Bad ASN Detection

Block traffic from networks with known abuse histories

VerifyWall tracks Autonomous Systems (ASNs) with reputations for hosting fraud, spam, and malicious activity — flagging IPs before they can abuse your platform.

Get API KeyRead the Docs

What it is

An Autonomous System Number (ASN) identifies a network operator on the internet. Some ASNs are operated by "bulletproof" hosting providers that deliberately ignore abuse reports, making them safe havens for fraud operations, botnets, spam networks, and other malicious activity. Traffic from these networks is inherently suspicious.

Why it matters for SaaS

Bad ASNs are the infrastructure layer behind organized fraud. Bulletproof hosts provide the servers that run credential stuffing tools, host phishing pages, and operate bot networks targeting SaaS platforms. By identifying traffic from these networks at signup, you can block the infrastructure that powers abuse — not just individual IP addresses that attackers can rotate.

How VerifyWall detects it

VerifyWall maintains a curated reputation database of ASNs based on abuse reports, threat intelligence feeds, and historical fraud correlation data. We track ASNs known for bulletproof hosting, spam operations, and disproportionately high fraud rates. When an IP is checked, we resolve its ASN and cross-reference it against our reputation database.

Risk score impact

+30 points

Bad ASN detection adds 30 points to the risk score. This network-level signal is particularly valuable because it catches threats that IP-level checks alone might miss.

API response example

When this threat type is detected, the API returns a response like this:

{
  "data": {
    "id": "a1b2c3...",
    "type": "checks",
    "attributes": {
      "subject": "45.134.26.10",
      "subject_type": "ip",
      "risk_score": 30,
      "risk_level": "low",
      "reasons": [
        "bad_asn"
      ],
      "details": {
        "ip": "45.134.26.10",
        "country_code": "RU",
        "is_vpn": false,
        "is_tor": false,
        "is_datacenter": true
      }
    }
  }
}

Frequently asked questions

What makes an ASN "bad"?

An ASN is flagged as bad when it has a documented history of hosting malicious activity, ignoring abuse reports, or being operated as a bulletproof hosting provider. Our reputation scoring considers abuse report volume, spam origination rates, and correlation with known fraud campaigns.

Can a legitimate ISP have a bad ASN rating?

Large consumer ISPs are not flagged as bad ASNs, even though some abuse originates from their networks. Bad ASN detection targets hosting providers and networks where abuse is the primary activity, not ISPs with occasional bad actors among millions of legitimate users.

How often is the ASN reputation database updated?

The ASN reputation database is updated daily based on ongoing analysis of abuse reports, threat intelligence feeds, and fraud correlation data. ASNs can be added or removed as their behavior changes over time.

Related resources

Integration Guides

Ready to protect your platform?

Start detecting bad asn threats in minutes with a single API call.

Get Started FreeAPI Documentation