Flag signups from cloud infrastructure and datacenters
VerifyWall identifies IPs belonging to AWS, GCP, Azure, and thousands of other hosting providers — a strong signal that traffic is automated.
What it is
Datacenter IPs belong to cloud providers (AWS, GCP, Azure, DigitalOcean, etc.) and hosting companies rather than residential ISPs. While legitimate users browse from their home or mobile connections, automated bots, scrapers, and fraud tools typically run from datacenter infrastructure.
Why it matters for SaaS
Signups originating from datacenter IPs are statistically far more likely to be automated. Bot operators spin up cloud instances to create accounts at scale, scrape data, or test stolen credentials. For SaaS platforms, datacenter signups often represent the bulk of fake accounts that inflate metrics and consume resources without generating revenue.
How VerifyWall detects it
VerifyWall maintains comprehensive IP range databases for major cloud providers and hosting companies worldwide. We analyze BGP routing data, WHOIS records, and network allocation registries to identify datacenter IP ranges. The detection covers not just the major cloud providers but also smaller VPS hosts, colocation facilities, and reseller networks.
Risk score impact
Datacenter IP detection adds 40 points to the risk score, placing it in medium risk territory. While datacenter traffic is suspicious, some legitimate users may route through corporate infrastructure.
API response example
When this threat type is detected, the API returns a response like this:
{
"data": {
"id": "a1b2c3...",
"type": "checks",
"attributes": {
"subject": "52.94.76.55",
"subject_type": "ip",
"risk_score": 40,
"risk_level": "medium",
"reasons": [
"datacenter"
],
"details": {
"ip": "52.94.76.55",
"country_code": "US",
"is_vpn": false,
"is_tor": false,
"is_datacenter": true
}
}
}
}Frequently asked questions
Will datacenter detection flag corporate office traffic?
Most corporate offices use business ISP connections that are classified as residential/business, not datacenter. However, companies that route traffic through cloud-hosted proxies may trigger datacenter detection. You can whitelist specific IP ranges to handle these cases.
Which cloud providers are covered by datacenter detection?
VerifyWall covers all major cloud providers including AWS, Google Cloud, Microsoft Azure, DigitalOcean, Linode, Vultr, OVH, Hetzner, and thousands of smaller hosting companies. Our database includes IP ranges from regional providers worldwide.
How does datacenter detection differ from VPN detection?
VPN detection specifically identifies commercial VPN services. Datacenter detection is broader — it flags any IP belonging to hosting infrastructure. A VPN server running on AWS would trigger both signals, while a custom bot running on a VPS would only trigger datacenter detection.
Related resources
Integration Guides
Ready to protect your platform?
Start detecting datacenter ip threats in minutes with a single API call.