ASN

AS4134China Telecom
MEDIUM RISK

Major Chinese ISP — source of large-scale scanning and brute force activity

AS4837China Unicom
MEDIUM RISK

Chinese ISP frequently associated with automated scanning activity

Sample IPs from this ASN

AS4766Korea Telecom
LOW RISK

Korean ISP — occasional source of credential stuffing campaigns

Sample IPs from this ASN

AS13238Yandex LLC
MEDIUM RISK

Russian tech company — Yandex bot and cloud infrastructure

AS47583Hostinger International
HIGH RISK

Budget hosting provider with high abuse rates due to easy signup

Sample IPs from this ASN

AS51167Contabo GmbH
HIGH RISK

Affordable VPS provider frequently used for proxy and bot infrastructure

AS19871Network Solutions LLC
MEDIUM RISK

Hosting provider with mixed legitimate and malicious traffic

Sample IPs from this ASN

AS49981WorldStream B.V.
HIGH RISK

Dutch hosting provider associated with bulletproof hosting services

Sample IPs from this ASN

AS58061Kaopu Cloud
HIGH RISK

Chinese cloud provider with limited abuse controls

Sample IPs from this ASN

AS211680Private Layer Inc
HIGH RISK

Privacy-focused hosting provider popular with anonymity services

Sample IPs from this ASN

AS174Cogent Communications
LOW RISK

Major transit provider — source of diverse traffic including abuse

Sample IPs from this ASN

AS6939Hurricane Electric
MEDIUM RISK

Internet backbone and tunnel broker — used for IPv6 tunneled abuse

Sample IPs from this ASN

AS206264Amarutu Technology Ltd
HIGH RISK

Hosting provider associated with VPN exit nodes and proxy services

Sample IPs from this ASN

AS4785xTom GmbH
HIGH RISK

European hosting provider known for Tor relay hosting

AS213151TradeLayer One LLC
HIGH RISK

Hosting provider associated with proxy and VPN services

Sample IPs from this ASN

AS3356Level 3 / Lumen
LOW RISK

Major backbone provider — carries diverse traffic including botnet C2

Sample IPs from this ASN

AS209CenturyLink / Lumen
LOW RISK

US telecom — residential IPs occasionally used in credential stuffing

Sample IPs from this ASN

AS212238Datacamp Limited (Tor)
HIGH RISK

Known Tor exit node hosting ASN under Datacamp umbrella

AS208323AdGuard Software Ltd
LOW RISK

Ad-blocking DNS provider — signals non-standard DNS configuration

Sample IPs from this ASN

AS132203Tencent Cloud Computing
MEDIUM RISK

Major Chinese cloud provider — source of large-scale scraping and bot traffic

AS55990Huawei Cloud Service
MEDIUM RISK

Chinese cloud provider with growing global footprint — used for automated attacks

AS51396Pfcloud UG
HIGH RISK

German hosting provider known for Tor relay and VPN exit node hosting

AS42708Portlane AB
HIGH RISK

Swedish hosting provider frequently used for Tor relays and proxy services

Sample IPs from this ASN

AS44477Stark Industries Solutions
HIGH RISK

Hosting provider associated with bulletproof hosting and cybercrime infrastructure

AS396356The Tor Project
HIGH RISK

Dedicated ASN for Tor relay and exit node infrastructure

AS53667FranTech Solutions (BuyVM)
HIGH RISK

Privacy-focused VPS provider popular for Tor relays and anonymity services

AS12876Scaleway (Online S.A.S.)
MEDIUM RISK

French cloud provider with affordable instances frequently used for abuse infrastructure

AS21859Zenlayer Inc
MEDIUM RISK

Chinese CDN and hosting provider with global edge — used for automated scraping and bot traffic

Sample IPs from this ASN

AS199524G-Core Labs S.A.
MEDIUM RISK

Luxembourg-based global hosting and CDN — proxy and VPN exit node hosting

Sample IPs from this ASN

AS41436Kamatera Inc
HIGH RISK

Cloud VPS provider with easy provisioning — abused for credential stuffing and scraping

Sample IPs from this ASN

AS62240Clouvider Limited
HIGH RISK

UK hosting provider known for VPN exit node and proxy infrastructure hosting

Sample IPs from this ASN

AS57523Chang Way Technologies
HIGH RISK

Hosting provider associated with bulletproof hosting and phishing infrastructure

Sample IPs from this ASN

AS50245Serverius Holding B.V.
HIGH RISK

Dutch hosting provider with abuse-tolerant policies — proxy and botnet infrastructure

Sample IPs from this ASN

AS38365Baidu Inc
LOW RISK

Chinese search and cloud giant — operates public DNS (180.76.76.76) and cloud infrastructure

AS398101GoDaddy.com LLC
LOW RISK

Largest domain registrar and hosting provider — mixed legitimate and abuse traffic

Sample IPs from this ASN

AS20940Akamai International B.V.
LOW RISK

Major CDN provider — traffic origin masked behind Akamai edge servers, commonly searched IP ranges

AS31898Oracle Cloud Infrastructure
MEDIUM RISK

Enterprise cloud provider increasingly used for automated scanning and bot hosting

AS14618Amazon.com Inc (US-East)
MEDIUM RISK

Primary AWS US-East ASN — highest volume of cloud-hosted abuse traffic globally

Sample IPs from this ASN

AS37963Alibaba Cloud (Hangzhou)
MEDIUM RISK

Chinese cloud computing division — source of large-scale scraping and credential stuffing

AS8100QuadraNet Enterprises LLC
HIGH RISK

US hosting provider with high abuse rates — frequently hosts proxy and VPN infrastructure

Sample IPs from this ASN

AS29802Hivelocity Inc
HIGH RISK

Florida-based bare metal hosting — used for botnet C2 and scan infrastructure

Sample IPs from this ASN

AS7684Sakura Internet Inc
MEDIUM RISK

Japanese hosting provider — source of automated scanning and brute force attempts

AS135377UCloud Information Technology
MEDIUM RISK

Chinese cloud provider with global nodes — limited abuse controls, bot hosting

Sample IPs from this ASN

AS40021Contabo Inc (US)
HIGH RISK

US division of Contabo — affordable VPS frequently used for proxy and bot infrastructure

AS202425IP Volume Inc
HIGH RISK

Hosting provider known for VPN exit nodes and residential proxy infrastructure

Sample IPs from this ASN

AS9829National Internet Backbone (BSNL)
LOW RISK

Indian national ISP — large IP space with significant automated scanning activity

AS13414Twitter Inc (X Corp)
LOW RISK

Social media platform infrastructure — IPs commonly looked up in abuse investigations

AS32934Meta Platforms (Facebook)
LOW RISK

Social media and advertising infrastructure — IPs searched in bot and scraper investigations

AS8560IONOS SE (1&1)
MEDIUM RISK

Major European hosting provider — shared hosting frequently abused for phishing and spam

AS46606Unified Layer (Bluehost/HostGator)
MEDIUM RISK

Major shared hosting provider — parent of Bluehost, HostGator, and HostMonster

AS56040China Mobile International
MEDIUM RISK

Chinese global carrier — source of large-scale scanning and brute force activity

AS4808China Unicom Beijing Province Network
MEDIUM RISK

Major Chinese metropolitan ISP — high-volume scanning and credential stuffing source

AS50304Blix Solutions AS
HIGH RISK

Norwegian hosting provider known for Tor relay and privacy service hosting

AS30633Leaseweb USA Inc
MEDIUM RISK

Major hosting provider with global infrastructure — used for proxy, VPN, and bot hosting

AS2914NTT America Inc
LOW RISK

Major global backbone and transit provider — carries diverse traffic including abuse

AS23724IDC Frontier Inc (Yahoo Japan)
MEDIUM RISK

Japanese cloud and hosting provider — source of automated scanning from Asia-Pacific

AS35916Multacom Corporation
HIGH RISK

US budget hosting provider — frequently used for proxy infrastructure and abuse

Sample IPs from this ASN

AS7922Comcast Cable Communications
LOW RISK

Largest US cable ISP — residential IPs used in credential stuffing and account takeover attacks

Sample IPs from this ASN

AS7018AT&T Services Inc
LOW RISK

Major US telecom — residential and mobile IPs involved in large-scale bot traffic

Sample IPs from this ASN

AS701Verizon Business (MCI/UUNET)
LOW RISK

Major US backbone and ISP — carries diverse traffic including abuse from residential and enterprise customers

AS3215Orange S.A. (France Telecom)
LOW RISK

Largest European telecom — French residential IPs frequently seen in bot and scraping traffic

Sample IPs from this ASN

AS9121Turk Telekom
LOW RISK

Turkish national ISP — large IP space with significant scanning and brute force activity

AS17676SoftBank Corp
LOW RISK

Major Japanese ISP and mobile carrier — residential IPs in bot and credential stuffing campaigns

AS18978Enzu Inc
HIGH RISK

US hosting provider frequently abused for proxy, VPN exit node, and botnet infrastructure

AS48314Michael Sebastian Schinzel (IP-Projects)
HIGH RISK

German hosting provider known for Tor relay and exit node hosting

AS36692Cisco Umbrella (OpenDNS)
LOW RISK

Popular public DNS resolver (208.67.222.222) — queries from this ASN indicate non-standard DNS configuration

AS19281QUAD9
LOW RISK

Privacy-focused public DNS resolver (9.9.9.9) — signals security-conscious or anonymity-seeking users

AS398324CleanBrowsing Inc
LOW RISK

Family-safe DNS filtering service (185.228.168.9) — DNS resolver with content filtering

AS394699Censys Inc
HIGH RISK

Internet-wide security scanner — all traffic from this ASN is automated reconnaissance

AS22773Cox Communications Inc
LOW RISK

Third-largest US cable ISP — residential IPs used in credential stuffing and account takeover

AS4812China Telecom (Shanghai)
MEDIUM RISK

Major Chinese metropolitan ISP — high-volume scanning and brute force source from Shanghai region

AS9808China Mobile Guangdong
MEDIUM RISK

Large Chinese mobile ISP — significant automated scanning and credential stuffing activity

AS55286Tata Communications (formerly VSNL)
LOW RISK

Major Indian and global backbone provider — carries diverse traffic including large-scale scanning

AS6830Liberty Global (UPC/Ziggo)
LOW RISK

Major European cable ISP operating across 10+ countries — residential IPs in bot and abuse traffic

AS5089Virgin Media Limited
LOW RISK

Major UK broadband ISP — residential IPs seen in credential stuffing and automated abuse

Sample IPs from this ASN

AS3269Telecom Italia (TIM)
LOW RISK

Largest Italian ISP and backbone — residential and business IPs in scanning and abuse traffic

Sample IPs from this ASN

AS12389Rostelecom
MEDIUM RISK

Russian national telecom — largest Russian ISP, significant source of scanning and brute force activity

Sample IPs from this ASN

AS714Apple Inc
LOW RISK

Consumer tech giant — iCloud Private Relay, Apple CDN, and services infrastructure commonly looked up

AS36459GitHub Inc
LOW RISK

Developer platform — IPs frequently searched for webhook allowlists and CI/CD configuration

AS23576T-Mobile US Inc
LOW RISK

Third-largest US mobile carrier — residential and mobile IPs in credential stuffing and bot traffic

AS19551Incapsula (Imperva)
LOW RISK

Cloud WAF and CDN provider — traffic origin masked behind Imperva security infrastructure

AS2635Automattic Inc (WordPress.com)
LOW RISK

Hosts millions of WordPress.com sites — source of Jetpack, Akismet, and wp-cron traffic

AS27411The Rackspace Group
MEDIUM RISK

Major managed cloud and hosting provider — infrastructure used for both legitimate and abuse traffic

AS40676Psychz Networks
HIGH RISK

Los Angeles hosting provider with high abuse rates — proxy, botnet, and scanning infrastructure

AS397423Netlify Inc
LOW RISK

Developer deployment platform — IPs searched for CDN edge node identification and allowlisting

AS15133Edgecast (Verizon Digital Media)
LOW RISK

Major CDN provider — serves content for thousands of websites, traffic origin masked

AS46489Twitch Interactive (Amazon)
LOW RISK

Live streaming platform — IPs commonly looked up in bot and viewbot investigations

AS32244Liquid Web LLC
MEDIUM RISK

Major US managed hosting provider — dedicated servers and VPS used for diverse workloads

AS63473Router Hosting LLC
HIGH RISK

Hosting provider known for VPN exit node and residential proxy infrastructure

AS205100F3 Netze e.V.
HIGH RISK

German non-profit operating high-bandwidth Tor exit relays — 109.70.100.0/24 range frequently appears in Tor exit node lookups

AS210644Aeza International Ltd
HIGH RISK

Bulletproof hosting provider (UK/Russia) sanctioned for hosting malware, ransomware, and infostealer infrastructure — supplements AS60729 Aeza Network

AS62904Eonix Corporation
HIGH RISK

US budget hosting and VPS provider with high abuse rates — proxy, VPN, and scanning infrastructure

AS49505Selectel LLC
MEDIUM RISK

Major Russian cloud and dedicated server provider — source of large-scale scanning and bot hosting

AS197695Domain Names Registrar REG.RU LLC
MEDIUM RISK

Russian registrar and shared hosting provider — frequently abused for phishing and spam campaigns

AS54825Equinix Metal (Packet Host)
LOW RISK

Bare-metal cloud provider popular with developers — IP ranges searched for allowlisting and abuse investigation

AS54290Hostwinds LLC
HIGH RISK

US budget VPS and hosting provider with easy signup — frequently abused for proxy, scraping, and bot infrastructure

AS46844Sharktech Inc
HIGH RISK

DDoS-protected hosting provider — frequently flagged for hosting proxy, botnet C2, and abuse infrastructure

AS46475Limestone Networks Inc
MEDIUM RISK

Dallas-based dedicated server provider — source of scanning and proxy hosting traffic

AS18450WebNX Inc
HIGH RISK

US dedicated server and colocation provider with high abuse rates — proxy and scanning infrastructure

AS33387Nocix (DataShack LC)
HIGH RISK

US budget dedicated server provider — abuse-heavy, hosts proxy, VPN, and scanning infrastructure

AS19994Rackspace Hosting
MEDIUM RISK

Major US managed cloud and hosting provider — supplements AS27411, mixed legitimate and abuse traffic

AS197540netcup GmbH
MEDIUM RISK

German VPS and dedicated server provider with affordable plans — used for proxy and bot infrastructure

AS24961myLoc managed IT AG (WebTropia)
MEDIUM RISK

German hosting provider operating WebTropia — VPS and dedicated servers used for abuse infrastructure

AS20115Charter Communications (Spectrum)
LOW RISK

Major US cable ISP (Spectrum) — residential IPs used in credential stuffing and account takeover attacks

AS5650Frontier Communications
LOW RISK

Major US broadband ISP — residential IPs seen in bot traffic and credential stuffing campaigns

Sample IPs from this ASN

AS22394Cellco Partnership (Verizon Wireless)
LOW RISK

Largest US mobile carrier — mobile IPs in large-scale bot, scraping, and account fraud traffic

AS3320Deutsche Telekom AG
LOW RISK

Largest German ISP — residential and business IPs in scanning, bot, and credential stuffing traffic

AS24560Bharti Airtel Ltd
LOW RISK

Major Indian ISP and mobile carrier — large IP space with significant automated scanning activity

AS55836Reliance Jio Infocomm Limited
LOW RISK

Largest Indian mobile ISP by subscribers — huge IP space, source of bot and credential stuffing traffic

Sample IPs from this ASN

AS8359MTS PJSC (Mobile TeleSystems)
MEDIUM RISK

Major Russian mobile and broadband ISP — significant source of scanning and brute force activity

AS31133PJSC MegaFon
MEDIUM RISK

Major Russian mobile carrier — large mobile IP space involved in automated scanning and bot traffic

Threat Categories

Our threat intelligence covers multiple categories of potentially risky IP addresses.

Understanding Risk Levels

HIGH

Networks with significant abuse history, often used for VPN/proxy services with minimal verification.

MEDIUM

Large cloud providers where abuse occurs but represents a small fraction of overall traffic.

LOW

Networks with occasional abuse reports but generally good reputation and responsive abuse handling.