Creating an ASN based IP bot traffic filterlist: Easily or for free

ASN-based bot/hosting IP detection is considered one of the most effective ways to prevent bot traffic from your site.

ASN based bot detection

ASN (Autonomous System Number) is a unique identifier for an organization that owns a range of IP addresses. ISPs, large organizations, hosting/data centers, educational institutes, government organizations, etc., tend to be AS organizations.

Your average bot is likely hosted on a server of a hosting provider or data center. These bots use the IP addresses of the hosting provider’s ASN. By identifying the IP address of a bot and, progressively, its ASN, you can ban or block access to all non-human traffic from that hosting provider to your website or services hosted.

Average users tend to use ISP IP addresses, which are categorized under the ISP AS organization, while bots, crawlers, and scrapers use hosting IP addresses, which are categorized under the Hosting AS organization.

We have tons of resources about ASNs and the internet ecosystem in general. I highly recommend you to check out our blogs or our community posts (you are here) to learn more about it.

Now, What do I mean by easily or free? Well…

Identifying bots and hosting IP address easily

If you want an easy solution, you can choose our premium API or database services. We already provide bot detection and data center/hosting IP detection. The detection of AS types and anonymous IPs is backed by sophisticated data and behavior-based models.

Premium API services

IP Lookup to get asn and anonymous IP value

  • ASN information (AS Type: Hosting, ISP, Business, Education) | Basic API Tier
  • Anonymous IP detection (Hosting IP address) | Standard API Tier

:link: Documentation: API Responses -

Premium database services

:link: Documentation: Database Types -

Or, Identifying bots and hosting IP address for free

Use a combination of your logs, our free API, and free IP to Country ASN database. For this approach, you have to build your own DIY bot detection service using the free IP to ASN database. Even though you may not have full coverage of anonymous IPs, and you might block a few genuine traffic IPs here and there, this process is an effective method of blocking data center/bot/hosting IP addresses.

To get started, download the free IP to ASN or IP to Country ASN database. Then, identify certain known ASNs that provide hosting services. You can do that by:

  • Looking up suspicious IP addresses from your log and getting their ASN information through our API.
  • Identifying popular data centers.
  • Doing log enrichment with geolocation + asn information through API / Website / CLI.

Once you have the ASNs, you can get the list of IP ranges of those ASNs. Then feel free to just add them in your firewall config file.

Here is how I am doing it in our IP to Country ASN free database available on Snowflake:

I am choosing the following ASNs, which belong to Hetzner:

On Snowflake, I use the country_asn table and the range2cidr UDF.

  flat_data.value as HETZNER_IP_RANGES
  FROM (
    SELECT public.range2cidr(start_ip, end_ip) as ip_range
        FROM public.country_asn
        WHERE ASN='AS24940'
        OR ASN='AS213230'
        OR ASN='AS212317'
    ) hetzner_ips,
TABLE(FLATTEN(hetzner_ips.ip_range)) flat_data


This query returns a list of 3,673 IP ranges. You can check out the documentation of our Snowflake listings or community posts on Snowflake to learn about the query. By following this method, you can add more ASNs to the query to get a bigger IP range list. You should keep an eye on your log to identify ASNs of malicious IP ranges. Additionally, you should whitelist some of the ASN IP ranges if you want search engine crawlers to access your site or permit VPN usage.

If you have any questions, feel free to ask here in the community or drop a comment.


IPinfo services referenced:



Free / Open access services

Signup for a free account today, and get access to the following services:

1 Like

ASN-based classifying/filtering is exactly what I’m doing on email. Most people wouldn’t bother as cloud-based email is so common. On my own Linux, I’ve tried many things with varying success.

My project in GitHub. And blog-post describing the idea.

I do automate sending SpamCop-reports. As my Postfix is configured to honor their RBL, soon after reporting the culprit’s feed will stop.

1 Like

That is really fantastic stuff!!

I am really happy to see this. I am only exploring the code, but I am trying to figure out a better process to:

Limit: A non-paid API of ipinfo.ip will serve 5 ASN-queries / day / IP-address.

Do you think it would be possible to use the open access IP to ASN database here? Users with Paid API tokens can keep using the API service as is, but I think we can certainly do better than 5 requests for our free-tier users.

I have not looked into the code too closely, but I did write an entire proof of concept. Please kindly review the Jupyter Notebook:

:link: Suggestion for HQJaTu' spammer-block featuring IPinfo's free tier API and database · GitHub

Essentially using a combination of the API and IP to ASN db, you can get all IP address ranges owned by the ASN. Let me know what you think, please.

Thank you for your suggestion. Actually, the reason I’m following this community is to learn of various aspects IPinfo has available. There are so many products and options available, it’s very difficul to keep up.

Going for open access while supporting off-line option for ASN-queries is definitely something I’m going to do for my tooling.

1 Like

That is really awesome, dude. I agree there is so much going on with IP data, it sometimes feels a bit overwhelming. The documentation helps, but IP data solutions are more helpful when presented in a problem-focused and example-driven way. That’s why we have the community. Developers like you come up with challenges and ideas, and we try our absolute best to solve them with IPinfo’s DB and API.

I really appreciate your contribution to OSS cybersecurity solutions. You are always welcome to share your ideas in the community and provide feedback. I’m always happy to help!